IT governance is a bread-and-butter topic for consultants like me. Relatively few companies are happy with how they go about deciding:

• How much to invest in information technology.

• Where to invest it … what, that is, IT ought to be working on.

• How much financial benefit its investments return.

More often than not, the process (if you can dignify it with that name) is contentious, confusing, and surrounded by complaints that have all the subtlety and emotional maturity of “Mom likes you best” expressions of victimhood.

The solutions are rarely difficult to design. That isn’t where the challenges lie. For example, the answer to how much a company should invest in information technology is pretty simple: Nothing. What companies should invest in is revenue enhancement, cost reduction, and risk management. While these investments often require new or modified information technology, that’s a different matter.

Companies that recognize the distinction between investments in information technology and investments in revenue, cost, and risk that require information technology can have just as much contention, confusion, and complaining, but at least the arguments are about the right subject.

It’s a start. Next comes the hard part: Getting the execs beyond their own silos so they think like leaders of the whole company.

Go back to the how-much-to-invest question. The answer is straightforward in concept if hard to calculate: Enough to use up all of the company’s capacity to absorb change and not a penny more.

Or less.

Imagine a company perfects this approach. Its decisions are about revenue, cost, and risk. It expends the right amount of effort and money in them. It has optimized its investment in the future, making it a fine, rare beastie.

And it’s still missing a critical piece of the puzzle, because if this is as far as “IT governance” (actually, business planning) goes, it leaves out one of IT’s most important but too-often ignored responsibilities — providing technology leadership, something that’s easy to recommend but hard to accomplish.

The principle isn’t complicated. My major premise is that new technologies can represent threats or opportunities — the two reasons businesses have to be different tomorrow than they were yesterday. My minor premise is that the company’s best expertise in information technology resides in the IT organization (I hope, and if not, what’s up with that?).

My syllogistically inescapable conclusion: IT is responsible for recognizing technology-driven opportunities and threats to the company’s business model and bringing them forward into the company’s business planning process.

Sounds neat and tidy in theory, doesn’t it? If only it were neat and tidy in practice. Sadly, as is so often the case when the subject is the future, neatness and tidiness … and even more, predictability … aren’t going to be part of the picture.

But before we get to why it’s going to be messy, let’s put a spotlight on something that might have escaped your attention: IT’s job isn’t to highlight threats and opportunities to make sure someone knows and decides to do something about them. It won’t work, because it can’t: As already mentioned, if you take this approach the company will completely saturate its capacity to absorb change before anyone starts looking at the threats and opportunities you’re bringing to their attention.

Decisions commit or deny time, staff and money — otherwise they’re nothing but empty talk. And as there won’t be any time, staff or money left to commit, the threats no matter how dire, and opportunities no matter how attractive, will just have to wait around gathering dust until the company’s next planning cycle begins.

Which is why IT’s job isn’t to merely highlight threats and opportunities. It’s to bring them into the company’s business planning process so decision-makers can integrate them into the company’s strategic and tactical plans.

Now we’re ready for the messy part, as if it weren’t messy enough already: You have to be in a position to recognize technology-driven threats when they’re small enough to be manageable, and opportunities before they’re apparent and obvious to your competitors.

Which is why you and everyone else in the IT organization has to understand how the business works and where it’s headed; need insight into your suppliers, competitors and business partners, how they work and where they’re headed; and have to stay aware of new industry developments.

Have to understand, that is, at a deeper level than vague, generic words like “the cloud” and “tablets,” digging to the level of specific new capabilities that can make a difference to your specific business.

Because threats and opportunities are never in general. It’s always the specifics that tell the tale.

————————————————————————————————————–

For this week’s ManagementSpeak, click here.