Weill Ross Framework

Peter Weill and Jeanne Ross of MIT's Center for Information Systems Research (CISR) define IT governance as "specifying the decision rights and accountability framework to encourage desirable behavior in using IT. IT Governance is not about making specific decisions - management does that - but rather determines who systematically makes and contributes to those decisions."

Based on extensive research on IT governance and their experience with a large number of both European and American enterprises, both corporate and non-profit, Peter Weill and Jeanne W. Ross have published several articles and a book describing their findings. They developed a model that outlines a constructive approach toward designing and implementing IT governance. They identify three components of governance:[1]

  • IT Decisions Domains: What are the key IT decision areas?
  • IT Governance Archetypes: Who governs the decision domains and how is it organized? Who decides or has input, and how?
  • Implementation Mechanisms: How are the decision and input structures formed and put in place?

IT Decisions Domains The five key decision domains Weil & Ross identified to define the scope of IT are:

  • IT principles: High level statements on the role of IT and how IT will be used. For example: Utilize industry standards; Rapid deployment of new applications; Reuse before buy, buy before build. (High level decisions about the role of IT)
  • IT infrastructure strategies: Strategies for the base foundation, centrally coordinated services; how should these be priced; how to keep these up to date. e.g., network, shared data, etc. (Centrally coordinated, shared IT services that provide the foundation of the organization’s IT capabilities)
  • IT architecture: Set of technical choices that guide the organization. The architecture is a set of policies, principles and rules that direct the use of IT,

including technology, data, applications, etc. (An integrated set of technical choices, directions and policies for the organization)

  • Business application needs: Coordinating, specifying the needs and requirements to meet business practices and operations. This covers both purchased and internally developed systems. (It’s important to note that “business” for academia includes academic, research and business operational areas.)
  • IT investment: Decisions about how much and where to invest in IT including project approvals, justification techniques, and post implementation continued

review of value to the organization. (How much and where in the organization to invest in IT)

IT Governance Archetypes The next component of their governance framework identifies the people or groups of Draft NCSU IT Governance Directions V2.3 2/16/2010 Page 4 of 13 people involved in the decision domains; organization of those domains; who decides or has input, and how decision and input flow through the organization. Weill and Ross suggest six archetypes (The mapping to an academic organization is an interpretation of their concepts):

  1. Leadership Monarchy: A group of or individual senior manager (Chancellor; Vice Chancellor; Dean, Chair)
  2. IT Monarchy: Groups of or individual IT senior managers (CIO, IT Directors (OIT and/or Academic IT))
  3. Feudal: Unit leaders, key process owners or their delegates. (Independent decisions and input by college, OIT, business unit, center/institute, etc.)
  4. Federal: Shared by senior management and other College/Unit senior management. May include senior IT management. (think House, Senate and Legislative branch, so: OIT Directors and AITD recommend to CIO)
  5. IT Duopoly: IT senior management and one other group (e.g. CIO (could include OIT Directors) and AITD) or CIO and Research or CIO and Deans)
  6. Anarchy: Every unit or even users act and react independently.

Implementation Mechanisms The last component of the Weill and Ross model deals with how governance is implemented; what are the structures, processes, and supporting structures? This takes the framework and converts it into an operational structure. It is consistent with the university structure of committees and subcommittees – especially including existing governance (e.g. Deans, chairs, faculty senate, student government, committees, etc.).

Their model provides the following categories of mechanisms to specify how decisions will be enacted:

  • Decision making structures: Who is responsible, who is accountable. (Typically Councils, Committees, and their interrelationships, budgeting and approval processes, and so on)
  • Alignment Processes: Making sure decisions achieve the desired outcome. (Typically the IT organization as a whole, Service Level Agreements (SLA's), metrics, and so on)
  • Communication Approaches: Disseminates information about governance processes and individual responsibilities to those who need to know. (Meetings, documented procedures, portals, and so on)

The Weill and Ross framework can be used to help create effective IT governance.

They suggest the following process:

  • Use the table framework from the previous page to examine and document the 'current state' (the existing situation).
  • Define the desired objectives and the associated behavior.
  • Determine what IT governance we want to have in place to attain desired objectives and behavior.
  • Identify performance goals for governance including metrics, roles, responsibility, and accountability.
  • Start making the transition from the 'current' to the 'desired' state.

See Also