ITG Governance: It boils down to leadership and culture

Carl Natale
by Carl Natale

I know you have more than just ICD-10 on your IT department's to-do list. There is HIPAA 5010 and probably Meaningful Use. Whether any of these initiatives are complementary or competitive doesn't really matter.

They're proof that your IT department is a vital part of your healthcare organization.

Susan HaseleyAnd IT governance is a concept that ensures IT remains vital. According to Susan Haseley, a managing director and global healthcare leader at Protiviti, the official definition of IT governance is "the ability for the enterprise's IT to sustain and promote the organization's strategies and objectives. " Actually that came from her presentation at the Association of Heathcare Internal Auditors conference this month. And she spent some time with me explaining how IT governance works.

[See also: IT Governance: Your ICD-10 team should do more than install computer systems]

It's about culture

And how ITG works for your organization depends on your culture. "This is a really fascinating topic because so many different healthcare organizations have different cultures," says Haseley. "It's not a one size fits all."

Leadership is one factor. "You have to have the right leadership in place, says Haseley." That leadership has to be connected well with the overall leadership of the business." This is about where your IT leader sits on the organizational chart and who he/she reports to.

And the IT leader has to understand the business and the strategic goals. Otherwise you can have some struggles with the IT department.

Haseley also talked about an IT governance steering committee to make sure that IT is in line with the business strategies. In larger organizations it could be a standing committee. Or a new one could be formed for significant projects and initiatives.

From my experience, having a strong IT leadership who is in line with the organization goals is more important and a good sign of success. Steering committees can only do so much when part of dysfunctional leadership.

What IT is trying to do

According to Haseley, there are five values of IT governance:

  • Strategic Alignment: "Maximize opportunities for the business use of IT while providing transparency and assurance that IT objectives are being achieved."
  • Risk Management: "Address legal/regulatory compliance needs and understand/manage key operational risks."
  • Resource Management: "Appropriately align IT capabilities with business needs."
  • Performance Management: "Utilize real-time data to continuously improve IT delivery."
  • Value Delivery: "Optimize return on IT investments."

What this boils down to is making sure IT makes good decisions for the rest of the organization. Haseley says Protiviti has a couple steps to do this. First is to determine what kind of IT department exists in an organization. The second is to make it happen.

And according to Haseley, there are three types of  IT departments:

  • Utility Providers: "Are not proactively engaged with the business; primarily focused on 'keep the lights on' services"
  • Process Optimizers: "Are more responsive to business needs; focus on business applications and processes as well as 'keep the lights on' services"
  • Revenue Enablers: "Are well integrated into the business strategy; focus on technology-enabled products as well as business processes and 'keep the lights on' services"

There's not really anything wrong with any of these types of departments. The problem comes when overall leadership wants something different than what they have. Essentially this means getting a new IT department. Which isn't easy because culture, politics and emotions are holding it there. Making this kind of change in IT governance means changing culture.