Home

Developing governance guidelines that boost IT modernization

David Weldon David Weldon
September 26, 2025
With careful planning, IT modernization doesn't have to compromise good governance.
(Credits: LALAKA/Shutterstock)

Current enthusiasm for AI technology presents a unique opportunity for CIOs to work with C-level colleagues to tackle modernization, and to establish multiyear business goals to remake the organization.

But this opportunity also presents a challenge for IT leaders when it comes to balancing good governance practices with successful modernization goals. On one hand, AI urgency drives many organizations to bypass slow-moving governance guidelines. On the other hand, if governance is agile and uses a quick decision cadence, this can help the organization better allocate central resources to AI projects, explains Vince Kellen, CIO at the University of California at San DiegoOpens a new window .

Modernization is from Mars, governance is from Venus

Merging the slow and methodical approach of IT governance with the fast-moving pace of IT modernization often goes against organizational practices. Most IT governance committees oversee IT spending and staffing and they receive reports on the efficiency of internal IT operations. They generally consider requests for new systems or applications on a one-at-a-time basis, explains Mark SettleOpens a new window , a seven-time CIO and author of Truth from the Valley, A Practical Primer on IT Management for the Next DecadeOpens a new window .

If the request is for some new internal IT capability such as a new service desk application, IT would be expected to demonstrate how the new system would save money or improve efficiency and effectiveness.  If HR presented a request for a new recruiting application, they would be expected to justify their request in a similar fashion.

“Very few governance committees actually establish strategic, multi-year modernization plans, such as ‘by 2027 80% of our current data center workloads will be moved to the cloud’ or ‘staffing in HR will be reduced by 20% in two years through the use of AI,” Settle says. “That might be a very nice world to live in, because it would represent a commitment on the part of a company to treat their IT investments in a more strategic fashion. More typically, investment or modernization decisions are made on the basis of whoever screams loudest for available budget dollars.”

Successfully tying governance practices and modernization goals often requires a cultural change.

“Almost every business-facing IT investment requires employees to modify their current work practices to some extent,” Settle says. “The longer the hiatus between the last major investment in a functional area such as warehousing or marketing and a new ‘modern’ system, the greater the change management challenge that’s involved in getting employees to exploit the capabilities of the new system.”

Strategic IT investments require more than just money. They require a willingness on the part of leaders and managers in individual functions to embrace, lead and enforce the changes in work practices that are required to really generate a return on such investments.

“Anyone can find money to buy a shiny, new IT application but changing human behavior is hard,” Settle says.

Governance aligns goals 

If executives can agree on business goals for AI in terms of staffing, process efficiency, and customer satisfaction, those goals can help to establish multiyear investment strategies that overcome the inherent tactical limitations of case-by-case funding decisions, says John MurphyOpens a new window , data architect and data governance lead with the United States Air Force.

Governance is one important technique to bring the business community together and develop shared and prioritized IT goals and group input on decisions, Kellen explains. When done well, it can accelerate modernization efforts by securing buy-in and motivation to move forward. Good management – especially trustful relationships between top executives – can help with modernization efforts.

When an organization gets the balance right, it can hope for better alignment of strategic, operational, and tactical goals and objectives; improved and better understanding of development and sustainability costs; improved delivery schedules based on reuse; improved integration, and reduced development; and reduced staffing levels through standardization. The democratization of information assets is one of the key results.

Change isn’t always easy

The hardest areas of governance to impact are typically line-of-business applications that are a concern for one part of the organization but not the whole. Central IT is frequently tasked with serving many line-of-business applications that draw from the same IT resource pools. This creates a desire by line-of-business leaders to want to fund and staff their own IT initiatives outside of central control, Kellen explains.

Not everyone in the organization thinks like the CEO. Specific executives are put in place to tend to their domains carefully. When developing governance frameworks, you have to empathize with that perspective, because it’s an important one.

In some cases, this can be a deliberate, effective corporate strategy. It all depends on how the CEO desires resource allocation decisions to be made, and which parts of IT infrastructure need to be more centrally controlled. This depends on the overall corporate strategy.

“That said, we are seeing the continual accretion of IT from the distributed areas to the core because of things like AI and cybersecurity, which demand more CEO control,” Kellen says. The easiest to impact are the measures and metrics for evaluating governance success.

Specific investments and resources are highly dependent on an individual organization’s governance and modernization goals and objectives. Unfortunately, there is no one-size-fits-all, Murphy explains.

Areas of investment should include executive sponsorship and support, a clear and concise data governance charter, and the integration of legal and regulatory compliance. Investments should also identify data stewards and custodians, integrated business and IT stakeholders, and close relationships with key vendors while keeping vendor dependencies in check.

Measuring success

There are standard maturity models and data governance-related measures and metrics that organizations can use to develop and measure success with governance guidelines while pursuing a modernization strategy. Murphy says that, using a set of repeatable KPIs, measures, and metrics, an organization can develop a criteria-based set of success criteria.

Success KPIs include:

  • Data quality index: An aggregate KPI that reflects the overall quality of an organization’s data, factoring in accuracy, completeness, consistency, timeliness, and validity.
  • Data policy compliance rate: Percentage of data assets adhering to established data policies and standards.
  • Data issue resolution time: Average time taken to identify, escalate, and resolve data-related issues.
  • Metadata completeness: The extent to which data assets are described by accurate and comprehensive metadata.
  • Data lineage coverage: Proportion of critical data assets with documented end-to-end data lineage.
  • User adoption of data governance tools: Measurement of business and technical users actively leveraging approved data governance platforms.
  • Number of data incidents/breaches: Count of reported data breaches or security incidents over a given period.
  • Training and certification rates: Percentage of identified data stakeholders who have completed relevant data governance training and certification.
  • Data profiling: Statistical analysis of the distribution of data content within a data domain.

As suggested by Kellen, other important measures of success include client and stakeholder satisfaction; time-to-decision; and less rework required on project, and hence less project delays.

Common threads in successful efforts

When tweaking governance guidelines to enable modernization, Kellen also says it’s important to remember that not everyone in the organization thinks like the CEO. Specific executives are put in place to tend to their domains carefully. When developing governance frameworks, you have to empathize with that perspective, because it’s an important one.

The next step is to guide that instinct into new ideas like we are “better together,” teamwork, reusable IT infrastructure and components to accelerate. You have to respect the need for the parts of the organization to advance while encouraging shared accountability, collaboration and personal relationships.

Finally, Murphy has provided data governance consulting services to several large utilities, healthcare, state government, and defense-related organizations. He says there are several common threads among the leaders.

First, start small with a focused data domain and measurable results. Seek executive sponsorship by providing clear goals, objectives, roles, responsibilities, and authority for the data governance organization.

You should develop a well-organized data governance charter with executive support articulating tangible goals. Supporting the goals should be a set of repeatable, criteria-based data governance Key Performance Indicators (KPIs), measures, and metrics, Murphy explains.

Data stewards and custodians should be incentivized to provide information that they, as an organization, were responsible for but would be using as a regular part of their work products. A regular cadence of interactions between the data governance organization and stakeholders. Stakeholders should have “skin in the game” to ensure their participation, contribution, and assessment of success criteria.

The data governance organization should also develop a clearly defined set of deliverables, including data catalogs, data dictionary, business glossary, data models, and reference architectures.

Finally, recognize that governance is a top-down activity and that the practitioners require clear and measurable success criteria.

David Weldon
David Weldon

David is a freelance editor, writer and research analyst from the Boston area. He has worked in a full-time senior editorial capacity at several leading media companies, covering topics related to information technology and business management. As a freelancer, he has contributed to over 100 publications and web sites, writing white papers, research reports, online courses, feature articles, executive profiles and columns. His special areas of concentration are in technology, data management and analytics, management practices, workforce and workplace trends, benefits and compensation, education, and healthcare. Contact him at [email protected]
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.

Recommended Reads

How to determine your appetite for cybersecurity risk
Security

How to determine your appetite for cybersecurity risk

When IT and business leaders disagree on the tech budget
Security

When IT and business leaders disagree on the tech budget

When security debt catches up with IT
Security

When security debt catches up with IT

Voice of IT: Small businesses have big Wi-Fi demands
IT Spending

Voice of IT: Small businesses have big Wi-Fi demands

Worried about AI errors? Lloyd’s has insurance for that
Security

Worried about AI errors? Lloyd’s has insurance for that

How to manage total cost of ownership as an IT leader
IT Spending

How to manage total cost of ownership as an IT leader