Real IT is at three levels: governance, management and execution
There are three levels to IT: governance, management and execution. Only the execution layer can be decentralised or outsourced.
This came up on a BACK2ITSM discussion on facebook where it became obvious there were misunderstandings and cross purposes.
There are two levels to what I call "Real IT" (the application of technology to the management of information within an organisation, ie never mind the businesses that sell shiny tech things or that manage other peoples information, or all the other specialist tech businesses we are so captivated and distracted by. Real IT is about using IT to execute an organisation's mission.)
There are two levels:
1) the execution of IT. Traditionally this was centralised within the IT department, who owned the systems and data. Nowadays this is sometimes decentralised with business units owning the systems and data, and/or outsourced to service providers. This is neither a good nor a bad thing: sunrise, sunset, centralise, decenttralise, insource, outsource.... we go through fads
2) the management of IT. A well-run well-governed organisation will have a central entity that looks after its interests in information and technology, just as it does for finance or personnel or brand marketing. REGARDLESS of who does (1) above, the management of policy, strategy, risk, security, compliance, data integrity, network integrity, enterprise architecture and a number of other areas should be centrally owned, overseen and coordinated. Think of a Project Management Office. Sometimes the PMO owns the project managers and provides them to the business. Other times the PMO only educates and coordinates the PMs and provides them with policy and tools. Either way the PMO is a good thing.
You can argue all you want about the future of level (1). THAT'S NOT WHAT WE ARE TALKING ABOUT. It has nothing to do with "central common systems".
- Centralised IT execution could vanish tomorrow, that doesn't impact the necessity of centralised IT management.
Any organisation which does not have a central level 2 IT function (management not execution), and that does not enforce policy across the business to ensure that level 2 IT function has the ability to drive policy, compliance, risk management, technology sharing etc is a badly governed business.
"Shadow IT" = business units doing IT without the control of any central level 2 IT function. In this picture, Shadow IT is the arrow with the red circle across it. Shouldn't happen.
Another analogy is Finance. in most organisations a CFO controls all the money. In the event that business units are allowed to arrange their own money, you can bet your sweet patootie there is still a central CFO tracking it all and enforcing policies.
3) Those two levels of Real IT happen within the organisation. The third level of Real IT is the governance of IT that I referred to above. Governance of IT: governance is performed by governors, who exist outside the management and staff structures of the organisation. Governors are the owners and their representatives. ISO 38500 makes this crystal clear.
If the governors don't have a central entity that owns, is accountable for, oversees, polices, tracks, and reports on IT in response to the governors' directives, policies, and strategies, then that organisation is on the road to hell.