Polysourcing demands radically different IT governance (2)

In the previous blog, I introduced the concept of polysourcing. This sourcing approach goes beyond multisourcing: the IT landscape consists of more and more small domains, where an organization not only contracts multiple suppliers for various domains in the IT landscape but also works with different delivery models, methodologies, and contributions that IT components must make to the organizational objectives. The key feature of polysourcing is that responsibility for parts of IT becomes decentralized. This can fall under the responsibility of the business, employees, Scrum/DevOps teams, or chain partners, for example. However, these decentralized activities must continue to contribute to the organization's strategic objectives. 

To ensure that the increasingly decentralized IT can continue to contribute to the organization's objectives, a different structure of IT governance is necessary. Polysourcing requires a hybrid setup of IT governance, meaning a combination of central and decentralized IT governance. The motto here is: decentralize what can be decentralized, centralize what must be centralized. 

As indicated in my previous blog, the trend of IT decentralization is inevitable and will only grow stronger in the coming years. To continue to ensure that all parts of IT contribute to the organization's objectives, hybrid IT governance is required. This means a change in the currently strongly centralized IT governance. This change involves relinquishing responsibilities on one hand, while on the other hand, a strong central responsibility for IT governance becomes more critical than ever. 

The rules that apply to the entire IT organization fall under the responsibility of central IT governance. These frameworks must be established and monitored centrally to ensure that the organization continues to comply with laws and regulations, as well as supervisory and compliance frameworks. The frameworks also ensure a manageable IT that continues to contribute to the organization's strategic objectives. Central IT governance is responsible for the frameworks related to information security and privacy, architecture, and portfolio management. Central IT governance is also responsible for the financial control of IT, the organization-wide sourcing strategy, and the development of the innovation roadmap for the entire organization. Finally, it is up to central IT governance to steer the development of capabilities and competencies for the changing IT functions.

When central-level frameworks are established, the power of polysourcing can be harnessed by decentralizing parts of IT governance to groups or individuals responsible for the executive tasks. This includes responsibilities for service delivery management (demand management and supply management), integration with other IT components, and the execution of innovation.

Hybrid IT governance is mature enough to implement the motto "decentralize what can be decentralized, centralize what must be centralized." The traditional centrally organized IT governance is mature enough to relinquish responsibilities. Decentralized IT governance is mature enough to take on the new responsibilities. It is a prerequisite that central IT governance has sufficient support and authority within the organization and is strong enough to maintain the frameworks.