The Decision Rights Problem
Governance specialists who have remediated MSP relationships report: undefined decision rights create 25% of MSP relationship friction. Gartner research shows that organizations with formal IT governance frameworks achieve 20% higher returns on IT investments. COBIT governance research documents the pattern: when it’s unclear who decides, nothing gets decided, or decisions get made without appropriate authority.
The MSP manages operations. The client owns outcomes. Yet only 35% of MSP relationships have documented decision rights matrices. The boundary between operational decisions and strategic decisions requires explicit definition.
The Governance Framework
IT governance addresses fundamental questions:
| Question | Governance Domain |
|---|---|
| How do we get value from IT? | Value delivery |
| How do we manage IT risk? | Risk management |
| How do we allocate IT resources? | Resource management |
| How do we ensure compliance? | Compliance management |
| How do we measure IT performance? | Performance measurement |
MSP relationships require governance structures that address each domain clearly.
The Decision Rights Matrix
Explicit decision rights prevent confusion:
| Decision Type | Client | MSP | Joint |
|---|---|---|---|
| Strategic direction | ✓ | ||
| Budget allocation | ✓ | ||
| Vendor selection | ✓ | Advisory | |
| Technology standards | ✓ | ||
| Operational procedures | ✓ | ||
| Tool selection (managed) | ✓ | ||
| Incident response | ✓ (operational) | ✓ (major) | |
| Policy exceptions | ✓ | Advisory | |
| Staff assignments | ✓ | ||
| Priority resolution | ✓ |
Joint decisions require joint process. Clear ownership requires clear accountability.
The Escalation Framework
When decisions can’t be made at operational level:
| Escalation Level | Decision Authority | Trigger |
|---|---|---|
| Operational | MSP technician | Routine matters |
| Tactical | MSP manager + Client IT | Non-routine, limited impact |
| Managerial | Account management | Policy matters, disputes |
| Strategic | Executive sponsors | Significant impact, impasse |
Escalation should resolve issues. Escalation that becomes routine indicates governance failure.
The RACI Reality
RACI charts (Responsible, Accountable, Consulted, Informed) clarify governance:
| Activity | Client | MSP |
|---|---|---|
| Strategic planning | A/R | C |
| Budget management | A | I |
| Security policy | A | C/R |
| Incident response | I | A/R |
| Change management | A/C | R |
| Vendor management | A | R (for managed vendors) |
| User support | I | A/R |
| Compliance | A | R |
A = Accountable (single owner), R = Responsible (does work), C = Consulted, I = Informed.
The Steering Committee Model
Governance often involves steering committee:
| Element | Purpose |
|---|---|
| Composition | Client executives + MSP leadership |
| Cadence | Monthly or quarterly |
| Scope | Strategic alignment, major decisions |
| Authority | Policy decisions, escalation resolution |
| Documentation | Minutes, action items |
Steering committee provides governance structure. Without it, governance happens informally or not at all.
The Service Level Governance
SLA governance requires ongoing attention:
| Governance Activity | Purpose |
|---|---|
| SLA review | Are SLAs still appropriate? |
| Performance review | Are SLAs being met? |
| Threshold adjustment | Do thresholds need updating? |
| Penalty/bonus execution | Are consequences applied? |
| Scope alignment | Does SLA scope match reality? |
SLAs negotiated at engagement may not fit ongoing reality. Governance adjusts.
The Change Advisory Board
Change governance often involves CAB:
| CAB Element | Purpose |
|---|---|
| Membership | Technical and business representation |
| Scope | Changes above standard threshold |
| Process | Review, approve, schedule |
| Documentation | Change records, decisions |
| Authority | Approve, deny, defer |
CAB provides structured change governance. Without structure, changes happen without appropriate oversight.
The Risk Governance Structure
Risk governance requires explicit structure:
| Risk Domain | Governance Approach |
|---|---|
| Operational risk | MSP-managed, client-informed |
| Security risk | Shared, explicit ownership |
| Compliance risk | Client-owned, MSP-supported |
| Vendor risk | Shared, MSP for managed vendors |
| Strategic risk | Client-owned |
Risk without owner is unmanaged risk.
The Communication Governance
How communication flows affects governance:
| Communication Type | Governance Need |
|---|---|
| Routine updates | Standard format, cadence |
| Incident notification | Defined thresholds, channels |
| Escalation | Clear paths, response expectations |
| Strategic discussion | Appropriate forum, participants |
| Feedback | Channel for concerns, improvement |
Communication governance prevents both information gaps and information overload.
The Contract Governance
Contract governance maintains alignment:
| Governance Activity | Cadence |
|---|---|
| Contract review | Annual minimum |
| Scope alignment | Quarterly |
| Pricing assessment | Pre-renewal |
| Term evaluation | Pre-renewal |
| Amendment processing | As needed |
Contracts require ongoing governance, not just initial negotiation.
The Governance Failure Patterns
Governance fails predictably:
| Failure Pattern | Consequence |
|---|---|
| Undefined decision rights | Paralysis or unauthorized decisions |
| Too many approvers | Slow decisions, workarounds |
| No escalation path | Issues persist unresolved |
| Governance theater | Meetings without decisions |
| Inconsistent application | Confusion, inequity |
| Governance absence | Chaos, relationship strain |
Recognition of patterns enables prevention.
The Governance Maturity
Governance capability develops over time:
| Maturity Level | Characteristics |
|---|---|
| Initial | Ad hoc, personality-dependent |
| Developing | Some structures, inconsistent use |
| Defined | Structures exist, consistently used |
| Managed | Structures measured, optimized |
| Optimizing | Continuous improvement |
Most MSP relationships operate at Developing or Defined. Progress requires deliberate effort.
Building Effective Governance
Developing governance capability:
Define structures. What governance bodies exist? What’s their scope?
Clarify decision rights. Who decides what? Document explicitly.
Establish processes. How do governance activities happen?
Assign accountability. Who ensures governance functions?
Document everything. Minutes, decisions, action items.
Review effectiveness. Is governance working? What needs adjustment?
Improve continuously. Governance evolves with relationship.
Governance is infrastructure. Invest in infrastructure to enable outcomes.
Sources
- Decision rights framework: COBIT governance framework
- Governance maturity: IT governance research
- Steering committee models: IT management best practices