A marketing team licenses an analytics platform. Finance signs for a planning tool. A product group stands up its own data pipeline on a cloud account IT has never seen. None of it crossed the technology leader's desk, yet all of it lands there: the integration, the security review, the failed audit, the outage that reaches customers. When the executive team asks who owns the mess, they turn to the CIO. The reason is structural. The organization handed business units the authority to buy technology and left the technology leader accountable for the outcomes.

This pattern now repeats across many enterprises. The instinct is to treat it as a governance gap or a tooling problem, and to reach for another policy or another platform. Both framings miss the point. The split between who decides and who answers for the decision is the real defect, and no tool closes it.

Decentralized Buying Is Working As Designed

Business-led purchasing is the predictable result of giving functional leaders their own budgets, direct cloud access, and a mandate to move fast. Gartner found that 74 percent of technology purchases are funded at least partially by business units outside IT, with only about a quarter funded entirely by the technology organization. That share has been climbing for years.

There are good reasons for the trend. A marketing leader who can buy and deploy a tool in a week should not wait a quarter for a central queue. Proximity to the problem tends to produce better tool fit. Speed produces advantage. Stripping business units of their buying power would slow the company down, and most boards would never allow it.

So the decentralization itself is sound, and many technology leaders now support business-led IT rather than resisting it. The technology executive who frames the problem as "people keep buying things without asking me" has misread the situation. The buying is a feature of how modern enterprises operate. The failure sits somewhere else.

The Real Failure Is Accountability Without Authority

The organization distributed the authority to buy technology and kept the accountability for it centralized. Functional leaders make the decisions. The CIO answers for the outcomes. That split has a name in management literature: accountability without authority, where a leader is held responsible for results they have no power to direct.

The pattern is measurable. A 2026 IBM study of 2,000 technology executives found that two-thirds are held accountable for AI systems they do not fully control. AI is simply where the gap shows first, because business-led adoption runs furthest ahead of central oversight there.

The technology executive cannot prevent a purchase, cannot set the security standard before the contract is signed, cannot vet the vendor, and frequently cannot see the tool at all until it breaks. Then that same executive is expected to integrate it, secure it, support it, and explain it to the board.

Most technology leaders absorb this quietly. They build shadow inventories, retrofit controls, and clean up after choices they were never part of. The work stays invisible until something fails. When it does, the visibility arrives all at once, through the governance gaps no one was watching. The blame arrives with it, and it lands on the CIO.

Competence is not the variable here. A leader operating without authority over the decisions they answer for will always be cleaning up and never preventing. The design guarantees it.

What It Costs The Business

The cost is easy to overlook because it never appears as a single line item. It shows up as drift.

The drift collects in four places:

• Integration debt, as disconnected tools multiply.
• Security exposure, from every unmanaged account and unreviewed vendor.
• Duplicate spend, hidden across departments buying overlapping capabilities.
• Support load, as the team is pulled into systems it did not choose and cannot fully see.

Each gap is small on its own. Together they compound into real money and real risk.

The deeper cost is to the technology leader's standing. An executive who spends their days absorbing other people's decisions has little capacity left for the strategic work the role exists to deliver. The board sees a CIO who is perpetually reacting and concludes the function is operational rather than strategic. The accountability the organization piled on ends up eroding the authority the role needs to do anything else.

Who Should Own The Risk When A Business Unit Buys Technology?

Whoever holds the budget and makes the purchase should own the risk it creates. If the technology organization is going to carry that risk instead, it needs real authority at the point of purchase. Recentralizing the buying would only slow the company down. The repair is to align decision rights with accountability.

Most executive teams never frame it that way. They ask how to stop shadow IT, which assumes the buying is the problem and sets out to suppress it. The more useful question is who is accountable for the risk a purchase creates, and whether they hold the authority to govern it.

Asking it that way forces the issue into the open. If a functional leader holds the budget and makes the call, that leader should carry a defined share of the accountability for security, integration, and lifecycle. If the technology organization is going to carry that accountability instead, it needs authority at the point of purchase: a standard every buy must meet, visibility into what is being acquired, and a real veto over decisions that create disproportionate risk. Authority and accountability have to sit in the same place. Whichever way a company resolves it, the two cannot stay apart.

CEOs and CFOs are the ones positioned to set this, because it is a question of organizational design rather than technology. They control how budget authority gets granted and how accountability gets assigned. The technology leader can name the gap. Only the chief executive and the finance chief can close it.

Accountability and authority belong in the same hands. When they are split, the business gets speed without control, and the technology leader is left cleaning up decisions they were never allowed to shape. Working through conditions like this with peers who operate under the same pressure is what senior technology leaders do at CIO Mastermind.