According to Gartner.com, IT governance (ITG) is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. IT governance provides a structure for aligning IT strategy with business strategy.
What you will learn in this article is that governance frameworks are created to support management strategies and the first result is the creation of policies. Following policies, then processes and practices are created to provide direction and prioritization of activities. Audit activities are also required to monitor and validate performance which provides feedback related to compliance.
Where does IT Governance Fit?
Corporate Governance
Corporate governance consists of the set of processes, customs, policies, laws and institutions affecting the way people direct, administer or control a corporation. Corporate governance also includes the relationships among the many players involved (the stakeholders) and the corporate goals.
IT Governance
IT Governance primarily deals with connections between business focus and IT management. The goal of clear governance is to assure the investment in IT general business value and mitigate the risks that are associated with IT projects.
IT Policy
A policy explains what to do in a particular set of circumstances by providing necessary rules and requirements and by setting expectations. Policies help clarify performance requirements, communicate management’s intent for how work should be done, and establish accountability and the foundation for compliance.
Procedures break policies down into detailed steps that describe how work should be done and identify who should do what. To be effective, policies and procedures need to accurately reflect what the organization wants done—they should clearly describe circumstances, rules, options, and activities in a way that is understandable and can be readily put into practice.
IT Process & Procedures
Business processes or business methods is a collection of related, structured activities or tasks that produce a specific service or product (serve a particular objective). It often can be visualized with a flowchart as a sequence of activities.
IT Auditing
Governance may refer to particular policies that can lead to standards or procedures, but the purpose of governance is to ensure they are followed. There needs to be a mechanism in place to monitor compliance. This can be as formal as an IT Audit function, to as informal as periodic reviews. One way or another, metrics must be collected to ensure the goals set in the governance document are being met.
What is good Governance
Good governance has 8 major characteristics. It is participatory, consensus oriented, accountable, transparent, responsive, effective and efficient, equitable and inclusive and follows the rule of law.
Participatory
Participation by both men and women is a key cornerstone of good governance. Participation could be either direct or through legitimate intermediate institutions or representatives. Participation needs to be informed and organized. This means freedom of association and expression on the one hand and an organized civil society on the other hand.
Rule of law
Good governance requires fair legal frameworks that are enforced impartially.
Transparency
Transparency means that decisions taken and their enforcement are done in a manner that follows rules and regulations. It also means that information is freely available and directly accessible to those who will be affected by such decisions and their enforcement. It also means that enough information is provided and that it is provided in easily understandable forms and media.
Responsiveness
Good governance requires that institutions and processes try to serve all stakeholders within a reasonable timeframe.
Consensus oriented
There are several actors and as many view points. Good governance requires mediation of the different interests to reach a broad consensus on what is in the best interest of the whole and how this can be achieved. It also requires a broad and long‐term perspective on what is needed for sustainable development and how to achieve the goals of such development.
Equity and inclusiveness
Ensuring that all its members feel that they have a stake in it and do not feel excluded from the group. This requires all groups have opportunities to participate and be heard.
Effectiveness and efficiency
Good governance means that processes and institutions produce results that meet the needs of business while making the best use of resources at their disposal. The concept of efficiency in the context of good governance now also covers the sustainable use of natural resources and the protection of the environment.
Accountability
Accountability is a key requirement of good governance. Not only governmental institutions but also the private sector and civil society organizations must be accountable to the public and to their institutional stakeholders. Who is accountable to whom varies depending on whether decisions or actions taken are internal or external to an organization or institution. In general, an organization or an institution is accountable to those who will be affected by its decisions or actions. Accountability cannot be enforced without transparency and the rule of law.
Where Should I Start?
Defining IT Role & Responsibilities
The starting point to define IT governance is to define the role and responsibilities of the IT area. If the document goes over a page or two, it is probably too detailed.
- Role means a person who is the one accountable and the way the organization is structured
- Responsibilities mean the role must be doing something. The “doing something” implies there is a methodology or process for doing whatever is being done.
These are the two key elements of governance. “People & Structure” and “Process”.
Support frameworks
Supporting frameworks developed to guide the implementation of information technology governance. Some of them are:
- Control Objectives for Information and related Technology (COBIT) is regarded as the worlds leading IT governance and control framework. This is done by providing tools to assess and measure the performance of 34 IT processes of an organization. Originally created by ISACA, COBIT is now the responsibility of the ITGI (IT Governance Institute).
- The IT Infrastructure Library (ITIL) is a detailed framework with hands‐on information on how to achieve a successful operational service management of IT, developed and maintained by the United Kingdom’s Office of Government Commerce, in partnership with the IT Service Management Forum.
- The ISO/IEC 27001 (ISO 27001) is a set of best practices for organizations to follow to implement and maintain a security program. It started out as British Standard 7799 ([BS7799]), which was published in the United Kingdom and became a well-known standard in the industry that was used to provide guidance to organizations in the practice of information security.
- CMM ‐ The Capability Maturity Model ‐ focus on software engineering
Benefits of Good IT Governance
- Good IT Governance provides the following benefits:
- Standardized process and procedures to better manage the IT environment
- Maximize return on IT investment
- More effective IT because of a closer alignment with the business
- Alignment with corporate objectives
- Consistency with IT Strategy & Policy
- Accountability and transparency in decision making that impacts on IT