No business can survive today without the successful use of Information Technology. The drivers leading to the importance of IT are; effective communication and commercial competitiveness. Keeping pace with fast changes in IT has rendered many best practice standards obsolete.
Today’s IT decision makers and business managers face uncertainty – characterised by a lack of relevant, practical, advice and standards to guide them through this new business revolution- ISACA
Often mistaken as an independent area of study, governance of Information Technology is a subset of corporate governance and the overall corporate strategy of the organization.
What Is IT Governance?
Information Technology Governance (ITG) is the needs of an organization for IT to deliver full value, to align itself with business strategy and direction, to identify and control risk, and to ensure legislative and regulatory conformance. IT Governance is a key component of, and exists within, the larger corporate governance framework.
IT governance provides the conceptual framework, structures, processes, resources and information aligned to enterprise strategies and objectives, enabling the enterprise to take full advantage of IT, maximizing benefits, capitalizing on opportunities and gaining competitive advantage- ISACA
The primary focus of ITG is not on the technical details of IT, but rather on the capability and performance of the business. ITG indicates the requirements of business to find a balance between conformance to legal and regulatory standards, and performance ambitions.
Increasing numbers of businesses have standardised their ITG practices to provide a greater measure of control over IT assets. This has shown to provide benefits in how IT strategy can be aligned with business strategy, and with the measurement of IT performance results. It also makes sure that all stakeholders’ interests are taken into account. ITG frameworks should provide answers to key questions, such as how the IT department is functioning overall, what key metrics management needs and what return IT is giving back to the business from the investment it’s making.
- Executive and non-executive leaders from the board especially the heads of finance, operations, and IT.
- Those that have a responsibility towards shareholders and public relations.
- Audit regulators from both the internal and external environments.
- Mid-level management including IT managers.
- Strategic partners and suppliers.
- Both reactive and proactive measures to ensure continuity of IT services.
- IT investment costs and a measurable return on investment.
- A highly reliable quality service, that upholds the values of the organization.
- If IT is ineffective in delivering what the business needs.
- All IT related risks to be identified and managed.
- Capability and skills of human resources.
- The organization complying with all requirements relating to contracts, regulation, and the law.
- IT to have the ability to quickly respond to changing conditions.
The Business Case for IT Governance
The decision to govern IT or not is no longer an option for any organization. IT has become pervasive in both private and public sector organizations, and has become instrumental in business change. Organizations face both failure and potential loss by the lack of effective governance. Business objectives are achieved by those organizations which adopt effective governance, while ineffective governance promotes poor results.
The two strategic drivers creating the need for ITG are: process based enterprise maturity, and employment based business necessity. Market forces will require all businesses to be relevant and competitive, which will in turn require strategic alignment of both IT and business strategies to make best use of technology opportunities and technology driven changes in the marketplace. An important ITG attribute in relation to enterprise maturity is the development and maintenance of the capability to perform key IT processes. Organizations that achieve high levels of enterprise maturity in relation to the IT function tend to reap significant rewards.
The Focus Areas of IT Governance
According to the IT Governance Institute, there are five areas of focus:
Strategic alignment: Linking both IT and business strategy so that they function well together. Aligning the IT value proposition with the goals and objectives of the organization. Having clear plans, definitions, and maintenance strategies for both business and IT, with cooperation from business and IT leaders.
Value delivery: Ensuring that the necessary mechanisms are in place to execute the value proposition through the entire delivery process. This area is focused on the organization receiving the benefit from what IT does, both financially and strategically.
Resource management: This area focuses on the necessary investment and management of resources being available. These resources include people, processes, infrastructure, and applications. Staff can for example be organized on a skills basis rather than line of work.
Risk management: Business leaders must have a clear understanding of the risks involved in terms of security, compliance, reliability, availability, and IT performance to reduce the exposure to risk. There must be a clear understanding of the levels of risk the organization will tolerate, and risk management must be incorporated into management policies.
Performance measures: this area tracks and measures performance using methods such as scorecards, and assessment tools, to ensure IT is achieving the required business goals. The measures will consider resource usage, service delivery, project completion, and implementation of business strategy. Both qualitative and quantitative measures provide performance metrics, beyond the scope of conventional accounting
Implementation of IT Governance
Most companies will adopt at least one existing governance framework that has been organized and grounded in industry best practice research, rather than take a risk designing a custom solution. According to a survey by PricewaterhouseCoopers, 95 percent of participants use one of the major IT governance frameworks, while only a few create their own. Many of the existing frameworks also offer a guide to their implementation, again minimizing risk.