Chapter

Introduction to IT Governance

Information technology (IT) is critical to a 21st-century organization. Increasingly, all aspects of a business are dependent upon information technology. It is not a surprise, therefore, that IT is the biggest expense in a modern organization. Companies across industries understand that effective and efficient IT is important to their survival and growth.

Against this backdrop, monitoring and controlling investment in IT are essential to value delivery, risk mitigation, and compliance with laws and regulations. Often referred to as Governance, Risk, and Compliance or GRC, this important capability is squarely on the Board and Management’s agenda.

This chapter introduces IT Governance– information and resources on the basics of Information Technology Governance (IT Governance). It will help you understand the definition of IT Governance, key concepts, connection with other aspects of IT Management, and how it creates business value and ensures better IT performance.

The content has been designed to benefit both those who are starting out with the governance of  IT and experienced practitioners who can brush up on concepts and learn new ones.

What is Governance?

Before we look at IT Governance, let us understand the basics of governance. Simply put, governance is a system of rules, controls, monitoring, resolutions, and structure to improve decision outcomes.

These rules are derived from best practices-based principles, policies, laws, and regulations that when applied to decisions within an organization result in compliance with the law, lower risks, and better performance.

However, rules are meaningless unless their adherence is verified.

Therefore, a key aspect of governance is monitoring and control. Controls prevent the breaking of rules so they act as guard rails for continuous monitoring.

Controls are continuously monitored, and their performance is reported through a feedback loop. When controls are executed as planned and when not, the feedback loop informs appropriate roles with the responsibility and decision rights to act upon it.

In theory, adherence to rules results in better performance that will trigger rewards for shareholders and employees in better compensation (not to mention job security). However, if a rule is broken, there must be consequences. These consequences, also called resolution more generically, provide a mechanism for accountability and knowledge management. There is no governance without consequence.

Finally, there is a structure that supports an effective IT Governance system. It comprises roles, responsibilities, and decision rights to create, monitor, and control rules, feedback, and consequences in a governance system.

Governance is critical to the delivery of value from investments.

What is IT Governance?

There are many definitions of IT Governance, mostly similar but some with significant differences. The differences primarily center around means and ends, with some defining IT Governance from the perspective of its means and others its ends. Yet another angle to the different IT Governance definitions: meaning versus role.

Let us take a few examples to understand what IT governance is.
Gartner states, “IT governance (ITG) is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals.”

Notice that governance is defined as a process without considering principles or structure. It is also missing any mention of decisions or decision rights. These critical aspects of IT Governance are missing from this definition.

IT Governance Institute (ITGI)’s definition is: “Information technology (IT) governance consists of the leadership, structures, and processes that enable an organization to make decisions to ensure that its IT sustains and extends its strategies and objectives.”

ITGI has highlighted leadership, structures, and processes with the objective of making better decisions about IT investments. It covers a lot of ground and includes both means and ends.

Another definition of IT Governance is provided by Mitre as “IT governance is about making decisions in a repeatable, structured manner to support investment in and use of IT to achieve an organization’s goals. The goals of IT governance are to ensure IT investments generate business value and to mitigate IT risks.”

The focus here is on decisions and structure.

Finally, CIO Wiki defines IT Governance as “a process used to monitor and control key information technology capability decisions to ensure the delivery of value to key stakeholders in an organization.”

Again, IT Governance is defined as a process to make decisions but with a different, much broader objective: value. Additionally, it touches upon the core of governance as “monitor and control.”

Together, these definitions paint a picture of the means, ends, meaning, and role of IT Governance. It is safe to say that IT Governance aims to improve the return on IT investments.

Now, we tackle a bigger question: is it IT Governance or Corporate governance of IT? In other words, is the scope limited to the IT Organization or does it span the enterprise? Is IT Governance an item on the CIO’s agenda or on the Board’s?

In reality, there is only one governance: corporate governance. IT Governance is an integral part of it. To be effective, the Board of Directors must govern IT, providing direction to the CIO and IT Organization.

What is Corporate Governance?

Corporate governance is the system of rules, controls, monitoring, resolutions, and structure to direct an organization so it meets its vision, goals, and objectives most efficiently. Essentially, it is a means to monitor and control decisions for superior performance so it encompasses practically every sphere of management, from action plans and internal controls to performance measurement and corporate disclosure.

Corporate governance improves organizational performance and benefits all stakeholders – shareholders, customers, suppliers, employees, managers, the board of directors, management, and society.

Corporate governance controls behavior. It molds the corporate culture to adhere closely to corporate ethics and values. This embeds good practices into the fabric of an organization that results in sustainable results.

Shareholders’ role in corporate governance is to appoint a Board of Directors to provide direction to management. Auditors ensure compliance with the rules set by the governance system.

IT being critical to a company, takes the largest share of the corporate budget. Maximizing value from IT investments is a key item on a board’s agenda. This is being recognized, and IT investments are increasingly being managed at the board level. With this, there is a shift in terminology from “IT Governance” to “Corporate Governance of IT”

Key Learning Objectives:
This excellent introduction will help you with the fundamentals of IT Governance – define and describe it, explain key concepts, and know when and where to apply it. This chapter will help you answer the following questions:

  • What is IT Governance?
  • What is the purpose of IT Governance?
  • Who is responsible for IT Governance?
  • What should an IT Governance Charter include?
  • What are the key elements of IT Governance?
  • Why is IT Governance important to the business?
  • When is IT Governance applied?
  • How is IT Governance implemented?
  • Where does IT Governance have the most impact?
  • How does IT Governance enable business performance?

This introduction will help CIOs understand IT Governance in context, make the connection between IT Governance and other concepts such as IT Strategy, Enterprise Architecture Planning, IT Operating Model, and IT Roadmap, and start thinking about technology Governance principles, guidelines, policies, charter, controls, and structure.

We have curated overviews, primers, beginner’s guides, etc., that introduce IT Governance in context. This introduction to the basics is designed to help IT Governance practitioners navigate this complex domain and, more importantly, apply this learning to create an effective Governance for the IT function.

Remember, this is just the beginning of your journey as it lays the groundwork upon which you can build a solid IT Governance for your organization. After all, great journeys begin with the first step.

Essentials of IT Governance: An Overview for Today’s CIOs

This primer is designed to equip IT leaders with a clear understanding of what IT governance entails and its monumental impact on business alignment, resource optimization, and risk management. A must-read for CIOs charting the course of their organizations in a digital world. (50+ pgs)

Harnessing IT Governance for Business Success

This presentation explores the pivotal role of IT Governance in modern organizations. It will help you understand its focus areas, implementation steps, and impact on strategic alignment, value delivery, and risk management.

Navigating Complexity: A Guide to Effective IT Governance and Enterprise Architecture Governance for CIOs

Navigating the complex world of IT systems? Align your IT strategies with business goals effectively with this comprehensive guide. Ideal for CIOs and IT executives, it offers industry insights and best practices for robust IT governance and enterprise architecture governance. Enhance decision-making, mitigate risks, improve compliance, and manage social processes in IT governance.

Essential Guide to Understanding IT Governance

This guide serves as an invaluable resource for understanding the core principles of IT governance, highlighting its role in driving business value and managing IT risks. Excellent Read! (50 pgs)

Please login to unlock all 156 posts in Introduction to IT Governance

Featured

Please visit the CIO Wiki for comprehensive coverage of IT Management terms and concepts.

Join The Largest Global Network of CIOs!

Over 75,000 of your peers have begun their journey to CIO 3.0 Are you ready to start yours?
Mailchimp Signup (Short)