Demystifying IT Governance

Sometimes we walk long distances without really looking at the trail or the trees along the way. Very often our journey, indeed its entire purpose, is profoundly affected by the two. But that issue - or tragedy - is minor compared to the fact that quite often we do not have a destination in mind. We just do it!

One such journey is our pursuit of IT Governance. For we expend a lot of energy on this long walk to, well sometimes, nowhere. Depending on your circumstance, this might be "nowhere" in particular or of meaning or of value. The net of it is that if we want to have meaningful governance, we must understand the objective, imperative and the process. The big picture, if I may.

This article might well be your first step in the long walk towards effective IT Governance. To get meaning out of it, please check your current knowledge about the topic at the door. We are threatening to think outside the box and it doesn't help to carry the box while doing that.

What is IT Governance?

Many a pundit has provided definition of IT Governance. Wikipedia's definition - it is on the internet so it must be true! - is "IT Governance or ICT Governance, is a subset discipline of Corporate Governance focused on information technology (IT) systems and their performance and risk management.""


Besides being completely incorrect - IT Governance has as much to do with IT systems as Corporate Governance has to do with company buildings - there is a fundamental flaw with this definition. I am not sure about you but I like my definitions to have meaning (please refer to for a definition of definition!).

The definition of a horse: "An animal with four legs that can run fast" How clear is this?

More importantly, this "meaning" cannot come until there is resulting action. Not just any action but that focused on meaningful results. Otherwise we are engaged in an academic exercise that is interesting but impertinent to our objective of good governance.

What action, if any, can I take based on this definition of IT Governance?

And the drivel on IT Governance - in Wikipedia and elsewhere - continues from that point on into more meaningless alleys and byways missing the great big paved highway that will take us home.

So let us devise our own definition of IT Governance.

IT Governance is a process used to monitor and control key information technology capability decisions - in an attempt - to ensure the delivery of value to key stakeholders in an organization.

Here are the key points in this definition:

  1. IT Governance is a process. It is not a point in time event. It is not a committee. It is not a department.
  2. The objective of IT governance is to ensure the delivery of business results not "IT systems performance" nor "IT risk management" - that would reinforce the notion of IT as an end in itself. To the contrary, IT Governance is about IT decisions that have an impact on business value.
  3. The process therefore monitors and control key IT decisions that might have an impact - positive or negative - on business results.
  4. The concept of governance is meaningless without the recognition of both ownership and responsibility. The key stakeholders in an organization have an "ownership" stake in the organization. The management is responsible to these stakeholders.
    1. We must recognize the ownership stake of not just shareholders but also of the other stakeholders such as customers, vendors, employees etc.
    2. The "management," i.e. the people entrusted with making key decisions, is responsible to these stakeholders.
  5. Therefore, the objective of IT Governance is not just the delivery of risk optimized business value but also to engender the trust of the key stakeholders in the people who they have entrusted their money and/or livelihood!
    1. One can argue that this trust results in more business value. No doubt. But the fact remains that it is a means to that end and must be recognized independently as a motivation for IT Governance.
    2. In a sense, IT Governance acts upon the old adage of "trust but verify!"

Now, let us ask the same question we asked of the Wikipedia definition: what action can we take based on this definition?

  1. Devise a process for IT Governance
  2. The process monitors and controls key decisions
  3. This process measures and tracks business value not IT value or anything else
  4. This process involves key stakeholders in its organization and delivery

Much better! In the next article we will dive deeper into the background, imperative and other "big picture" issues related to IT Governance.

About the Author:

Sourabh Hajela is a management consultant and trainer with over 20 years of experience creating shareholder value for his Fortune 50 clients. His consulting practice is focused on IT strategy, alignment and ROI. For more information, please visit Or feel free to contact Sourabh at [email protected]

Documents are in common file formats such as Microsoft Word (doc), Powerpoint (ppt), Excel (xls,csv,xlsx), and Adobe pdf. 1


Leave a Reply