Demystifying IT Governance

Sometimes we walk long distances without really looking at the trail or the trees along the way. Very often our journey, indeed its entire purpose, is profoundly affected by the two. But that issue - or tragedy - is minor compared to the fact that quite often we do not have a destination in mind. We just do it!

Sometimes we walk long distances without really looking at the trail or the trees along the way. Very often our journey, indeed its entire purpose, is profoundly affected by the two. But that issue - or tragedy - is minor compared to the fact that quite often we do not have a destination in mind. We just do it!

One such journey is our pursuit of IT Governance. For we expend a lot of energy on this long walk to, well sometimes, nowhere. Depending on your circumstance, this might be "nowhere" in particular or of meaning or of value. The net of it is that if we want to have meaningful governance, we must understand the objective, imperative and the process. The big picture, if I may.

This article might well be your first step in the long walk towards effective IT Governance. To get meaning out of it, please check your current knowledge about the topic at the door. We are threatening to think outside the box and it doesn't help to carry the box while doing that.

What is IT Governance?

Many a pundit has provided definition of IT Governance. Wikipedia's definition - it is on the internet so it must be true! - is "IT Governance or ICT Governance, is a subset discipline of Corporate Governance focused on information technology (IT) systems and their performance and risk management."


Besides being completely incorrect - IT Governance has as much to do with IT systems as Corporate Governance has to do with company buildings - there is a fundamental flaw with this definition. I am not sure about you but I like my definitions to have meaning (please refer to for a definition of definition!).

The definition of a horse: "An animal with four legs that can run fast" How clear is this?

More importantly, this "meaning" cannot come until there is resulting action. Not just any action but that focused on meaningful results. Otherwise we are engaged in an academic exercise that is interesting but impertinent to our objective of good governance.

What action, if any, can I take based on this definition of IT Governance?

And the drivel on IT Governance - in Wikipedia and elsewhere - continues from that point on into more meaningless alleys and byways missing the great big paved highway that will take us home.

So let us devise our own definition of IT Governance.

IT Governance is a process used to monitor and control key information technology capability decisions - in an attempt - to ensure the delivery of value to key stakeholders in an organization.

Here are the key points in this definition:

  1. IT Governance is a process. It is not a point in time event. It is not a committee. It is not a department.
  2. The objective of IT governance is to ensure the delivery of business results not "IT systems performance" nor "IT risk management" - that would reinforce the notion of IT as an end in itself. To the contrary, IT Governance is about IT decisions that have an impact on business value.
  3. The process therefore monitors and control key IT decisions that might have an impact - positive or negative - on business results.
  4. The concept of governance is meaningless without the recognition of both ownership and responsibility. The key stakeholders in an organization have an "ownership" stake in the organization. The management is responsible to these stakeholders.
    1. We must recognize the ownership stake of not just shareholders but also of the other stakeholders such as customers, vendors, employees etc.
    2. The "management," i.e. the people entrusted with making key decisions, is responsible to these stakeholders.
  5. Therefore, the objective of IT Governance is not just the delivery of risk optimized business value but also to engender the trust of the key stakeholders in the people who they have entrusted their money and/or livelihood!
    1. One can argue that this trust results in more business value. No doubt. But the fact remains that it is a means to that end and must be recognized independently as a motivation for IT Governance.
    2. In a sense, IT Governance acts upon the old adage of "trust but verify!"

Now, let us ask the same question we asked of the Wikipedia definition: what action can we take based on this definition?

  1. Devise a process for IT Governance
  2. The process monitors and controls key decisions
  3. This process measures and tracks business value not IT value or anything else
  4. This process involves key stakeholders in its organization and delivery

Much better! In the next article we will dive deeper into the background, imperative and other "big picture" issues related to IT Governance.

About the Author:

Sourabh Hajela is a management consultant and trainer with over 20 years of experience creating shareholder value for his Fortune 50 clients. His consulting practice is focused on IT strategy, alignment and ROI. For more information, please visit Or feel free to contact Sourabh at [email protected]

Documents are in common file formats such as Microsoft Word (doc), Powerpoint (ppt), Excel (xls,csv,xlsx), and Adobe pdf.


*!#@ The E-Mail. Can We Talk? Face-to-face meetings can trump technology. Some companies call for "no e-mail Fridays"
10 best practices for your enterprise SOA SOA's benefits are seldom, if ever, questioned. However, one must embark on this journey carefully. This article provides some pointers. Read the arti...
11 Leadership Competencies of the IT Leader “With speed so important, IT leaders have to be much more decisive when addressing rapid changes to technology and business drivers. They need to be m...
12 Tips to More Effective Communications There are two types of leaders - ones who can communicate and others who fail. Effective communications are indeed that important to leadership. Are ...
20 Dumb Mistakes Organizations Make This article is funny but makes an excellent point - do not assume your employees are dumb. Leaders make dumb mistakes because they underestimate thei...
5 Critical Requirements Steps that get Missed: Wha... Over the years, I have worked with, mentored, trained, managed and interviewed hundreds of Business Analysts. What I am about to tell you will shock y...
5 Reasons For Outsourcing Failure Why do outsourcing relationships fail? Here are five reasons to watch out for... Read on>>
7 things a CxO should know about eBusiness Over a decade after Senator Al Gore invented the internet2, organizations are still struggling with leveraging it effectively. The “old economy” or “b...
A blind man crosses the road – Budgeting in ... Ever seen a blind man cross the road..? – or is that just Exco (The executive committee) trying to decide on the IT budget? There is something g...
A Blueprint for Strategic Leadership The title suggests that the article will give out the leadership "formula." It doesn't. Still it is an excellent read because it provides very good ex...
A Business Model Framework to Analyze the Impact o... eBusiness Strategy Issue No 1: What is the place of eBusiness in our business model? This paper presents a framework to address this issue - from shou...
A Business-Oriented Foundation for Service Orienta... SOA must be firmly grounded in business. It is a business imperative that SOA is addressing. This article provides a good introduction to that connect...
A Case for SOA Governance A very good primer on goverance in general and its application to SOA. If you are just getting started, then this might be a good place to get rolling...
Do NOT follow this link or you will be banned from the site!
S hiZ d YlbcpfXJG lP u zmhIs