IT Governance

Governance and its importance:

According to the Cambridge Dictionary, governance is “the way that organizations or
countries are managed at the highest level, and the systems for doing this.”
Good governance ensures the consistency and repeatability of processes. Most importantly,
these consistency and repeatability must be cascaded from the highest level of the
organization.

Governance, so to speak, is a very critical element of any organization and, most of the time,
we apply governance features without even knowing it.

Corporate Governance:
Corporate governance refers to the way a corporation is governed. Corporate governance
refers to the set of systems, principles and processes by which a company is governed
and deals with determining ways to take effective strategic decisions. They provide the
guidelines as to how a company can be directed or controlled such that it can fulfil its goals
and objectives in a manner that adds to the value of the company and is also beneficial for all
stakeholders in the long term. Stakeholders, in this case, would include everyone ranging
from the board of directors, management, shareholders to customers, employees and society.
The management of the company hence assumes the role of a trustee for all the others.

IT Governance or Information Technology Governance:

Information technology governance, however, is a subset discipline of Corporate

Governance. Although it is sometimes mistaken as a field of study on its own, IT Governance
is actually a part of the overall Corporate Governance Strategy of an organization. In simple
words, IT Governance is putting structure around how organizations align IT strategy with
business strategy, ensuring that companies stay on track to achieve their strategies and goals,
and implementing good ways to measure IT’s performance. It makes sure that all
stakeholders’ interests are taken into account and that processes provide measurable results.

The need for IT governance is felt because the interests of the organization and those
managing the IT systems can be at odds or in other words, there is a conflict between these
two imperatives. Thus, IT governance is needed to ensure that the IT systems are doing their
assigned duty and that the objectives of the CEO and the CIO are the same. Indeed, it can be
said that IT governance includes all the key stakeholders in the organization starting with the
executive management and the boards and including the staff, customers, and ending with the
regulators and investors.

An IT governance framework answers some key questions, such as how the IT department is
functioning overall, what key metrics management needs and what return IT is giving back to
the business from the investment it’s making.

The primary goals of IT Governance are to assure that the investments in IT generate
business value, and to mitigate the risks that are associated with IT. This can be done by
implementing an organizational structure with well-defined roles for the responsibility of
information, business processes, applications and infrastructure.
Organizations and businesses need a structure or framework to ensure that the IT function is
able to sustain the organization’s strategies and objectives. The framework and level we need
depends on the size, industry or applicable laws or regulations. In general, the larger and
more regulated the organization, the more detailed the IT governance structure should be.

IT Governance Framework

It doesn’t make sense to reinvent the wheel by starting from scratch. Start with a IT
governance framework; there are many to choose from, but using at least one means
everything has already been organized by industry experts.

A IT governance framework includes three elements:

 Governance principles – the principles by which all IT initiatives will be governed

 Governance structure – the roles and responsibilities of the major stakeholders in the
IT governance decision-making process, including committees and organizational
elements at the branch level

 Governance process – the various stages required to review, assess and approve or
reject new IT initiatives

Implementing good IT governance requires a framework.

COBIT

The framework Control Objectives for Information and related Technologies (COBIT) was
developed in 1996, from the Information Systems Audit and Control Association (ISACA), is
probably the most popular. Basically, it’s a set of guidelines and supporting tool set for IT
governance that is accepted worldwide. It’s used by auditors and companies as a way to
integrate technology to implement controls and meet specific business objectives. COBIT 5 is
the only business framework for the governance and management of enterprise IT. This
evolutionary version incorporates the latest thinking in enterprise governance and
management techniques, and provides globally accepted principles, practices, analytical tools
and models to help increase the trust in, and value from, information systems. COBIT 5
builds and expands on COBIT 4.1 by integrating other major frameworks, standards and
resources, including ISACA’s Val IT and Risk IT, Information Technology Infrastructure
Library (ITIL) and related standards from the International Organization for Standardization
(ISO).

Should My Organization Care?

There are a few varieties of organizations with whom IT governance concepts are most
likely  to resonate.

 Organizations or businesses that are subject to regulatory compliance

 Businesses or organizations that have business models driven by efficiency and
optimization
 Organizations that have demonstrated mature IT operations

Principles of IT Governance

 The Risk Principle: Measures and controls must be adjusted according to the levels
of risk.
 The Suitability Principle: The needs of the organization determine the plan for the
level and style of governance.
 The Behavior Principle: The governance solution drives the organizational behavior
 The Deployment Principle: The governance solution must be incrementally
implemented
 The Automation Principle: Technology makes the governance solution empowering
and unobtrusive.