What is IT governance1?
IT governance (Information Technology Governance), an element of corporate
governance2, can be defined as a framework (including rules, regulations, policies, and
procedures) that aims at ensuring the effective and efficient management, operations, and
practices of information technology within the organizations. Any organization which has
embraced information and communication technology as a critical part of its operations must
follow the frameworks defined by IT governance. By following a formal framework,
organizations can produce an optimized and sustainable value from their investments in IT. IT
Governance is also known as:
•
•
•
•
•
Information technology governance
Information and communications technology governance (ICT Governance)
Corporate Governance of information technology (CGIT)
Corporate governance of information and communications technology
Enterprise governance of information technology (EGIT)
Why is IT governance significant?
It is not enough for corporations to have IT systems and expect them to deliver strategic
value to them. Instead, there needs to be a mechanism in place to regulate, monitor, and govern
the value creation efforts of the IT systems. This governance mechanism of IT systems deals
with the performance and risk management of those IT systems in a manner that would create
value for the organizations and ensure that the intended alignment of the IT and business
objectives is on track. Hence, IT governance deals with the identification, establishment, and
linking of the mechanisms of the IT systems to both manage risks and at the same time ensure
that their performance is in tune with the stated objectives. The significance of IT governance
cannot be ignored•
•
•
•
•
•
•
•
It provides a framework for management, operations, and practices of information
technology- a control mechanism
Helps to align IT strategy to business strategy and goals
Helps in identifying potential IT investment opportunities; their evaluation, selection,
prioritization, and final funding decision making
Aims at leveraging the attainment of optimized value from the investments in IT
Reduces the chances of operational, decisional failure and helps in risk optimization
Ensures transparency and accountability of IT management, operations, and practices
Aims at keeping a sustainable growth by ensuring sound resource management
Ensures maximum value to the stakeholders
What are the domains/working areas/components of IT governance?
The IT Governance Institute (a division of ISACA3) breaks down IT governance into five
domains:
1
Governance encompasses the system by which an organisation is controlled and operates, and the
mechanisms by which it, and its people, are held to account.
2
Corporate governance is the combination of rules, processes, or laws by which businesses are operated,
regulated, or controlled.
3
ISACA is an international professional association focused on IT governance. On its IRS filings, it is known as
the Information Systems Audit and Control Association, although ISACA now goes by its acronym only.
Page 1 of 3
1. Strategic Alignment: The governance must ensure that the IT services and
developments are fully aligned with the organization’s business strategy. Lack of
alignment between the IT strategy and the business strategy can cause adverse
business issues.
2. Value Delivery: The governance must ensure that the maximum business value is
obtained from the IT systems.
3. Risk Management: All IT-related risks must be sufficiently controlled or mitigated,
including the risks of investments as well as operation.
4. Resource Management: The governance must ensure that the IT capabilities and
resources are always sufficient to meet the current and future business objectives
through appropriate sourcing of new and use of existing IT resources.
5. Performance Measurement: The contribution of IT to achieving the organization’s
strategic objectives should be measured. This will demonstrate how IT governance
adds value to the business.
Define IT Governance, Risk, and Compliance (GRC).
A combined discipline for better enterprise security because it pulls together all of a
company’s IT risk, compliance and governance functions into one strategy. IT Governance
(Information Technology Governance), Risk and Compliance (GRC) are critical practices
which ensure the right investments are made in technology to drive business value, protect the
organization, and legally operate. Governance, Risk and Compliance aren’t optional; whether
planned or ad-hoc, your organization has to engage in these. However, it broadly covers these
three areas:
•
•
•
Governance: Ensuring that organizational activities support the organization's
business goals.
Risk: The identification, classification and addressing of any risk associated with
organizational activities.
Compliance: Ensuring that an organization is meeting compliance with all legal and
regulatory requirements.
There is a myth that governance, risk and compliance are the enemy of agility. However,
when designed and executed correctly strong governance and risk management practices will
enable IT organizations to deliver with higher velocity and greater consistency and driver
greater business value.
IT Governance vs IT Management
Governance and management are terms for activities that every organization should be
carrying out. But what are the differences between IT governance vs IT management? In small
organizations, the same individual might be doing activities related to both of these without
realizing that there is a difference, but they should be thought of as having separate roles and
responsibilities. When considering the differences, it is important to recognize that both are
concerned with controlling an organization so that it can achieve its goals. However, there are
subtle differences between them.
The word ‘governance’ comes from the same root as ‘government.’ Most people understand
what the role of the government is. It sets out what an organization must do now and what it
should become in the future. So, governance in IT is concerned with setting the direction for
IT, defining and ensuring compliance with the necessary rules and regulations, and making any
required changes in policies to avoid any conflicts with the goals of the organization.
Page 2 of 3
In IT, management is a much more commonly used term than governance. Management is
concerned with the day-to-day operation of IT, including decision-making and resource
allocation. The role of IT management is to ensure the smooth running of IT. Management
operates at multiple levels, including top management, IT team management, and IT process
management.
Hence in summary:
•
•
Governance is a task that is concerned with setting the goals for IT, including the
necessary controls and activities required to achieve those goals. Whereas IT
management is concerned more with looking after day-to-day IT operations and
maintaining the smooth delivery of IT services.
Governance in IT answers the questions about how IT contributes to the goals of the
organization both now and in the future, whereas IT management answers questions
about how IT operates on a daily basis.
Page 3 of 3
0
