'IT Governance' is a term we're hearing more about these days, yet if you ask any number of people what they understand from it, you might receive a fair number of explanations. Hence, what follows is a simple definition which will help in gaining a clearer understanding of this often, misunderstood term.
I've based this concise description on 'the' framework for IT Governance, namely COBIT [1]. COBIT (Control Objectives for Information and related Technology), currently in version 4.1, it is the principal IT Governance framework available today and, can be used to implement IT Governance effectively.
"IT Governance is the responsibility of executives and the board-of-directors and, consists of the leadership, organisational structures and processes which ensure that the enterprise's IT sustains and extends the organisation's strategies and objectives."
It should be noted that:
- The drivers for IT Governance vary from regulatory compliance requirements (e.g. SOX), to the need for Corporate Management to access reliable information for effective decision making.
- One of the core reasons for IT Governance is to have a business-focus in order to facilitate alignment between the business and IT objectives.
COBIT stipulates five (5) IT Governance Focus Areas, these are:
- Strategic Alignment: ensuring that IT is in-line with the business direction
- Value Delivery: ensuring IT is providing value to the business, gaining the expected returns and focusing on what will deliver maximum value to the business
- Risk Management: ensuring that risks are identified and managed appropriately
- Resource Management: diligent management of resources, COBIT includes here applications, information, infrastructure and people
- Performance Measurement: COBIT uses a number of techniques to ensure that IT performance is measured not only from an IT perspective, but also from the business perspective
These are shown graphically below [2]:
Hence, IT Governance avails tools (such as COBIT, ITIL, Balanced Scorecards) and techniques (such as formal structures, reporting, audits) to ensure that:
- IT is aligned with the business
- IT is more responsive to business needs
- Resources are utilised effectively
- IT Risks are identified and managed in the correct manner
- There is an improved relationship between IT and related stakeholders
Regards,
Musab Qureshi
References:
[1] http://www.isaca.org/cobit
[2] Image source: http://www.itsmf.org.sg/newsletter/0705/newsletter.html