IT Governance Governance and Its Importance
IT Governance Governance and Its Importance
IT Governance Governance and Its Importance
Governance, so to speak, is a very critical element of any organization and, most of the time,
we apply governance features without even knowing it.
Corporate Governance:
Corporate governance refers to the way a corporation is governed. Corporate governance
refers to the set of systems, principles and processes by which a company is governed
and deals with determining ways to take effective strategic decisions. They provide the
guidelines as to how a company can be directed or controlled such that it can fulfil its goals
and objectives in a manner that adds to the value of the company and is also beneficial for all
stakeholders in the long term. Stakeholders, in this case, would include everyone ranging
from the board of directors, management, shareholders to customers, employees and society.
The management of the company hence assumes the role of a trustee for all the others.
The need for IT governance is felt because the interests of the organization and those
managing the IT systems can be at odds or in other words, there is a conflict between these
two imperatives. Thus, IT governance is needed to ensure that the IT systems are doing their
assigned duty and that the objectives of the CEO and the CIO are the same. Indeed, it can be
said that IT governance includes all the key stakeholders in the organization starting with the
executive management and the boards and including the staff, customers, and ending with the
regulators and investors.
An IT governance framework answers some key questions, such as how the IT department is
functioning overall, what key metrics management needs and what return IT is giving back to
the business from the investment it’s making.
The primary goals of IT Governance are to assure that the investments in IT generate
business value, and to mitigate the risks that are associated with IT. This can be done by
implementing an organizational structure with well-defined roles for the responsibility of
information, business processes, applications and infrastructure.
Organizations and businesses need a structure or framework to ensure that the IT function is
able to sustain the organization’s strategies and objectives. The framework and level we need
depends on the size, industry or applicable laws or regulations. In general, the larger and
more regulated the organization, the more detailed the IT governance structure should be.
IT Governance Framework
It doesn’t make sense to reinvent the wheel by starting from scratch. Start with a IT
governance framework; there are many to choose from, but using at least one means
everything has already been organized by industry experts.
Governance structure – the roles and responsibilities of the major stakeholders in the
IT governance decision-making process, including committees and organizational
elements at the branch level
Governance process – the various stages required to review, assess and approve or
reject new IT initiatives
The framework Control Objectives for Information and related Technologies (COBIT) was
developed in 1996, from the Information Systems Audit and Control Association (ISACA), is
probably the most popular. Basically, it’s a set of guidelines and supporting tool set for IT
governance that is accepted worldwide. It’s used by auditors and companies as a way to
integrate technology to implement controls and meet specific business objectives. COBIT 5 is
the only business framework for the governance and management of enterprise IT. This
evolutionary version incorporates the latest thinking in enterprise governance and
management techniques, and provides globally accepted principles, practices, analytical tools
and models to help increase the trust in, and value from, information systems. COBIT 5
builds and expands on COBIT 4.1 by integrating other major frameworks, standards and
resources, including ISACA’s Val IT and Risk IT, Information Technology Infrastructure
Library (ITIL) and related standards from the International Organization for Standardization
(ISO).
There are a few varieties of organizations with whom IT governance concepts are most
likely to resonate.
Principles of IT Governance
The Risk Principle: Measures and controls must be adjusted according to the levels
of risk.
The Suitability Principle: The needs of the organization determine the plan for the
level and style of governance.
The Behavior Principle: The governance solution drives the organizational behavior
The Deployment Principle: The governance solution must be incrementally
implemented
The Automation Principle: Technology makes the governance solution empowering
and unobtrusive.