What is IT Governance?


Inadequate IT Governance is not the exception, especially in mid-sized enterprises, and often in large enterprises too. In my last essay, I discussed some typical challenges of IT Outsourcing Governance. A root cause for these challenges is that the people responsible for the success of outsourcing initiatives often use the term “Governance” without sharing a common understanding of the term, often not completely comprehending what it involves. It thus becomes imperative to start with defining “Governance”, determining the key distinctions between good and poor Governance, before determining the path from poor to good Governance over time.

What is Governance? 

The World Bank has described a common understanding of Governance as, the rule of the rulers typically with a given set of rules i.e. it is the process by which authority is conferred on rulers, by which they make the rules and by which those rules are enforced and modified.

So how does the World Bank concept of Governance translate to Enterprises?

Corporate Governance (the rules) refers to the formation and steering of the rules and processes by which businesses are operated, regulated and controlled for effective achievement of corporate goals. Corporate Governance structures (the rulers) are the bodies or councils specifically concerned with Governance. The Board of Directors are finally accountable for good Governance. Typically, they carry out their Governance duties via committees that oversee critical areas such as audit, compensation, acquisitions, and so on.

Different corporate Governance guidelines and regulations are used by countries around the world. One of the most referred is the OECD Principles of Corporate Governance. Another is the Sarbanes Oxley Act, a United States Federal law on accounting reform.  There are also industry specific regulations like Basel III for Banking, HIPAA for Health Insurance, and so on.

Since organizations are increasingly dependent on IT for their operations and profitability, the need for better accountability of IT related decisions has become a key part of corporate Governance, making IT Governance a subset of the overall enterprise Governance.

IT Governance (the rules) links IT strategies to enterprise goals and strategies, institutionalizes best practices for planning, acquiring, implementing and monitoring IT performance, managing the risks that IT poses to business and ensures accountability of the cost of IT.

The IT strategy committee, or equivalent, composed of board and non-board members, forms the Governance structure that oversees IT Governance (the rulers). They, in turn, may have sub-committees or groups addressing specific areas of IT Governance.

Over the years multiple IT Governance and control frameworks have evolved and are available for enterprises to use. The most referred are ISO/IEC 38500:2008 Corporate Governance of information technology and the Control Objectives for Information and Related Technology (COBIT). There are also many other related frameworks and methodologies which help enterprises to address specific aspects of their IT Governance.

The Calder-Moir IT Governance Framework draws upon and integrates the wide range of management frameworks, standards and methodologies that exist today, some overlapping and competing, to put together a conceptual approach and visualise effective IT Governance.

Where does IT Outsourcing Governance fit?

Most enterprises today outsource some or all of their IT or IT enabled business services to third parties. Given the criticality of IT to business, it becomes important for the enterprise to accept that while they outsource IT service delivery, they continue to be accountable for the service delivery to the business. Organisations thus need to ensure good Governance of their third-party service providers, in order to effectively manage the risks and continue to deliver value of IT to their business. Outsourcing Governance is the effectively a subset of IT Governance, focused on regulating the interface between enterprise and outsourced service provider. Given the relationship between IT Governance and IT Outsourcing Governance, in isolation IT Outsourcing Governance invariably proves inadequate.

In my next submission I intend to discuss the characteristics of good and bad IT Governance, and suggest a journey to good IT Governance.

Contributor: Sudha Iyer

Advertisements

Do Share Your Views Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s