The 2011-2012 chapter-year brings
with it a renewed focus on IT Governance domain for our ISACA Denver Chapter. We would like to get your feedback on where
the IT governance domain intersects with your professional life, and focus our
attention on the areas that are germane to you. Our plan is to follow through
with a series of newsletter articles around this topic and also to establish an
IT Governance Special interest group in the coming months. The Denver Chapter
board joins me in requesting your enthusiastic feedback and participation in
this domain.
A good starting point to kick our
efforts off would be to clarify what ISACA means by IT Governance and setting
some context around the various IT governance domains. This seems especially relevant since the
phrase “IT Governance” seems to mean different things to different people.
ISACA Definition of IT governance: IT
governance is an integral part of Enterprise governance and it consists of the
leadership, organizational structures and the processes that ensure that the
organization’s IT sustains and extends the organization’s strategies and
objectives. It is considered the responsibility of the board of directors and
executive management.
One could think of IT governance
as the act of oversight that steers the investments in IT and efforts of the IT
organization in a manner that maximizes the potential of IT positively
impacting the business and minimizes the potential of IT negatively impacting
the business. You might notice that this
perspective moves the accountability for IT enabled business outcomes over to
the business, ideally all the way up to the board level. In practice, we find
that the visibility of IT in an organization is determined by several factors
including geography, industry, size, public/private, and point in the business
lifecycle.
Who is involved in IT Governance?
Even though the ultimate
accountability for IT governance lies at the highest levels, in practice, this
process is carried out with the help of different stakeholders groups within
the organization. These stakeholders fall into three broad categories, each
with their own focus. They are:
- Investors in IT: This is the business management itself that funds IT. This group wants adequate ROI and alignment with strategic objectives/priorities.
- Controllers: This group includes internal / external audit, risk and compliance officers, finance, etc. Their interest is in monitoring risk and compliance, regulatory & legal requirements , evidence of governance and compliance with strategy
- Providers of IT: This group consists of the people within the IT organization and related suppliers. Their interest is to ensure alignment to the set priorities and provide IT services to their customers while preserving and enhancing reputation.
Organizations that are mature in the
practice of IT governance, usually establish various committees to administer /
steer IT, including IT Strategy committee, IT Steering Committee, Architecture
boards, etc. These structures enable the interactions between the three
stakeholder groups, establish mutual decision rights for key processes, and
realize the goal of IT governance.
Governance domains and their context
Moving beyond definition, ISACA maps
five areas that constitute the process of IT Governance. The picture below
lists these domains and maps some popular IT management concepts to each of
these domains.
These areas would also broadly
constitute the responsibilities of a CIO within an organization. Senior IT
Leadership, working in concert with the business leadership, governs IT within
their organization across these areas.
Conclusion and feedback
IT Governance is increasingly
gaining relevance and maturing as a discipline. As this field starts to
intersect with your professional scope, it will be important to stay on top of
how this field matures in the near-future.
A good introduction around IT governance can
also be found in the ITGI website (ITGI.org) under ”About IT Governance”. A more detailed
publication,” Board Briefing on IT Governance, 2nd Edition”, is available to
our members as a free download in the ISACA website.
Our goal for this introduction was
to get us all on the same page on the phrase “IT Governance”, given the
non-intuitive nature of what it describes. So, do you think we achieved that goal? Also, which of the above domains would like
to hear more on? Do you want a specific slant on this topic in the coming
newsletters? We would really like to hear back from you. Please use the comment
feature on this blog to get back to us.
No comments:
Post a Comment
We covet your feedback. Please let us know what you think by posting your comments using the feature below.