Monday, November 7, 2011

Putting IT Governance in Context


The 2011-2012 chapter-year brings with it a renewed focus on IT Governance domain for our ISACA Denver Chapter.  We would like to get your feedback on where the IT governance domain intersects with your professional life, and focus our attention on the areas that are germane to you. Our plan is to follow through with a series of newsletter articles around this topic and also to establish an IT Governance Special interest group in the coming months. The Denver Chapter board joins me in requesting your enthusiastic feedback and participation in this domain.

A good starting point to kick our efforts off would be to clarify what ISACA means by IT Governance and setting some context around the various IT governance domains.  This seems especially relevant since the phrase “IT Governance” seems to mean different things to different people.

ISACA Definition of IT governance:  IT governance is an integral part of Enterprise governance and it consists of the leadership, organizational structures and the processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives. It is considered the responsibility of the board of directors and executive management.

One could think of IT governance as the act of oversight that steers the investments in IT and efforts of the IT organization in a manner that maximizes the potential of IT positively impacting the business and minimizes the potential of IT negatively impacting the business.  You might notice that this perspective moves the accountability for IT enabled business outcomes over to the business, ideally all the way up to the board level. In practice, we find that the visibility of IT in an organization is determined by several factors including geography, industry, size, public/private, and point in the business lifecycle.

Who is involved in IT Governance?
Even though the ultimate accountability for IT governance lies at the highest levels, in practice, this process is carried out with the help of different stakeholders groups within the organization. These stakeholders fall into three broad categories, each with their own focus. They are:
  • Investors in IT: This is the business management itself that funds IT. This group wants adequate ROI and alignment with strategic objectives/priorities.
  • Controllers:  This group includes internal / external audit, risk and compliance officers, finance, etc.  Their interest is in monitoring risk and compliance, regulatory & legal requirements , evidence of governance and compliance with strategy
  • Providers of IT: This group consists of the people within the IT organization and related suppliers. Their interest is to ensure alignment to the set priorities and provide IT services to their customers while preserving and enhancing reputation.
Organizations that are mature in the practice of IT governance, usually establish various committees to administer / steer IT, including IT Strategy committee, IT Steering Committee, Architecture boards, etc. These structures enable the interactions between the three stakeholder groups, establish mutual decision rights for key processes, and realize the goal of IT governance.

Governance domains and their context
Moving beyond definition, ISACA maps five areas that constitute the process of IT Governance. The picture below lists these domains and maps some popular IT management concepts to each of these domains.



These areas would also broadly constitute the responsibilities of a CIO within an organization. Senior IT Leadership, working in concert with the business leadership, governs IT within their organization across these areas.

Conclusion and feedback
IT Governance is increasingly gaining relevance and maturing as a discipline. As this field starts to intersect with your professional scope, it will be important to stay on top of how this field matures in the near-future.

 A good introduction around IT governance can also be found in the ITGI website (ITGI.org) under  ”About IT Governance”. A more detailed publication,” Board Briefing on IT Governance, 2nd Edition”, is available to our members as a free download in the ISACA website.

Our goal for this introduction was to get us all on the same page on the phrase “IT Governance”, given the non-intuitive nature of what it describes.  So, do you think we achieved that goal?  Also, which of the above domains would like to hear more on? Do you want a specific slant on this topic in the coming newsletters? We would really like to hear back from you. Please use the comment feature on this blog  to get back to us. 

No comments:

Post a Comment

We covet your feedback. Please let us know what you think by posting your comments using the feature below.