IT governance is the formal framework designed to ensure that IT investments support different business needs. In essence, it ensures the efficient and effective use of information technology in enabling organizations to achieve their goals. Governance infrastructures are what allow specific users to do specific things while prohibiting others.
The IT governance concept was a result of regulations and legislation that were put in place in the late 90s, early 2000s to standardize the growing use of technology in business. Among them is the Public Accounting Reform & Investor Protection Act, also known as the Sarbanes-Oxley Act (2002), which was passed in response to some accounting and corporate scandals. It established criminal fines for specific types of misconduct. At the same time, the law required the SEC to develop the regulations that define how public corporations should comply.
You do not have to be a legal or economics expert to understand that these laws are something that should be taken seriously, and such legislation drastically changed the course of how business is conducted in the 21st-century. As such, IT governance isn’t just a good idea, it is the law.
When it comes to IT governance, there are several types of organizations that the framework’s concepts will resonate with most. They include:
- Businesses or organizations subject to regulatory compliance
- Organizations with business models that are driven by optimization and efficiency
- Businesses that demonstrate mature information technology operations
Principles of IT Governance
- The Risk Principle: Controls and measures need to be adjusted in relation to levels of risks.
- The Behavior Principle: Governance solutions drive organizational behaviour.
- The Suitability Principle: An organization’s needs to determine the plan for the style and level of governance.
- The Automation Principle: Technology makes governance solutions unobtrusive and empowering.
- The Deployment Principle: Governance solutions should be implemented incrementally.
IT Governance and IT Management
It is worth noting that IT governance and IT management have different realities and different audiences but share a common, yet essential goal.
IT Governance provides guidance and direction and primarily focuses on policies and priorities. It basically offers strategies for organizational success and is usually driven by a governance or steering committee consisted of various IT representatives and stakeholders. The job of these individuals (typically a mix of non-technical and technical individuals) is to mitigate and assess compliance and risk with regulations and controls.
IT Management, on the other hand, involves daily decisions, processes, actions, and implementations and works at upholding organizational and departmental objectives. It is usually steered by technologists, with backgrounds in management and technology, who’ve been tasked with the work of implementing and supporting IT applications and systems. Their mission and priorities are optimal and consistent IT service delivery.