IT Governance

A formal framework that provides a structure for organizations to ensure that IT investments support business objectives. It is the responsibility of the board of directors and executive management.

Definition

IT Governance is a subset of corporate governance that is focused on information technology systems and their performance and risk management. The primary goals of IT governance are to ensure that IT investments create business value, and to mitigate the risks that are associated with IT. It involves defining the decision-making rights and accountability framework to encourage desirable behavior in the use of IT.

Origin & Context

The concept of IT governance grew in prominence in the late 1990s and early 2000s, driven by regulations like Sarbanes-Oxley which required greater accountability for internal controls, including IT controls. Frameworks like COBIT were developed to provide a structured approach to IT governance.

Why It Matters

Without effective IT governance, IT can become a black box that consumes a large amount of resources without delivering clear business value. IT governance provides the mechanisms for business leaders to direct and control IT investments to ensure they are aligned with strategy.

Common Misconceptions

Myth: IT governance is the same as IT management.
Reality: IT management is about making the day-to-day decisions to run the IT department. IT governance is about making the strategic decisions that guide the direction of IT. Management is about doing things right; governance is about doing the right things.

Practical Example

An IT steering committee, composed of senior business and IT leaders, meets quarterly to review and approve the IT project portfolio. This committee is a key IT governance structure. It ensures that the portfolio of IT projects is aligned with the company's strategic objectives and that resources are allocated to the most important initiatives.

Industry Applications

Any
IT governance is a critical function in all industries, but is particularly important in highly regulated industries like financial services and healthcare, where the risks associated with IT failure are high.

Related Terms

  • Enterprise Architecture: Enterprise architecture provides the strategic blueprint that IT governance uses to make investment decisions.
  • Business Architecture Framework: A business architecture framework provides the business context that IT governance needs to align IT investments to business strategy.