Information technology governance
Encyclopedia : I : IN : INF : Information technology governance
Information technology governance, or IT governance, is a subset discipline of Corporate governance focused on information technology systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley (USA) and Basel II (Europe)), as well as the acknowledgement that IT projects can easily get out of control and profoundly effect the performance of an organization.
A characteristic theme of IT governance discussions is that IT project can no longer be a black box. The traditional handling of IT projects by board-level executives is that due to limited technical experience and project complexity, key decisions are deferred to IT professionals. With IT governance however, all stakeholders, including the board, internal customers and related areas such as finance, are required to participate in the decision making process. This forces everyone to accept responsibility for critical systems and prevents a single stakeholder, typically IT, being blamed for poor decisions. It also prevents users from later complaining that the system does not behave or perform as expected:
- A board needs to understand the overall architecture of its company's IT applications portfolio ... The board must ensure that management knows what information resources are out there, what condition they are in, and what role they play in generating revenue... Nolan, R. and F. W. McFarlan (2005). “Information Technology and the Board of Directors.” Harvard Business Review (October 2005).
Definitions
There are narrower and broader definitions of IT governance. Weill and Ross focus on "Specifying the decision rights and accountability framework to encourage desirable behaviour in the use of IT."Weill, P. & Ross, J. W., 2004, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Harvard Business School Press, Boston.
In contrast, the IT Governance Institute expands the definition to include underpinning mechanisms: "... the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives." IT Governance Institute 2003, "Board Briefing on IT Governance, 2nd Edition". Retrieved January 18, 2006 from http://www.isaca.org/Content/ContentGroups/ITGI4/Resources1/Board_Briefing_on_IT_Governance/26904_Board_Briefing_final.pdf
Background
The discipline of information technology governance derives from corporate governance and deals primarily with the connection between business focus and IT management of an organization. It highlights the importance of IT related matters in contemporary organizations and states that strategic IT decisions should be owned by the corporate board, rather than by the chief information officer or other IT managers.
The primary goals for information technology governance are to (1) assure that the investments in IT generate business value, and (2) mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications, infrastructure, etc.
Decision rights are a key concern of IT governance, being the primary topic of the book by that name by Weill and Ross.Weill P., Ross J., IT Governance: How Top Performers Manage IT for Superior Results, Harvard Business School Press, 2004, ISBN 1591392535 According to Weill and Ross, depending of the size, business scope, and IT maturity of an organization, either centralized, decentralized or federated models of responsibility for dealing with strategic IT matters are suggested. In this view, the well defined control of IT is the key to success.
After the widely reported collapse of Enron in 2000, and the alleged problems within Arthur Andersen and WorldCom, the duties and responsibilities of the boards of directors for public and privately held corporations were questioned. As a response to this, and to attempt to prevent similar problems from happening again, the US Sarbanes-Oxley Act was written to stress the importance of business control and auditing. Sarbanes-Oxley and Basel-II in Europe have been catalysts for the development of the discipline of information technology governance since the early 2000s. However, the concerns of Sarbanes Oxley (in particular Section 404) have less to do with IT decision rights as discussed by Weill and Ross, and more to do with operational control processes such as Change management.
Problems with IT governance
Nicholas Carr has emerged as a prominent critic of the idea that information technology confers strategic advantage.Carr, N. G. (2004). Does IT matter? : information technology and the corrosion of competitive advantage. Boston, Harvard Business School Press. ISBN 1591394449 This line of criticism might imply that significant attention to IT governance is not a worthwhile pursuit for senior corporate leadership. However, Carr also indicates counterbalancing concern for effective IT risk management.The manifestation of IT governance objectives through detailed process controls (e.g. in the context of project management) is a frequently controversial matter in large scale IT management. See Agile methods. The difficulties in achieving a balance between financial transparency and cost-effective data capture in IT financial management (i.e., to enable chargeback) is a continual topic of discussion in the professional literatureOffice of Government Commerce (2001). Service Delivery: Capacity Management, Availability Management, Service Level Management, IT Service Continuity, Financial Management for IT Services and Customer Relationship Management. OGC, ITIL© Managing IT Services (IT Infrastructure Library). London, The Stationery Office. ISBN 0113300174, Remenyi, D., A. H. Money, et al. (2000). The effective measurement and management of IT costs and benefits. Computer weekly professional series. Oxford ; Boston, Butterworth-Heinemann. ISBN 0750644206 and can be seen as a practical limitation to IT governance.
Relationship to other IT disciplines
IT governance is supported by disciplines such as
- IT portfolio management
- Enterprise architecture
- Project management and Program management in the enterprise IT context (including software engineering where appropriate), and
- IT service management.
Frameworks
There are quite a few supporting mechanisms developed to guide the implementation of information technology governance. Some of them are:
- The [IT Infrastructure Library] (ITIL) is a detailed framework with hands-on information on how to achieve a successful governance of IT, developed and maintained by the United Kingdom's Office of Government Commerce, in partnership with the IT Service Management Forum.
- Control Objectives for IT (COBIT) is another approach to standardize good information technology security and control practices. This is done by providing tools to assess and measure the performance of 34 IT processes of an organization. The IT Governance Institute is responsible for CobIT
Non-IT specific frameworks of use include:
- The Balanced Scorecard (BSC) - method to assess an organization’s performance in many different areas.
- Six Sigma - focus on quality assurance
Inline references
Other references
- Lutchen, M. (2004). Managing IT as a business : a survival guide for CEOs. Hoboken, N.J., J. Wiley., ISBN 0471471046
- March J., Simon H., Organizations, Blackwell Publishers, 1993 (First ed. Wiley, 1958), ISBN 063118631X
- Van Grembergen W., Strategies for Information technology Governance, IDEA Group Publishing, 2004, ISBN 1591402840
External links
- [The IT Governance Institute]
- [Informations Systems Audit and Control Association]
- [IT Infrastructure Library]
- [ITIL and BS15000 Governance Forum]
Weblogs
From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.