A short introduction of IT Governance

What is IT Governance (ITG)?

IT governance refers to the set of rules, laws, and policies that define and ensure an IT department's operation is
effective, controlled, and valuable. It focuses on how the IT department or environment adds value to the enterprise.

IT governance is a systematic decision-making framework that ensures IT investments meet the demands of the
business. It is increasingly viewed as an essential component of an organization's strategy. It is not enough to have IT
systems and expect them to provide strategic value to the organization. Instead, the value creation efforts of the IT
system must be evaluated, delivered, monitored, and governed.

Historical context of IT Governance

IT governance gained popularity as an offshoot of corporate governance in 1993, and it primarily focuses on the
interaction between an organization's strategic objectives, commercial goals, and information technology management
It highlights the need of creating value and being accountable while using information and related technologies, as well
as defining the governing body's responsibilities. The major goals of IT governance is to ensure that information and
technology are used to create corporate value, measure performance, and limit the hazards connected with the use of
information and technology

Through the implementation of an organizational structure with clearly defined accountability for decisions that impact
the successful achievement of strategic objectives, and the institutionalization of good practices through the
organization of activities in processes with clearly defined process outcomes that can be linked to the organization's
strategic objectives.

A number of nations, including the United States, the United Kingdom, and South Africa, developed corporate
governance regulations in the early 1990s. Following the corporate governance disasters of the 1980s. As a result of
these attempts to properly manage the use of corporate resources, special consideration was given to the role of
information and supporting technology in facilitating good corporate governance. It was soon noticed that information
technology was not just a corporate governance facilitator, but also a value producer in need of stronger governance
as a resource. As a result, by January 2005, Australia has implemented the AS8015 ICT standard for its Governance
framework. As a result, it was quickly adopted as ISO/IEC 38500 in May 2008.

IT governance Stakeholders

In practice, no discussion on IT Governance would be complete unless Stakeholders were mentioned. "Who are
Stakeholders," and what is their relevance in the context of IT governance, are often asked questions.

To find out who these Stakeholders are, Although there are no hard and fast rules about who can be a Stakeholder, their
composition varies depending on the circumstances. However, in the perspective of IT Governance, what qualifies them
as a Stakeholder is best described by examining ISACA's definition of a Stakeholder. –"Anyone who has a duty for, an
expectation from, or an interest in the Enterprise." (ISACA)

Stakeholders are groups or persons who influence or are influenced by IT governance (ITG) choices. ISACA's COBIT
business framework for IT governance and management not only specifies the Stakeholder, but it also defines the IT
governance and management process. However, they are also integrated as a key and basic component throughout.
COBIT 5 is based on five fundamental ideas, the first and most important of which is to meet Stakeholder Needs.

Organizations do not operate just within their own ecosystems or area, but rather in both internal and external
environments. whether they are a single individual trader in a small hamlet or a global corporation with operations
across the world. At the most basic level, identifying Stakeholders as Internal or External makes sense, as does COBIT 5.

Internal stakeholders comprise, to mention a few, the Board of Directors, business leaders, business process owners,
managers, internal auditors, privacy officers, and IT users.
External stakeholders, on the other hand, are those with whom the organization interacts outside of the Organization.
These include, but are not limited to, investment partners, vendors, shareowners, regulatory agencies, customers,
external auditors, and consultants.

With a wide mix of internal and external stakeholders, each stakeholder's opinion of what is valued will change; yet,
when the primary goal is value generation, these different and frequently opposing opinions make governance all the
more difficult. It is impossible to please everyone, but when it comes to governance, particularly IT governance, this is
not the case. When creating Enterprise Goals and IT Goals for the firm, as well as on a daily basis when making business
choices on benefits, risks, and resources, the demands of all stakeholders must be considered. Identifying, considering,
and managing Stakeholders is therefore critical to the Enterprise's success and all the less probable if Governance is not
in place to facilitate dialogue and decision making among the value interests of varied stakeholders.

To establish effective IT governance, roles with suitable governance duties should be specified because the task of IT
management is to achieve the organization's objectives while working within the defined framework, adhering to the
governance rules. The governance framework should identify IT governance stakeholder roles and duties, including the
degrees of power and responsibility assigned to each function. IT governance duties are often divided into four tiers.
Each serves a different purpose and has a certain amount of authority for choices taken at that level.( Strategic, Executive,
program and business process governance, and operations )

− The highest level of responsibility for IT governance is strategic. This level of governance is primarily concerned
with the IT strategy's congruence with the business strategy This function is frequently shared by a group of
senior executives from throughout the business, as well as establish the direction of the business and how IT is
expected to assist it in getting there.
− Executive position. This is also frequently provided by a group drawn from throughout the organization,
although at a lower level.. This group is in charge of prioritizing all IT initiatives, assigning resources, and
ensuring that the business advantages are realized.
− Program governance and Business process governance. Program governance is in charge of ensuring that
certain IT initiatives are completed. They cope with escalating task obstacles, organizational change
management, and benefit realization. They are frequently formed on the spur of the moment for a particular
project or collection of related projects and disassembled after the project is accomplished. Business process
governance, on the other hand, is in charge of how organization-wide IT procedures are introduced and
changed.
− Operations layer. This layer, which focuses on incident, problem, and change request governance, is frequently
found inside operational IT service management responsibilities. An example of an IT governance job at this tier
is a change Advisory Board, which is in charge of the governance of changes to IT systems.

How COBIT, BSC, and other control and management systems could support IT governance.

Frameworks such as COBIT 5, Balanced Scorecard, and other control and management mechanisms are successful in
combining Governance and Stakeholder needs into a comprehensive framework in order to develop a holistic IT
governance culture within a firm. As previously stated, Meeting the demands of stakeholders is a critical component of
the COBIT 5 Goals Cascade By converting these demands into precise, practical enterprise objectives, which are
subsequently spiralled into the Enterprise IT goals. COBIT is the de facto standard control model that encompasses
several organizational domains such as accountability, assessment, acquisition, conformity, strategy, and so on. These
areas are connected to the paradigm for IT governance.

A solid approach to governance and performance management is possible with the integration of COBIT, BSC, and all
other control frameworks. It offers explicit traceability, Performance Management with specified metrics of measure,
and implementation assistance when utilized to streamline each Enterprise Goal to the achievement of one or more of
the IT governance goals.
Once the Enterprise Goals are determined, the IT department may match its own objectives with those for governance,
management, and performance. As a result, The Enterprise Goals flow down to the IT-related goals of the organization.
The organization's IT goals are established and matched to the Enterprise's goals, ensuring IT's overall alignment with
enterprise strategy.

The importance of IT governance

The significance of IT governance is that it results in the intended outcomes and behavior. The link between IT
governance and successful value creation from IT expenditures has long been recognized, and it is frequently
highlighted as a motivation for attaining excellence in IT management. Creating mutual accountability for IT
expenditures, it focuses on cost and enables for better communication between consumers and suppliers. Enforcing
governance processes is described by IT portfolio management and is used by IT executives to manage their agency' IT
investments, initiatives, and resources in an effort to analyze opportunities, eliminate redundancy throughout the IT
ecosystem, and generate cost savings.

IT governance is critical for ensuring the effective and efficient use of technology to meet agency goals. Each
organization is distinct, and each agency's approach to governance may differ depending on the culture and
organizational structure. Implementing strong IT governance necessitates a framework comprised of three primary
components: an effective structure, an effective process, and an efficient communication channel. To attain maturity, IT
must function as efficiently as possible to optimize cost savings and the advantages of each IT investment, while also
ensuring that the investments are aligned with the organization's business plan.

Reference:

Van Grembergen, W., S. De Haes, et al. (2003). "Using COBIT and the Balanced Scorecard as Instruments for Service Level Management." Information
[1]

Systems Control Journal 4.

Van Grembergen, W., S. De Haes, et al. (2004). Structures, Processes and Relational Mechanisms for IT Governance. Strategies for Information
[2]

Technology Governance. W. Van Grembergen. Hershey, PA, Idea Group Publishing.

CobiT 2019 Introduction and Methodology

[3]

Bartens, Y., et al. (2015) "On the Way to a Minimum Baseline in IT Governance: Using Expert Views for Selective Implementation of COBIT 5", 48th
[4]

Hawaii International Conference on System Sciences

S.Ahuja and J. E. Goldman, “Integration of COBIT ,” 2009, [Online] Available: https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2009-21.pdf.

[5]

Integration of COBIT, Balanced Scorecard and SSE- CMM as a strategic Information Security Management (ISM) framework

[6]
Lasitha Gunawardena & Latha Ramesh (2014) https://www.architectureandgovernance.com/it-governance/understanding-governance-often-fails/

Selig, Gad J. (2016) "IT Governance-An Integrated Framework and Roadmap: How to Plan, Deploy and Sustain for Improved Effectiveness," Journal of
[7]

International Technology and Information Management: Vol. 25 : Iss. 1 , Article 4. Available at: https://scholarworks.lib.csusb.edu/jitim/vol25/iss1/4

[8]
https://www.manilatimes.net/2018/10/17/business/columnists-business/why-we-need-it-governance/453012

[9]
https://www.orbussoftware.com/resources/blog/article/stakeholders-in-it-governance

[10]
Messabia, Nabil & Elbekkali, Abdelhaq. (2010). Information Technology Governance: A Stakeholder Approach.

Ken Doughty, CISA, CBCP, and Frank Grieco, CISA (2005). IT Governance: Pass or Fail? Information Systems Audit and Control Association. All rights
[11]

reserved. www.isaca.org