Governance, Architecture

and IT Strategy
ITECH 3103 | ASSESSMENT TASK 3 (2021)
[STUDENT NAME AND ID]
Introduction 2

• IT Governance is a formal framework. It is managed by the executive

management and board of directors of an organization.
• IT Governance provides a structure that ensure that IT investments must
be supported by business objectives.
• IT governance provides a structure to mix IT strategy with business
strategy.
• IT management denotes the administration and monitoring of
information technology systems of an organization.
• IT management focuses on the efficiency of the operation of information
system by managing software, hardware and networks.
Governance, Risk and Compliance 3

• The Governance, Risk and Compliance or GRC is almost similar to

the IT governance.
• The only difference is if chief information security officer has to
report to the organization, then it is IT governance. If chief
information security officer works independently then it is a GRC
in term of security.
• The main function in both cases is to implement and comply with
numerous international and corporate regulations and laws.
Structural Arrangement of IT Governance 4

• IT governance can make decisions in a cyclic structured method to

support organizational investment and Information Technology
usage to achieve the organization’s goals.
• The main purposes of IT governance are to ensure business value
from IT investments and risks mitigation of Information Technology
(Levstek, et al. 2018).
• The most effective IT governance raises and maintains a
motivation on actions and decisions desired to improve
performance and achieve outcomes.
Structural Arrangement of IT Governance
(cont.) 5

The areas that can be followed to get greatest value and impact from IT
governance are as follows:

 Governance is all about making decisions to support the organization's

strategy and goals.
 Governance needs to identify the right persons who will make and are held
accountable for the tough decisions of the organization.
 A framework or structure is required for Governance that describes roles
and responsibilities, policies, processes, and criteria to adoptive
comprehensive decision making.
Organizational Type 6

• IT governance can be established by any organization whether it is

public or private or big or small.
• By spending significant amount of time and reasonable effort of experts,
IT governance can be implemented.
• Small businesses prefer to work in specific ranges whereas the bigger
enterprises inspire the framework across the organization.
• The popular governance processes are COBIT, ITIL, COSO, CMMI, FAIR
etc. (Roy, 2018).
• The primary function of a framework is to monitor the IT health of an
organization.
The Framework 7

 COBIT: It is an all-inclusive framework of worldwide accepted performs, models and analytical tools designed for
management and governance of enterprise IT. The publisher, ISACA, extended scope of the COBIT with its roots in IT
auditing over the years to fully support IT governance. The latest version is COBIT 5.
 COSO: COSO is the model for assessing internal controls. Focus of the COSO is less information technology specific than
the other frameworks. COSO concentrates more on business aspects like enterprise risk management and fraud
deterrence.
 FAIR: FAIR or Factor Analysis of Information Risk helps to identify quantify risk for an organization. The focus of FAIR is on
operational risk and cyber security. The goal of FAIR is more well-informed decisions making.
 ITIL: ITIL or stands for Information Technology Infrastructure Library focuses on IT service management. The aim of ITIL is
to ensure that IT services backing core processes of the organization. ITIL covers five sets of management best practices
i.e., design, service strategy, transition, continual service improvement and operation.
 CMMI: The CMMI or Capability Maturity Model Integration method is a tactic to performance improvement. It uses a
scale of 1 to 5 to measure the performance, quality and profitability maturity level of an organization.
How to choose a correct Framework 8

• IT governance frameworks are designed to help the organization to determine how their IT
department is overall functioning, the key metrics management needed by them and what
is the return coming from the framework to the business in respect of the investments.
• COSO and COBIT are used mostly for risk.
• ITIL helps to streamline operations and service.
• CMMI was initially intended for software engineering. But later, it involves processes in
hardware service delivery, development and purchasing.
• FAIR is meant for measuring operational and cyber security risks.
• By considering the corporate culture of an organization, we can select which framework is
to use, it is a natural fit of for the organization or not.
• Framework can be more than one. One framework can balance another.
IT Governance Processes 9

• Identifying Key Decisions – Assess, develop and support a framework to

identify the organizational decisions for achieving outcomes (Hamzane &
Belangour 2019).
• Ensure Reliable Information - System Engineers will examine substitute
courses once the key decisions are identified which determines the
appropriate measures of effectiveness and relate it to assessments of risk,
schedule, cost, and performance.
• Designing Governance – An authorized person will makes the key decisions
and/or deliver input into those choices. The governance procedures can
and must be organized and planned to ensure a fit to purpose by scope
and size of the business strategic goals.
IT Governance Processes (Cont.) 10

• Leadership - IT governance needs a leader with the authority to make

decisions but can also engage board members of governance and
stakeholders to provide direction.
• Participation - Governance board needs to ensure that governance team
associates are adequately involved and accept assignments.
• Structure - The more strategic, enterprise-wide and higher risk decisions
required to be completed at higher levels of the organization.
• Discipline – As IT governance process is repeatable, the governance board
meetings are evocative and attentive on the decisions which needs to be
made. It need to establish a defined, documented, agenda based, record
keeping process.
IT Governance Processes (Cont.) 11

• Supporting Resources - Supporting resources are essential to make

discipline real and transfer the organization from informal to
focused governance.
• Approved Principles and Behaviours - Governance contributors has
to settle on standards and principles which can guide behaviour and
also begin a culture advantageous to decent governance.
• Performance Measures - Productive governance activities report and
track on actions that specify governance programs contribution to
defined goals. Organized reporting serves to show rate and helps
maintain the focus of the governance program as it executes.
Case Study 12

European Network of Transmission System Operators for Electricity (ENTSO-E)

• The IT director of the ENTSO-E undertook a practical approach toward implementing
COBIT 5 at their organization in 2014.
• ENTSO-E, after taking a useful approach to implement the programme for governance
of enterprise IT (GEIT), focused on prioritizing and development the processes, to
overcome practical issues during the execution of a new line of working.
Some of the most notable and relevant characteristics of ENTSO-E include:
• Multi-national staff representing 20 different nationalities
• Highly professional, motivated, educated and knowledgeable staff
• Open to and able to cope with change
• Political components to organization
Case Study (Cont.) 13

The steps are taken to implement IT strategy are

• Pragmatic selection and implementation of best practices and
standards
• Reviewing all major IT suppliers
• Moving all Data Centre activities to a permanent supplier
• Moving all application operations to 2 or more permanent suppliers
• Focusing on size of IT department (number of staff, ratio of
internal/external personnel, refocused data management
development activities)
Conclusion 14

• An evaluation of governance observes suggests that for governance

to be operative, specific initial elements must be in place:
• 1. Well-communicated and Clear strategic goals
• 2. Sturdy executive sponsorship of the process
• 3. well-defined, Clear roles and responsibilities
• 4. Standardized data and information transparency
• 5. Measurement and planned review of the governance practices
to ensure value.
References 15

• Gregory, R. W., Kaganer, E., Henfridsson, O., & Ruch, T. J. (2018). IT Consumerization and the Transformation of IT
Governance. Mis Quarterly, 42(4), 1225-1253.

• Levstek, A., Hovelja, T., & Pucihar, A. (2018). IT governance mechanisms and contingency factors: Towards an
adaptive IT governance model. Organizacija, 51(4), 286-310.

• Roy, I. (2018, June 26). 7 Keys Facts about IT Governance, IT Governance Journal, https://it-governance-
journal.com/2018/06/26/7-keys-facts-about-it-governance/

• Maccani, G., Connolly, N., McLoughlin, S., Puvvala, A., Karimikia, H. & Donnellan, B. (2020). An emerging typology
of IT governance structural mechanisms in smart cities, Government Information Quarterly, 37(4), 101-499.

• Hamzane, I., & Belangour, A. (2019). Implementation of a decision system for a suitable IT governance
framework. International Journal of Computer Science and Information Security (IJCSIS), 17(5), 1-7.