Professional Documents
Culture Documents
Session 6 - IT Governance
Session 6 - IT Governance
GOVERNANCE
WHAT IS IT GOVERNANCE
The concept of “Governance” simply means
the process of decision making and the process
by which decisions are implemented.
IT Governance is the rules and regulations
under which an IT department functions. It is a
mechanism put in place to ensure compliance
with those rules and regulations
IT Governance primarily deals with connections
between business focus and IT management . The
goal of clear governance is to ensure the investment
in IT, general business value and mitigate the risks
that are associated with IT Projects.
WHY IS IT GOVERNANCE
IMPORTANT?
IT governance enables an organisation to:
Demonstrate measurable results against broader business strategies and goals.
Meet relevant legal and regulatory obligations.
Assure stakeholders they can have confidence in your organisation's IT
services (Strong stakeholder relationships)
Facilitate an increase in the return on IT investment.
Comply with certain corporate governance or public listing rules or
requirements.
Risk detection and mitigation.
Resource management.
Consistent performance and decision-making.
TYPES/DOMAINS OF IT
GOVERNANCE
IT governance is not generic. Different governance frameworks exist.
These frameworks have the ability to adapt to the different needs and
priorities of a company.
In the vast realm of IT, a business can develop its entire strategy around a
specific problem that evolves as the product or team matures — and this
can look completely different depending on what stage the business is in.
An emerging company may want to focus on how to use IT to drive
growth fast while a more established corporation would have the
resources to double down on IT as a way to prevent and predict major
risks.
Here are several types/domains of IT governance that teams can focus on:
1. VALUE DELIVERY
For most organizations, technology is necessary for employees to meet key performance
indicators and drive business results. IT governance outlines clear roles, responsibilities, and
expectations that teams must adhere to so that technology investments deliver tangible value
that stakeholders can see and measure.
Recommended best practices for ensuring value delivery:
Define what value means for your organization: Is your business strategy currently driven by revenue
growth, customer retention and satisfaction, or other factors? Having a clear understanding of what
success means will help you correctly quantify value with appropriate metrics.
Measure success with a balanced scorecard: Monitor IT performance across four areas: learning and
growth, internal operations, customer, and financial. Successful organizations use this approach to
help them identify short-term and long-term strengths, weaknesses, and opportunities.
Consistently iterate and improve your strategy: Collect data and share feedback with stakeholders
regularly to always stay up-to-date with how your organization executes IT processes, if IT efforts are
meeting KPIs, and what your metrics look like compared to industry standards.
2.IT STRATEGIC ALIGNMENT
If value delivery revolves around measuring actual results, then strategic alignment supports those
efforts by creating an environment where IT initiatives are always in sync with business objectives.
This form of IT governance aims to strengthen cross-functional collaboration, allowing technology to
integrate seamlessly across all business departments to enable better IT strategic planning.
IT-enabled business strategies occur when technology can effectively empower the right people and
processes at the right time. Teams are equipped with the support they need to execute business-critical
tasks faster by using technology to:
Build better feedback loops and accelerate decision-making between all stakeholders.
Optimize all forms of resource expenditure, whether that’s employee productivity and bandwidth, time, or
money.
Shorten ramp-up times and learning curves for employees so they can contribute value faster. Collect and
analyze business data to set consistent standards, encourage innovation, boost customer experiences, and
future-proof processes.
3.PERFORMANCE
MANAGEMENT
IT management is a term that encompasses a range of operational activities within the IT
function, one of them being a specific set of guidelines aimed to hone in on IT performance.
IT performance refers to the quality and effectiveness of all technology processes within the
organization. When measuring IT performance, organizations may look into factors like:
IT efficiency: Are your IT processes helping your organization meet goals without expending
additional or unnecessary resources to complete tasks?
Service quality: Are your internal or external end-users satisfied with the technology solutions and
services they receive from your organization?
Digital adoption: Are your end users equipped with the tools and resources to build technological
proficiency and close any digital skill gaps?
Data security and privacy: Are your IT tools and processes enhanced with the necessary systems and
protocols to protect sensitive data from unauthorized access, cyberattacks, and data breaches?
4.RESOURCE MANAGEMENT
Unlike performance management, IT resource management focuses on the backend operations
that dictate the feasibility of any IT initiative — like the people, budgets, and systems that
need to be allocated for digital transformation efforts.
IT management frameworks help companies define standard operating procedures (SOPs) and
decision-making criteria for all resource planning, allocation, and monitoring. For example,
organizations structure their IT projects around internal or industry-wide guidelines for
procurement activities, asset maintenance, asset disposal, and vendor acquisition.
Resource management is a type of IT governance that calls for strict and forward-looking
planning. Failure to acquire or prioritize limited resources will completely dismantle IT
projects. Poor IT resource management can lead to irreversible disaster for organizations
working with tight roadmaps, limited funding, and high stakeholder expectations.
5.RISK MANAGEMENT
The number of cyberattacks globally increased by 38% in 2022. As more businesses and consumers
move toward cloud-based apps and services, the risks of unauthorized access to personal and private
data have never been more prevalent.
IT governance also involves organizations carving out risk management protocols for every
technology-driven initiative put in place. A foundation for IT risk management must involve:
Risk identification: Defines how IT departments should monitor networks and report irregularities,
vulnerabilities, and threats to the business.
Risk assessment: Helps IT departments and stakeholders agree on prioritizing risks for quick and immediate
resource allocation when incidents occur.
Risk mitigation: Helps organizations create and optimize workflows for preventing risks from emerging or
recurring, such as strategies for compliance assessment, incident resolution, and security training
Crisis management and disaster recovery: Outlines clear steps for IT departments to minimize damage when a
crisis happens, whether that’s through creating backup systems and data recovery protocol or communicating
with experts, legal teams, and stakeholders
IT GOVERNANCE
FRAMEWORKS, MODELS AND
STANDARDS
These are sets out principles, definitions and a high-level
framework that organisations of all types and sizes can use
to better align their use of IT with organisational decisions
and meet their legal, regulatory and ethical obligations.
IT GOVERNANCE
FRAMEWORKS, MODELS AND
STANDARDS
Companies can work with IT governance frameworks that various IT organizations and groups
have developed over the years.
Instead of building out protocols from scratch, these frameworks give teams a clear starting
point for integrating industry-standard IT best practices into their existing organizational
culture and processes.
IT governance framework helps to:
Clarify IT operations.
Statement of inputs and outputs of operations.
Clarify the main process objectives.
Explanation of performance measurement techniques.
Here are a few of the most popular IT frameworks that businesses use to protect and upgrade
their IT functions:
1. COBIT
The COBIT framework is a well-known set of guidelines that helps businesses manage their
IT processes to ensure complete control and compliance. COBIT is used to strengthen
alignment between IT initiatives and business strategy by emphasizing areas like information
and risk management.
2. ITIL
The ITIL framework defines IT management practices that companies commonly use to
improve the quality of their IT delivery services. This framework covers ares such as service
strategy design and operations, incident management, and change management.
3. COSO
Organizations use the COSO framework to oversee their overall IT operations’ compliance,
reliability, and safety. Risk management is a core focus area with this framework, giving
businesses guidelines for understanding, prioritizing, and managing IT risks that can threaten
business strategies. This framework is commonly used by accounting firms, financial
organizations, and publicly traded companies.
4. CMMI
The CMMI IT governance model helps organizations improve their processes and
performance to reach the highest level of organizational maturity. This framework defines best
practices for IT areas like process standardization, performance measurement, and internal IT
training so businesses can create a productive and process-driven environment necessary to
attain organizational maturity.
5. FAIR
The FAIR framework was created to help businesses manage IT risk, often complementing IT
security programs. Large corporations that manage high volumes of confidential information
use this framework to help their IT departments predict and quantify risks such as data
breaches and loss.
6. ISO/IEC 38500:2015 IT Governance Framework:
ISO/IEC 38500:2015 is an IT Governance Framework that helps people at the top of the
organization better understand their legal and ethical obligations in their companies' use of
information technology.
EIGHT MAJOR
CHARACTERISTICS OF GOOD
GOVERNANCE
Participatory: participation by both men and women is a key cornerstone of good
governance. Participation could be either direct of through legitimate institutions
or representatives. Participation need to be informed and organized. This means
freedom of association and expression on one hand and an organized civil society
on the other hand.
Rule of Law : Required fair legal frameworks that are enforced impartially
Transparency: Transparency means that decisions taken and their enforcement are
done in a manner that follows rules and regulations. It also means that
information is freely available and directly accessible to those who will be
affected by such decisions and their enforcement. It also means that enough
information is provided and that it is provided in easily understandable forms and
media.
Responsiveness : Good governance requires that institutions and processes try
to serve all stakeholders within a reasonable timeframe.
Consensus Oriented : there are several actors and as many view points. Good
governance requires mediation of the different interests to reach a broad
consensus on what is in the best interest of the whole and how this can be
achieved. It also requires a broad and long-term perspective on what is needed
for sustainable development and how to achieve the goals of such
development.
Equity and inclusiveness: ensuring that all its members feel that they have
stake in it and do not feel excluded from the group. This requires all groups
have opportunity to participate and be heard.
Effectiveness and efficiency: good governance means that processes and
institutions produce results that meet the needs of business while making the
best use of resources at their disposal. The concept of efficiency in the context
of good governance now also covers the sustainable use of natural resources
and protection of environment.
Accountability: accountability is the key requirement of good governance. Not
only governmental institutions but also the private sector and civil society
organizations must be accountable to the public and their institutional
stakeholders. Who is accountable to whom varies depending on whether
decisions and actions taken are accountable to those who will be affected by its
decisions or actions. Accountability cannot be enforced without transparency
and rule of law.
GOOD IT GOVERNANCE
PROVIDES THE FOLLOWING
ADVANTAGES
Standardized process and procedures to better manage IT
environment.
Maximize return on IT investment
More effective use of IT because of closer alignment with the
business
Alignment with corporate objectives
Consistency with IS strategy and Policy
Accountability and transparency in decision making that impacts on
IT.
Different organizations have different IT governance
structures. The following are some of the roles and
their responsibilities:
WHAT A IT
MANAGER
DO
EIGHT CORE ACTIVITIES
Anticipating new technologies.
IT must keep an eye on emerging technologies.
Work closely with management on decisions.
Weigh risks and benefits of new technologies.
Participating in setting strategic direction.
IS can act as consultants to management.
Educate managers about current technologies/trends.
Innovating current processes.
Review business processes to innovate.
Survey best practices.
Developing and maintaining systems.
Build or buy software.
Supplier management.
Carefully manage outsourced IT.
Enterprise Security
Important to all general managers.
Much more than a technical problem.