Business Innovation Homepage > Governance

The idea of IT governance began to take hold at enterprises in the 1990s, even as spending on technology products and projects seemed limitless during the height of the dotcom boom. In one sign of the emerging importance of governance, the IT Governance Institute (ITGI) was established in 1998 to advance international thinking and standards in directing and controlling an enterprise’s IT, and to offer research and case studies that would help organizations in their IT governance efforts.

In recent years, IT governance seems to have taken on a greater sense of importance. At many companies, there is more scrutiny over technology investments and a continuing push to align major IT projects with specific business goals.

The emergence of government regulations such as Sarbanes-Oxley also has led organizations to focus on having greater controls in place. At the same time, best-practices frameworks, including the IT Infrastructure Library (ITIL) and Control Objectives for Information and Related Technology (COBIT) are gaining popularity as ways to help organizations improve IT services and develop processes to help meet business needs.

Governance programs can have far-reaching effects on enterprises. “The major benefit of effective IT governance in an organization is the transformation of information technology from a technical specialty into an effective business activity,” says John Pironti, chief information risk strategist at IT services provider Getronics and a member of the Education Board at ISACA (p reviously known as the Information Systems Audit and Control Association).

“By transforming into a business operation, the value and benefits of IT to an organization can be better understood and managed to ensure the efficiency and effectiveness needed to meet the business goals of the organization,” Pironti says.

IT governance also gives organizations the ability to develop metrics for IT processes and activities, to better understand their benefits to the organization and provide insight into areas that are working properly and those that require attention, Pironti says. By developing metrics and measures, he says, an organization can manage its information infrastructure more efficiently to ensure that it is investing appropriately and better supporting business processes.

What’s involved in creating an IT governance program? The first and most important step is to identify the business goals that the program is trying to meet, Pironti says. “Too often there is not a clear understanding of the goals of the program, and processes and capabilities are put in place that only partially assist the organization,” he says. “In some cases this can result in having the program hurt instead of help the organization.”

A good governance program is modular in nature and can adjust to the changing requirements of an organization quickly and easily, Pironti says. “If the elements of the organization are developed in a modular fashion, they can be evaluated and developed independent of other portions of the program to ensure that the most business-benefiting elements are focused on and [further developed] to meet the business needs of an organization,” he says.

When developing a governance program, it’s important to establish key performance indicators (KPI) that allow the effectiveness of the program to be measured, Pironti says. “These KPIs assist an organization [in] understanding the benefits of the governance program in a mature and business-capable fashion,” he says. “They also help to determine whether the program is in alignment with the organization's business goals and is performing within established limits or whether certain elements need attention.”

Click here for more Governance articles