Information Technology Governance

Definition: Information Technology Governance is a term which has come into use in the last few years to indicate the taking of a more formal, structured approach to the role of Information Technology in large enterprises.


Information Technology Governance

The Information Technology Governance movement arises from the perception that the corporate approach to IT has, in the past, been too slapdash and informal. Major decisions with substantial effects on the company’s future well-being have been left in the hands of often fairly junior technical staff. At the same time, and perhaps as a consequence, there has been a litany of horror stories related to major IT projects which failed to live up to expectations, either not fulfilling the functionality originally specified or running massively over budget in cost or time. Repeated studies have shown that many IT projects fail and that a great deal of IT investment is wasted. Statistics quoted in some research papers indicate that somewhere between 20% and 40% of all money spent on IT projects is squandered. Globally, this amounts to hundreds of billions of Euros per year. The goal of IT Governance is to mitigate this waste and to help companies husband IT investments in such a way that they produce real value for the business.

There are two major strands to the IT governance approach. The first relates to compliance with legal and regulatory requirements. For a time, the world of information technology was so new that it largely escaped the inquiring eyes of governments. As it has come to assume an ever broader role in our everyday lives, however, more and more legislation has come to be passed, circumscribing corporate freedom of action and imposing strict regulations on how data is handled and maintained. Advocates of the IT governance approach argue that this is an issue which must be taken more seriously than it has been hitherto; they compare it, for example, to compliance with corporate accounting standards, something that, at the very least, every corporate board members knows must be taken seriously.  In fact, the high profiles business failures of recent years - such as those of Enron and Arthur Andersen - raised interest in corporate governance issues generally, and the IT Governance movement has benefited from this.

The second major strand of the IT governance approach relates to the level of corporate management at which major IT decisions are made. Many deep thinkers on the topic have expressed the view that there has been too great a chasm between the corporate board room and the technical staff who undertake or initiate most IT projects. It is this chasm, the argument runs, which is responsible for so many of the notable IT project failures which have occurred in recent years. Because high level board members so often lack technical understanding, the oversight they can exercise is superficial only, and they may therefore be too inclined to agree with whatever proposals are made to them by technical staff. IT Governance advocates believe that IT must be brought into the boardroom so that responsibility for major IT initiatives is owned by the company’s top executives. Since lack of technical understanding is one of the major barriers to this taking place, they feel either that greater efforts must be made to impart technical knowledge to high level managers or that, to a much greater extent than ever before, those who already possess technical knowledge must be elevated into senior management positions.

Evangelists for IT governance argue that IT is too important to be left on the margins; that it is now fundamental to success of many major companies and, for this reason, IT strategy must be shaped by board-level managers.

Another of the chief concerns of those arguing for a new approach to IT governance is that the IT goals of corporations have often been divorced from the company’s broader business strategy. Technological enhancements or developments have been pursued for their own sake, rather than because they were expected to deliver real value for the business. IT governance emphasises that a company’s IT strategy must serve its overall business strategy. To this end, it is the responsibility of a company’s board of directors to set measurable performance benchmarks both for the IT department and the for the more traditional parts of the business which the company’s information technology initiatives are designed to support.

Accomplishing the objective of bringing IT objectives and business objectives into greater harmony with one another often requires some reform of traditional IT management practices. The IT Governance institute (ITGI), a think tank whose goal is to raise awareness of IT Governance issues,  has published two guidance frameworks which are designed to help large organisations adopt the IT Governance approach. The first of these frameworks or methodologies is called Control Objectives for Information and Related Technology (COBIT). It describes management processes which have proved useful in helping ensure that IT investments deliver real value for the businesses which make them. Stress is laid, for example, in the use of benchmarking to monitor IT projects as they proceed. Key progress and process indicators are agreed in advance to help evaluate the project’s success.

The COBIT framework could be said to embody a tactical approach to IT governance. It focuses on the measures needed to ensure successful project execution. The second framework presented by the ITGI, however, known as the Value IT initiative (Val IT), takes a more strategic view. It concerns itself primarily with the question of what kind of IT investments should be made in the first place, rather than how their delivery should be performed. When new IT projects are first proposed it demands that a business case for the investment be made, and that alternatives  be analysed. If development begins, it proposes that accountability for its success or failure be clearly defined in advance, so that someone in a senior position always owns responsibility for the project. After execution is complete, the Value IT framework advocates careful review of the results to determine whether the business objectives of the project have been met.