Introduction
IT governance entails aligning IT strategy with business strategies, ensuring tracking of goals and strategies, and implementing strategies that can measure IT performance (Schwartz, 2007). From this definition, we can see that IT governance takes into account interests of all stakeholders. IT governance framework can provide valuable information on performance of IT areas, key areas that need improve, and returns that an organisation derives from implementing IT systems.
There are a number of factors that compose IT governance in an organisation. These key drivers include the need to comply with regulations and adopt best practices in financial and technological. In addition, customers and shareholders have also put pressure on organisations to adopt IT governance (Joisten, Gadatsch and Dirk, 2007). IT governance accounts for the importance of information and IT in the modern economy and organisations.
Therefore, IT governance in modern organisations can define success or failure in the information economy. This is because modern organisations depend on information systems than in the past. Stakeholders have expressed their concerns about acceptable use of information particularly personal information.
There are also escalating cases of cyber threats from terrorists and hackers. As a result, organisations have identified information systems as strategic areas that require protection through effective corporate governance within the organisation.
Frameworks for IT Governance
There are several IT governance frameworks available to organisations. Some organisations can develop their own IT governance framework whereas others use main IT governance frameworks.
The Information Systems Audit and Control Association (ISACA) developed CoBIT framework for IT governance. This is a framework with worldwide acceptance.
It has guidance and tool set for IT governance. Auditors have found CoBIT useful in integrating technology for control measures in order to meet certain business objectives. Thus, it serves organisations in terms of managing and mitigating risks (Brand and Boonen, 2004).
The government of the UK runs Information Technology Infrastructure Library (ITIL) framework. ITIL has guidelines on management regarding areas of “service delivery, service support, service management, ICT infrastructure management, software asset management, business perspective, security management and application management” (Schwartz, 2007). ITIL is useful operations management of an organisation.
We also have COSO framework for internal controls. The Committee of Sponsoring Organisations of the Treadway Commission developed COSO framework.
COSO provides guidelines in areas such as human resources management, external resources, sales and marketing, logistics, legal issues, IT, risks, financial, the enterprise, operation, procurement, and reporting. COSO framework is more of general business framework than IT governance.
Another IT governance framework is Capability Maturity Model Integration (CMMI). CMMI has multiple developers from government, industry, and Carnegie-Mellon Software Engineering Institute. CMMI has 22 areas that aim at improving approaches.
The framework has appraisal, structure, and evaluation areas. CMMI is useful for application developments, improving services and controlling life cycles of products.
Many organisations prefer ITIL and CoBIT IT governance frameworks. However, other organisations also combine different frameworks to serve specific goals, such as operation, development, and overall areas in their organisations. It is necessary to use frameworks that align with organisational culture and stakeholders’ demands.
Areas of major focus in IT Governance
We can develop a business case for IT governance and present to the top management. Effective presentation of IT governance should have a team of business managers and IT specialists. This is necessary to convince top management that effective IT governance is crucial for success of business.
This team must develop IT governance roadmap that explains present position and future aspiration of the organisation. This should include benefits in terms of reduced risks, enhanced efficiency and accountability in an organisation. However, we must acknowledge that IT governance is an expensive exercise, but an organisation should accept such costs and evaluate return on investment (ROI) after implementation.
The IT Governance Institute identifies five key areas of IT governance. First, IT governance should focus on strategic alignment. This aims at aligning IT and business for efficiency. Strategic alignment involves planning in areas regarding business and IT with the focus on costs, reporting, and its effects on business goals. Second, IT governance should aim at value delivery to the organisation.
This is mainly to ensure that IT department delivers value to the organisation. Value delivery should develop processes that accelerate value proposition and eliminate processes that devalue the organisation. Third, IT governance also emphasises the need for resource management.
This can happen through efficient management of employees’ skills. Thus, an organisation can deploy its resources based on skills and demands to serve different lines of business. Fourth, risk management is also an important area of IT governance.
This should ensure effective management of IT resources, manage risks, and report on risk issues. Fifth, IT governance also emphasises business performance to ensure balance between business strategies and IT strategies. Performance measures identify contributions of IT to business and management of resources.
Challenges to IT Governance
Most organisations confuse IT governance with management practices and other IT control measures. According to ISO 38500, IT governance is a management system that directors use. Thus, IT governance accounts for IT resources and stakeholders who want returns on their investment.
IT governance has met resistance in most organisations due to costs. At the same time, organisations claim that they have effective corporate governance mechanisms, compliance with SOX standards (Sarbanes-Oxley) and others (Calder, 2009). SOX regulation requires effective financial regulation and corporate governance in order to protect investments (Sarbanes Oxley, 2012).
Organisations aspire for success with scarce resources. IT governance requires that organisations align their resources diligently to all areas of business for overall success of the organisation. The challenge is allocating such resources to IT department collectively in order to serve the overall goals of an organisation.
Effective IT Governance
Most organisations have poor IT governance systems. They tend to introduce IT governance in phases to address certain problems. This approach limits the effectiveness of IT governance. Thus, an organisation should have IT governance design that focuses on overall organisational objectives and performance goals.
This process requires participation of top management through resource allocation and support. The process of design also needs constant review as was the case of Tennessee Valley Authority (TVA). TVA aimed at consolidating its IT governance design.
A number of organisations such as JP Morgan, UNICEF, and Carlson companies among others redesigned their IT governance systems in order to meet changes in desirable behaviours. These organisations aimed at achieving balance in business through creating commonality and autonomy of units.
This was also a method of creating synergy in the organisation. UNICEF used IT governance to change its operations management and enhance global communication, information sharing, management, and transparency.
State Street Corporation used its IT governance to change budgeting through enterprise-wide IT budgeting. The company managed to change perspective to the entire corporation instead of units. Thus, IT governance can promote changes that enhance desired behaviours through redesigning IT governance.
Organisations that have effective IT governance have actively involved their top executives. Chief Information Officers (CIOs) must participate in IT governance. Other executives must also support processes and performance reviews. MPS-Scotland Yard and Accenture rely on management committees in enhancing IT governance to achieve improved synergies across the entire organisation (Kress, 2010).
According to UPS CEO, Mike Eskew, it is the role of top management to support IT governance decisions (Broadbent and Weill, 2003). Top management usually assist in such decisions because they are strategic goals that organisations need to deliver value to stakeholders. Thus, such decisions become strategic choices to the CEO.
Organisations should also be able to make choices among conflicting goals in IT governance. Conflicting goals need clear business principles. For instance, Old Mutual South Africa has developed such principles.
Its first principles states “The interest and needs of the Group/OMSA come first when exploiting technology or when contracting with suppliers” (Ross and Weill, 2002). Conflicting goals come from different units of the business. They can lead to confusion and complex processes. This process requires involvement of key stakeholders to make appropriate choices for business goals.
Effective IT governance requires clarification of some exceptional processes. Exceptional cases challenge the status quo of the system. These requests may aim at meeting needs of the business. UPS has exceptional procedures that guide requests for exceptions.
The organisation ensures that exception processes be clear to all stakeholders. The process is linear and eliminates all stages that can lead to delays. These exceptional requests also serve as learning points to the organisation in the enterprise architecture (Graves, 2009).
Effective IT governance also requires right incentives for its success. Organisations do not align their reward and incentive systems with IT governance. In other words, reward and incentive systems enhance different behaviours. Thus, when an organisation fails to align its reward and incentive systems to its goals, then governance becomes less effective.
An organisation that uses IT governance to drive autonomy, synergy or a combination of both among different departments must also align its incentive and reward systems to fit such approaches. Top executives can work together to design incentive and reward systems that appeal to the entire units of the business.
Organisations fail to include IT governance ownership and accountability in the implementation process. The board has the overall ownership and accountability of the system. However, it must delegate some roles like design, implementation, and performance to other individuals for effective implementation and accountability of the process. This process requires some consideration.
First, IT governance requires collaboration with other departments such as finance, human resources, and other business units. This is an enterprise-wide approach to IT governance. Second, implementation of IT governance requires participation of all managers for its success. Third, IT implementation is an expensive process.
Consequently, organisations require reliable, compliant, cost-effective, secure, and strategic IT governance for performance. This implies that we have to comprehend what IT can perform and cannot perform to an organisation mainly in relation to business strategies. Thus, people who own IT governance must take responsibility and provide accountability of processes that appeal to all business units.
Most organisations leave accountability of IT governance to their CIOs. CIOs also delegate these processes to business units and other relevant departments to ensure efficient design and implementation of IT governance (Hunter and Westerman, 2009).
Large organisations should have IT governance at different levels of operations management. This must ensure that IT governance is an enterprise-wide strategy that depends of different units of the business for strategic goals. Organisations with the global presence and different IT functions in relation to departments, divisions, and geographies need different but linked form of IT governance.
This is the case of JP Morgan Chase. The company derives both autonomy and synergy from these layers. Business units create synergy whereas top executives create autonomy through IT governance. However, top executives’ decisions regarding IT governance affect lower level of an organisation. Thus, effective IT governance should focus on enterprise-wide governance due to its effects on other levels of an organisation.
Effective IT governance also depends on education and transparent processes. People have confidence in transparent governance processes. Successful organisations such as Google, IBM and Street Corporation among others use their intranet platforms to communicate IT governance to all departments and employees.
Leaders must also show their commitments to IT governance through constant communication and support. This also applies to individuals that own IT governance in organisation. Effective communication enhances IT governance in organisations.
Formal means of communication are effective than other informal channels and effective documentation of IT governance are useful in implementing a workable IT governance. Senior executives who show a clear lack of understanding of IT governance may show their objections to the IT governance. Thus, organisations must review their approaches and reinforce them using communication and education.
Recommendation
We have noticed the importance of IT governance to strategic business goals of the organisation. At the same time, we have also identified main frameworks in IT governance, challenges that face IT governance, and effective IT governance in organisations. As a result, we can provide recommendations based on the study.
IT governance can only create synergy in an organisation through relying on several assets of an organisation. Thus, senior management should focus on governance issues include IT when addressing challenges of the enterprise.
Organisations should ensure coordination of their IT governance in order to create synergy for the entire organisation. This means that an organisation must align all processes of its operation to create value to stakeholders. This is because focusing on a specific area and neglecting others drain value from the system.
IT governance should also create effective processes. Organisations may coordinate IT governance with business units but fail to do so enterprise-wide leading to ineffective system. Thus, IT governance should also be effective enterprise-wide so that an organisation can measure performance and ROI of the IT investments.
Organisations should not engage in debating the value of IT governance in terms of costs. Instead, they should embrace IT governance and evaluate its return on investment after a reasonable period.
Successful IT governance relies on the support of top executives and all managers. Leadership that fail to support IT governance should remain open-minded in order to understand long-term values of IT governance.
Organisations can use different frameworks of IT governance for different purposes. This should lead to creation of great value for the organisation. However, the focus among business units should be across the entire organisation for creation of value to stakeholders. Areas of exceptions should not hinder business but serve as learning points of the enterprise architecture.
References
Brand, K. and Boonen, H. (2004). IT governance: a pocket guide based on COBIT. London: The Stationery Office.
Broadbent, M. and Weill, P. (2003). Effective IT Governance by Design. Gartner EXP Premier, 1, 60.
Calder, A. (2009). IT Governance Implementing Frameworks and Standards for the Corporate Governance of IT. Boise, ID: IT Governance Publishing.
Graves, T. (2009). Enterprise Architecture. Bodie, ID: IT Governance Publishing.
Hunter, R. and Westerman, G. (2009). Real Business of IT: How CIOs Create and Communicate Value. Boston, MA: Harvard Business Press.
Joisten, C., Gadatsch, A. and Schreiber, D. (2007). IT Governance. SaarbrĂĽcken, Germany: VDM Publishing.
Kress, R. (2010). It Governance to Drive High Performance: Lessons from Accenture. Boise, ID: IT Governance.
Ross, J. and Weill, P. (2002). IT governance: An investment. Massachusetts: MIT Sloan School of Management.
Sarbanes Oxley. (2012). Sarbanes Oxley: A Brief Overview. Web.
Schwartz, K. (2007). IT Governance Definition and Solutions. Retrieved from https://www.cio.com/article/2438931/governanceit-governance-definition-and-solutions.html#what