Get Steve's Book on Amazon
  • Eliminating
    Eliminating "Us And Them": Making IT and the Business One
    by Steven Romero
Tuesday
May292012

The Business of IT Governance

Who is responsible for IT governance at your enterprise? I’ll bet your answer is the CIO, or one of their direct-reports. I am conducting an IT governance assessment for a large hi-tech firm and of the 34 executives I interviewed, half of them said it was the CIO. Most of the remaining folks identified various IT executives as sharing responsibility for IT governance. Of the 17 IT and 17 business execs I interviewed, only six identified members of the business as having responsibility for IT governance.

This enterprise is similar to most organizations I have encountered in the past six years of my global evangelism of IT governance. Companies and public agencies continue to make the mistake of expecting IT to govern IT, when in fact it is business leaders who should be governing IT.

As I have said in the past, the worst thing about IT governance is those first two letters, I-T. It should have been called “Enterprise governance of IT” (a term only recently adopted by the IT Governance Institute – an adjunct organization of the Information Systems Audit and Control Association.)

Consider the five principles of IT governance:

  • Ensure IT is aligned with the business
  • Ensure IT is delivering value to the business
  • Ensure IT is managing risk
  • Ensure IT is managing resources
  • Ensure IT is managing performance

What do you think the result will be if you ask IT to ensure it is meeting each of these principles? Though it is not as egregious as the fox watching the hen-house, the analogy is somewhat comparable. I am certain most IT organizations aspire to meet each of these principles, but I have yet to encounter a single IT organization that was able to do so without the direct involvement of the business. I am absolutely convinced that these principles will only be realized when the enterprise, the business, governs IT.

Check out the collateral at the IT Governance Institute (ITGI) and you’ll find the Board Briefing on IT Governance. That’s right…the “Board” briefing. This is the briefing for the Board of Directors, providing the meaning of IT governance, its relationship to enterprise governance, and the actions boards and senior management should take to affect IT governance. Responsibility for IT governance begins with the Board of Directors.

That is why I am very excited to be participating in the upcoming Corporate Governance Conference hosted by the Association for Corporate Growth, 101 Corridor Chapter. I was invited to be part of a panel discussing information technology as a governance issue. It is a rare topic of discussion at their conference which underscores the near universal board and business neglect to govern IT.

This is a recording of my interview with the Lynda Roth, President of the chapter. The interview was conducted to promote my participation in their upcoming event and it delves into the need for the business to assume its front-and-center role in governing IT.

In addition to asking who is responsible for IT governance, here are some more questions that provide great insight into the state of IT governance of any enterprise:

  1. Briefly describe IT governance at our company
  2. Are there IT governance metrics?
  3. What is IT governance supposed to achieve at our company?
  4. What decisions are governed?
  5. Who is accountable for making those decisions?
  6. Does it take too long to make those decisions?
  7. What are the governing committees?
  8. How often does IT governance change? Why does it change?
  9. Does IT governance cover all business initiatives, or does it just apply to a few key business objectives?
  10. Do we have a well-defined IT governance exceptions process? Is the exceptions process overused?
  11. Are performance objectives linked/tied to IT governance goals?
  12. Do we conduct analysis to determine if ROI for IT initiatives is being met? Is this analysis effective?
  13. What are the consequences of circumventing or undermining IT governance?
  14. Is IT governance working well?

The answers to these questions will be very telling - especially when you see the inevitable disparity in the responses. And don’t just ask the IT folks. Here is a good guide to determine who you should be interviewing:

Stakeholders within the enterprise who have an interest in generating value from IT investments:

  • Those who make investment decisions
  • Those who decide about requirements
  • Those who use/consume IT services

Internal and external stakeholders who provide IT services:

  • Those who manage the IT organization and processes
  • Those who develop capabilities
  • Those who operate the services

Internal and external stakeholders who have a control/risk responsibility:

  • Those with security, privacy and/or risk responsibilities
  • Those performing compliance functions
  • Those requiring or providing assurance services

So who is responsible for IT governance in your organization? How is it working? I would love to hear your IT governance stories. 

~Steve~

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (45)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Response: Clemencia Hammett
    I found a great...
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: marketing
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: plumber
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: pest control
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: bad credit loan
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: sports betting
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: Dogs In School
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: kindle
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: seo utah
    A partnership is a business owned by two or more people. In most forms of partnerships, each partner has unlimited liability for the debts incurred by the business.
  • Response
    Response: related webpage
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Compound forms such as agribusiness represent subsets of the word's broader meaning, which encompasses all activity by suppliers of goods and services.
  • Response
    Response: UK Models Review
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: dune buggy
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: Portland seo Firm
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: websites
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: best acne products
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: rush my essays
    Your blog posting is awesome and your informatio so interesting, I really love this type of blogs. I give my online essay services, these can give good essays to each one with cheap prices.
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: Lamontagne
    I found a great...
  • Response
    Response: finance.Yahoo.com
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: iorPqOLK
    Romero Consulting - Blog - The Business of IT Governance
  • Response
    Response: slim reviews
    As I have said in the past, the worst thing about I
  • Response
    Response: 1500 garcinia
    This enterprise is similar to most organizations I have encountered
  • Response
  • Response
    This enterprise is similar to most organizations I have encountered
  • Response
    Those who manage the IT organization and processes
  • Response
    They shared a lot of useful information about IT. They just increased in my knowledge for this thanks to them. I have never seen any such post before. They shared a wonderful information. I love to
  • Response
    Response: Viooz
    Romero consulting now presenting the ways to conduct the business of IT Governance. It is really awesome.
  • Response
    Response: Viooz
    Romero consulting now presenting the ways to conduct the business of IT Governance. It is really awesome.

Reader Comments (6)

Dear Steve:

Nice title for your article!
Actually, IT not governed by "the business" (I mean, by the Board and/or its appendices, i.e., the place to locate IT Accountability) is not IT Governance.

It might be IT Management (Management of IT by those responsible of executing the IT strategy, not by those in charge of establishing strategic guidelines and controlling its realization).

Best regards,
Miguel

Interesting post and thanks for sharing. Some things in here I have not thought about before. Thanks for making such a cool post.

April 1, 2015 | Unregistered Commenterhttp://byebra.co.uk

I am so pleased I found this blog, I really got you by an accident, while I was searching for something else. The story and blog you have published is very interesting as well as informatics, Thanks for sharing such type of informatics thing.

April 13, 2015 | Unregistered Commenteruitstortgootsteen

Thanks for sharing this useable article - I really increase your acquisition.it is really very informatic post for young people, and hope they will enjoy well after reading this post.

June 22, 2015 | Unregistered Commenterphuket map

Thanks for give me information on this topic. you have sharing very nice post.

Get the best reviews for best skin lightening cream

August 6, 2015 | Unregistered Commenterskin lightening cream

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>
« Shadow IT: Cutting off the IT-Nose to Spite the Business-Face | Main | Tips to Secure Your Enterprise in the New World of BYOD »