Now Is the Time for Formal IT Governance Frameworks

Lora Bentley

IT governance is a hot topic these days, but how many businesses actually put action behind the lip service? According to a piece compiled by CIOs in the UK and analysts from MWD Advisers, fewer than you might think. They all agree that IT governance is smart and the best thing to do, but they very seldom implement formal programs to achieve it.


As the writers say, "Although executives of all stripes are generally ready to 'talk the talk' when it comes to transparency and accountability, human nature is such that it actually takes a lot of momentum and senior executive pressure to drive through this kind of cultural change."


It's a little like remembering to eat the recommended number of vegetable servings or drink eight glasses of water a day. When you're healthy, you just don't think about it because it doesn't seem necessary. But these tough times provide the perfect opportunity to investigate implementing a formal IT governance framework. There are several from which to choose, of course. The writers mention COBIT, COSO, ISO 38500 and Val IT (which is promoted by ITGI and ISACA), noting that that their approach aligns most closely with Val IT. They say:

Effective IT governance needs to draw on four types of resources -- people, policies, processes and technology. It fosters effective communication and collaboration between all stakeholders, regardless of their jurisdiction or focus.


What value does IT governance provide for the company that chooses to implement a formal framework? Though there are many, the writers point to four in particular. First, it helps avoid project failure because risks are "properly measured and managed." Second, IT governance helps to avoid those projects and initiatives that do not add value to the company or its offerings because those that are closely aligned with business strategy are promoted and those that are not are "killed" early. Third, it allows companies to meaure the cost and quality of projects as they are in process. And finally, the writers say, IT governance allows improved transparency and accountablity in IT.

No matter how hesitant one may be to such transparency and accountability, in this day of Madoff scandals and AIG bailouts, it's exactly what shareholders and other stakeholders are calling for. IT governance framework, anyone?

Add Comment      Leave a comment on this blog post
May 19, 2009 8:36 AM Steven Romero, IT Governance Evangelist Steven Romero, IT Governance Evangelist  says:

As you can likely surmise from my title, I am all for IT Governance frameworks. Notice I said frameworks (plural) and not simply framework.

I have found few organizations understand the full scope and breath of IT Governance. Many mistakenly equate IT Governance to one of the many subsets of IT Governance - most notably Risk and Compliance or Investment Decision-making. This was evidenced by the four value points from the writer you cite. Each of these values is linked to IT Investment Management, arguably the most important aspect of IT Governance, but still a subset.

This is also reflected in the IT Governance frameworks you list. Many folks mistakenly consider this to be an either-or list when in fact, I would deploy elements of each - and many other IT Governance Frameworks as well.

It is a major mistake if anyone thinks there is a single IT Governance framework. That being said, I would rather they mistakenly implement a single IT Governance framework (addressing a subset of IT Governance) than doing no IT Governance at all.

Steve Romero, IT Governance Evangelist

May 22, 2009 8:06 AM Andrea Receveur Andrea Receveur  says:

I think some companies are in a catch 22 position with the current economic times. Yes, top executives talk the talk, they know they need to implement IT Governance design, but that means allocating the time and resources (which both = $$$) that they just can't afford. BUT, implementing the framework will save them time and therefore money in the long run. It's a tough position to find a company in right now.


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.