IT governance is a hot topic these days, but how many businesses actually put action behind the lip service? According to a CIO.com piece compiled by CIOs in the UK and analysts from MWD Advisers, fewer than you might think. They all agree that IT governance is smart and the best thing to do, but they very seldom implement formal programs to achieve it.
As the writers say, "Although executives of all stripes are generally ready to 'talk the talk' when it comes to transparency and accountability, human nature is such that it actually takes a lot of momentum and senior executive pressure to drive through this kind of cultural change."
It's a little like remembering to eat the recommended number of vegetable servings or drink eight glasses of water a day. When you're healthy, you just don't think about it because it doesn't seem necessary. But these tough times provide the perfect opportunity to investigate implementing a formal IT governance framework. There are several from which to choose, of course. The writers mention COBIT, COSO, ISO 38500 and Val IT (which is promoted by ITGI and ISACA), noting that that their approach aligns most closely with Val IT. They say:
Effective IT governance needs to draw on four types of resources -- people, policies, processes and technology. It fosters effective communication and collaboration between all stakeholders, regardless of their jurisdiction or focus.
What value does IT governance provide for the company that chooses to implement a formal framework? Though there are many, the writers point to four in particular. First, it helps avoid project failure because risks are "properly measured and managed." Second, IT governance helps to avoid those projects and initiatives that do not add value to the company or its offerings because those that are closely aligned with business strategy are promoted and those that are not are "killed" early. Third, it allows companies to meaure the cost and quality of projects as they are in process. And finally, the writers say, IT governance allows improved transparency and accountablity in IT.
No matter how hesitant one may be to such transparency and accountability, in this day of Madoff scandals and AIG bailouts, it's exactly what shareholders and other stakeholders are calling for. IT governance framework, anyone?