“IT governance is the responsibility of executives and the board of directors, and consists of leadership, organizational structures, and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategies and objectives.”
Decent IT Governance implementation requires set of best practice frameworks based on major elements:
The efficiency of IT Governance would be enabling the organisation to achieve its goals and objectives. The efficiency of IT Governance’s focus includes the effectiveness of:
During the decision-making process, action involves are:
Funding of competing IT Investments
Oversee the implementation
Handpicked measurable business advantage
Governance process enforcement is spoken by IT group management and it acts as a guideline for leaders to manage their IT investment, projects and resources while basic elements are in place and ensuring the success
The IT Governance Institute (a division of ISACA) breaks down IT governance into five domains:
1. Value Delivery
Governance allows leadership to actively commit to improving the management and control of IT activities in the agency. Governance provides federal managers with the framework to manage all IT initiatives and demands, through a single point where they are prioritized and fulfilled. It allows standardizing technology platforms and helps managers make informed decisions on IT initiatives.
Effective governance is about accountability. This enables leaders to enforce the responsibilities that relate to IT program management.
2. Strategic Alignment
Governance works together with IT portfolio management to align IT investments with business objectives, enabling leaders to improve responsiveness to challenges and also to manage current and future IT investments. It provides transparency to enterprise IT investments and ensures investment is spent in accordance with the business’s mission. Governance allows leaders to actively commit to improve the management style and controlling IT activities within the business. This initiative also ensures a culture of openness and collaboration among the business, geographical and functional units of the enterprise.
3. Performance Management
Enterprises that effectively monitor the activities of IT would ensure the activities are in line with the business goals that are set by using KPI or key measurement metrics. Performance metrics are used as a tool to evaluate the effectiveness and efficiency of business processes against the business goal. Besides, the performance metrics also help businesses to allocate and manage resources. The results shown from the performance metrics will also influence the leaders’ decisions that are related to the activities such as budgeting, priorities, and resources.
KPI and metrics are crucial tools for management to have a complete overview of the whole business performance and this is usually involving a huge investment in IT. Due to that, business owners usually will confirm that the IT investment is strategically aligned with the business goals and they are managed effectively to help the achievement of the common business goals. This includes ensuring the stakeholders expectations are met, and management uses IT governance process that is defined by global standards. The popular best practice framework includes ISO 38500 and COBIT.
4. Resource Management
Proper management of critical resources (IT resources and IT infrastructures) enables control in planning and organizing IT initiatives. This gives leaders the ability to ensure appropriate IT support is available at enterprise level for current and future IT investments. The governance practices for resource allocation are following:
IT resource allocation in correlation with business priorities.
Implement effective controls towards IT infrastructure that identifies resource fulfilment at optimum level.
Sustain investment in staff development, education and training.
5. Risk Management
Proactive risk management ensures that IT managers and leaders are aware of the risk associated with the IT initiatives and provides the root cause to implement risk mitigation strategies. Risk management is a continuous process which starts by assessing the level of exposure of the organisation and identifying the main incident risks. Identifies risks should be minimised using a control procedure and the lasting risk should be adjusted at a minimal level.