Information Technology Governance—what does it Mean?
Has anyone noticed that the term “IT Governance” and its companion buzzword “transparency” seems to be getting a lot of use lately? Many of those using these terms seem to see them as a panacea for solving IT problems. While that is unlikely, the terms carry unique kinds of meaning. IT Governance, as used within the State, has had only limited focus on process and desired results. That likely needs to change.
Information technology governance deals primarily with the alignment between the business focus of agencies and IT management of the State. It highlights the importance of IT related matters in State government and suggests that strategic IT decisions are to be made by governance entities, rather than handled by the chief information officer (CIO) or other IT managers in isolation. This becomes especially important with infrastructure related activities and large IT projects.
The primary goals for information technology governance have usually been to assure that the investments in IT generate business value and the mitigation of risks associated with IT. This is usually done by implementing an organizational structure with clear roles for the responsibility for data and information, business processes, applications, and infrastructure.
There are varying levels of maturity within State government. The need for understanding the State’s business, scope and IT maturity including responsibility for strategic IT matters seems to be a pretty basic requirement. These areas do not seem well understood, let alone defined. Well defined control of IT has been described by many as the key to IT governance success.
Supporting mechanisms have been developed to guide the implementation of IT governance. Among the more important ones are:
* Control Objectives for IT (CoBIT) is an approach to standardize information technology security and control practices. This is done by providing tools to assess and measure the performance of IT processes. The IT Governance Institute (ITGI) at http://www.itgi.org is responsible for CoBIT. It would seem reasonable for the State to begin structuring many of its governance designs around the CoBIT framework.
* IT Infrastructure Library (ITIL) is a detailed framework with hands-on information on how to achieve a successful governance of IT. It was developed as a framework for efficient and financially responsible use of IT resources. www.itil.co.uk. ITIL has a lot to offer as we begin redesigning governance structures.
* Balanced Scorecards (BSC) also provides ways to assess the organization’s performance, and have been an initiative sponsored by the Governor. This component addresses the identification and consistent measurement of key performance indicators.
Portfolio Management has been suggested by some as being the same as IT Governance. While I agree that it is an important component. It is not IT Governance. It is interesting to note that broader definitions of “governance” include the associated term “politics”. That is also a significant concern as we begin creating IT governance systems. Expensive tools rarely address political issues. I hope we take a step back as we finalize our Portfolio Management processes and consider them in a broader governance context. Governance processes need to be defined, and then tools, such as Portfolio Management need to enhance and support those processes. Tools should not define governance.