Want to learn about taking the initial steps to IT governance within your own organization? Be sure to check out our on-demand webinar,“Proactive Operational Governance in Office 365!“
If you’re an IT professional or an employee of a tech company, you’ve likely heard the term IT governance. It’s also a term that you may not fully understand. IT governance is a very critical element of any organization and you almost certainly utilize governance features without even knowing it.
The goal of this post it to define IT governance, its role in your organization, and provide a few principles to consider when negotiating this broad topic and creating your organization’s own IT governance framework.
First things first: What is IT Governance?
IT governance can be defined as a formal framework to ensure IT investments support business needs. Essentially, your governance infrastructure is what allows certain users to do certain things while prohibiting other users.
The concept of IT governance was a result of legislation and regulations that were established in the late 1990s and early 2000s to regulate the growing usage of technology in business. Among these laws were the Sarbanes-Oxley Act of 2002, a.k.a. the Public Company Accounting Reform and Investor Protection Act.
This law was enacted in response to several corporate and accounting scandals (Enron is one many will remember), and established criminal penalties for certain types of misconduct. The law also required the SEC to establish regulations defining how public corporations are to comply.
It doesn’t take an economics or legal expert to realize that this legislation is something to be taken seriously, and laws of its type drastically changed the trajectory of business in the 21st century. So, governance: it’s not just a good idea, it’s the law.
Should My Organization Care?
There are a few varieties of organizations with whom IT governance concepts are most likely to resonate.
- Organizations or businesses that are subject to regulatory compliance
- Businesses or organizations that have business models driven by efficiency and optimization
- Organizations that have demonstrated mature IT operations
Principles of IT Governance
- The Risk Principle: Measures and controls must be adjusted according to the levels of risk.
- The Suitability Principle: The needs of the organization determine the plan for the level and style of governance.
- The Behavior Principle: The governance solution drives the organizational behavior
- The Deployment Principle: The governance solution must be incrementally implemented
- The Automation Principle: Technology makes the governance solution empowering and unobtrusive.
The two have different audiences, different realities, yet share a common and very important goal.
- Strategies for organizational success
- Provides guidance and steering
- Focuses on priorities and policies
- Usually driven by a steering or governance committee consisting of various business stakeholders and IT representatives
- Their job is to assess and mitigate risk and compliance with controls and regulation
- They’re typically a mix of technical and non-technical individuals
- Involves daily actions, decisions, implementations and processes
- Works on upholding departmental and organizational objectives
- Usually driven by technologists tasked with implementation and support of IT systems and applications.
- Their priorities and mission are consistent and optimal IT service delivery
- Their backgrounds are typically in technology and management
Want to learn more about IT governance? Subscribe to our blog.