In many organizations, information technology has become crucial in the support, sustainability, and growth of the business. This pervasive use of technology has created a critical dependency on IT that calls for a specific focus on IT governance. IT governance consists of the leadership and organizational structures and processes that ensure that the organization‘s IT sustains and extends the organization‘s strategy and objectives (Grembergen, Haes, & Guldentops, 2004). IT governance matters because it influences the benefits received from IT investments. Through a combination of practices (such as redesigning business processes and well-designed governance mechanisms) and appropriately matched IT investments, top-performing enterprises generate superior returns on their IT investments (Weill, 2004).
What Is It Governance?
IT governance can be defined as specifying decision rights and accountability framework to encourage desirable behavior in the use of IT (Weill & Ross, 2004). This is the definition we will use here.
Other definitions are, for example: (i) IT governance is the structures and processes that ensure that IT supports the organization’s mission. The purpose is to align IT with the enterprise, maximize the benefits of IT, use IT resources responsibly, and manage IT risks; (ii) A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk vs. return over IT and its processes; (iii) IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives; and (iv) IT governance is the system by which an organization’s IT portfolio is directed and controlled. IT governance describes (a) the distribution of decision-making rights and responsibilities among different stakeholders in the organization, and (b) the rules and procedures for making and monitoring decisions on strategic IT concerns (Peterson, 2004).
An extensive definition was presented by the IT Governance Institute (2004) as follows. It is a board or senior management responsibility in relation to IT to ensure that:
IT is aligned with the business strategy, or in other words, IT delivers the functionality and services in line with the organization’s needs, so the organization can do what it wants to do.
IT and new technologies enable the organization to do new things that were never possible before.
IT-related services and functionality are delivered at the maximum economic value or in the most efficient manner. In other words, resources are used responsibly.
All risks related to IT are known and managed and IT resources are secured.
A distinction has to be made between IT management as discussed previously in this book and IT governance that we introduce here. IT management is focused on the internal effective supply of IT services and products and the management of present IT operations (Grembergen et al., 2004). IT governance in turn is much broader and concentrates on performing and transforming IT to meet present and future demands of the business (internal focus) and the business’ customers (external focus).
The difference between IT management and IT governance is illustrated in Figure 1. While IT management is concerned with implementing IT services at the present, IT governance is concerned with making decisions for the future.
Distinction between IT management and IT governance (Grembergen et al., 2004)