This chapter introduces current and prior IT governance literature across five key focus areas being strategic alignment of business and IT systems, delivery of value from IT systems, risk management of IT systems, management of IT resources and measurement of the performance of IT systems. The chapter focuses on synthesising the current literature on ITG to achieve three primary objectives. First, the review presents a detailed overview of research across the key focus areas of ITG. Second, the synthesis of the literature identifies important gaps in ITG research. Third, the review aims to guide future thinking and research on ITG in each of the focus areas. This chapter will provide a comprehensive understanding of the current state of IT governance literature.
It Governance Standards
The release of a voluntary Australian Standard AS8015-2005 “Corporate Governance of Information and Communication Technology” by Standards Australia (2005) has emphazised the importance of ITG for Australian organizations. Further, there are a number of international standards which are relevant to ITG. The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) released ISO/IEC 27001 and 27002 on information security in 2005 (ISO/IEC, 2005a; ISO/IEC 2005b). These standards aim to provide clear guidelines of best practice on information security management across 12 key sections and replace prior standards on this issue. Standard ISO/IEC 12207 on the software life cycle processes, which was amended in December 2004, is also relevant to ITG of organizations. This standard establishes processes and activities applicable to the acquisition and configuration of software services (ISO/IEC, 2004a). The international standard on Software Process Improvement and Capability Determination (SPICE) ISO/IEC 15504 assists organizations to assess their overall capabilities for delivering software (ISO/IEC, 2004b).