There are similarities and differences between governance and management functions.  Both governance and management functions make decisions for the organization.  Governance focuses on strategic and oversight decisions of the organization.  Management ensures effective day-to-day operations. 

Effective governance is as much action as decision.  Governance processes are necessary to ensure the effective use of resources integrated with business objectives.  This includes processes to manage human resources, financial investments, facilities, IT infrastructure, information and relationships. 

The IT governance implementation approach requires the integration of the IT objectives to the business functions.  The steps to achieve an effective IT governance framework include:

• Objectives – Identify the key IT objectives
• Risks – Identify the business and security risks 
• Business Functions – The key business functions are identified and integrated with the IT objectives
• Capabilities – Define the key capabilities of the IT organization required to meet the business functions
• Controls – Define an appropriate system of internal controls
• Measure – Define a set of metrics that provide the maximum benefit with a minimum impact on operations
• Communicate – Define the set of reports that will provide management with knowledge to make sound decisions

IT Governance Decisions

Governance aligns the decision-making responsibilities with the intended result.  Decision-making guidelines and standards help generate commitment and ensure integration with the business objectives.  Ideally, the decision-making structure would include business and technical staff from different disciplines and departments.  The following list illustrates key governance decisions:

• IT Principles Decisions – high-level statements about how IT is used in the business
• IT Relationship Decisions – assurance that the IT objectives integrate with the business strategy
• IT Architecture Decisions – organizing logic for data, applications and infrastructure captured in a set of policies, relationships, and technical choices to achieve desired business and technical standardization and integration
• IT Resource Decisions – centrally coordinated, shared IT skills and assets that provide the foundation for the enterprise’s IT capability
• Business Applications Needs – specifying the business need and sourcing for purchased or internally developed IT applications
• IT Investment and Prioritization Decisions – decisions about how much and where to invest in IT, including project approvals and justification techniques
• Information Security Decisions – coordination of IT activities to meet IT risks and compliance requirements

This governance framework will ensure all IT objectives are appropriately planned, executed and monitored.  The implementation of the framework will integrate the IT objective with the business functions, help control costs, ensure appropriate resource utilization and provide information to help ensure properly scaled architectural implementation.  The framework gives management the knowledge and assurance that business, as well as IT situations and issues are controlled, managed and resolved.

About the Author:

Richard A. Nietubicz, ISO/IEC 20000 Consultant, ITIL® Service Manager, CISA, serves as IT Governance and Compliance Practice Principal at Plexent, an IT Service Management company and leading provider of ITSM-focused intellectual property, itDNA®.  Nietubicz has specialized in IT governance and process management for more than 20 years.  He can be reached at rnietubicz@plexent.com or 972.381.0077.


Previous Article | Next Article