What is IT governance?
In order to discuss IT governance and its relevance to your business, we need to define governance. One informal definition of the verb govern is "to enact and control the policies and standards of a group, organization, or country." Because governance is an enacting force, it must be further refined using operational terms -- i.e., governance is a process. And we can define "process" as "a series of actions, changes, or functions bringing about a result."1 We'll cover the results of IT governance in a moment. First, let's assemble the pieces of this definition: "Governance enacts and controls the policies and standards of a group in a series of actions, changes, or functions which bring about a result." Now, let's extend this definition of governance in an operational context. Governance:
- Establishes chains of responsibility, authority, and communication (decision rights)
- Establishes measurement, policy, standards, and control mechanisms to enable people to carry out their roles and responsibilities2
In terms of IT governance, Item 1 above provides a static view of governance, bringing the structure of the enterprise into view, including how it functions and the roles and responsibilities for each member of the enterprise. As you may know, specification of the flow of decision rights is most often stated in a Responsible Accountable Consulted Informed (RACI) matrix. The RACI matrix is one of the artifacts of a governance solution.
Item 2 above provides a dynamic view of governance focused on business performance. The enterprise defines and institutes corporate policies (identifying the standards the business is going to follow and specifying a set of measures and controls) and, in turn, these policies are enforced by their business processes. Artifacts produced to define the dynamic view of governance include a policies library and governance effectiveness measures.
At its heart, governance in any form is about leadership. And IT governance is about the way in which leadership accomplishes the delivery of mission-critical business capability using Information Technology strategy, goals, and objectives. IT governance is concerned with the strategic alignment between the goals and objectives of the business and the utilization of its IT resources to effectively achieve the desired results.
IT governance disseminates authority to the various layers in the organizational structures within your business, while ensuring appropriate and prudent use of that authority. This doesn't refer simply to hierarchical structures; experience has taught us that network structures allow for specialization, teaming, and building infrastructure to support those teams. Specialization allows the sum of the parts of the organization to be greater than the whole.
However, structuring ourselves into networks can be counter-intuitive, and assembly of teams and sub-teams can often be a daunting task. Furthermore, experience has taught us that as teams grow in size and as the mission of the organization grows larger and more complex, the ability of individuals to communicate effectively and share a consistent vision decreases significantly.3 The addition of each new individual to a given project increases the potential communications traffic exponentially. Consequently, the need to implement a deliberate approach for the assembly of well-governed structures, processes, and tools requires deliberate planning, tactics, and methods.
Governance is not only for large organizations. Small organizations have a need for good governance as well. However, there are obviously a smaller number of control points to be deployed in a smaller operation.