IT governance consists of leadership, organizational structures, and processes that ensure that information technology (IT) supports corporate strategy and goals. IT in this context means the entire infrastructure, but also the skills and organization that support and justify the IT. IT governance is the responsibility of the board and management and is an integral part of corporate governance.

The key points in that definition are:

  • IT Governance is a process. It is not a point in time event. It is not a committee. It is not a department.
  • The objective of IT Governance is to ensure the delivery of business results not “IT systems performance” nor “IT risk management” – that would reinforce the notion of IT as an end in itself. To the contrary, IT Governance is about IT decisions that have an impact on business value.
  • The process therefore monitors and control key IT decisions that might have an impact – positive or negative – on business results.
  • The concept of governance is meaningless without the recognition of both ownership and responsibility. The key stakeholders in an organization have an “ownership” stake in the organization. The management is responsible to these stakeholders.
    • We must recognize the ownership stake of not just shareholders but also of the other stakeholders such as customers, vendors, employees etc.
    • The “management,” i.e. the people entrusted with making key decisions, is responsible to these stakeholders.
  • Therefore, the objective of IT Governance is not just the delivery of risk optimized business value but also to engender the trust of the key stakeholders in the people who they have entrusted their money and/or livelihood!
    • One can argue that this trust results in more business value. No doubt. But the fact remains that it is a means to that end and must be recognized independently as a motivation for IT Governance.
    • In a sense, IT Governance acts upon the old adage of “trust but verify!”