What is IT governance?

By Andrew Clifford

We apply governance to IT investments, change projects and service delivery. Extending governance to include the systems themselves can give us the management tool we need to overcome many persistent problems in IT.

There is no single definition of IT governance. A quick search on the Internet shows it means different things to different people.

• Governance is used to describe the processes for deciding how money should be spent. It includes prioritisation and justification of investments. It includes controls on spending such as budgets and authorisation levels.
• Governance is used to describe many different aspects of IT change. At the low level, it is sometimes used to describe project management and control. More often it is used to describe the management and controls of a portfolio of projects. It is used to make sure that IT change processes comply to regulatory requirements. Sometimes it covers the deployment of IT staff. Governance aligns IT change and expenditure to business change and expenditure.
• Governance is also used to describe the management and control of IT services. Service Level Agreements (SLAs) are used to define levels of service that are acceptable to business, and then used as a basis for monitoring services. Governance makes sure that day-to-day problem fixing and support are aligned to business needs.

Rather than argue which is the correct definition of governance, look at the similarities. In every case, governance involves a mix of the following:

• Control of the work.
• Co-ordination between different pieces of work.
• Measurement of outcome.
• Compliance with internal policy or regulation.
• Justification of spending.
• Accountability and transparency.
• Connecting with the needs of customers, the broader organisation, and other stakeholders.

Last week I wrote about how many of the persistent problems in IT concern the qualities of systems themselves. This includes legacy systems, old technologies, security, documentation, and many other areas. Tackling these is not primarily a technical problem, but a management problem. We need to be able to communicate the risk, justify and control the work, and provide accountability.

IT governance in its various forms achieves this type of management for IT investments, change projects and service delivery. But from what I have seen, we rarely apply governance to the systems themselves.

But what if we could define a governance approach for the systems themselves? By analogy with other areas of IT governance, system governance could help us communicate the value of system qualities to a broader audience, which would help us justify the work required to maintain and improve the qualities. It could give business control over the policies for system qualities and make the IT function accountable.

I believe that we can define an approach to system governance that meets these needs. This approach is different from, but complementary to, the governance of IT investments, change projects and service delivery. It can provide the management tool we need to overcome the persistent problems of IT.

Next week I will cover what a systems governance approach should look like, and how it differs from other areas of IT management.

Subscription