Following the current economic turmoil, today’s business environments are focused toward establishing a solid enterprise governance framework in order to reach objectives, set adequate direction and ultimately create stakeholder value. As the majority of businesses processes are now performed through information technology systems, the importance of information technology enterprise governance has reached the agenda of the Board, committees and major business stakeholders.
There’s a common misconception of the term “governance:” that it is associated solely with the Board and executive management. This is despite the fact that the majority of governance activities also reside with middle management and operational levels; they play a major role in the implementation and success of the governance framework as the parties directly involved with its application, under the direction of the Board and executive management.
Governance vs. Management
A distinction between governance and management in terms of roles and accountability is vital, as their activities differ. Management, as per the COBIT 5 Framework, is delegated by stakeholders for achieving objectives that address assertive needs and options. In return, management instructs and aligns their operations and execution plans with the direction provided.
Management is assigned the accountability and responsibility of applying the governance activities in order to meet the stakeholders’ delegation and objectives, whereas stakeholders monitor the progress of management through a reporting line that includes feedback from diversified divisions in the enterprise.
Defining Governance of Enterprise IT
The IT Governance Institute has defined the term “IT governance” as the responsibility of the Board of Directors and executive management which consists of the leadership and organizational structures and processes in order to ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.
Putting Governance of Enterprise IT in Context
Looking into the enterprise governance exhaustively, it consists of a set of activities with a goal of:
- Providing strategic direction
- Achieving organizational objectives
- Managing risks
- Managing the organization’s resources
As the International Federation of Accountants reports, enterprise governance constitutes the entire accountability framework of the organization. Having said that, the enterprise governance framework is built upon two main key dimensions that should be achieved to serve its goal: corporate governance, concerning accountability and assurance, and business governance, concerning value creation and resource management.
Both dimensions govern vital assets within an organization, and since a great deal of enterprises have relied on automation, information technology has become an integral part of the enterprise. Thus, its governance is navigated by the enterprise governance’s framework rather than being siloed.
Governance of Enterprise IT Triggers
Enterprises usually operate in dynamic and uncertain environments, increasing the potential of facing operational difficulties. Nevertheless, there are certain symptoms that can serve as triggers for establishing or revising the organization’s governance of enterprise IT’s framework. Among these symptoms:
- Elevation in the cost of IT
- Inability for IT to meet business needs and initiatives
- Outsourced vendors not meeting their associated service level agreement, resulting in business interruption and limitations
- Poor IT resource management and utilization
Keeping an eye on such triggers is essential for the Board and executive management, since they might be experiencing them without implementing the adequate diagnoses and resolutions.
Enabling Governance of Enterprise IT
Rounding back to the main goals of enterprise governance (i.e. strategic direction, achieving organizational objectives, managing risks, resource management), IT governance serves those goals through a set of components which are considered as enablers, anything that can help to achieve the objectives of an enterprise.
The COBIT 5 Framework has classified enablers relevant to IT governance into seven broad categories:
- Principles, policies and frameworks
- Processes
- Organizational structures
- Culture, ethics and behavior
- Information
- Services, infrastructure and applications
- People, skills and competencies
Conclusion
Governance practices and activities have increasingly occupied the attention of Boards and executive management, as stakeholders have become more concerned with the sound management of their interests.
Thus enterprise governance frameworks have been implemented or are under implementation widely in order to provide organizations with the upper hand within their respective markets. Therefore information technology plays a decisive role in supporting the operational processes applied. IT governance practices ought to be integrated with the enterprise governance frameworks from the beginning.
Applying an effective and efficient governance and management of enterprise IT requires a holistic approach. However, given the challenge of implementing areas including strategic management, benefit realization, and risk and resource optimization — which requires clear communication, cultural alterations, accountability assignment and many other elements not commonly adhered to within an IT environment — the holistic application of enterprise IT governance is seen by many organizations as an uphill battle.
References
- International Federation of Accountants. (2003). Enterprise Governance: Getting the Balance Right.
- (2013). Certified in the Governance of Enterprise IT Review Manual. USA.
- IT Governance Institute. (2003). Board Briefing on IT Governance.
- (2012). COBIT 5: A Business Framework for the Governance and Management of Enterprise IT. USA.
Mais Barouqa is a Senior Consultant with an international consulting firm covering the Middle East region. She is experienced in the fields of information technology governance, systems audit, information security, compliance and controls assessments.
