IT Governance: When & How To Implement IT Governance Systems

If it hurts, you’re doing it wrong. That’s true for IT governance in DevOps, even though many in the C-suite disagree. Learn why this is the case.

Written by . Last Updated:

Why “Pain vs. Progress” Is a False Choice

Writing for Forbes, Mark Settle doesn’t pull any punches when it comes to how chief information officers (CIOs) feel about IT governance. He also doesn’t pull any teeth for that matter, despite saying the average quarterly IT steering committee is less pleasant than dental surgery (as he notes, at least spending time with the dentist is voluntary). But the “pain” many associate with IT governance may, unfortunately, be due to a common misunderstanding as to what the term actually means.

According to ISACA, the Information Systems and Control Association, “governance” is often thought of as mere technical bureaucracy—policies, rules, and procedures that are put in place for their own sake. In reality, however, proper governance functions with direct lines to business value. Even more, it’s increasingly mission-critical in an increasingly technical business environment. 

That said, the “pain” experienced by IT stakeholders in these meetings should be a wake-up call, not some dismissable joke. Because, much like in the world of dentistry, pain is the first sign of deeper issues related to business needs. And, in both cases, inattention and lack of initiative allow these deeper issues to fester. 

To clean up these misconceptions, we start by clearing up the true definition of IT governance to ensure we’re on the same page.

What is IT governance?

A subset (and integral part) of overall enterprise governance, IT governance is a framework of procedures, policies, and metrics that, enabled together, ensure IT supports business goals. It manages associated risks and helps businesses optimize their investments in IT while maintaining regulatory compliance.

When implemented and managed correctly, the governance framework provides valuable benefits to a business, which can be viewed as common “pillars” that all frameworks share:

Strategic alignment: An IT governance structure should ensure that strategy within the department complements and supports the business’s goals. By doing so, an organization’s stakeholders ensure the IT department functions as part of the whole instead of becoming isolated as a separate entity.

Resource management: The IT governance process fosters operational efficiency, helping organizations maximize their ongoing investments in technology infrastructure and resources.

Performance measurement: Once in place, governance frameworks also measure the ongoing performance of IT projects and services, ensuring they meet or achieve the set standards.

Risk management: Effective IT governance counteracts the inherent risks of any technology used in a business environment, risks that can be operational, financial, or involving cybersecurity, information security, and compliance.

Value delivery: Holistically, the work needed to enact IT governance pays off through driving value. For businesses, this involves IT investments contributing to profitability and revenue growth. Related, IT governance also helps ensure order processing, delivery/fulfillment, troubleshooting, and inventory management all contribute to creating happy, satisfied customers.

Over the overall lifecycle of a business, governance should grow to both rely on and contribute to operational transparency, in addition to helping organizations grow more resilient and better adapted to keep pace with technological changes over time. 

Common pillars of enterprise IT governance

The pillars of IT governance are key principles or components that form the foundation of a solid IT governance framework. 

While different sources might identify slightly different pillars based on established frameworks like COBIT (Control Objectives for Information and Related Technologies) and ITIL (Information Technology Infrastructure Library), five common pillars can be identified:

  1. Strategic Alignment: This pillar ensures that the IT strategy is aligned with the business strategy and that IT delivers the capabilities required to meet business objectives. This also involves ensuring IT projects align with enterprise objectives and add measurable value.
  2. Risk Management: The risk management pillar involves identifying, assessing, and managing IT risks. It ensures that the organization understands its risk appetite and has effective measures in place to mitigate risks, particularly those that could disrupt business processes or compromise data security.
  3. Resource Management: This involves ensuring that all IT resources—people, processes, and technology—are used efficiently and effectively. It involves proper allocation and management of IT resources, aligning them with strategic objectives, and ensuring they deliver value.
  4. Performance Measurement: The performance measurement pillar focuses on setting and tracking key performance indicators (KPIs) for IT processes. This allows the organization to assess how well IT is delivering on its objectives, driving continual improvement.
  5. Value Delivery: This pillar emphasizes delivering value through IT. This involves ensuring that IT investments result in positive outcomes such as return on investment, profitability, customer satisfaction, or other business performance indicators.

Each pillar plays a crucial role in the effectiveness of IT governance. Together, they provide a comprehensive approach to managing IT, ensuring it supports and advances the organization’s objectives.

Commonalities in IT governance frameworks

Business-specific IT governance frameworks can vary but, generally, there are overlaps. This is because modern frameworks tend to include more or less of the COBIT framework DNA. 

Developed by the Information Systems Audit and Control Association (ISACA), COBIT enables good practice for IT control, and clear policy development, by supporting tool sets that allow managers to bridge gaps between business risks, control requirements, and technical issues.

Therefore, IT governance frameworks that draw from COBIT will typically organize IT governance objectives and good practices by IT domains and processes in order to link them to business requirements.

The framework will use common language and a reference process model for everyone in the organization, mapping processes to plan, build, run, and monitor responsibility areas. 

Control objectives will provide a complete set of high-level requirements management can consider to maximize the control of each IT process. In contrast, management guidelines maintain alignment on objectives, responsibilities related to those objectives, and ongoing performance measurement.

Finally, maturity models keep tabs on the capabilities of each process while helping to address gaps. 

Challenges of IT governance implementation

Like any critical initiative in modern business, implementing an IT governance framework comes with several distinct challenges. These challenges commonly include:

Cultural and change resistance: A Harvard Business Review article dated January 1969 shows that resistance to change within business cultures is nothing new. Therefore, advocates of IT governance should understand that their peers may object to changes in established workflows and habits even while agreeing with its potential benefits.

Lack of understanding: Alternatively, a general lack of knowledge regarding IT governance and said benefits will undoubtedly result in resistance or apathy towards implementation.

Constrained resources: Even with openness to change and well-informed peers, IT governance implementation can hit a wall regarding available time, funding, and personnel as organizations juggle competing priorities.

Complexity: IT governance is designed to, in part, wrangle the multitude of systems, policies, and processes that businesses rely on. However, the unique complexities that arise in integrating these systems can grow challenging, especially for larger organizations.

Misalignment between IT and business strategies: Sometimes, these complexities relating to systems and processes are symptoms of misalignments between IT and business strategy. However, while challenging, successful implementation of an IT governance framework relies on solid lines of communication between IT and business.

Regulatory compliance: As privacy legislation becomes a more imposing factor in increasingly globally-connected businesses, framework implementation must also ensure governance will abide by all pertinent regulations.

Measurement and reporting: It can also be difficult to agree internally on how best to measure the success of an IT governance initiative. However, while challenging, success depends on clear metrics and reporting processes that will demonstrate that governance initiatives are delivering the expected benefits and value to the organization.

Lack of support at the leadership level: While each of these challenges are significant in their own right, lack of support at the leadership level can transform these problems into pitfalls, paralyzing attempts to secure the resources and drive the lasting organizational changes every implementation process requires. 

When to implement IT governance

Again, as no two organizations are the same, no definitive “warning signs” can indicate when a business best stands to benefit from IT governance. But, just as there are commonalities between governance frameworks and the problems that occur during implementation, so too are there common indicators that can demonstrate the need for IT governance.

Lack of alignment between IT and business objectives—one of the potential implementation challenges—can indicate a major need for IT governance. Examples include well-intentioned IT department projects that fail to support the broader needs of the business or leaders within the organization who are less than clear on the value IT is delivering.

Frequent IT project delays or failures can also indicate a need for better governance. While no framework immunizes a department against these setbacks, the project management methodologies, risk management, and ongoing measurement inherent in IT governance should make them increasingly rare.

On the other hand, some issues that occur due to a lack of governance can take an organization completely by surprise. It can be impossible for IT leadership to predict when and if data losses, security breaches, and system failures will occur.) But, through proper implementation, IT governance frameworks should provide a sense that there is enough resiliency and planning in place to protect business operations if they do occur.

A lack of resiliency and planning may also stem from a general lack of clarity around IT decision-making. Somewhat related are situations where an organization invests a lot of resources into IT without seeing a corresponding ROI. These situations can happen to the most forward-thinking managers when organizations are growing rapidly, or when in the midst of digital transformation initiatives. 

However, once implemented, IT governance outlines clear roles and responsibilities that contribute to an effective and accountable decision-making process while ensuring IT resources deliver value.

In the recent past, the more an organization relied on technology to operate, the more it should prioritize IT governance. 

But this was before leading thinkers in business tech began speculating that we’ll advance more in the next ten years than we did over the last 100.

If this is the case, can literally any business plan for success without IT governance being a priority?

Governance tools: How smart choices take the pain out of IT governance implementation

Even under the best circumstances, IT governance is a complex process involving several steps. This is why choosing the right tools is key to keeping implementation from devolving into a painful bureaucratic nightmare.

The way forward begins by understanding (and embracing) the current IT environment within an organization, including the infrastructure, roles, responsibilities, and critical processes.

Your choice of tools may also be influenced by the framework selected, as COBIT, ITIL, ISO/IEC and others each have their own requirements.

With your framework selected, the tool selection process can begin. And, considering how automation tools reduce complexity and improve efficiency in IT, they make for a natural next step in the governance implementation process.

ActiveBatch’s workload automation software makes for an exceptional place to start, as it offers a unique combination of end-to-end process orchestration, enterprise-grade cloud infrastructure, and an intuitive, high-performance, low-code interface.

To learn how ActiveBatch can form the anchor of a simpler, more effective, less dentist-worthy IT governance implementation, schedule a quick demo today!