IT excellence starts with governance
Nick Robinson
Abstract
Purpose – To explain how information technology (IT) governance enables an organization to achieve
three vital objectives: regulatory and legal compliance, operational excellence, and optimal risk
management.
Design/methodology/approach – Describes the role in IT governance of functions such as value
creation (distilling company’s mission and strategic direction into business needs for IT applications),
value delivery (formal project management methodology and system development life cycle), value
preservation (integrated control and risk management program), resource management, performance
management (capability maturity model, balanced scorecard, Six Sigma), and oversight. Describes
governance frameworks such as COBIT, ITIL, and ISO/IEC 17799: 2000. Offers advice on getting
started.
Findings – When governance is effective, IT becomes a valued asset, inseparable from the business
and regarded as an asset, not a cost.
Originality/value – Helps a compliance officer think about the connection between effective IT and
compliance systems.
Keywords Communication technologies, Governance, Risk management
Paper type Viewpoint
I
T governance is emerging as the antidote to anemic IT performance, paving the way to
more effective use of technology in supporting business needs. The pervasive nature of
IT as a business enabler obscures some harsh realities about IT performance. Contrary
to conventional wisdom, technology-driven increases in productivity have been meager
relative to total expenditures. Lackluster IT performance is manifested in failed or aborted
projects, missed deadlines, budget overruns, and poor returns on investment (ROI).
Increasingly, these indications of low IT effectiveness are shining a spotlight on the need for
IT governance as a vehicle for bolstering performance. Further fueling the emphasis on IT
governance is the enactment of regulations such as the Sarbanes-Oxley Act, with its
requirement for stronger controls over financial reporting to prevent a recurrence of recent
high-profile corporate scandals.
Ask for a definition of IT governance and you will probably get a variety of answers. However,
the central theme running through the responses is that the goal of IT governance is to create
a control environment for desirable actions to drive the effective, efficient, and secure use of
information technology. A control environment is shaped by the attitudes, abilities,
awareness, and actions of the board and management regarding controls within the
organization. It includes factors such as management’s integrity, ethical values, philosophy,
and operating style.
Note, too, that both corporate governance and IT governance are integral to enterprise risk
management (ERM). An IT governance framework should not exist in isolation from either the
DOI 10.1108/15285810510659310 VOL. 6 NO. 3 2005, pp. 45-49, Q Emerald Group Publishing Limited, ISSN 1528-5812
j
JOURNAL OF INVESTMENT COMPLIANCE
j
PAGE 45
Nick Robinson
(nick.robinson@ey.com) is
a manager in Ernst &
Young’s Technology &
Security Risk Services
Practice, Charlotte,
North Carolina, USA.