ABSTRACT
Governance is leadership, organizational structure, and
processes that manage and control the organization’s
activities to achieve its goals and objectives by adding
value while balancing risk with return on investment. At
the heart of governance is the concept that running an
organization must be a well-organized activity carried out
by trained professionals who accept full responsibility
and accountability for their actions. The governance frame-
work must be embedded in the organization and applied to
all activities and processes such as planning, design, acqui-
sition, development, implementation, and monitoring. The
governance framework encompasses the governance envir-
onment, governance domains, and governance principles.[1]
Governance Environment
Governance takes place in the organizational environment
that is determined by existing conditions and circumstances
that include
Federal and state laws, directives, and guidelines Industry regulations and governance practices Organization mission and strategies Organization risk tolerance Organization ethics, culture, and values Organization risk tolerance Organization mission, vision, and strategic plan Organization locations and management approach
(centralized or decentralized)
Organizationpolicies,standards,processes,andprocedures Organization roles and responsibilities Organization plans and reporting Organization monitoring for compliance[2]
Governance Domains
The domains in the governance framework[3] are
Strategic planning and alignment-the forethought and capabilities necessary to deliver organizational value
Value delivery-generating the benefits promised on time and within budget
Risk management-a continuous process that starts with identification of risk (threats and vulnerabilities)
and their impact on assets, mitigation of the risk by
countermeasures, and the formal acceptance of the
residual risk by management
Resource management-deploying the right capabilities (people, facilities, hardware, software, etc.) to
satisfy organizational needs
Performance measurement-providing feedback the organization needs to stay on track or take timely
corrective measures
Principles of Governance
The principles of governance[4] are
Clear expectations
— Clear values
— Explicit policies and standards
— Strong communication
— Clear strategy
Responsible and clear handling of operations
— Competent organizational structure
— Clearly defined roles and responsibilities
— Orderly processes and procedures
— Effective use of technology
— Responsible asset management
Proactive change management Timely and accurate disclosures Independent review and continuous improvement
IT GOVERNANCE
Need for IT Governance
The pervasive use of information technology (IT) in today’s
organizations has created a critical dependency on IT that, in
turns, calls for a specific focus on IT governance. Elevating
IT from a pure managing level to the governance level is
recognition of IT’s pervasive influence on all aspects of
an organization.[5] According to a recent global survey,
chief information officers (CIOs) recognize the need for IT
governance.[6] When properly implemented, IT governance
can generate IT-related economies of scale and leverage
synergies and standards throughout the organization. IT
governance is mainly concerned with two responsibilities:
delivering IT-related value and mitigating IT-related risks.