IT Governance - a question of definition

By Paul Williams on April 14, 2009 10:11 AM | No Comments | No TrackBacks

Welcome to my new blog dedicated to IT governance and value. I hope to provide a forum for everyone interested in this topic to contribute thoughts, comment and controversy.
The first matter to get straight is what IT governance really means. It can be a much misunderstood and overhyped topic, often lost within the GRC (governance, risk and compliance) acronym, now much used by software vendors to add credibility and market sector appeal to certain of their products. However, in order to properly understand what governance really means it is necessary to look at the origins of the word. It originated from the Greek word, kubernan, which means to steer. Steering is still a key part of governance but the meaning in a modern day context has been extended to include direction and assurance. Wikipedia defines governance as relating to decisions that define expectations, grant power, or verify performance. In my view view this definition is very much at the core of what IT governance is really all about.
The term is often used in an inwardly looking way to mean the governance of IT by the IT function itself. My definition is broader and relates to the enterprise governance of IT. There are many definitions of this term. I will use the ISACA definition being 'The structure, oversight and management processes which ensure the delivery of the expected benefits of IT in a controlled way to help enhance the long term sustainable success of the enterprise.' The achievement of value (and what value itself means in different contexts) from IT investment will be a key part of the discussion on this blog. It will be my contention that many of the issues discussed on the other CW blogs have their origins in failures of governance, whether they be, for example, risk, security or project failure related. Therefore there will be much to talk about.
As to my own background, I am a UK Chartered Accountant and a CITP. Following a career in technology risk management with one of the major consulting firms and several years working with a global financial services provider as a senior IT investment analyst I now pursue a portfolio career which includes speaking and writing on IT governance and related topics, mentoring of CIOs and other senior executives and consulting on project risk. I also act as IT governance adviser to Protiviti and serve on the Audit Committee of a UK private healthcare provider.
My perspective is clear. If IT related risk is to be managed effectively and if IT related business investments are to deliver sustainable value, governance must be effective, efficient and transparent. Let the debate begin.

Bookmark and Share

No TrackBacks

TrackBack URL: http://www.computerweekly.com/cgi-bin/mt/mt-tb.cgi/50501

Leave a comment

OpenID accepted here Learn more about OpenID

About this Entry

This page contains a single entry by Paul Williams published on April 14, 2009 10:11 AM.

Measuring Value - who does it? is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Archives

Computer Weekly blogs