IT Governance refers to the way in which an organization’s executive leadership manages and directs information technology. It is a type of corporate governance that involves the use of processes and practices to control and guide the use of technology within an organization. The scope and nature of IT Governance may vary significantly depending on the industry, internal politics, and maturity of the organization. The following are common practices.
Application Portfolio Management
Oversight of applications at the portfolio level. In many cases, an annual health check is performed to identify risks related to legacy systems, compliance, capacity and availability.
Governance of IT asset management processes such as asset life cycle management and IT inventory management.
Financial, technology and security audits.
Comparison of IT performance and costs to your industry and competition.
Business Technology Alignment
Strategic management of gaps between business needs and IT capabilities. This includes things such as products that lack IT integration and addressing business pain points with IT. An IT Governance board may sponsor initiatives to analyze gaps that act as an input to strategy formation and tactical actions.
Viewing business and IT as a set of capabilities. A useful technique for executive management of strategy, risk management and performance visualization.
Governance of IT regulatory compliance.
The practice of managing architecture at the organizational level. It is common for an enterprise architecture team to act as working level support for IT Governance. For example, they may propose practices, review project architecture and deliver analysis and reporting.
Facilities And Infrastructure
Governance related to IT facilities and infrastructure such as data centers.
Financial controls such as budget approvals.
Mechanisms of information governance to support legal, risk and operational requirements. For example, roles and responsibilities such as data stewards and custodians may be established.
The practice of defending your information from threats. In many cases, information security garners much attention from both Corporate Governance and IT Governance bodies.
Governance of core IT processes.
Information Technology Performance Management
Monitoring and measurement of IT performance metrics.
Information Technology Practices
Establishment and direction of practices related to IT such as a Project Management Office.
Information Technology Processes
Establishment and oversight of IT processes such as service management.
Information Technology Risk Management
Identification and treatment of risks related to IT. Not to be confused with Risk IT, the technology capabilities used to manage business risk.
Information Technology Strategy
Planning IT strategy and setting goals.
Establishing and governing knowledge management practices such as the requirement that application managers and projects document their architecture.
Problems And Incidents
It is common for an IT Governance Board to review a monthly incident report or investigate a particularly high impact incident.
Governance of IT procurement processes potentially with approval authority for major deals.
Programs And Projects
Reviews of programs and projects often at defined checkpoints such as budget approval and pre-launch.
Governance of quality assurance practices such as development and testing processes.
Reporting And Dashboards
A governance board may sponsor reports and dashboards to support activities such as strategy formation and risk management. Dashboards may also be developed to provide visibility into IT for corporate governance and executive management purposes.
Service Portfolio Management
Governing IT as a collection of services.
Standards And Certifications
Developing or adopting standards and governance of certification processes.
Governance of vendor management practices.