The following resources are on the topic of
IT Governance:
- http://www.itgi.org/
- A brief article: http://www.cio.com/article/111700/IT_Governance_Definition_and_Solutions
- Why IT governance difficult to implement: http://radar.oreilly.com/2011/01/why-is-it-governance-so-diffic.html
- On COBIT for IT Governance: http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx
- On IT Governance software (an example): http://www.metricstream.com/solutions/IT_corporate_Governance_policy.htm
Main points noted (Parkinson and Baker, 2005)
Enterprise governance: the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction,ensuring that objectives are achieved,ascertainingthat risks are managed appropriately and verifying that the enterprise's resources are used responsibly.
IT governance is an integrated part of
enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organization's IT sustains and extends the organisation's strategies and objectives.
IT governance is largely about frameworks and processes (Parkinson, 2005)
3 components of IT governance:
* Leadership: suggesting vision, responsibiity and accountability
* Organization: suggesting staffing, resourcing and structures
* Processes: suggesting established standards and procedures
Other components: managing risks, measuring performance,delivering value
Some IT Governance questions
* How does top management get the CIO and IT organization to return some business value to it?
* How does top management make sure that the CIO and IT organizations do not steal the capital it supplies or invest it in bad projects?
* How does top management control the CIO and IT organization?
IT risk assessment requires knowledge of the vulnerabilities of technology, the potential failures in computer systems implementations and the corresponding business implications.
Reference
Parkinson, M.J.A. and Baker, N.J. (2005)"IT and Enterprise Governance"
Information Systems Control Journal Vol. 3, pp. 17-21.