IT Governance debuted at number four on the AICPA’s 2006 Top Technologies list.  While most firms understand the concept of corporate governance as the responsibility of the Board of Directors and corporate officers to effectively manage the organization, it has not been traditionally applied to the IT function until the past decade.  Today, the majority of business processes are significantly impacted by technology and the utilization of effective technology has created a distinct business advantage.  In fact, most organizations rely so much on technology that the failure of core applications to provide services could cause irreparable damage to the company.  According to the National Archives and Records Administration, 93% of businesses that lost their data centers for ten days or more filed for bankruptcy within a year.  In addition, every few weeks, the media seems to feature a story about an organization that had their network security breached and the thousands of people that had their personal information stolen.  These stories go on to describe the extraordinary efforts the companies have to go through to respond to the situation and a number of these companies just go out of business.  With these scenarios in mind, it has become apparent that overseeing the information technology impact on the organization has become a critical responsibility of management. 

Defining IT governance is not easy.  In the book Strategies for Information Technology Governance it is defined as “The responsibility to control the formulation and implementation of IT strategy to ensure the fusion of business and IT.”  Realizing that the IT function is important is fairly straight forward for most business people, but being saddled with the responsibility of understanding and measuring its impacts is extremely difficult.  In response, the IT Governance Institute (www.itgi.org) was created and has developed a series of tools and other guidance including a framework called CoBIT, which stands for Control Objectives for Information and Related Technologies.  This document breaks down the IT governance cycle into five domains that organizations must address:  

• Strategic Alignment:  Information technology must be in alignment with the evolving strategic objectives of the organization.  As organizations evaluate their future strategies and new opportunities present themselves, it is critical that the IT function’s ability to address and deliver these opportunities is considered.

• Value Proposition: IT must be able to respond to strategic objectives of adding value to the organization’s processes while at the same time maintaining fiscal responsibility and adhering to implementation time frames including measuring and achieving the expected return on the IT investment.

• Risk Management: The IT function must effectively identify threats and vulnerabilities to the organization's IT infrastructure and then take steps to effectively mitigate the impact of those items.

• Resource Management:  One of the responsibilities of management is to ensure that the IT department has adequate resources to evaluate and implement new technologies as well as determining when to abandon obsolete technologies.  This requires educating IT personnel and keeping their skills current to ensure they have the capabilities to do so.

• Performance Measurement: To ensure that the previous four objectives can be managed, the organization must have a methodology to evaluate and track progress of the firm's IT governance.  This includes the use of tools such as ROI measurement, IT performance benchmarks and balance scorecards.

To help evaluate and measure impacts within each of these domains, the IT Governance Institute has developed practical guidance in the form of case studies, templates and diagnostic tools in the IT Governance Implementation Plan which is available at www.isaca.org along with the CoBIT framework. 

With the inclusion on the AICPA’s Top Technologies list, IT Governance has garnered significant exposure for business people that must now take steps to determine their response.   These steps begin with reading through the CoBIT framework and then beginning the IT Governance process.