Strategic approach to implementing information technology (IT) governance

Taking a strategic approach to implementing
information technology (IT) governance:

Taking a strategic approach to implementing information technology (IT) governance helps organizations address the speed of technological advancements, IT services proliferation, and the
greater dependency on IT to meet organizational objectives. Effective IT governance contributes to control efficiency and effectiveness, and allows the organization’s investment in IT to realize both financial and nonfinancial benefits. Often when
controls are poorly designed or deficient, a root cause
is weak or ineffective IT governance.
IT governance is directly related to organizational oversight of IT assets and risks, making it a shared responsibility of senior management and the board. Senior management carries out the day-today direction that tactically aligns with the overall strategic guidance of the board to ensure the effective, efficient, and acceptable use of IT resources. The primary outcomes of effective IT
governance include:
 IT strategies are aligned with organizational objectives.
 Risks are identified and managed properly.
 IT investments are optimized to deliver value to the organization.
 IT performance is defined, measured, and reported using meaningful metrics.
 IT resources are managed effectively.
Absent or poor IT governance can have significant negative impacts on an organization, both financially and reputationally. Recovery from such impacts requires time, energy, and money. In many organizations, there is a disconnect between senior management and IT due to the old belief that IT exists solely to deliver day-to-day IT services. In reality IT is critical in the development of competitive advantage and to support the achievement of the organization’s goals and strategic objectives.

Alignment of organizational objectives and IT is more about
governance and less about technology. Governance assures
alternatives are evaluated, execution is appropriately directed,
and risk and performance are monitored