Moving From IT Governance to Enterprise Governance of IT

Steven De Haes, Ph.D., and Wim Van Grembergen, Ph.D.

IT governance is a concept that emerged suddenly and became an important issue in information technology. It is not clear exactly when the concept originated. “Improving IT governance” made Gartner’s Top 10 CIO Management Priorities for the first time in 2003; it ranked third. In 1998, the IT Governance Institute (ITGI) was founded to disseminate the IT governance concept. In academic and professional literature, articles mentioning IT governance in the title began to emerge in the late 1990s. Gartner introduced the idea of improving IT governance for the first time in its Top 10 CIO Management Priorities for 2003 (ranked third).

After the emergence of the IT governance concept, the notion received much attention. However, due to the focus on “IT” in the naming of the concept, the IT governance discussion remained mainly within IT. In the field, many IT governance implementations are driven by IT, while one would expect that the business would and should take a leading role as well. It is clear that business value from IT investments cannot be realized by IT, but will always be created on the business side. For example, there will be no business value created when IT delivers a new customer relationship management (CRM) application on time, on budget and within functionalities, if afterwards the business does not integrate the new IT system into its operations. Business value will be created only when new and adequate business processes are designed and executed, enabling the sales department of the organization to increase turnover and profit.

This realization that the involvement of business is crucial initiated a shift in the definition toward enterprise governance of IT. Enterprise governance of IT is an integral part of corporate governance and addresses the definition and implementation of processes, structures and relational mechanisms in the organizations that enable both business and IT people to execute their responsibilities in support of business/ IT alignment and the creation of business value from IT-enabled investments.¹ Enterprise governance of IT clearly goes beyond IT-related responsibilities and expands toward IT-related business processes necessary for business value creation. Additionally, the International Organization for Standardization (ISO) moved in this direction with the release in 2008 of a worldwide standard defined as “Corporate Governance of IT” (ISO/IEC 38500:2008). In this standard, ISO puts forward six principles for IT governance, addressing both business and IT roles and responsibilities, and expressing preferred behavior to guide IT-related decision making.

This change in naming and focus might appear subtle and not groundbreaking, but it implies a crucial shift in the minds of business people. The leading role of IT in IT governance has always been a paradox. It is clear that business processes and business value creation can and should be only in the hands of business people. On the other hand, one must acknowledge that, in practice, this mind shift will not happen by itself or by changing the name of the concepts. IT management is in a unique position to act as a change agent in the organization and to foster business buy-in over time. To realize that, ITGI’s leading frameworks, COBIT and Val IT, can act as powerful catalysts, with COBIT focusing on IT-related responsibilities and Val IT focusing on business-related responsibilities. It is probably not realistic to assume that business people will easily adopt these frameworks by themselves. However, these frameworks provide senior IT management with the necessary concepts and approaches to better communicate with the business and to inspire the needed business involvement. In this sense, COBIT and Val IT are the leverage the IT community can use to move from IT governance to enterprise governance of IT.

Endnote

¹ Van Grembergen, Wim; Steven De Haes; Enterprise Governance of IT: Achieving Strategic Alignment and Value, Springer, 2009

Steven De Haes, Ph.D.
is responsible for the information systems management executive programs and research at the University of Antwerp Management School (Belgium) and is a guest lecturer on information systems management at the University of Antwerp. He is managing director of the Information Technology and Alignment (ITAG) Research Institute. He has been involved in research and development activities of COBIT, Val IT and Risk IT. He can be contacted at steven.dehaes@ua.ac.be.

Wim Van Grembergen, Ph.D.
is a professor in the economics and management faculty of the University of Antwerp (Belgium) and executive professor at the University of Antwerp Management School. He is academic director of the Information Technology and Alignment (ITAG) Research Institute and has conducted research in the areas of IT governance, IT audit and IT performance management. He has been involved in research and development activities for ISACA and ITGI, and is a member of ISACA’s IT Governance Committee. He can be contacted at wim.vangrembergen@ua.ac.be.

ISACA Journal, formerly Information Systems Control Journal, is published by ISACA, a nonprofit organization created for the public in 1969. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors, employers or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.

Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.

Subscription Rates:
US: one year (6 issues) $75.00
All international orders: one year (6 issues) $90.00
Remittance must be made in US funds.


What is CISA	What is CISM	What is CGEIT	What is CRISC
Benefits of CISA	Benefits of CISM	Benefits of CGEIT	Benefits of CRISC
How to Become Certified	How to Become Certified	How to Become Certified	How to Become Certified
Register for the Exam	Register for the Exam	Register for the Exam	Register for the Exam
Prepare for the Exam	Prepare for the Exam	Prepare for the Exam	Prepare for the Exam
Taking the Exam	Taking the Exam	Taking the Exam	Taking the Exam
Apply for Certification	Apply for Certification	Apply for Certification	Apply for Certification
Maintain Your CISA	Maintain Your CISM	Maintain Your CGEIT	Maintain Your CRISC


COBIT 5 Home
Product Family
Education and Training
News
Recognition
Join the Conversation
Looking for COBIT 4.1?