Ingrid Robinson, CPA, CIA, and Margaret Jodha, CPA, CGA
Today’s IT business environment requires regulatory compliance, cost control, availability, risk management, business alignment, timely project delivery, change and continuous innovation to deliver stakeholder value. Fulfilling these demands heightens pressure on boards and executives to ensure effective oversight of IT, making IT governance integral to overall corporate governance.
IT governance allows organizations to encourage desirable behavior when using IT. There are three key aspects:
Well-designed, well-understood and transparent governance mechanisms are critical. Building and maintaining these mechanisms forms a continuum (see figure 1) that requires desire for change, identification and accountability for required changes, and ongoing monitoring to ensure that the desired results are achieved.
Top-down IT governance addresses what, who and how IT decisions are made and acted upon. Conceiving the governance model (the what, who and how) is the first step. Implementing it is the second step, and this can be accomplished with a seven-phased approach:
The journey to effective IT governance is fraught with many challenges. Common pitfalls that may hinder the success of IT governance include:
Figure 2 outlines leading practices to overcome pitfalls.
The outcomes of a successful implementation are worth the challenge, producing both shorter-term, tangible benefits (such as reduced cost) and long-term benefits (such as enhanced management of IT-related risk, improved relationships between business and IT, and increased business competitiveness). Leveraging the leading practices that have been outlined will assist the board and C-suite executives on their journey to IT governance effectiveness.
Ingrid Robinson, CPA, CIA, is a senior manager in the enterprise risk services group of MNP LLP in Toronto, Ontario, Canada, with more than 15 years’ experience in the audit, governance, risk and controls profession. She currently serves on the board of directors for Hospice Palliative Care Ontario, Canada.
Margaret Jodha, CPA, CGA, is the finance director at Verizon Canada, with more than 20 years of experience in progressively senior finance leadership roles.
Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.
The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.
Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.
© 2013 ISACA. All rights reserved.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.