JOnline: Improving Governance Models 


The Value of the Five IT Governance Focus Areas

Download Article

In most organizations, IT governance models are old and obsolete. They were implemented using a siloed mentality without using modern best practices. The end result is an inefficient, unproductive and reactive IT organization unable to meet the strategic demands of the business units. Hence, redesigning and modernizing governance models become necessary.

Social operating mechanisms (SOM) include any channel through which a dialog takes place, including forums, meetings, governance structures or emails. An effective governance model enables the organization’s SOM1 by aligning the different functions and business units of the organization and allowing them to work together in a cohesive, proactive, collaborative and productive manner. Only then will the resources, risk factors and performance be effectively managed to deliver better value to the customers and meet the strategic and tactical goals of the business units. This article discusses the benefits of using the framework of the five IT governance focus areas2 (strategic alignment, value delivery, risk management, resource management and performance measurement) to design governance models.3, 4

IT Governance Background

A difference between top-performing organizations and their competitors is the ability to generate large returns on IT investments.5 The difference can be traced to effective usage of IT governance to support business strategies. Effective IT governance consists of leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.6

The governance structures (decision-making structures such as committees, councils and senior management roles) act like the SOM7 of the organization, ensuring information flow, working relationships, transparency and cross-functional collaboration. Along with the processes and communication tools, they act like the social operating system8 of the organization, driving its culture and embedding it in the DNA of the organization by promoting proper accountability, desirable behaviors and cultural values.

Once the governance structures, processes and tools are deployed and institutionalized within the organization, silos and redundancies are eliminated. Accountabilities, roles and responsibilities are firmly established. The business units within the organization are better able to exchange information, align and collaborate efficiently. The organization becomes lean, mean and more efficient. This leads to effectiveness in the overall governance, performance and productivity of the organization.

The Five IT Governance Focus Areas

The purpose of IT governance can be categorized by the five IT governance focus areas,9 which encompass the entire gamut of scope and issues that management needs to address in order to govern IT effectively:

  • Strategic alignment:
    • Ensure alignment among IT and business unit goals.
    • Perform strategic and tactical planning to align to business requirements so that IT does not work in silos.
  • Value delivery:
    • Deliver high-quality work and exploit opportunities.
    • Manage, deliver and maximize business benefits and value.
    • Ensure that business requirements are met.
  • Risk management:
    • Institute a risk management framework to embed risk management responsibilities in the organization.
    • Manage and remediate risk factors and issues, including risk and issue assessment, alignment, awareness, analysis, response and monitoring.
  • Resource management:
    • Manage IT resource demand and supply effectively and efficiently.
    • Ensure on-time procurement and supply of resources.
  • Performance measurement:
    • Measure, monitor and control IT performance using appropriate metrics and key performance indicators (KPIs). This can be done by instituting an IT balanced scorecard.
    • Continually improve IT performance to achieve business requirements and goals.

IT Governance Model Problem

In obsolete and ineffective governance models, the governance structures are not balanced, not set up properly and/or do not function properly. This leads to ineffective social operating mechanisms of the organization, resulting in a lack of communication, collaboration and dissemination of information flow.

Consequently, the different business units and functions of the organization do not share information effectively because they work and function in a siloed manner. A duplication of roles and responsibilities among the different functions and business units of the organization ensues and, as a result, leads to high operating costs and lower margins. In short, the organization functions in a reactive manner and is slow to respond to macro and microeconomic changes.

Thus, the major problems noted due to ineffective (or even the absence of) governance models are:10

  • A siloed IT organization with misalignment among IT and business unit goals
  • Lack of accountability and ownership
  • Limited and ineffective communications
  • Ineffective risk and issue management
  • Poor-quality deliverables
  • Customer dissatisfaction
Other problems frequently encountered include:11
  • Failure to deliver promised benefits
  • Return on investment (ROI) different than expected
  • Ending projects prematurely
  • Serious operational IT incidents

Redesigning Governance Models

It is important for the organization to become a lean, mean and well-oiled machine. Toward this end, redesigning or modernizing governance models is necessary.

The major task while redesigning governance models is to ensure ownership, accountability, communication, cross- functional collaboration, and alignment between the business and IT. Many times governance models are implemented, but miss the big picture by focusing on a few important requirements and missing the others.

The main components to address in the design of the governance models are:12

  • Governance structures—Also known as governance forums or decision-making structures, these include forums, accountabilities, roles and responsibilities. As mentioned earlier, governance structures facilitate communication, decision making and collaboration among the different business units of the organization. Without governance structures, the organization essentially functions in silos.
  • Alignment processes—These processes include strategic, operational, people and exception-handling processes. Alignment processes ensure compliance with policies and provide valuable input for decision making.
  • Metrics—Metrics help in measuring, monitoring and tracking the projects as well as their business value. Both the KPIs and key goal indicators (KGIs) are useful. KPIs help alert the organization to potential problems early on, and KGIs indicate whether the goals are being met.
  • Communication approaches—Institutionalization is directly proportional to the amount of communication carried out. Effective communication ensures successful institutionalization of IT governance and desirable behaviors within the organization. Toward this objective, communication needs to be completed using a variety of channels, including town-hall meetings, emails, web portals, one-on-one meetings, team meetings and governance forums. Repeated communication is also essential to reinforce the messages.

The objective of the governance models is to improve and standardize the components to achieve the business unit objectives. What is needed is a framework on which the components of the governance models can be built to ensure consideration of the entire gamut of requirements. The five IT governance focus areas (strategic alignment, value delivery, risk management, resource management and performance measurement) described earlier come into play since they describe the main perspectives and requirements that IT management needs to manage and govern effectively to create a balanced system.

Inability to address any of the five IT governance focus areas will lead to an unbalanced system and problems later on, as shown in the following examples:

  • If adequate governance structures do not exist, the organization’s social operating systems will not function effectively. If governance structures do not exist for performance measurement, the different business units of the organization will not collaborate effectively and exchange information to measure and manage performance.
  • If metrics do not exist for strategic alignment or risk management, alignment or risk problems will not be known early.
  • If processes do not exist for resource management, problems in resource demand and supply may not be known.


Redesigning governance models by taking into consideration the five IT governance focus areas (strategic alignment, value delivery, risk management, resource management and performance measurement) leads to the following benefits:

  • Governance structures, roles, responsibilities, alignment processes and metrics to address issues under the five IT governance focus areas
  • Removal of silos between the business units of the organization, leading to effective communication and collaboration
  • Better scope and requirements management
  • Effective measurement, monitoring and management
  • Higher quality of deliverables
  • Customer satisfaction
  • Effective risk and issue management
  • Better decision making
  • A proactive organization that is quick in responding to market and internal changes

The end result is that the organization has a balanced social operating system. Effective governance structures, alignment processes and communication approaches result in fluent collaboration, dissemination of information and removal of silos. Consequently, better decisions are made and the organization becomes proactive in dealing with the macro- and microeconomic changes. Thus, the organization becomes agile, healthy, lean and more productive.


The governance models in many organizations are old, obsolete and unbalanced. The result is a siloed organization in which the different business units do not work in a cohesive, collaborative and proactive manner due to limited and ineffective communications. Improving governance models requires a revamping of the governance structures, accountabilities, roles, responsibilities, alignment processes, communication approaches and metrics. A way to redesign and improve them is to consider the use of the five IT governance focus areas (strategic alignment, value delivery, risk management, resource management and performance measurement). Using the five IT governance focus areas ensures consideration of a holistic picture of the different problems and areas management needs to address. This leads to a balanced system that addresses the entire range of requirements. Due to better designed governance structures, roles and responsibilities, communication is improved and siloing of the different business units is removed. The result is a cohesive organization with effective social operating mechanisms.


1 Bossidy, Larry; Ram Charan; Execution: The Discipline of Getting Things Done; Crown Business, 2002
2 IT Governance Institute (ITGI), Board Briefing on IT Governance, 2003
3 This article is based on the experience of the author in redesigning IT governance models.
4 The five IT governance focus areas are based on the thinking from the 2003 ITGI Board Briefing on IT Governance publication that has now been refined and improved in the 2012 COBIT 5 framework, which establishes five principles and seven enablers that underpin an effective governance approach to enterprise IT.
5 Weill, Peter; Jeanne Ross; IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, HBS Press, 2004
6 Op cit, ITGI, 2003
7 Op cit, Bossidy
8 Ibid.
9 Op cit, ITGI, 2003
10 This is based on the experience of the author in redesigning IT governance models.
11 IT Governance Institute (ITGI), Global Status Report on the Governance of Enterprise IT (GEIT), 2011
12 Op cit, Weill and Ross

Rajesh Bhatia, CISA, CGEIT, PMP, MDP, is the supply chain business process owner at Safeway Inc. in Pleasanton, California, USA. Previously, Bhatia worked as senior manager of strategic demand management at CSC, where he was involved in institutionalizing demand management processes, tools and metrics in the health care accounts.

Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.

The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.

© 2013 ISACA. All rights reserved.

Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.