IT Governance: New Term, Same Challenge

By Graeme Philipson

The most famous, or infamous, of these laws is the Sarbanes-Oxley Act, named after the Senator and Congressman who introduced it. This act, and its many imitators around the world, force companies to comply with existing laws, and the many new laws that deal with corporate honesty. Not only must companies comply, they must be seen to comply, and they must demonstrate how they are complying, by opening up their audit trails and compliance mechanisms.

Failure to do so can lead to criminal penalties, even jail. Now, nothing concentrates the mind of a CEO or board member more than the prospect of going to jail. Sarbanes-Oxley has put the fear of God into senior management in the US and around the world.

It has brought about a vastly increased focus on the process of corporate governance, which refers to the method by which corporations operate – the rules, and how they abide by those rules. This has filtered down to the organization’s IT systems.

IT, after, all, stands for “information technology”, and governance is ultimately about information. There is an emphasis on security, with both terrorism and hacker attacks on the increase, and on things like disaster recovery and data protection and privacy.

All of this is information and how we handle it. A completely new discipline – IT governance – has come from nowhere in a very short time to help IT managers handle the issues of IT governance.

Although the term “IT governance” may be new, it essentially addresses the issues that have always concerned IT management. All it really does is formalize those issues.

A number of IT governance frameworks are in place, such as COBIT (Control Objectives for Information and Related Technologies) and ITIL (Information Technology Information Library).They are guidelines or checklists for ensuring you are doing things properly.

COBIT is American, ITIL is British. Standards Australia is currently developing Australian IT governance guidelines. There are also other guidelines, such as Basel II in the financial industry and ISO 17799 for IT security.

One of the reasons why the alignment of IT and business is such a perennial topic is because the two areas naturally have different agendas. IT is about technology, business is about profits. These have not always led to the same expectations about IT’s role in the organization.

The need for compliance has brought about the formalization of the many traditional aspects of IT management. It has also made senior management more aware of the strategic role of IT to ensure compliance, which in turn has brought a closer alignment of the goals of the organisation and the IT department. That can only be a good thing.

Graeme Philipson is an independent consultant, analyst and writer specialising in the IT industry. Over a 20-year career he has become one of Asia-Pacific’s best known and most respected IT market researchers, speakers and journalists. In recent years he has concentrated on electronic commerce and enterprise applications issues.

Want to discuss this topic and/or IT Governance further? Visit our IT Service Management Forum .