In a nutshell it is vitally important and quite often given less credence than it should. Being aware of high level business concerns is one thing but ignoring what is happening several rungs down the ladder is more common than you would think. For example there is always a sense of alienation from the hands on aspects in an organization the higher up the management structure you look. In basic terms IT governance is the structure that forces a business and the C-suite to examine what it is that keeps the systems working efficiently. Like all frameworks it allows traceable steps to be followed that encourage good practice. The result is cohesion, insight and navigation past potential issues. But more importantly governance removes ambiguity and chance and focuses on tangible facts. There are no coincidences but demonstrable measurable results that correlate with the wider business objectives and goals. This instills the stakeholder confidence in your IT team and any subsequent service offerings you might have in that area. ROI and reputational impacts naturally get a boost from a simple implementation of good IT governance. But what else can show the wider business community you hold professionalism in high regard all times? Tight IT governance. Additionally it ensure regulatory and legal obligations are met; CCPA or EU GDPR cannot be ignored as compliance adds an extra level of credibility.
“Considering what is at stake politically, economically and technically for most organizations; usually justifying IT governance deployment based on one viewpoint narrows suitability and expected benefits.”
Who are the key players in the arena? ISO 38500:2015 is the global IT Governance standard which sets out principles, definitions, and a high-level framework for organizations of all types and sizes. It acts as a how to for the organizational decision-makers to align their thinking to that of the IT needs. Legal regulatory, moral and ethical obligation boxes get ticked off in the process. ISO 17799:2005 is the Information technology — Security techniques — Code of practice for information security management and is now mostly superseded by ISO 27002:2013 which deals with security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition, development and maintenance; information security incident management; business continuity management and compliance. As well as these standards there are frameworks that organizations can use to craft their IT governance strategy. They include COBIT® (Control Objectives for Information and Related Technologies) which looks at process management and ITIL® (Information Technology Infrastructure Library) which has its focus on IT service management (ITSM) and aligning it with business needs. Since there several piece meal options many organizations take an integrated approach and combine frameworks.