Published: October 30 2007, 08:32 AM | 2 Comment(s)
by Steve Romero

I recently spoke at the Oceania CACS (Computer Audit, Control and Security) IT Governance Conference in New Zealand, sponsored by the Sydney, Australia ISACA Chapter. (My topic was "IT Governance - Empowering the Confident CIO," but more on that in a future blog.) I arrived very early on day two, having lost day one on the flight from California. I managed to attend a couple of IT Governance sessions after a shower and brief how-do-you-do with the welcoming and hospitable Kiwis running the conference.

One of the two sessions I attended focused on the intriguing notion that there is no such thing as IT Governance. Being an IT Governance Evangelist who was speaking at an IT Governance conference, which was themed "Practical IT Governance in a Connected World," well, let's just say that my curiosity was piqued.

The speaker contended that there is no such thing as Information Technology Governance (ITG) and that the theme of the conference should instead be the Business Governance of Information Technology (BGIT).

Acronym implications aside, I did find it easy to accept the notion that the IT Governance frameworks, approaches and methodologies being discussed at the Conference are just as applicable to the business as they are to IT. I found it insightful when showed how the CobiT Framework could be applied to the Marketing, Sales and HR organizations - reinforcing the contention that the governance of IT should not be thought of as unique, just as the governance of other business units is not considered unique, but rather business as usual. The speaker promoted the idea that it is the business and not IT that should be driving IT Governance - governing IT just as it governs other business units.

While I agree with every aspect of this position, I strongly disagree with the conclusion that there is no such thing as IT Governance.

The IT Governance Institute (ITGI) rightfully contends that IT Governance should be driven by the business and more specifically by the Board of Directors. When ITGI formally documented the notion of IT Governance it was because it recognized the need for "business governance of IT" just as the speaker suggested.

The fact that very few ITG initiatives and endeavors are driven by the Board of Directors or, for that matter, the business, doesn't change the fact that ITG by definition is business governance of IT. And though I applaud the idea that governance of IT should be synonymous with the governance of all other business units, I also believe there is a valid need to focus on ITG and dedicate frameworks, approaches and methodologies to achieving its goals.

Consider that ITG was born because the governance mechanisms that evolved from the beginning of Board oversight of an enterprise did not serve the governance of IT. For years IT was relatively ungoverned. It is generally accepted that we need to establish the governance necessary to ensure:

• IT is aligned with the business
• IT brings value to the business
• IT manages risk
• IT manages resources
• IT manages performance

So whether we call it BGIT, or ITG, I think an acute focus on the discipline of IT Governance will be necessary for years to come. I look forward to the day when governing IT is considered just another component of governing the entire enterprise.

But until that change takes place, I'll be keeping my title.

Share this post:  Email

Share

Published: October 18 2007, 09:11 AM | no comments
by Steve Romero

I am approaching my 1-year anniversary as the IT Governance Evangelist at CA. Yes, that is my official title, as peculiar as that may seem. In this role, I have spoken at more than 40 events in five countries, and that is the title that appears on each presentation.  I've learned to wait for the chuckles as I am introduced. Even my business card elicits a response of "Oh! You were serious!"

Ironically, though my title is often met with puzzled looks, it is the most literal title I have ever had. To understand it, you need only understand the definitions of "IT Governance" and "Evangelist."

There are a number of industry definitions of "IT Governance." I think the easiest to understand comes from Peter Weill of the MIT Sloan School of Management who defined IT governance as "specifying the decision rights and accountability framework to encourage desirable behavior in using IT."

I augment that definition by adding that IT Governance is pursued in order to achieve principles articulated by the IT Governance Institute (ITGI), which describes itself as the "research think tank that exists to be the leading reference on IT-enabled business systems governance for the global business community." The principles include: 

• Ensuring IT is aligned with the business
• Ensuring IT provides value to the business
• Ensuring IT manages risk
• Ensuring IT manages resources
• Ensuring IT manages performance

Merriam-Webster's dictionary definition of evangelist includes the following: "An enthusiastic advocate." I prefer to tell people I am a "passionate" advocate for IT Governance. I fervently believe IT Governance is the key to ensuring IT reaches its potential as a true enabler of the business.

This blog is my pulpit from which I'll evangelize that message. I'll try not to be too "preachy."

Share this post:  Email

Share