I recently spoke at the Oceania CACS (Computer Audit, Control and Security) IT Governance Conference in New Zealand, sponsored by the Sydney, Australia ISACA Chapter. (My topic was "IT Governance - Empowering the Confident CIO," but more on that in a future blog.) I arrived very early on day two, having lost day one on the flight from California. I managed to attend a couple of IT Governance sessions after a shower and brief how-do-you-do with the welcoming and hospitable Kiwis running the conference.
One of the two sessions I attended focused on the intriguing notion that there is no such thing as IT Governance. Being an IT Governance Evangelist who was speaking at an IT Governance conference, which was themed "Practical IT Governance in a Connected World," well, let's just say that my curiosity was piqued.
The speaker contended that there is no such thing as Information Technology Governance (ITG) and that the theme of the conference should instead be the Business Governance of Information Technology (BGIT).
Acronym implications aside, I did find it easy to accept the notion that the IT Governance frameworks, approaches and methodologies being discussed at the Conference are just as applicable to the business as they are to IT. I found it insightful when showed how the CobiT Framework could be applied to the Marketing, Sales and HR organizations - reinforcing the contention that the governance of IT should not be thought of as unique, just as the governance of other business units is not considered unique, but rather business as usual. The speaker promoted the idea that it is the business and not IT that should be driving IT Governance - governing IT just as it governs other business units.
While I agree with every aspect of this position, I strongly disagree with the conclusion that there is no such thing as IT Governance.
The IT Governance Institute (ITGI) rightfully contends that IT Governance should be driven by the business and more specifically by the Board of Directors. When ITGI formally documented the notion of IT Governance it was because it recognized the need for "business governance of IT" just as the speaker suggested.
The fact that very few ITG initiatives and endeavors are driven by the Board of Directors or, for that matter, the business, doesn't change the fact that ITG by definition is business governance of IT. And though I applaud the idea that governance of IT should be synonymous with the governance of all other business units, I also believe there is a valid need to focus on ITG and dedicate frameworks, approaches and methodologies to achieving its goals.
Consider that ITG was born because the governance mechanisms that evolved from the beginning of Board oversight of an enterprise did not serve the governance of IT. For years IT was relatively ungoverned. It is generally accepted that we need to establish the governance necessary to ensure:
- IT is aligned with the business
- IT brings value to the business
- IT manages risk
- IT manages resources
- IT manages performance
So whether we call it BGIT, or ITG, I think an acute focus on the discipline of IT Governance will be necessary for years to come. I look forward to the day when governing IT is considered just another component of governing the entire enterprise.
But until that change takes place, I'll be keeping my title.