Conversations from the Mirror42 Team

This nice article with its grasping title “Don’t get fooled by IT Governance tools” gives insight in the scattered market of IT Governance software.

IT governance touches upon so many activities such as: managing your IT risks, investments, projects, services, service level agreements, processes (ITIL based?), procedures, IT Strategy, IT goals, IT demand, employee performance, Key Controls (Cobit Based?, SOX related?). There are many tools that are needed to provide a total overview. Some tools assist you in managing operational activities such as projects and service delivery and others are needed to extract all information from these datasources to provide you with company wide historical KPI monitoring capabilities.

Of course it is hard to put vendors in just one corner and I am sure everybody will claim to also have offerings in the other area’s, but this gives you a bit of an idea where vendors at least originated from and what their core offering was before they started to use IT Governance as the new ‘Marketing Buzzword’.

Disclosure — this article has been written by a business associate. We are both involved in the company Mirror42. This company provides software to roll-out IT governance control frameworks.

I will start this blog by focusing first on the definition of IT Governance. It is often claimed that the governance of Information Technology is critical for good Corporate Governance. But of course, IT Governance cannot in itself make good Corporate Governance.

Wikipedia defines Corporate Governance as “the method by which a corporation is directed, administered or controlled. It includes the laws and customs affecting that direction, as well as the goals for which it is governed”. The primary goal for information technology governance, as again defined in Wikipedia, is “to assure that the investments in IT generate business value, and [to assure] the mitigation of risks associated with IT”.

In this definition the IT Governance process is a sub-set of Corporate Governance. Since businesses rely heavily on Information Technology to support its primary processes, it is an important management area. Businesses make many investments in improving IT, and issues in IT may affect the primary processes. Control over IT is therefore essential for good Corporate Governance.

For complete control IT Governance needs to focus, in my view, primarily on:

• Investments (a.k.a. programs and projects)
• On-going service delivery
• Risks associated with investments and service delivery
• Alignment with business needs/goals

Control should be established by defining a common business control framework for each of these area’s. For IT this means building on-top of already existing management frameworks (and supporting software applications) that have been implemented in businesses in the last decade, such as e.g. service management mehods (e.g. ITIL), project management methods, and risk and security methods (e.g. BS7799).

A nice side-effect of such an encompasing IT control framework is that the visibilty of IT will be much higher within organizations. For me therefore, IT Governance is simply “what businesses must do to get in control of IT, and make IT visible”.