What Is IT Governance? Understanding From First Principles

IT governance is a thought framework that makes sure information technology systems provide the value an organization needs and limits the risks that come with using IT systems. I call it keeping IT assets humming with a purpose. As a subset of corporate governance, IT governance serves a similar purpose. Namely, IT governance extracts business values from properly running IT assets.
Article first appeared on Plutora blog.

Let’s unpack the meaning of IT governance and explore how IT governance frameworks can affect your organization.

IT Governance Definition

Let’s start slowly and work our way toward a definition.

Corporate governance is a set of policies and procedures that determines how a corporation is supposed to be run. When conflicting interests between various stakeholders arise, corporate governance provides a framework for resolving these conflicts and allowing the organization to provide increasing value.

IT governance is also a set of policies and procedures, usually set at the board or executive level, designed so that IT assets can provide maximum value to the company and its stakeholders.

The “governance” part of IT governance refers to a high-level view of an organization’s IT assets. Governance isn’t concerned with the day-to-day management of IT assets. Instead, it creates policies and procedures that govern and determine management of IT assets. Take a look at this IT governance definition from CIO Magazine:

Essentially, IT governance provides a structure for aligning IT strategy with business strategy. By following a formal framework, organizations can produce measurable results toward achieving their strategies and goals. A formal program also takes stakeholders’ interests into account, as well as the needs of staff and the processes they follow. In the big picture, IT governance is an integral part of overall enterprise governance.

Now let’s take a look at what IT governance means in practice. What does an IT governance framework aim for?

IT Governance Objectives

Governance brings all stakeholders’ interests together and tries to harmonize them so that the organization moves forward. A company’s stakeholders can be internal, including employees, executives, and board members. Externally, an organization interacts with customers and suppliers. All these categories of stakeholders have different interests in an organization, and many times these interests conflict.

Let’s take a look at some of the objectives that an IT governance framework outlines.

IT Governance Objectives

Objective 1: Deliver Value to Stakeholders.

Providing value to stakeholders is at the heart of governance in general and in particular of IT governance. Delivering value drives everything else in IT governance.

How do IT assets provide value? Generally, they do so by increasing the company’s performance through automation.

For example, let’s say your company sells cloud software to customers. In this case, automating a build and deployment process frees valuable time for developers to focus on implementing more features for customers. The value here is that your IT assets (people and systems) deliver more customer features faster. And that means your product becomes more valuable to your customers.

Driving more value out of IT assets requires a clear understanding about how your company creates and delivers value. This knowledge will drive your IT strategy.

Objective 2: Set IT Strategy.

Once your company understands how it can provide value from IT assets, you can form a strategy for creating that value through making new investments or using current assets more efficiently. Creating an IT strategy has to do with determining a vision and direction of current and future investments in IT activities. Whether it’s buying new software or servicing new IT hardware, all IT investments have to have a clear direction.

Objective 3: Manage Risks.

Where does risk come in when IT systems are involved? Yes, there’s the risk of being hacked and the risk of leaking customer data. However, different stakeholders can create risk because they have conflicting interests.

For example, IT systems employees who care about security risks often conflict with software developers who simply want to get software out the door to customers. Both interests must be included in an IT governance framework so that when conflicts arise, a clear path forward exists.

Objective 4: Measure Performance.

Managers often say, “If you can’t measure it, it doesn’t exist.” That sounds simplistic. However, for large enterprises, it’s impossible to have operational visibility in every aspect of the business, including IT. Therefore board members and executives rely on measuring key performance indicators (KPI) in order to know how IT assets are performing. If IT performance can’t be measured, then IT assets can’t be governed.

Like any part of an organization, an IT department has systems and people. We know that IT governance requires every resource, either human or system, to work together efficiently to provide more value. So it makes sense that measuring performance should be part of the entire IT governance framework. Otherwise, how do you know that your IT assets provide value to your stakeholders?

Now that you have a better understanding of IT governance responsibilities, let’s look at IT governance frameworks.

Two Options for IT Governance Frameworks

Imagine that your organization is a freeway, and each car on that freeway is one of the organization’s stakeholders. Each stakeholder wants to go faster. Driving rules are your governance so that instead of colliding with one another all the time, cars stay in their lanes and follow the rules. When cars want to change lanes, driving rules give a legal way of doing that without causing accidents.

Let’s look at two of the most common IT governance frameworks. ITIL represents a generic IT governance framework applicable to any industry, while CMM is specific to the software industry.


ITIL stands for IT infrastructure library and focuses on IT service management. Wikipedia tells us that “ITIL describes processes, procedures, tasks, and checklists which are not organization-specific nor technology-specific, but can be applied by an organization towards strategy, delivering value, and maintaining a minimum level of competency. It allows the organization to establish a baseline from which it can plan, implement, and measure.


CMM stands for capability maturity model. Originally developed by the Department of Defense, the CMM was a way to measure and asses government contractors’ readiness to complete large software projects for the defense community. Wikipedia again helps us understand that within the CMM, “the term ‘maturity’ relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined steps, to managed result metrics, to active optimization of the processes.” CMM describes a series of progressive steps that a software company can take to increase its maturity level. With each step in maturity, a company can produce software repeatedly and with greater efficiency.

Making IT Governance Work

While you maybe looking for existing IT governance frameworks to embrace, here are three questions you must take into account when making IT governance practical.

How Will You Define Value?

How do you know your IT department is delivering value? And even more specifically, how do you know IT delivers the value necessary for your organization? Asking these questions should make you think about how important it is to establish clear expectations about what value means.

Defining value results in lots of terms and acronyms. Value measuring uses terms such as key performance indicators (KPIs), team velocity, and mean time between outages (MTBO). All these terms have to do with ways to measure IT asset performance so you can track progress.

For example, in an agile environment, doing the estimation during sprint planning is a crucial exercise. It doesn’t really matter how difficult and loose it seems. Only by putting effort into estimation and sprint retrospectives can you get a view of your team’s value. This way, you start to quantify the value of your development team.

Once you establish value measurement units, you can make progress toward value generation in your IT department.

How Will You Measure Value?

Once you break down value into key performance indicators, you have something you can measure. The KPIs become a measuring rod for value and Plutora can provide you with the metrics that your team needs.

When you’re able to compare performance from month to month and year to year, your IT governance becomes real and visible.

When board members and executives ask you, “Are we improving our value creation?” you can provide a real picture of IT value.

What Will You Automate, and How Will You Do So?

Meaningful automation generally generates increases in productivity. Therefore automation becomes one of the main goals of any IT department. It’s somewhat naive to say automation is the only way to generate value in an organization. However, automation certainly drives organizational efficiency.

For instance, the recent rise in Robotic Process Automation (RPA) has brought a new level of automation to traditionally data intensive jobs. This automation leap is pushing traditional industries, such as insurance, to invest heavily in software and hardware to increase automation.

For software shops, modern DevOps is changing the game through efficient implementations of Continuous Integration and Continuous Delivery. This way, the software development life cycle gets shortened, and engineers can focus on developing features and innovating products.

How IT Governance Can Help You

Having an IT governance framework in place will force you to think about IT assets across your organization. When you’re able to quantify IT value creation, measure it, and deliver it efficiently to your organization, then you can say your IT governance works. If you can also increase IT value generation, you’re rocking.

Leave a Comment