Published: 31 July 2024
Contributor: Keith O'Brien, Amanda Downie
Information technology (IT) governance refers to a framework, or frameworks, that manages how organizations optimize their use of IT operations to support business objectives.
Effective IT governance is a key component of overall business strategy and corporate governance as a governance, risk and compliance (GRC) policy. IT governance manages governance and risks while maintaining compliance with industry and government regulations. Optimizing IT governance requires the right mix of IT investments, policy and personnel. It helps organizations match their IT goals with business goals.
A comprehensive IT strategy with strong IT governance can streamline IT decision making, ultimately driving results against key business goals. It is increasingly a component of DevOps teams responsible for IT operations. DevOps teams work together more efficiently to create, test and deliver software.
As organizations increase their IT investments, the importance of a strong IT governance policy increases. Chief information officers (CIOs) drive IT governance strategy alongside other key stakeholders in the C-suite.
This ebook describes the key benefits gained with today’s generative AI and traditional machine learning (ML) models.
Register for the IBM® newsletter
Maintaining strong IT governance helps organizations thrive in several key areas.
Disruptions to an organization’s IT processes affect the entire business. Therefore, organizations make resilience a core component of their IT governance processes. Organizations can orient their IT functions to maximize uptime and create proper backups and redundancies to keep the business moving.
Understanding the costs of IT resources and how they impact business growth is a key component of any CIO's job. While technology is an important component of any modern organization, CEOs want to know that various IT projects, initiatives and expenditures draw a direct line to achieving business goals.
The increased usage of customer data to drive business operations in enterprise IT means that governing agencies are more focused on how organizations run their IT departments. Organizations that have strong IT governance practices are less likely to run into compliance issues and therefore more able to focus on other areas of their business.
Organizations increasingly run on first- and third-party data, much of which is proprietary or contains private consumer information. Increasingly, bad actors are targeting organizations that collect this valuable data. IT risk management and mitigation are crucial; organizations can enact policies and procedures that protect their users. According to a CIO.com survey, CEOs place managing IT risk1 (link resides outside ibm.com) as the second greatest priority behind digital transformation.
Several governmental and nongovernmental organizations (NGOs) and private enterprises are responsible for setting and maintaining IT governance standards and guidelines.
- ISACA: Formerly known as Information Systems Audit and Control Association, it is an organization that provides credentials to IT professionals in key areas of auditing, cybersecurity and more.
- International Organization for Standardization: This nongovernmental organization develops standards across business units, including IT operations, to better facilitate trade and cooperation. It has issued several standards, including the ISO/IEC 38500 IT governance standard, published in 2008, and the ISO 27001 standard for managing information security.
- Axelos: Originally a joint venture between the United Kingdom government and company Capita, PeopleCert acquired the organization in July 2021. It is responsible for several certifications, including IT infrastructure library (ITIL).
There are several IT governance policies and procedures that many organizations follow.
Also known as COBIT, it is a framework of accepted practices and tools that minimize risk, introduce regulatory compliance and drives business goals.
A library of best practices, this framework helps organizations better manage their IT support and service. AXELOS is responsible for managing ITIL updates. The most recent, ITIL 4, was released in 20192 (link resides outside ibm.com) to include new tools and technologies, such as artificial intelligence and cloud computing.
This framework involves planning, implementing, managing and optimizing IT services to meet the needs of users and help organizations achieve their business goals. ITSM is to provide the optimal deployment, operation and management of every IT resource for every user across an enterprise. Users can include customers, employees or business partners.
IT resources can include any hardware, software or computing asset, such as a laptop computer, software application, cloud storage or a virtual server. In some organizations, DevOps is used in place of or as an alternative to ITSM. But many organizations see DevOps and ITSM as complementary: DevOps focuses primarily on speed and agility, and ITSM focuses on user and customer satisfaction.
This model, originally developed by the US Department of Defense, refers to an organization's software development process. Today’s CMMI models help organizations of all sizes build and measure the maturity of their IT operations and identify areas for improvement.
- Strategic alignment: This concept involves matching IT goals to business needs. By aligning what an organization needs to succeed, it can better allocate IT resources and create the right IT governance structure to make that happen.
- Cybersecurity: Organizations need to prioritize protecting information security, given the importance of the data their customers and partners entrust them with. Having a robust cybersecurity posture protects that data and defends the organization safe from catastrophic cyberattacks.
- Resource management: Organizations must consistently monitor their usage of valuable, but expensive tools and services that drive business value such as cloud usage and data storage. An organization that prioritizes resource management can identify the right IT initiatives and optimize their IT systems to create the right decision-making processes.
- Disaster recovery: Organizations need to have a robust plan in place for when things go wrong. A catastrophic failure to organizations’ servers or databases can lead to a loss of customer data or other intellectual property, increased downtime and other business interruptions. A prioritization of disaster recovery keeps organizations up and running even if there’s an attack or issue with their systems.
- Regulatory compliance: Organizations need to keep compliant with various national and regional regulations. A well-maintained IT governance strategy helps an organization understand those regulations and monitors actions and activities to keep compliant throughout any changes to IT policies.
Generative AI is a major influence over every aspect of modern businesses, IT included. Organizations can need to rethink their IT governance policies in the age of AI, especially if they are thinking of using third-party tools such as ChatGPT or others. Generative AI as it is built today introduces several difficult questions around fair use, data privacy and confidence in the correctness of the results.
Organizations that embrace and adopt generative AI likely need to review their existing IT governance policies to see whether they need new rules for use of the technology. Also, generative AI might be a valuable tool in building IT governance policies, such as suggesting key components or asking questions the IT governance team might have.
Manage internal IT controls and risk with IBM OpenPages for IT Governance.
Enhance cybersecurity across people, process and technology.
Govern generative AI models built on any platform and deployed on cloud or on-premises.
Follow the team as they identify risks and manage workflows.
Confidence you can achieve your business objectives in a world of dynamic risk.
Be confident in your security with threat intelligence.
See how watsonx.governance can be used to govern the AI lifecycle from concept to production.
Understanding the provisions of the EU AI Act is essential for any organization using AI.
AI governance should begin at the level of concept and continue throughout the lifecycle of the AI solution.
Footnotes
1 CEOs’ top priorities for IT leaders today (link resides outside IBM.com), CIO.com, 13 May 2024
2 What is ITIL? Your guide to the IT Infrastructure Library (link resides outside IBM.com), CIO.com, 16 May 2022