CIO CORNER

This is the MIT CIO Symposium blog. We invite participation from speakers, sponsors, attendees, and interested parties.

IT Governance Series

By donflinn | November 14, 2009

IT Governance is a large and complicated subject and blogs are short, single-sitting pieces of information, therefore we’ll cover it using a series of blogs.  Once we have established the context in which IT Governance exists we will move onto the hows of implemention using information from the methods and practices of successful companies as well as theory.  Hopefully, you can get some time between meetings to read these blogs and, more importantly, find productive use for the information in your corporation.

Since IT governance is a subset of the more general corporate governance and governance is often misunderstood, let’s look at some definitions.  Here are four definitions in order of increasing specificity.

  1. The word governance derives from the Greek verb kubernáo which means to steer.
  2. One of the earliest and simplest definitions is from the 1992 Cadbury Report: “Corporate governance is the system by which companies are directed and controlled.”
  3. Weill and Ross of the MIT Sloan School expanded the definition to: “Governance specifies the decision rights and accountability framework to encourage desirable behaviors.”
  4. A definition in The OASIS Enterprise Architecture Specification is: “Governance is the concept of prescribing conditions and constraints consistent with satisfying common goals and the structures and processes needed to define and respond to actions taken towards realizing those goals.”

The derivation gets right to the heart of governance.  As the original meaning illustrates, the purpose of governance is more akin to navigation of a ship; directing it to go in the direction intended, rather than carrying out the specific actions needed to move it toward its goal.

More to corporate governance, the second definition gets to its core purpose.  That is, in the corporate context, governance has to do with designing the means by which a company meets its goals by establishing systems for direction and control.

Definitions three and four add additional characteristics, which are directed towards explaining how corporate governance works.

Weill and Ross’s definition bring forth the concept of establishing a framework for controlling decisions and establishing accountability for those decisions as factors in moving the company in the direction of doing what is best for the corporation.  It also brings in the important concept of establishing who has the right to and is accountable for making decisions.

OASIS’s definition gets more specific and emphasizes the need of governance to satisfy corporate goals as well bringing in the control nature of governance.  Finally this definition emphasizes the importance of designing a governance structure and related processes to be used to implement and drive governance.

In our next blog we will give a short overview of where IT Governance fits into the corporate governance eco-system.  After that positioning we’ll concentrate on IT Governance itself.

Topics: IT Governance | 1 Comment »

One Response to “IT Governance Series”

  1. Basil Wood on November 15th, 2009 3:07 am

    Mark Toomey, editor of ISO/IEC 38500:2008 – Corporate Governance of Information Technology – includes a nice quote in his book, Waltzing with the Elephant, to distinguish Governance from Management: “Governing is basically about making sure that management does its job properly”.

Leave a Reply