Published on CA Transforming IT Management at http://community.ca.com/blogs/theitgovernanceevangelist/archive/2008/02/11/it-governance-and-corporate-boards.aspx
11 February 2008
IT Governance and Corporate Boards
I learned about an interesting survey in a CBR article entitled "Corporate boards not serious about IT Governance measures: survey." The study was conducted by IT Governance Ltd, a UK company founded by Alan Calder, an internationally recognized ITG authority and author of numerous books on the topic. The survey results were disturbing-though not surprising. At least to me.
The survey validated something I learned from my own experiences traveling around the world discussing IT Governance. That is, corporate boards, the premier governing bodies of corporations around the world, are not driving ITG.
Of the 100 technology and compliance professionals surveyed, only 12% said their businesses operate board-level oversight of IT resources. The study also cited the lack understanding of the IT risks posed to the business and noted less than half of the respondents had implemented governance frameworks.
Despite the IT Governance Institute's contention that IT Governance is driven by the Board of Directors, few boards are doing so. In all my travels (and I have A LOT of frequent flyer miles), I have only encountered two organizations with board-driven IT Governance initiatives--one in the U.S, and one in New Zealand.
Alan Calder cites the "relaxed attitude of many boards toward their governance obligations." He believes they tune out the stories of lost customer data and expensively failed IT investments or they think it is a problem for somebody else to fix. He warns of the costly fines meted out by regulators and suggests that boards exercise the same governance over IT as they would over finance and marketing.
Despite the threat of fines and the board members' increasing understanding of information technology, I don't expect boards to start governing IT as they govern other business units any time soon. Except for the most sophisticated among them, for the foreseeable future, I believe they will continue to treat IT as being unique and different and therefore beyond standard governance oversight.
So I will continue to deliver my recommendations in regard to IT Governance. CIOs should not wait for a Board mandate. IT should take the initiative to establish IT Governance mechanisms because it makes good business sense.
If "good business sense is not enough," the IT Governance Institute's five principles of IT Governance should provide plenty of incentive. All together now, repeat after me:
- IT is aligned with the business
- IT brings value to the business
- IT manages risk
- IT manages resources
- IT manages performance
Readers, who or what drives IT governance in your organization?