Fundamentally, governance is “the exercise of authority” (Dictionary.com), this is operationalised as who can make what decisions, also called ‘decision rights’. Through the allocation of ‘decision rights’ the directors/owners of a company exercise control (to the degree that they choose to) over an organisation (corporate governance). IT governance is essentially the same (being a subset of corporate governance) with a focus on the IT assets of the company.
Governance applies (with differing decision rights patterns) regardless of the organisational structure or objective. Governance exists in an organisation regardless of whether it is a tightly controlled, highly centralised company, a large bureaucracy or a loose alliance of semi-independent actors. Why then is governance and IT governance in particular considered a stifler of innovation, agility and new forms of organisation?
Perhaps it is because those on the IT governance gravy train have found value in systemising governance and IT governance in particular into a series of standards, processes and methodologies which an organisation ‘has to have’ to have good governance. ISO 38500 “Corporate Governance of Information Technology” was issued in 2010 based on the world’s first IT Governance standard AS8015 issued by Standards Australia in 2005. It contains six general principles for IT Governance which are intended as guide for organisations of decisions to consider. This however has become an umbrella standard and IT Governance has become (according to the influential IT Governance UK organisation) defined under the Calder-Moir framework as consisting of 6 exhaustive ISO standards and no less than 25 complex frameworks and methodologies. Just one of these frameworks is CoBIT which alone has over 300 ‘control points’ in order to manage an IT system. If implemented in its entirety the Calder-Moir framework would bury an organisation under a weight of process and policy that it would never recover from. No wonder managers and employees have negative views of IT governance.
It is time to return to the fundamentals of IT governance, not just to revive the efficiency of today’s organisations but so that it can play its rightful place in emerging forms of organisation that seek to avoid the bureaucratic and sole destroying impost of traditional command and control organisations. Governance is not the enemy.
David Gwillim
Exploring the value of IT to organisations
email: david.gwillim@optusnet.com.au
blog: http://www.businessitvalue.blogspot.com/
No comments:
Post a Comment