The pervasive nature of IT as a business enabler obscures some harsh realities about IT performance. Contrary to conventional wisdom, technology-driven increases in productivity have been meager relative to total expenditures. Lackluster IT performance tied to poor management is manifested in failed or aborted projects, missed deadlines, budget overruns, and poor returns on investment (ROI). Increasingly, these indications of low IT effectiveness are shining a spotlight on the need for stronger IT governance as a vehicle for bolstering performance. Further fueling the emphasis on IT governance is the enactment of regulations such as the Sarbanes-Oxley Act, with its requirement for stronger controls over financial reporting to prevent a recurrence of recent high-profile corporate scandals.

Ask for a definition of IT governance and you will probably get a variety of answers. However, the central theme running through the responses is that the goal of IT governance is to create a control environment for desirable actions to drive the effective, efficient, and secure use of information technology.

 A control environment is shaped by the attitudes, abilities, awareness, and actions of the board and management regarding controls within the organization. It includes factors such as management’s integrity, ethical values, philosophy, and operating style, and the assignment of responsibility within the organization. The overall objective of IT governance is to understand the strategic importance of IT, and to ensure that the enterprise is capable of doing what it needs to do to sustain its IT Operation.