IT Governance

ATTENTION: If you use any content of this website, please cite:

Luna, A. J. H. de O., Kruchten, P., Pedrosa, M. L. G. E., Almeida Neto, H. R. de, & Moura, H. P. de. (2014). State of the Art of Agile Governance: A Systematic Review. International Journal of Computer Science & Information Technology (IJCSIT), 6(5), 121–141. doi:10.5121/ijcsit.2014.6510. Available at: http://arxiv.org/abs/1411.1922

If you prefer you can download the citation in BIBTeX format here.


Corporate governance is the set of processes, customs, policies, laws and institutions which affects the way a corporation is directed, administered or controlled. Corporate governance also includes the relationships between the various parties involved and the purposes for which a society is governed. The key players are the shareholders of management and board of directors. Other participants include customers, creditors (e.g. banks, holders / owners of policies / bonds), suppliers, regulators, and the wider community (CALAME and TALMANT, 2001).

On the other hand, Governance of Information Technology, IT Governance or Governance in ICT, is defined by some authors (ITGI, 2008; ISACA, 2007; ITSMF, 2008) as a subset of the corporate governance discipline, focusing on Information Technology (IT) and its performance systems and risk management. The growing interest in IT governance is partly due to the need to ensure reliable security and auditing mechanisms for companies, in order to mitigate business risk and avoid the occurrence of frauds (or ensure that there are means to identify them), ensuring transparency in management. The Sarbanes-Oxley Law (REZZY, 2007), in the U.S., and the Basel II Accord, in Europe, are examples of mechanisms in this context. Movements such as these demonstrate how institutions that are reference in the world market recognize that ICT projects can easily get out of control and profoundly affect the performance of an organization.

With the adoption of an IT Governance Model, it is expected that the structures and processes will ensure that IT supports and maximizes the goals and strategies of the organization, allowing it to control the measurement, auditing, implementation and quality of services, and also enabling the monitoring of internal and external contracts, defining the conditions for the effective performance management based on consolidated concepts of quality. Weill and Ross (2005) state that the performance of governance evaluates the effectiveness of IT governance in meeting the four goals ranked according to their importance to the organization: i) the use of IT on a adequate cost / benefit ratio; ii) the effective use of IT for asset utilization; iii) the effective use of IT for growth; and, iv) the effective use of IT for business flexibility.

Finally, IT Governance can be defined as the strategic alignment of IT with the business in order to obtain the maximum value by developing and maintaining effective controls of IT, aiming at cost control, management of return on investments and associated management risks (WEILL and ROSS, 2005).

To ensure such benefits, many mechanisms of relationship between business processes and IT processes have been developed by the ICT Governance discipline. The end result of this is a plethora of standards and best practices involving: processes, indicators, profiles, guidelines, etc., whose implementation usually requires much time, money and effort, because of the formalism adopted by these standards.

Holm et al. (2006) present a summary of the intentions of improving the relationship between IT and business through the classification of 17 standards and best practices in terms of the type of process and company.

This paper does not have the intention to discuss in detail the achievements or improvements that these methods and tools have achieved in order that the processes support core business of the organizations, however there is an intention to explore some context of their maximization of potentials through the new Agile Governance in IT approach, as a catalyst to overcome the gap between IT and business.

SOURCE: Luna et al. (2010b)
Comments