Mr. Fruman is Director of GTA's Enterprise Governance and Planning.
What is IT Governance?
Simply, it is a way to get control of information technology (IT) so that it provides the greatest benefit to the organization that requires, needs and depends on it. IT is complex, it is difficult to manage, and it brings new risk to the business while providing value and benefits. IT Governance provides the rules, limits and boundaries for decision making by stakeholders on behalf of their users, constituents and beneficiaries. There is often a tension between the "governed" and those who enact governance, but in the end, governance requires all parties to reach a mutually agreed upon set of rules, which means it must balance the needs of those involved if it is to be effective.
IT Governance is the set of rules we mutually agree on to manage information technology.
Effective IT Governance requires an understanding of the outcomes, which also balances control and risk. This balance means that there is no perfect form of governance, only a balance of control and risk for the performance of the organization, its objectives and its culture. So, IT Governance goes beyond establishing controls for its IT operations. It also includes how IT addresses changes in business strategy and planning, along with how IT adapts and responds to change in its operations, organization, finances, business functions and customer services or issues external to the organization. IT Governance provides structure to the business through frameworks, methods, processes, standards and controls; in essence, it provides the "rules of the game", with the limits and boundaries we mutually agree to in a collaborative environment.
Enterprise performance is the result of IT Governance providing the proper balance of control and risk.
The overarching framework for enterprise performance includes three processes:
- Plan
- Build
- Run
These three processes are captured and detailed in the Enterprise Performance Life Cycle (EPLC) framework. The performance of the enterprise depends on being able to effectively translate strategy into plans; plans into effective change; and changes into a secure, reliable and sustainable operating environment for its constituents, staff and leadership. GTA's IT Governance group provides oversight, assurance, frameworks, methods, standards and guidance for the planning, building and running of IT investments. The overriding objective is to ensure IT investments achieve their enterprise performance objectives, which includes determining whether the IT investment is secure, reliable and sustainable.
All IT investments should be secure, reliable and sustainable.
The state of Georgia enacts IT Governance through a number of mechanisms and domains, such as security; risk management; disaster recovery; business continuity; enterprise architecture; strategy and planning; project, program and portfolio management; resource/asset management; audits; policies and standards; regulatory compliance; change management and maturity. Along with these domains, you often find other terms and ideas associated with IT Governance, such as decision rights, control frameworks, performance management and business alignment. There are councils, boards and committees that are the decision-making bodies for accountability and transparency. In subsequent articles, we will explore these areas of IT Governance more thoroughly as we continue to mature IT Governance and achieve enterprise performance for state government in Georgia.