Chapter 1.

Introduction to IT
Governance
Aim
To equip students with the knowledge of governance
in information security and the importance of
information system development and planning
Instructional Objectives
After completing this chapter, you should be able to:
• Explain importance and basic concepts of IT governance

• Describe the role of governance in information security

• Outline the best practices of IT governance

• Elaborate strategic system development and Project governance

Importance and Basic Concepts of IT Governance
Introduction to IT Governance
IT governance has two distinct components. They are:

IT Governance

A structural A process
component component
Objectives of IT Governance

Provide data regarding the product’s quality and process

conformance.

Key Performance Indicators (KPIs) and Key Goal Indicators

(KGIs)

Ensure that the strategic business objectives are achieved with

least wastage of the company’s resources.
Importance of IT Governance

Importance of IT Governance
Governance Landscape:
Various perspectives of governance exist in an enterprise. The important and most
relevant from the system development point of view are:

Enterprise Governance
Development
Governance

Governance

Governance
Product
IT
Governance versus Management:
Governance focuses on who has the authority to take decisions, while management
is about implementation and institutionalization of the governance process.

Governance versus Management

Important IT Governance Concepts:
MIT Sloan School for Centre for Information Systems and Research (CISR) after extensive research
has arrived at five key IT decisions to be addressed by IT Governance for achieving good or effective
IT Governance.
Five Key IT Decisions to be governed
High level statements on how IT is to be used. Driven by business principles (eg.
Principles for Digitization Operating Model)
Organizing logic for data, applications and infrastructure captured in a set of policies,
Enterprise Architecture relationships and technical choices to achieve desired business and technical
standardization and integration.

Strategies for shared IT capability (both technical and human) delivered as reliable
IT Infrastructure Strategies services (Example: Network, help desk, shared data)

Business Application Needs Specifying the business need for purchased or internally developed IT applications

Decisions about how much and where to invest in IT including project approvals and
IT Investment and Prioritization justification techniques

Five Key IT Decisions

IT Governance Framework
MIT Sloan School CISR has developed the following framework called the IT
Governance Arrangements Matrix.

[Example of an effective IT Governance framework]

Quiz / Assessment

1) Amongst the given options, identify the distinct components of IT

Governance
a) Structural component and the process component
b) The Structure component and the architecture component
c) The domain component and the dominion component
d) The Planning component and the procedure component
Quiz / Assessment
2) The end objective of an IT Organization and the Business must be
united in clear basis so that they may achieve______________.
a) good governance
b) good government
c) active governance
d) non active governance
Quiz / Assessment

3) There is no difference between 'Governance' and the 'Management'. Verify

whether this statement is correct or not correct.
a) The statement is correct
b) The statement is not correct
Quiz / Assessment

4) The term 'Business Monarchy' comes into picture when IT Decisions are
taken at __________________ level.
a) the top management level (correct)
b) the business unit level
c) a joint level meeting of the business head and IT heads
d) the IT Group level along with the corporate level
Role of Governance in IT Security
Information Security Governance
Senior Organization
Business Strategy
Management Objectives

Steering Risk
Committee Management Security
and Executive or Information Requirements
Management Security
Strategy
CISO or
Security Security
Steering
Action Plan, Programmes
Committee
Policies,
Standards

Implementation

Security
Objectives

Monitor or
Metrics Reporting
Trend Analysis
Conceptual Information Security Governance
Quiz / Assessment

5) Information security governance is a subset of ___________ governance.

a) entrepneur governance
b) enterprise governance
c) internet governance
d) industrial governance
Quiz / Assessment
6) Amongst these four options, which is an outcome coming out of security
requirements?
a) Business Strategy Decision Making Process
b) Risk Management Process
c) Security Planning Process
d) Risk Planning Process
Quiz / Assessment

7) Amongst these four options, identify the option that is not a benefit of IS
Governance.
a) IS Governance improves customer satisfaction
b) IS Governance decreases security violations
c) IS Governance increases the credibility level of the organization
d) IS Governance increases security violations
Best Practices for IT Governance
Best Practices for IT Governance
The following factors are identified as crucial to the effectiveness of IT governance:
Transparency
Actively designed
Infrequently redesigned
Education about IT governance
Simplicity
Exception-handling process
Designed at multiple organizational levels
Aligned incentives
Assign ownership and accountability
Implement common techniques
Quiz / Assessment

8) In case of IT Governance, where does the buck stop?

a) At the terrace level
b) At the shop floor level
c) At the board level
d) At the grass root level
Quiz / Assessment

9) The lesser the number of goals, the easier IT governance is to design and
manage. Is this true or false?
a) The statement is true
b) The statement is not true
Quiz / Assessment

10) Who needs to be made accountable for IT Governance in an

organization?
a) The branch manager
b) The Union leader
c) The General manager
d) The Chief Information Officer (correct)
Strategic System Development and Project
Governance
Strategic System Development
Organization Business Assessment
Mission

Current Information
Organization Strategic
Technology
Plan
Architecture

IS Strategic plan

New Information
Technology
architecture

IS Operational Plan

IS Development
Projects

Information System Planning

Strategic System Development

Configure

Build Test
Process of
Agile
Development

Design Release

Process of Agile Development

Project Governance
Project Governance is a management framework that ensures that a project is
well conceived and executed by ensuring that the right decisions are taken at the
right time.

Structure People Information

Quiz / Assessment

11) _____________is a set of long terms goals that defines the IT architecture and
major IS Initiatives.
a) ISO Strategic Plan
b) IS Strategic Plan
c) ISI Strategic Plan
d) ISIS Strategic Plan
Quiz / Assessment

12) Identify the model, which is said to be the origin of the Agile
development methodology.
a) Whirlpool and eddy spiral model
b) Spiral and Development model
c) Incremental and Iterative model
d) Lean, Mean and Clean development model
Quiz / Assessment

13) Identify the three key elements of a Project Governance framework

a) Building, Layout, Locality
b) Land, Labor, Production facility
c) Resources, Information, Data
d) Structure, People, Information
Quiz / Assessment

1) Describe the various IT Governance Frameworks.

2) Fill in the IT Governance Matrix for a typical Business Organization.
Justify the same.
3) Discuss the possible challenges that you might face if you are an asset
owner as well as the project manager of a project that uses the asset.
4) Explain the core project governance principles
Activity
Activity can be either offline or online

• Do an Online research on IT
Online Activity governance and prepare a
(30 min)
presentation (20 slides)

Note: Refer Table of Content for the activities

Summary
 IT Governance is a set of processes that ensure the effective and efficient use of
IT in enabling an organization to achieve its goal.
 The objective of strong Governance is to ascertain that the strategic business
objectives are achieved with minimum wastage of a company’s resources.
 These processes should have high level of compliance across the organisation
through effective management processes.
 The primary goals for IT governance is to assure that the use of information
and technology generate business value to the organisation
 The main focus areas of IT governance are Strategic alignment, Value delivery,
Resource management, Risk management, Performance measures
Answer Key

Subjective Questions
Question No. Answer

1 Refer Section 1.1.3

2 Refer Section 1.1.3

3 Refer Section 1.1.6

4 Refer Section 1.1.6

e-References

• Digitalistmag. IT Governance – What is It and Why is It Important?. from

http://www.digitalistmag.com/innovation/2012/05/07/it-governance-what-is-it-and-why-is-it-important-0
4961
• Gartner. IT Governance. from http
://www.gartner.com/it/initiatives/pdf/KeyInitiativeOverview_ITGovernance.pdf
• Isaca. Information Security Governance. from http
://www.isaca.org/knowledge-center/research/documents/information-security-govenance-for-board-of-dir
ectors-and-executive-management_res_eng_0510.pdf
• Wiley. Information Systems Development. from http://
www.wiley.com/college/turban/0471073806/sc/ch14.pdf
• Umsl. Don’t Just Lead, Govern. from http
://www.umsl.edu/~lacitym/topperform.pdf
• Materias. IT Governance on One Page. from http://
materias.fi.uba.ar/7558/Lecturas/cisrwp349-IT%20Governance%20on%20One%20Page.pdf
External Resources
1. Magee, Mathew, Marounek, Patr, Mueller, Lynn, &Phillipson, Andrew (2008).
IBM IT Governance Approach: Business Performance through IT Execution (1
ed.). IBM Redbooks.
2. Weill, Peter, &Ross, Jeanne (2004). IT Governance (1 ed.). USA: Harvard
Business School Press.
3. Weill, Peter (2004). DON’T JUST LEAD, GOVERN: HOW TOP-PERFORMING
FIRMS GOVERN IT. USA: Harvard Business School Press.