Six principles of IT governance
Six principles of IT governance
Responsibility: Groups and individuals within an organization understand and accept their responsibilities in respect of both supply of, and demand for, IT. Those with responsibility for actions also have the authority to perform those actions.
Strategy: The organization’s business strategy takes into account the current and future capabilities of IT; the strategic plans for IT satisfy the current and ongoing needs of the organization’s business strategy.
Acquisition: IT acquisitions are made for valid reasons, on the basis of appropriate and ongoing analysis, with clear and transparent decision-making. There is appropriate balance between benefits, opportunities, costs, and risks, in both the short term and the long term.
Performance: IT is fit for purpose in supporting the organization, providing the services, levels of service and service quality required to meet current and future business requirements.
Conformance: IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented, and enforced.
Human Behaviour: IT policies, practices, and decisions demonstrate respect for human behaviour, including the current and evolving needs of all the people involved the process. ountability. This strategy is rarely seen, and unlikely to ever be considered effective.
Weill and Ross conducted a research study to examine these models in terms of both their prevalence and effectiveness when used to make a variety of decision types (2004). The results can be expressed in terms of the governance map shown in Exhibit 2.1-1. The map shows which styles were most commonly used for the different decision types, and which governance mechanisms had input and influence on those decisions. The map also indicates which styles were found to be most effective for a particular decision type. Note that results on the effectiveness are not definitive, because the firms (that Weill and Ross
Responsibility: Groups and individuals within an organization understand and accept their responsibilities in respect of both supply of, and demand for, IT. Those with responsibility for actions also have the authority to perform those actions.
Strategy: The organization’s business strategy takes into account the current and future capabilities of IT; the strategic plans for IT satisfy the current and ongoing needs of the organization’s business strategy.
Acquisition: IT acquisitions are made for valid reasons, on the basis of appropriate and ongoing analysis, with clear and transparent decision-making. There is appropriate balance between benefits, opportunities, costs, and risks, in both the short term and the long term.
Performance: IT is fit for purpose in supporting the organization, providing the services, levels of service and service quality required to meet current and future business requirements.
Conformance: IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented, and enforced.
Human Behaviour: IT policies, practices, and decisions demonstrate respect for human behaviour, including the current and evolving needs of all the people involved the process. ountability. This strategy is rarely seen, and unlikely to ever be considered effective.
Weill and Ross conducted a research study to examine these models in terms of both their prevalence and effectiveness when used to make a variety of decision types (2004). The results can be expressed in terms of the governance map shown in Exhibit 2.1-1. The map shows which styles were most commonly used for the different decision types, and which governance mechanisms had input and influence on those decisions. The map also indicates which styles were found to be most effective for a particular decision type. Note that results on the effectiveness are not definitive, because the firms (that Weill and Ross