IT Governance is now widely recognized as a critical success factor for managing today's complex enterprise IT environments. It has become one of the most popular buzzwords among IT executives and company boards alike. But, like many buzzwords, this one is far easier to recite than it is to understand, let alone apply.

Why is so little rigor and strategic planning applied to the subject of such pervasive significance? This stems from the fact that IT Governance has evolved over the last few years not as an actively designed CxO-driven initiative but as a collection of loosely connected "governance silos."

The most commonly encountered types of uncoordinated silos are "project governance," "outsourcing governance," "architecture governance," "data security and access governance," and "governance around change." In most cases, these governance silos are created as a reactive mechanism to address a particular need, for example, architecture problems or overspending or duplication. Adding to the confusion, a variety of point-solution product offerings addressing each of these silos are marketed by the vendors under the general "IT Governance" umbrella.

Complicating the picture even further is that there is no single IT Governance standard. Rather, the topic of IT Governance falls at the intersection of three popular frameworks, which are contemporary buzzwords extraordinaire in their own right: ITIL (from the IT delivery and support point of view), CobiT (from the financial auditing and control point of view), and SOX (from the US regulatory compliance point of view).

What is IT Governance?
A straightforward definition of IT Governance comes from the Board Briefing on IT Governance publication (pdf) produced by the IT Governance Institute:

IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives.

1. Business-IT Strategic Alignment, with a focus on aligning with the business and collaborative solutions.
2. Value Delivery, concentrating on optimizing expenses and proving the value of IT.
3. Risk Management, addressing the safeguarding of IT assets, disaster recovery and continuity of operations, and risks associated with regulatory compliance.
4. Resource Management, optimizing knowledge and IT infrastructure.
5. Performance Measurement, tracking project delivery and monitoring IT services, which provides feedback to the governing body and enables decision making, objective setting, and policy adjustment.

The organizational aspects are neatly summarized by Peter Weill and Jeanne Ross in their the IT Governance book (published by HBS) as "Ten Principles of IT Governance": involve senior managers, ensure clear exception-handling, provide the right incentives, assign ownership and accountability, provide transparency and education, etc.

At the technology level, the key question is: How to identify the concepts that need to be defined to enable effective IT Governance, and how to implement the processes and tools that make these concepts actionable? The answer is guided by the old "DMMI" maxim "" because:

• What is not defined cannot be managed.
• What is not managed cannot be measured.
• What is not measured cannot be improved.

IT Governance is now widely recognized as a critical success factor for managing today's complex enterprise IT environments. It has become one of the most popular buzzwords among IT executives and company boards alike. But, like many buzzwords, this one is far easier to recite than it is to understand, let alone apply.

Why is so little rigor and strategic planning applied to the subject of such pervasive significance? This stems from the fact that IT Governance has evolved over the last few years not as an actively designed CxO-driven initiative but as a collection of loosely connected "governance silos."

The most commonly encountered types of uncoordinated silos are "project governance," "outsourcing governance," "architecture governance," "data security and access governance," and "governance around change." In most cases, these governance silos are created as a reactive mechanism to address a particular need, for example, architecture problems or overspending or duplication. Adding to the confusion, a variety of point-solution product offerings addressing each of these silos are marketed by the vendors under the general "IT Governance" umbrella.

Complicating the picture even further is that there is no single IT Governance standard. Rather, the topic of IT Governance falls at the intersection of three popular frameworks, which are contemporary buzzwords extraordinaire in their own right: ITIL (from the IT delivery and support point of view), CobiT (from the financial auditing and control point of view), and SOX (from the US regulatory compliance point of view).

What is IT Governance?
A straightforward definition of IT Governance comes from the Board Briefing on IT Governance publication (pdf) produced by the IT Governance Institute:

IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives.

1. Business-IT Strategic Alignment, with a focus on aligning with the business and collaborative solutions.
2. Value Delivery, concentrating on optimizing expenses and proving the value of IT.
3. Risk Management, addressing the safeguarding of IT assets, disaster recovery and continuity of operations, and risks associated with regulatory compliance.
4. Resource Management, optimizing knowledge and IT infrastructure.
5. Performance Measurement, tracking project delivery and monitoring IT services, which provides feedback to the governing body and enables decision making, objective setting, and policy adjustment.

The organizational aspects are neatly summarized by Peter Weill and Jeanne Ross in their the IT Governance book (published by HBS) as "Ten Principles of IT Governance": involve senior managers, ensure clear exception-handling, provide the right incentives, assign ownership and accountability, provide transparency and education, etc.

At the technology level, the key question is: How to identify the concepts that need to be defined to enable effective IT Governance, and how to implement the processes and tools that make these concepts actionable? The answer is guided by the old "DMMI" maxim "" because:

• What is not defined cannot be managed.
• What is not managed cannot be measured.
• What is not measured cannot be improved.

IT Governance is now widely recognized as a critical success factor for managing today's complex enterprise IT environments. It has become one of the most popular buzzwords among IT executives and company boards alike. But, like many buzzwords, this one is far easier to recite than it is to understand, let alone apply.

Why is so little rigor and strategic planning applied to the subject of such pervasive significance? This stems from the fact that IT Governance has evolved over the last few years not as an actively designed CxO-driven initiative but as a collection of loosely connected "governance silos."

The most commonly encountered types of uncoordinated silos are "project governance," "outsourcing governance," "architecture governance," "data security and access governance," and "governance around change." In most cases, these governance silos are created as a reactive mechanism to address a particular need, for example, architecture problems or overspending or duplication. Adding to the confusion, a variety of point-solution product offerings addressing each of these silos are marketed by the vendors under the general "IT Governance" umbrella.

Complicating the picture even further is that there is no single IT Governance standard. Rather, the topic of IT Governance falls at the intersection of three popular frameworks, which are contemporary buzzwords extraordinaire in their own right: ITIL (from the IT delivery and support point of view), CobiT (from the financial auditing and control point of view), and SOX (from the US regulatory compliance point of view).

What is IT Governance?
A straightforward definition of IT Governance comes from the Board Briefing on IT Governance publication (pdf) produced by the IT Governance Institute:

IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives.

1. Business-IT Strategic Alignment, with a focus on aligning with the business and collaborative solutions.
2. Value Delivery, concentrating on optimizing expenses and proving the value of IT.
3. Risk Management, addressing the safeguarding of IT assets, disaster recovery and continuity of operations, and risks associated with regulatory compliance.
4. Resource Management, optimizing knowledge and IT infrastructure.
5. Performance Measurement, tracking project delivery and monitoring IT services, which provides feedback to the governing body and enables decision making, objective setting, and policy adjustment.

The organizational aspects are neatly summarized by Peter Weill and Jeanne Ross in their the IT Governance book (published by HBS) as "Ten Principles of IT Governance": involve senior managers, ensure clear exception-handling, provide the right incentives, assign ownership and accountability, provide transparency and education, etc.

At the technology level, the key question is: How to identify the concepts that need to be defined to enable effective IT Governance, and how to implement the processes and tools that make these concepts actionable? The answer is guided by the old "DMMI" maxim "" because:

• What is not defined cannot be managed.
• What is not managed cannot be measured.
• What is not measured cannot be improved.

Role of the IT Service Catalog
To address the DMMI imperative, IT Service Catalogs, which define the services that an IT organization is delivering to the business users, have emerged as the central element of IT Governance models. Service Catalogs serve to align the business requirements with IT capabilities, communicate IT services to the business community, plan demand for these services, and orchestrate the delivery of these services across the functionally distributed (and, oftentimes, multi-sourced) IT organization.

Actionable IT Service Catalogs are now being offered by vendors as a robust capability that not only captures a list of IT services offered, but also facilitates:

• IT best practices, captured as Service Catalog templates
• Operational Level Agreements, Service Level Agreements (aligning internal & external customer expectations)
• Hierarchical and modular service models
• Catalogs of supporting and underlying infrastructures and dependencies (including direct links into the CMDB)
• Demand management and capacity planning
• Service request, configuration, validation, and approval processes
• Workflow-driven provisioning of services
• Key performance indicator (KPI)-based reporting and compliance auditing

Those who have implemented this "IT Productization" framework successfully (along with the organizational and policy best practices), have seen dramatic improvements along all the key dimensions of IT Governance:

• Business-IT strategic alignment - by focusing on the services with the highest business impact,
• Value delivery - by realizing operational efficiencies through process and infrastructure automation,
• Risk management - by formalizing business continuity provisions as well-defined IT services and by addressing regulatory compliance requirements through increased process definition and transparency, and
• Resource management - by tying their service delivery systems directly into human, infrastructure, and knowledge resource repositories.

By implementing best practices-based IT Service Catalogs, companies can ensure that "IT Governance" becomes more than just a buzzword, but rather an actionable methodology to most effectively harness the awesome power of information technology in the interests of the business enterprise.