Governance
The Governance (GOV) capability is the ability to evaluate, direct, and monitor the current and future use of an organization's IT resources in support of strategic objectives.
Structure
GOV is made up of the following Categories and CBBs. Maturity and Planning are described at both the CC and the CBB level.
- AGovernance Framework
- A1Governance Context
Define the role of IT governance within the organization's overall corporate governance; and specify the roles and interfaces between IT and business management and the organization's ultimate governing body (e.g. the board).
- A2Guiding Principles
Adopt a set of principles for good governance of IT that define preferred behaviour within the organization to guide decision-making and the organization's governance mechanisms for IT.
- A3Decision Bodies/Structure
Establish organizational structures and roles (e.g. committees, executive teams, business/IT relationship managers) to guide and oversee the governance of IT, and promote behaviour that will lead to the achievement of business goals. Define their composition and scope and set out protocols for coherence and escalation across governance bodies and business organizational units.
- A4Decision Rights
Determine what major IT domain decisions need to be made. Define the decision-making boundaries for each decision type, including the inputs and decision rights of different stakeholders, and the rules and procedures for making and monitoring those decisions.
- A5Roles and Accountabilities
Define roles and responsibilities, and delegate authority and accountability for aspects of the governance of IT. Establish mechanisms to hold such individuals or groups accountable for decisions, actions, and performance.
- BGovernance Process
- B1Evaluate
Examine and assess the organization's internal and external environments. Determine how the organization is currently supported and enabled through the use of IT.
- B2Direct
Define how the organization should be supported and enabled through the appropriate use of IT. Direct the preparation of strategies and policies. Determine readiness for change and approve an appropriate programme of change activities.
- B3Monitor
Identify evidence of success to measure achievement of desired outcomes. Establish an effective monitoring system that collects and analyses data, and reports progress against plans to the governing body. Instigate mechanisms to monitor compliance with relevant legislation, regulations, and organizational policies.
Overview
Goal & Objectives
An effective Governance (GOV) capability aims to:
- Establish IT governance as a central component of effective corporate governance and provide appropriate guidance regarding the effective, efficient, and acceptable use of IT.
- Establish appropriate IT decision-making bodies and processes, including mechanisms for escalation of IT issues and compliance with obligations.
- Establish decision boundaries, decision rights, and decision inputs; and delegate authority and accountability for aspects of IT governance in line with what is appropriate for the organization's context.
- Improve confidence in, and the agility and transparency of, IT decision-making.
- Ensure that distributed IT decisions support the organization's strategic goals and objectives.
- Provide broad oversight on the performance of IT in the organization.
Scope
Definition
The Governance (GOV) capability is the ability to evaluate, direct, and monitor the current and future use of an organization's IT resources in support of strategic objectives.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for GOV at each level of maturity.
- 2Basic
- Practice
- Engage with appropriate stakeholders to agree the roles and accountabilities for IT governance.
- Outcome
- There is clarity on who is responsible and accountable for IT governance.
- Metric
- # of IT governance roles, responsibilities, and accountabilities documented and accepted.
- Practice
- Establish guiding principles for IT governance.
- Outcome
- The principles outline preferred behaviours to guide IT decision-making and how IT is governed.
- Metric
- # of IT governance principles adopted.
- Practice
- Establish an IT governance steering group to evaluate and direct important IT decisions and monitor IT performance.
- Outcome
- Consistent decision-taking is ensured for the most important IT decisions.
- Metric
- % of IT management on the governance steering group.
- 3Intermediate
- Practice
- Evaluate the current state use of IT, and define the desired future state use of IT to deliver the IT strategy.
- Outcome
- There is clarity on how the organization is currently supported and enabled through the use of IT and how it should be developed for the future.
- Metrics
- # of audits of current plans
- # of target outcomes defined.
- Practice
- Direct, review, and approve a change programme to transition to the desired future state use of IT.
- Outcome
- All of the change projects that are required to achieve desired outcomes are identified.
- Metrics
- # of plans developed for the change programme
- # of quick wins identified.
- Practice
- Establish formal IT monitoring systems.
- Outcome
- The governing body has visibility of the progress of the change programme.
- Metric
- % of change projects that successfully deliver the expected business outcomes.
- 4Advanced
- Practice
- Establish links between IT governance and corporate governance.
- Outcome
- There is growing alignment between the governance of IT and business-related matters.
- Metric
- % of IT governance activities directed by the board of directors.
- Practice
- Follow a comprehensive decision-making process when making IT decisions.
- Outcome
- All decisions are based on factual information, and are taken in a transparent manner.
- Metric
- % of IT-related decisions that adhere to a decision-making process.
- Practice
- Monitor the change programme and overall IT performance against agreed outcomes.
- Outcome
- Progress against defined outcomes is visible and corrective actions can be taken, if required.
- Metric
- % of change projects that successfully deliver the expected business outcomes.
- Practice
- Monitor IT compliance with all legislative, regulatory, and organizational policy obligations.
- Outcome
- The organization complies with all internal and external obligations and standards.
- Metric
- % compliance with internal and external obligations.
- 5Optimized
- Practice
- Ensure IT governance is rooted in corporate governance, is directed by the board of directors, and regularly incorporates insights from the business ecosystem to improve governance structures.
- Outcome
- IT governance reflects industry best known practice, and its importance is confirmed by its position within the corporate governance structures.
- Metric
- Frequency of reviews of the IT governance structures (and updates as appropriate).
- Practice
- Implement a fully automated monitoring system that provides information, as and when required.
- Outcome
- The monitoring system enables optimized decision-making and ensures that appropriate actions are taken.
- Metric
- Percentage of change projects that successfully deliver the expected business outcomes.
Reference
History
This capability was introduced in Revision 18.07, replacing IT Leadership and Governance (16).