IT Governance refers to the rules and regulations under which an IT department functions and the mechanisms put in place to ensure compliance with those rules. IT Governance is one component of Corporate Governance. Project Governance is a subset of IT governance.
The Sarbanes-Oxley law (SOX) has made corporate IT governance a mandatory element of financial reporting, operational control and the daily running of a publicly traded company. Additionally, institutional investors are creating significant pressure for privately held companies to comply with Sarbanes-Oxley.
In response to the highly publicized cases of corporate fraud and scandal over the last years, a number of compliance controls have been enacted to ensure accountability from all companies and organizations. The Sarbanes-Oxley law states that CEOs must certify the financial reports of the organization. Public organizations that do not comply will not only face the wrath of their shareholders and creditors but will be exposing themselves to SEC (Security and Exchange Commission) investigations and severe penalties.
In addition to compliance controls, organizations are challenged to align IT strategy with the overall business strategy. An effective IT governance framework will address strategic alignment, compliance, risk management, resource allocation and management, value delivery and performance measurement. IT Governance is not confined to the IT department but involves the active participation and direction of the Board of Directors and Senior Management. IT goals, planned projects and budgets must be considered in enterprise wide planning and not as a separate business process or department.
Just as greater attention has been focused on overall corporate governance, organizations have formed around IT Governance. In 1998, the IT Governance Institute (ITGI) was established. The organization sponsors international conferences and symposia, conducts research and publishes guidance, offers case studies and offers an IT governance tool, Control Objectives for Information and Related Technology (COBIT).