Article Preview
TopIntroduction
IT governance is a relatively new topic (Van Grembergen, 2004), with the first publications appearing in the late 1990s. The number of IT governance publications began to grow from 2006/2007 (Smits & van Hillegersberg, 2014a). It is widely acknowledged that corporate governance and IT governance are related. However, little is known regarding how this relationship actually works. Corporate governance is of “enormous practical importance” (Shleifer & Vishny, 1997). Various publications suggest that IT governance constitutes an integral part of corporate governance (ITGI, 2003; Lainhart & John, 2000; Van Grembergen, De Haes, & Guldentops, 2004). Corporate governance issues cannot be solved without considering IT (Van Grembergen et al., 2004). We define IT governance as the structures, process, cultures and systems that engender the successful operation of the IT of the (complete) organization, an adaptation of the corporate governance definition of Keasey and Wright (1993). Thus, IT governance is not restricted to the IT organization.
The frameworks used for IT governance vary considerably, as can be seen in several global surveys from the ITGI addressed to 749 CEO-/CIO-level executives in 23 countries, and summarized in Table 1 (ITGI, 2008, 2011). To illustrate the diverse nature of these frameworks, we added the column ‘Content’. Unfortunately, the most recent global survey from 2016 does not include a question concerning the use of IT governance frameworks.
Table 1. Use of IT governance frameworks (ITGI, 2008, 2011)
Framework | Content | 2011 | 2007 | 2005 |
ITIL or ISO/IEC 20000 | Service management | 28% | 24% | 13% |
ISO/IEC 17799, ISO/IEC 27000 or other security frameworks | Information security | 21% | 10% | 9% |
Internally developed frameworks | Unknown/differ | | 14% | 33% |
Six Sigma | Quality | 15% | 2% | 5% |
COBIT (ISACA) | IT governance | 13% | 14% | 9% |
PMI/PMBOK | Project management | 13% | 1% | 3% |
Risk IT (ISACA) | Risk management | 12% | | |
IT assurance framework (ISACA) | IT assurance | 10% | | |
CMM or CMMI | Software development or process improvement | 9% | 4% | 4% |
ISO/IEC 38500 | IT governance | 8% | | |
BMIS (Business Model for Information Security, ISACA) | Information security | 8% | | |
PRINCE2 | Project management | 6% | 2% | |
Val IT (ISACA) | Enterprise value (IT investments) | 5% | 0% | |
TOGAF | Enterprise architecture | 3% | 0% | |
COSO ERM | Enterprise risk management | 2% | 1% | 4% |