Abstract
This chapter explores IT governance, a critical aspect of corporate governance that enhances decision-making and execution in information technology. IT governance is essential for public and private sectors, promoting equity, transparency, and accountability to achieve organizational objectives. It is unique as IT projects are fundamentally business projects. The chapter traces IT's evolution from early “electronic calculators” to its current strategic role in businesses. It highlights IT's shift from cost-saving measures to a key element in strategic planning and the increasing integration of IT over decades. The historical perspective includes the impact of early automation technologies, such as the alphabetizing machine during the Great Depression, on modern data processing systems. The chapter emphasizes IT governance's significant influence on organizational success and its role in navigating contemporary IT challenges.
TopIntroduction
Governance is the decision-making process by which decisions are implemented (or not implemented). IT governance is defined in many ways, with no one-size-fits-all or “best” definition. This is because IT governance is contextual and it depends on the desired outcomes. Corporate governance is now recognized as a vital element for public and private sector organizations; the same can be said about IT governance when comparing desired outcomes. Corporate governance is about promoting fairness, transparency, and accountability to help organizations achieve their goals and IT governance has similar goals. However, it is also important to make the distinction that IT governance is a subset of corporate governance and not a separate entity. The significance of this recognizes that the integration of IT into an organization is so strong that IT can never be separate from “business” and there is no possibility of an “IT initiative”. All IT projects are business projects (or should be), and IT provides a service to accomplish these projects or initiatives. This will be an important realization that will tie back into the overlying theme of cyber-agility as the paper moves forward.
Significance of IT governance in early information technology phases
IT was only an electronic calculator or “Tabulating machine” early on. It was simply an automation of current practices that were not IT related. For example, the unemployment rate during the Great Depression led to more precise and efficient methods of tracking populations en masse for economic reasons. An example of simple automation is the Department of Unemployment's usage of an “alphabetizing machine” which was a punch card system (output) that simply took unemployment data and organized it in a more useful manner (for its time) than written lists. The input was the collection of unemployment data and the process was comparing and organizing it. A similar method is used to process student grades from tests within a school district. So, what was IT for the Department of Unemployment in 1935 is equivalent to a primitive form of data-mining. The following is a brief look at how IT has evolved depending on the angle of view.
The increased pace of technology over the past few decades has influenced and evolved the role IT plays in organizations. Compared to the present view of IT as a strategic weapon, the traditional view of IT as a cost-reducing commodity is very much in line with the evolutionary process. During the 1960-70s, computers were primarily aimed at simple automation tasks such as processing payroll or maintaining accounting ledger: automating manual work. This can be translated to IT as a cost-reducing commodity, where the main focus is to automate tasks by using IT to reduce costs. Although this may seem like an obvious choice to use IT, it wasn't until IT capabilities in later years, that strategic systems were made possible. The next phase of IT during the 1980-90s saw technology capabilities such as MRP systems for material requirements planning and database systems. This was the beginning of strategic systems. These IT systems provided companies with unprecedented capabilities to use IT as a tool to help change the way they do business. Using MRP systems, a company could change the way it controlled its inventory, and by doing so greatly improve efficiency. This was no longer automation of manual tasks; this was a complete change for the company and IT was the driving force. The result of trying to manage these newfound strategic systems without IT knowledge led to widespread system failure. To understand why companies were spending huge amounts on IT with unsatisfactory results, research was then begun into what is now known as IT governance.
Key Terms in this Chapter
Information System (IS): An organized set of components for collecting, storing, processing, and communicating information within an organization.
Incident Response Plan (IRP): A documented strategy for addressing and managing the aftermath of security breaches or cyber-attacks to limit damage and recovery time.
Big Data: Extremely large data sets that can be analyzed computationally to reveal patterns, trends, and associations, particularly relating to human behavior and interactions.
Internet of Things (IoT): The network of physical devices that are embedded with sensors, software, and other technologies to connect and exchange data with other devices and systems over the internet.
Knowledge Management System (KMS): A system that facilitates the creation, sharing, and management of organizational knowledge to improve efficiency and decision-making.
Corporate Governance: The system by which organizations are directed and controlled, focusing on fairness, transparency, and accountability.
Strategic Alignment: The process of aligning IT strategies with business strategies to achieve organizational objectives and maximize value from IT investments.
Urbanization of Information Systems: A strategic approach inspired by urban planning, aimed at organizing and optimizing an organization's IT infrastructure for better alignment with business needs.
Risk Management: The process of identifying, assessing, and controlling threats to an organization's capital and earnings, including IT-related risks.
Automation: The use of technology to perform tasks without human intervention, initially aimed at reducing costs and now driving strategic business changes.
Enterprise Resource Planning (ERP): Integrated management of core business processes, typically in real-time and facilitated by software and technology.
Machine Learning (ML): A subset of artificial intelligence that enables systems to learn from data, improving their performance over time without explicit programming.
Cyber-Agility: The ability of an organization to rapidly and effectively respond to changing cyber threats and environments.
Advanced Persistent Threat (APT): A long-term, targeted cyber-attack where an intruder gains access to a network and remains undetected, often for malicious purposes.
IT Governance: The framework and processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals.