The GRAAL project (is.cs.utwente.nl/GRAAL)
15 November 2004
IT governance is
the activity of controlling IT. It consists of making decisions about acquisition,
change and disposal of IT, as well as monitoring IT performance data in order
to be able to control IT more effectively and efficiently. IT governance is
part of corporate governance. Recent developments such as the Sarbanes-Oxley act in the
We view IT governance as a coordination problem. The following diagram shows some of the relationships to be coordinated in IT governance. Each line represents one coordination relation.
In different companies, different organizational entities are involved, but usually there are executive management, CIOs, business units, and IT architects involved. Whatever the configuration of managers, committees and other stakeholders, we can make one simple generalization from our cases studies: Architecture design is a top-down process that conflicts with the local interests. This tension occurred in all organizations studied by us as a tension between the architects of the business system layer and project managers that implement one particular business system.
The architecture of a business system layer is designed
with global cost-reduction in mind. This always requires reuse of components in
different systems, or the imposition of standards that globally make sense but
locally may seem awkward to follow. When an individual system is designed, the
project manager or business unit manager responsible for the project will
always find good reasons why this globally optimal design is not optimal for
his or her system, and will try to get around the global architecture. The only
way around this tension is to make the project manager directly accountable to
someone responsible for maintaining the global architecture, such as the chief
CIO in our diagram.. In practice, the project manager
often comes from a business unit and is accountable to a BU manager. This then
leads to the conflict between local and global optimization. In the
IT governance is currently for a large part addressed from the perspective of management science. This means that solutions for IT governance are sought solely in the business domain, e.g. by organizational change (as required by the Clinger-Cohen Act, for
example), by control frameworks such as COBIT, but also by improving personal skills of CIOs and architects. It is doubtful whether this is sufficient. In addition to the management science approach, research is needed to develop an engineering approach that seeks to develop IT architectures with attention for governance at all stages of the system life cycle and for all layers, from IT infrastructure to the business layer.