About Governance of Enterprise IT (GEIT)
Governance and Management of Enterprise Information & Related Technology
The terms "governance", "enterprise governance" and "GEIT" may have different meanings to different individuals and enterprises depending on (amongst others) the organisational context, e.g., maturity, industry and regulatory environment, or the individual context, e.g., job role, education and experience.
"Governance" is derived from the Greek verb kubernŠo meaning "to steer". A governance system enables multiple stakeholders in an enterprise to have an organised say in evaluating conditions and options, setting direction and monitoring performance against enterprise objectives. Setting and maintaining the appropriate governance approach is the responsibility of the board of directors or equivalent body.
COBIT 5, a business framework for GEIT from ISACA, defines governance as:
Governance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed-on direction and objectives.
GEIT is not an isolated discipline, but an integral part of enterprise governance. While the need for governance at an enterprise level is driven primarily by delivery of stakeholder value and demand for transparency and effective management of enterprise risk, the significant opportunities, costs and risk associated with IT call for a dedicated, yet integrated, focus on GEIT. GEIT enables the enterprise to take full advantage of IT, maximising benefits, capitalising on opportunities and gaining competitive advantage.
At a time when the significance of information and the pervasiveness of information technology (IT) are increasingly part of every aspect of business and public life, the need to drive more value from IT investments and manage an increasing array of IT-related risk has never been greater. Increasing regulation is also driving heightened awareness amongst boards of directors regarding the importance of a well-controlled IT environment and the need to comply with legal, regulatory and contractual obligations.
Effective GEIT will result in improved business performance as well as compliance to external requirements, yet successful implementation remains elusive for many enterprises. Effective GEIT requires a range of enablers with carefully prescribed roles, responsibilities and accountabilities that fit the style and operational norms specific to the enterprise. These include an appropriate culture and behaviour, guiding principles and policies, organisational structures, well-defined and managed governance and management processes, the information required to support decision making, supporting solutions and services, and appropriate governance and management skills.
For many years ISACA has researched this key area of enterprise governance to advance international thinking and provide guidance in evaluating, directing and monitoring an enterpriseís use of IT. ISACA has developed the COBIT 5 framework to help enterprises implement sound governance enablers; indeed, implementing good GEIT is almost impossible without engaging an effective governance framework. Good practices and standards are also available to underpin COBIT 5.
Frameworks, good practices and standards are useful only if they are adopted and adapted effectively. There are challenges that must be overcome and issues that must be addressed if GEIT is to be implemented successfully. The board and managers will need to accept more accountability for IT, provide guiding principles and a framework, and instill a different mindset and culture for delivering value