No amount of research can generate a single, definitive definition of what educational IT governance really is.
Vendors, analysts, and academicians all define IT governance slightly different and even their definitions change on an annual basis. My view of IT governance, in its simplest form, is about understanding technology and technology-related risks relative to the business processes that IT and technology must support.
Yes… this is an obvious concept but the reality is that organizations especially educational organizations often possess a weak understanding of their significant IT and technology risks often leaving organizations in a very precarious position which could cause significant issues in branding and reputation if any of the technology and IT risks are actually realized.
In reviewing over 40 IT governance models established throughout the United States, it is obvious
that most organizations attempt to achieve IT governance by monitoring and measuring two significant areas of their operation:
- infrastructure and asset protection
- infrastructure and personnel performance
By limiting IT governance to these two areas, challenges are realized. For one, the monitoring and measuring of these technology items are often not integrated. Secondly, while organization’s measure and manage against their own performance metrics, these metrics are not compiled nor coupled to the business needs from a process standpoint and risk is not measured in business terms such as frequency impactor criticality.
Aligning technology with business operations involves multiple components. Implementing any or all of these components constitutes some form of IT governance. For the purpose of these discussions, I’ll limit the crucial components to five:
- Creation of IT policies, processes and strategy
- Management of IT risk
- Business process mapping and harmonization
- Continuous management of IT resources and
- Monitoring results and IT effectiveness.