The Intent of IT Governance

What IT governance is

It is the framework consisting of processes and structures specifying:

  • Who makes decisions pertaining to goals, policies, investment, infrastructure, and architectures
  • Who provides input and analyzes issues
  • Who is held responsible and accountable
  • Who settles disputes
  • How decisions are made, implemented, and managed

What IT governance is not

  • Management, which makes operational and project-level decisions
  • How groups are organized and led; that is, it’s not an organization chart
  • About following rules and regulations

Why IT governance is necessary

The past

Many IT governance processes and structures at NC State involved a confusing hybrid of one or more centralized units, autonomous colleges, departments, independent research teams, individual leadership and committee consensus.  This resulted in:

  • Conflicting policies and IT planning efforts
  • Ineffective and inefficient use of resources
  • IT Governance structures that were not designed, but rather evolved.

These ad-hoc governance structures may have worked, but they were ineffective in aligning IT with the needs of the broader organization.

The future

An effective governance structure needs to allow university IT to focus on the following five strategic areas, which align with the Office of Information Technology’s Strategic Operations Plan:

  1. Strategic Alignment.  Making sure the university’s IT strategy advances the university’s academic/business missions, needs and objectives.
  2. Value Delivery.  Assuring that the IT strategy delivers benefits and provides value.
  3. Resource Management.  Providing optimal investment in and proper management of IT resources, including applications, information, infrastructure and people.
  4. Risk Management.  Understanding and awareness of IT risks, and effective and appropriate management of these risks.
  5. Performance Measurement.  Tracking and monitoring of IT performance through established metrics.

When IT governance is successful

IT governance is successful when:

  1. Process and structures addressing the five focus areas (Strategic Alignment, Value Delivery, Resource, Risk and Performance Management) have been designed and implemented with assigned responsibility and accountability.
  2. The served community clearly understands and trusts the governance.
  3. Governance processes and structures are flexible and can adapt to meet changing conditions.
  4. Governance processes are fair, open, and timely.

The NC State IT governance model is based on the Weill and Ross Framework, which is defined as the decision rights and accountability framework to encourage desirable behavior in the use of IT. For details about the framework and its adoption at NC State, view Weill-Ross-Framework.