IT service providers must comply with a huge amount of rules and legislation. According to ITIL Foundation certification training, these rules and legislation can come from the company’s specific instructions or from industry specific standards. For instance, logging every activity of a user can be a rule defined by the company. Or applying the ISO 9001 standard can be an industry legislation. IT governance must comply with these rules and legislations. ITIL online courses emphasize the use of IT governance as part of good IT service management. IT governance is applicable to all stages of the ITIL lifecycle for services: ITIL Service Strategy, ITIL Service Design, ITIL Service Transition, ITIL Service Operation and Continual Service Improvement. Good IT governance must be applied throughout all these stages of the ITIL service lifecycle.
But what exactly is governance? Is it just a bunch of rules and regulations? No. When we go back to the dictionary, we learn that governance is “establishing chains of responsibility, authority, and communication to empower people.” Let’s look at each of these terms. Responsibility refers to being held responsible for a specific task or duty. Authority refers to the power to influence behavior while communication refers to the exchange of information. Finally, empowerment refers to giving people the official authority to act. Governance also means that measurement and control procedures have to be in place to help people to carry out their roles and responsibilities.
ITIL ensures three fundamental types of governance
The first type of governance is enterprise governance. Enterprise governance ensures compliance to rules and strategies to align of all key functions towards the business. Enterprise governance aims to follow rules and legislations that are related to the business. For instance, if the business requires that at least last five years of activity of a customer must be kept in the archive, this is an example of a business rule that must be complied with in accordance with enterprise governance.
The second type of governance is corporate governance. Corporate governance conveys fairness, transparency, and sense of responsibility. A company can aim to be fair and transparent when there is an open position in the hierarchy for instance. Based on this strategy, the human resources department can post the opening over an internal portal for the employees to see and apply. Corporate governance aims to comply with these rules of the company.
The third and the last type of governance is IT governance. IT governance ensures leadership, organizational structures, and processes to IT supports the strategies and goals of the organization. IT governance aims to comply with the rules and legislations related to IT assets of an IT service provider. For instance, based on the legislations, a bank must be obliged to provide 3D secure payment as an alternative for the use of its customers when they are shopping online. IT governance must ensure that these kinds of legislations are satisfied with the provided services, processes and assets of the IT service provider.
IT Governance ensures that policies and strategy are actually implemented and that the required processes are followed correctly. IT governance plays several key roles in the operations of an IT service provider. IT governance has two distinct components: structural and process. The structural component relates to the business’ IT activities and the way that these activities support the objectives of the business. The process component determines the decision-making rights associated with IT and also the processes and policies that are used to measure and control the way that IT decisions are made.
The role of IT governance
The role of IT governance includes: Ensuring the implementation of guidelines and strategies. Proper strategies to achieve business strategies should be developed. Under these strategies, specific guidelines to follow and achieve strategies must be planned and prepared.
The role of IT governance also includes ensuring the adherence to processes. If you defined and implemented processes in order to provide better value to the customers of these processes, IT governance must be the police of adherence to these processes. If any misuse or improper usage is detected by the governance, corrective actions should be implemented to follow processes.
The definition of roles and responsibilities is also part of IT governance. In order to enable better and effective management, roles and responsibilities must be defined clearly and no room should be left for conflicts. If there are conflicts arising due to unclear roles and responsibilities, these problems and the root cause of the problem about roles and responsibilities should be resolved immediately.
IT governance also deals with measures and reports. If you cannot measure, you cannot manage. You need to be able to measure your current status and your future results as well in order to have improved results over time. Measurements should be done and reports of the existing status should be produced to be considered by the management.
Finally, actions for resolving all issues identified is also part of IT governance. All issues should be addressed. There should not be an open issue if good IT service management is applied in the organization. Procedures should be in place to identify and resolve issues within an acceptable timeframe.
Many IT Service Management strategies fail because they only consider their own IT strategy instead of considering the existing governance structures. When applying a new strategy, you need to be sure that it is compliant with the existing structures and won’t cause any conflict.
IT governance is an important part of the Continual Service Improvement stage of the ITIL service lifecycle. There are many formalized procedures to be followed in Continual Service Improvement and these are underpinned by IT governance standards.
Review by: Guy Rivera