Forget SOX!

Are "flavors of the month" such as SOX and ITIL taking away focus from IT Governance?

Over the past few years, the frenzy over SOX had dimmed the lights on other issues facing the IT Organization. This latest entrant to the “flavor of the decade” club took over where Y2K left off. IT Organizations lapped it up like junkies in need of a new fix.

Don’t get me wrong. The focus on SOX compliance is not misplaced. However, my disagreement is with that single minded focus causing organizations to overlook other, perhaps more critical, issues. I am also appalled at how SOX has marginalized the rest of IT Governance.

Whatever little space SOX left, ITIL – the new flavor of the month – has taken. Again, the focus on ITIL is not misplaced but it has to be in context of the “big picture” of IT Governance.

So, it is time to revisit, the “big picture” of IT Governance.

What is IT Governance?

IT Governance is a set of management and control processes and organizational structure to manage IT for shareholder value.

IT Governance sits on top of the other elements of IT capability – strategy, processes, infrastructure and organization - making sure that each is individually tuned and collectively coordinated, to deliver shareholder value.

IT Governance process connects – measures, monitors and controls – with every process in IT. At a high level, these IT processes fall under the continuum of identify, select, fund, build and deploy).

Who needs IT Governance?


The objective of IT Governance is to ensure delivery of IT value through a structured system. This system ensures that we make the right decisions at the right time.

Specifically, IT Governance ensures the following:

  1. Smooth i.e. disruption free operations
  2. Effective and Efficient processes
  3. Effective Risk Mitigation

What are the elements of IT Governance?

IT Governance measures, monitors and controls other elements of IT capability. It does so by defining clear set of events, processes, actions, roles and responsibilities and ensures delivery by aligning them with requisite authority and a system of reward and punishment.

IT Governance is part of every IT process. Consequently, it has the following major processes:

  • Business and IT Alignment
  • Enterprise Architecture Planning (including technology standards)
  • IT Service Management
  • Application Portfolio Management
  • Enterprise Data Management
  • Infrastructure Management
  • Project Portfolio Management
  • Budget/funding Management
  • Compliance with EA and standard (Building permit process)
  • Project Management Office (including Project Management for key initiatives)
  • Organization assessment and impact (system of performance based culture; employee satisfaction; employee compensation management etc.)
  • Business impact and change management
  • Strategic sourcing management
  • Legal and Regulatory compliance - including SOX.
  • IT risk management
  • Security

This is not meant to be an exhaustive list. However, I hope we have the critical CxO level IT Governance processes included in it.

There is a hierarchy of IT decisions. For each decision, there is a process including components or sub-process for its governance. Consequently, there are layers underneath these items described above. One can also club them into groups or sub groups.

For IT Governance to be effective, its processes must be meshed with those of the enterprise. This ensures consistency, compliance and conformity on the hand and the sharing of best practices to make the enterprise governance effective and efficient, on the other.

Why IT Governance?

IT provides a promise of shareholder value. How do we ensure the delivery against this promise? The role of IT governance is just that – to make sure business value is delivered in an “orderly” and “predictable” way.

Hence, IT Governance is critical to the success of every IT Organization.

Does every organization need the entire laundry list of IT Governance processes described above? IT Governance is needed wherever IT processes and needed. If your organization does not have one of the processes described above then it does not need governance!

Over the coming weeks, we will take a look at each of the key elements of IT Governance and provide tools and techniques to effectively manage them.

Sourabh Hajela is a management consultant and trainer with over 20 years of experience creating shareholder value for his Fortune 50 clients. His consulting practice is focused on IT strategy, alignment and ROI. For more information, please visit Or feel free to contact Sourabh at .

Related Categories

Related Topics

Related Articles

An Introduction to Enterprise Risk Management (ERM)

This introduction to enterprise risk management (ERM) covers its definition, key trends, best practices and future direction.

CIO Responsibilities in IT Governance

This report discusses information technology governance at leading companies and presents a framework for IT governance with CIO responsibilities.

Connecting IT Governance, SoX, COSO and CoBiT

 This excellent presentation provides an overview to IT Governance and then connects it with the three key frameworks - Sarbanes Oxley (SoX), CoSo and CoBiT.

Developing an Information Technology Risk Management

This in-depth presentation provides a step by step guide to implementing an information technology risk management program

Improving Information Security Compliance

This paper presents a process-oriented approach to manage organizational change needed to improve information security compliance. The approach uses Business Aligned Information Security  anagement (BAISeM) and principles that have been derived from...

Performing an Information Security Assessment

This presentation describes the steps in performing an information security assessment - what are the critical security goals and objectives? what are the documentation requirements? how to incorporate regulatory requirements? how to gather data to ...

Why the growing interest in IT governance?

 This presentation defines Information Technology Governance and lays out a case for its use to increase IT value.

Posted on 03/16/2009 by

Forget SOX! author Webmaster1



For ThoughtLeader

CIO Index

Our Focus is On Your Agenda

CIO Index is the world's largest professional network for CIOs - of the CIO, for the CIO, by the CIO. 

Over 75,000 CIOs and other IT Executives use CIO Index to Learn, Network and Share.


Cioindex, Inc.

  • (+1) 800-309-3550
  • Mon - Fri 9:00am - 5:00 pm
  • 375 North Stephanie St., Ste 1411, Henderson, NV 89014