Creating an IT Governance Roadmap

IT governance is an escalating issue for firms struggling with how to leverage IT to provide a competitive advantage for companies.

Managers have made numerous attempts to increase the understanding of how IT operates, and more importantly, how IT can be used to leverage the business and provide a competitive advantage for the firm. IT managers need to assess their capabilities by asking the following questions: 1) Are IT managers able to support the firm in obtaining its objectives? 2) Are they capable of keeping up with the constantly changing market environment? 3) Are they up to date on the latest and greatest technology trends and offerings to the marketplace? 4) Are they flexible enough to understand and lead business process changes as needed? 5) Are they capable of judiciously helping to manage the firm’s risk? 

Information technology (IT) offers firms many opportunities to enhance or transform their products, services, markets, work processes, and business relationships. Such efforts, however, require carefully orchestrated efforts between the firm’s technology and business specialists. It is often the case that the ways in which the firm utilizes IT and the impact that IT has on a firm’s performance have been carefully guided by well-thought-out IT governance policies and procedures. Interestingly, the Meta Group recently reported that more than 80 percent of Global 2000 firms do not have a formal governance committee in place.[1] The analyst firm also predicts that 50 percent of companies will attempt to improve their IT governance policies this year. According to the Meta Group, firms having better than average IT governance policies can realize at least a 20 percent higher return on assets than organizations with weaker governance.[2]

What is IT Governance? 

IT governance is defined as “the decision rights and accountability framework for encouraging desirable behavior in the use of IT.”[3] IT governance is seen as a framework that ensures that information technology decisions consider the business' goals and objectives. Similar to ways in which corporate governance aids the firm in ensuring that key decisions are consistent with corporate vision, values and strategy, IT governance ensures that IT-related decisions match companywide objectives. 

IT governance has primarily been driven by the need for the transparency of enterprise risks and the protection of shareholder value. The overall objective of IT governance is to understand the issues and the strategic importance of IT, so that the firm can maintain its operations and implement strategies to enable the company to better compete now and in the future. Hence, IT governance aims at ensuring that expectations for IT are met and that IT risks are mitigated. IT governance exists within corporations to guide IT initiatives and to ensure that the performance of IT meets the following corporate objectives:

  • Alignment of IT to support business operations and sustain advantages; 
  • Responsible use of IT resources; 
  • Appropriate identification and management of IT-related risks; 
  • Facilitation of IT's aid in exploiting opportunities and maximizing benefits.[4] 

A structured IT governance committee or policy along with corporate managers combine to ensure that IT is synchronized with the business and delivers value to the firm. IT governance also aids companies in instituting formal project approval processes and performance management plans.

Firms typically make five types of IT decisions:[5]

  • IT principles decisions dictating the role of IT in the enterprise. 
  • IT architecture decisions on technical choices and directions. 
  • IT infrastructure decisions on the delivery of shared IT services. 
  • Business application requirements decisions for each project. 
  • IT investment and prioritization decisions.

To successfully make these five types of decisions, firms must develop and implement IT governance mechanisms. There are three general categories of IT governance mechanisms and techniques,[6] which include 1) decision making, 2) process assignment, and 3) communication approaches. A recent study asked 250+ Chief Information Officers (CIOs) how IT governance was enacted within their organizations.[7] Utilizing the three general categories of governance mechanisms, the table below summarizes the techniques used by the firms:


Decision-Making Structures

Business/IT relationship managers

IT Leadership committee composed of IT executives

IT council composed of business and IT executives

Executives of senior management committee

Process teams with IT members

Architecture committee

Capital approval committee

Alignment Process

Tracking of IT projects and resources consumed

Service-level agreements

Formal tracking of business value of IT

Chargeback arrangements

Communication Approaches

Office of CIO or officer of IT governance:

Work with managers who fail to follow the rules;

Publicize announcements from senior management;

Manage and monitor Web-based portals and intranets for IT.

Graziadio Business Report,  2008, Vol. 11, Issue 3
This article is copyrighted and has been reprinted with permission from Pepperdine University. 



Despite the fact that corporations are beginning to experience success with implementing IT governance mechanisms to better manage their IT resources, individual governance mechanisms cannot alone promise the successful implementation and execution of IT governance policies and procedures. Companies must be able to better understand the complex playing field of their competitive environment and be able to put together a reliable set of governance techniques that are simple, are easily shared and implemented, and that engage managers who make key decisions for the company.

These mechanisms provide firms, at a minimum cost, with the coordination, control, and trust that is needed to manage and utilize their IT related resources. Hence, well-developed and implemented IT governance mechanisms help firms to establish coordinated mechanisms that link IT-related objectives and goals to measurable goals. IT governance also helps to provide the necessary checks and balances to better manage and mitigate risk, standardize practices, streamline procedures, and improve returns on technology resources and assets. 

IT Governance: A Continuous Process. IT governance can be seen as the continuous process of aligning corporate and IT strategy. IT governance helps to shape organizational changes over time and should be tightly tied to corporate governance procedures and regulations. IT governance is intended to safeguard the organization against criminal activity inside and outside the organization and then to develop and implement strategies and processes to manage governance. 

IT Governance at Different Layers of the Organization. IT governance is typically the primary responsibility of the board of directors and executive management (including the Chief Information Officer). It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives. 

IT governance should typically address IT-related risks and opportunities at different layers of the organization. IT managers should solicit input for the development of IT governance policies and procedures, since such governance affects employees within different layers of the organization and across different business functions. All employees, from front-line employees and their managers to the executives of the board of directors, should contribute to the enforcement of IT governance policies and procedures.

Ten Action Items to Consider When Establishing IT Governance

  1. Define your company’s direction on IT governance. In this step, the goal of the firm is to identify and define the strategic and tactical IT governance roles and responsibilities. Ensure that your firm has documented roles and responsibilities of the board, the executives, and the IT strategy committee. Identify and specify how priorities are set, how resources are allocated, and by whom, and how projects are tracked. In addition, include senior managers from both the IT and business divisions when you establish your direction; these individuals serve as the key champions to disseminate and encourage the adoption of IT governance procedures and policies within their divisions. Identifying champions from both sides of the business decreases the likelihood of a disconnect between business objectives and IT capabilities.
  2. Determine an IT governance implementation plan. The firm requires an effective action plan that matches specific circumstances with needs. It is of foremost importance for the board to take ownership of IT governance and determine the direction that managers should follow. Such decisions are efficiently made by ensuring that the board operates with IT governance in mind:
    1. Ensure that IT issues, plans, and wins are on the Board’s agenda. 
    2. Uncover IT issues by challenging management’s activities with regard to IT. 
    3. Guide managers by helping to align IT initiatives with real business needs. 
    4. Highlight the potential impact on the business of IT-related risks. 
    5. Insist that IT performance be measured and reported to the Board. 
    6. Establish an IT strategy committee that is responsible for communicating IT issues between the Board and mangers. 
    7. Insist that the firm utilize a common approach to employing a management framework for IT governance.
  3. Identify champions who have a vested interest. Assign clear responsibilities for each type of IT decision to individuals who can accept accountability for the outcomes of those decisions. Constrain the number of decision-making structures when determining how IT resources are acquired, utilized, and discarded.
  4. Ensure cross-coordination and responsibilities for IT decisions. The previously listed five types of IT decisions are often distributed across the firm, so corporations need to consider overlapping responsibilities in the decision-making bodies. Overlapping memberships coordinate decisions throughout the enterprise and often ensure that the strategic objectives of managers filter down to decisions made at the individual project level.
  5. Create an IT governance road map and plan for long-term strategies. IT governance should be integrated with the more broad and strategic Enterprise Governance goals. An IT governance approach helps board and management understand the implications and strategic implications of IT and assists in ensuring that the enterprise can sustain its operations and implement the strategies required to extend its operations for future growth. Avoid the “doing it all” syndrome, which most organizations attempt to do.
  6. Walk before trying to run: Target short-term IT governance goals and wins. After the firm has identified and developed a strategic IT governance road map, perhaps identify short-term IT governance issues that can serve as quick wins to get the organization jump-started on its IT governance policy and regulation enforcement. These quick wins will provide a good indication of the possibilities and challenges associated with implementing sound IT governance; they also help to uncover corporate barriers that need to be addressed before long-term strategies can be implemented. Such wins will also help to provide evidence that IT governance procedures and policies can aid and protect the organization, as well as further establish the credibility for implementing IT governance policies. 
  7. Go To the place: Identify and manage IT-related risks and opportunities. Do your homework and understand what it is that your users need and determine how such needs affect ways in which IT is used within the corporation. In doing so, you can uncover IT-related risks and opportunities. Instead of pretending to understand instances of IT’s improper and ineffective use, go to the place where there is pain within the organization. Pay your users a visit to personally experience their IT-related difficulties. Another suggestion for identifying corporate IT risks or opportunities is to survey your users. They can be one of the best sources of input for identifying security gaps or inappropriate use of IT. 
  8. Revisit IT governance policies on a regular basis. Once a firm has designed a feasible set of IT governance mechanisms, governance can remain in place until a change in strategic direction or a business opportunity redefines what the firm sees as desirable use of IT resources. However, opportunities sometimes arise that are not fully (or partially) addressed in the IT governance policies and procedures. When this situation occurs, the IT governance policies must be revisited to address these situations.
  9. Increase the transparency of your IT governance. One of the most significant factors that can influence the success of IT governance policy and procedures is the number of employees who can accurately describe the company’s IT governance policies. IT executives and their staffs must engage in proactive conversations with business people and IT users to better understand corporate needs. One suggestion to promote IT governance in your firm is to boost the public relations activities of the IT department. For example, consider producing and distributing an annual report from the IT department that explains and shares the firm’s IT governance and future strategic goals and plans. 
  10. Establish exceptions to processes in the governance processes. Occasionally business situations or opportunities occur that are not governed or addressed by the firm’s IT governance policies. Such occurrences arise simply because IT governance may prohibit particular actions, or perhaps IT governance policies may be out of date. Establish a process for the firm to follow if the need arises to update or to provide an exception to the IT governance policies that are in place.


IT governance exists to assist enterprise leaders in their responsibility to make IT successful in supporting the firm’s goals and mission. IT governance helps firm executives to raise awareness and understanding among employees. Such governance also helps provide guidance and tools to boards of directors, executive managers, and CIOs to ensure that IT is appropriately aligned with corporate goals and policies and that IT meets and exceeds expectations of the firm. Over the next 40 years, IT leadership will move from serving as an individual contributor on the corporate team to being a full member of the team. The huge burden of the CIO—ensuring that IT is effectively managed—will become a company and board-level responsibility. However, this change will be more easily accomplished if IT governance is fully incorporated and is properly enforced within companies.

Graziadio Business Report,  2008, Vol. 11, Issue 3
This article is copyrighted and has been reprinted with permission from Pepperdine University. 






About the Author

Mark W.S. Chun, PhD, is Assistant Professor of Information Systems at the Graziadio School of Business and Management at Pepperdine University. He earned a PhD in Information Systems from the University of Colorado at Boulder and received an MBA from the University of California, Irvine in the area of international business and strategy. He holds a Bachelor of Business Administration degree with an emphasis in management information systems from the University of Hawaii. Prior to entering academe, Dr. Chun worked for companies such as Intel Corporation, Pepsi Co./Taco Bell, Coopers & Lybrand, and the Bank of Hawaii. His research focuses on the use of information technology to create value and to transform organizations.


[1], 1/11/2005, “Executive Guide: IT Governance.”

[2] Ross, Jeanne, and Weill, Peter. "Recipe for Good Governance," CIO Magazine, 15 June 2004, 17, (17).

[3] Ibid. Ross & Weill.

[4] “Board Briefing on IT Governance,” 2nd edition, IT Governance Institute, 2003.

[5] Ibid.Ross & Weill.

[6] Ibid.

[7] “Effective IT Governance Mechanisms,” CIO Magazine, June 15, 2004.


Related Categories

Related Topics

Related Articles

A Guide to ICT Governance

An in-depth guide to Information and Communications Technology Governance (ICT Governance) for the Board. It provides the knowledge for a board to effectively steer ICT in an organization - starts with current actions, guides in creating an ICT plan,...

Application Lifecycle Optimization

 By proactively identifying, eliminating, or remedying poorly performing application assets, Applications Rationalization helps companies reduce costs, target efforts to the areas of highest return, and maximize the business value of their applicati...

Business Relationship Management Case Study

This presentation describes the implementation and use of business relationship management at a major financial services company.

Business Relationship Management for Innovation

This white paper describes the Business Relationship Management function, how it interacts with the other functions in an organization, how it can be used to embed a culture of innovation, and how to measure BRM success.

Case Study - Implementing Multiple IT Governance Frameworks

This comprehensive report explores the issues in implementing multiple Information Technology Governance Frameworks (IT Governance Frameworks) and using a study of IT Governance Framework implementation across multiple organizations proposes best pra...

Case Study - Using Enterprise Architecture to Govern Enterprise Transformation

This in-depth report explores the critical role of enterprise architecture in managing successful organizational transformation. How do IT Governance and enterprise architecture play together to ensure results? Read On!! (350 pages)

CIO Responsibilities in IT Governance

This report discusses information technology governance at leading companies and presents a framework for IT governance with CIO responsibilities.

Corporate Governance of Information Technology

This presentation makes the connection between corporate governance, information technology IT governance, information security governance, and risk management.

Designing an Application Roadmap

CIO can think of themselves as Software Company CEOs or Product Managers - one hat, there are others of course! Now, with changes in the business environment, internal customers requirements, and the ever increasing pace of technology change, how doe...

e-Book - IT Governance and Risk Management Guide

This document provides a comprehensive look at information technology governance (IT Governance) and Risk Management. A great resource for the CIO to understand and apply the two disciplines in their organizations. (70 pages)

How is IT Governance Related to Corporate Governance?

This in depth presentation (50+ pages) discusses the relationship between information technology governance and corporate governance. It also makes a connection between these two and risk management and information security governance. Excellent Read...

Implementing IT Governance

This presentation introduces Information Technology (IT) Governance, its key stakeholders and their interests, common IT Governance frameworks such as COBIT, Val IT and Risk IT and an overview of a life cycle for implementing IT Governance using the...

Implementing Sustainable IT Governance

This case study discusses a three step process to implement an it governance capability that aligns with business goals.

Integrating ITIL with other Frameworks

The author discusses the strengths and weaknesses of ITIL with a view to complementing it with other framework and processes for better business outcomes. Why ITIL? Why ITIL may not be enough? What more is needed? How to get it to work with ITIL? CIO...

Intro to Change Management and SDLC

This presentation discusses change management - definition, significance, types - change management controls, the impact of weak change management controls and best practices in change management along the software development life cycle (SDLC).

Introduction to IT Governance

Introduction to it governance - what is it ? why is it important? what are its components?

Introduction to IT Governance

 This sample chapter provides an overview of Information Technology Governance.

IT Governance

 IT governance best practices implementation guide

IT Governance Best Practices

 This paper discusses best practices in IT governance and alignment.

IT Governance Capability

This paper defines IT Governance and provides a case study on IT governance with a set of lessons learnt in creating IT Governance capability.

IT Governance Example

This is a detailed example of IT governance implementation in the enterprise. It provides the framework, process, roles, organization, policy, and steps used to implement project/investment governance in the organization. CIOs can use this an a templ...

IT Governance: The Ultimate IT Weapon

Bombastic claims rarely pan out. But this is a good article to read...

ITIL Service Delivery Self Assessment

This excel spreadsheet can be used to assess the extent to which your organization has adopted best practice guidance on ITIL service delivery. It comprises of a simple questionnaire which enables the identification of the specific areas that need im...

MIT’s IT Governance Framework

This paper presents an IT governance framework on one page.

Performing an Information Security Assessment

This presentation describes the steps in performing an information security assessment - what are the critical security goals and objectives? what are the documentation requirements? how to incorporate regulatory requirements? how to gather data to ...

Process and Politics in IT Governance

This research study on IT governance in higher education addresses a host of issues starting with a definition of IT governance.

Seven Undeniable Truths about IT Governance

 This presentation answers the question: "Why IT Governance" with case studies of companies that gained business value by successfully implementing IT Governance.

Step by Step Process for IT Governance

This document provides step by step guidance on implementing IT Governance in the enterprise. An excellent resource for CIOs who are just getting started with IT Governance or looking for a process to improve their governance capability. Excellent R...

Technology Governance Board

 This presentation discusses the formation and composition of a "Technology Governance Board" to manage IT investments.

What is the Difference Between Governance and Management?

This paper looks at the structural and functional differences between governance and management using the "plan-do-check" framework.

Why the growing interest in IT governance?

 This presentation defines Information Technology Governance and lays out a case for its use to increase IT value.

Posted on 03/18/2009 by

Creating an IT Governance Roadmap author Webmaster1



For ThoughtLeader

CIO Index

Our Focus is On Your Agenda

CIO Index is the world's largest professional network for CIOs - of the CIO, for the CIO, by the CIO. 

Over 75,000 CIOs and other IT Executives use CIO Index to Learn, Network and Share.


Cioindex, Inc.

  • (+1) 800-309-3550
  • Mon - Fri 9:00am - 5:00 pm
  • 375 North Stephanie St., Ste 1411, Henderson, NV 89014