Four factors make it imperative to address IT governance at this time. First, most firms let their governance of IT lapse during the downturn, letting their oversight of IT reduce to budgeting and associated management of the IT function. Now, as businesses recover, and as more strategic challenges emerge, it is time to rebuild governance again. Second, in most firms, the IT function is no longer ‘in charge’ of IT as it was in the past. Technology is migrating outside the firm as companies go to networked business models based on the Internet, and as users demand, and receive, ever more computing power and functionality in their mobile phones, laptops, and other devices.

 

How does Governance gain ‘control’ of IT if the IT function is no longer accountable for much of IT? What does ‘control’ even mean in this new environment? Third, the firm faces regulatory and compliance demands that threaten to pre-occupy management to the exclusion of other issues surrounding IT. How can firms measure and manage these new risks? Fourth, firms need to profit from the opportunity presented by the much richer array of third party services (for example, ASPs, consumer services on public infrastructure) that have become available. How can we exploit the greater functionality and much lower cost of these services, while also complying with regulation and ‘controlling’ IT?

 

Our research will be based on interviews with 15-20 large firms and industrial groups in the US and Europe. We will also research best and emerging practice in governance in the post-bubble Sarbanes-Oxley era. We will be assisted in our work by Professor F Warren McFarlan of Harvard Business School, who is an expert on governance in IT, and whose recent work on governance will provide useful frameworks for CIOs to use.