Effective IT governance remains an extremely relevant discussion in boardrooms around the world. While forward-thinking organizations have the alternative to create their own agile governance frameworks, another viable option may be to adopt traditional frameworks developed over time. Adoption of a traditional governance framework may have a few compelling reasons:
1. Efficiency – Time is the most valuable resource today. So why spend so much of it on developing a framework based on limited experience when internationally adopted frameworks exist?
2. Structure – Most frameworks have a pre-defined structure that can be implemented in a fairly precise manner. And structure is helpful to get people on the same page and understand what the expectations are.
3. Best Practices – Most of the widely used governance frameworks have evolved over time, and include best practices from many different organizations. Efforts of a single organization can rarely ever match the cumulative years of experience reflected in these models.
4. Knowledge Sharing – Ideas can be shared between executives from different organizations by following a common vernacular embedded in a governance framework.
5. Auditable – Effective assessment of control becomes more difficult for auditors, especially third party auditors in the absence of standards.
Which is the “right” IT Governance Framework for your organization?
Given choices, decision-makers are faced with the predicament of deciding which framework is right for them. For example, COBIT is strong from the perspective of metrics and controls. IT security is covered very well by ISO 17799 while processes are emphasized by ITIL. If an organization felt these frameworks were applicable to them, they would analyze the three and combine best practices from each and based on the requirements of the organization.
The emphasis for traditional IT Governance is the need for:
- Governance principles
- Strategic direction
- Organizational structure
- Process Discipline
- Relationship management functions
As I mentioned before, traditional IT Governance models do not emphasize Agile Principles. All of the traditional frameworks, while robust on their own, could be strengthened further. They could be made more effective by including components of the Agile Principles.