BACKGROUND

Information Technology Governance  has developed in parallel with corporate governance to address similar concerns, but as they relate to the use and management of information technology.

There have been many attempts to better manage information technology, the inherent risks and its ability to deliver value to the business. Many well publicised corporate governance scandals have resulted in greater regulatory and stakeholder interest in the activities of those responsible for the stewardship of public and private sector enterprises, including information technology.

IT governance became a subject on its own shortly after the release of the COSO report in 1992 as a result of US corporate governance scandals in the 1980s. The Committee of Sponsoring Organisations of the Treadway Commission (COSO) produced a report on the need for better Internal Controls in business. This initiative has been followed by more recent publications in the form of Corporate Governance reports around the world that highlight the need for better risk management and improved internal control. Most recently, the US' Sarbanes-Oxley regulations specify that the Chief Executive Officer and Chief Financial Officer must sign-off that internal controls are not only well designed, but effective.

The outcome expected is that those responsible for the stewardship of public and private enterprises will exercise appropriate due dilligence over all business activities, including the acquisition, use and disposal of information and information technology. The basic requirement is for those responsible for stewardship to understand their responsibilities, and act appropriately. For too long stakeholders have suffered the consequence of incompetence, negligence and fraud. The expectation is that decisions regarding the investment, selection amongst choices and use of information technology is based on a proper understanding of business requirements, sound economic principles and good governance.  

IT's time to grow up!