Levels of Governance The Nature of Governance Technology Governance IT Governance Architecture Governance - Overview
Architecture Governance is the practice and orientation by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level.
Architecture Governance typically does not operate in isolation, but within a hierarchy of governance structures, which, particularly in the larger enterprise, can include all of the following, as distinct domains with their own disciplines and processes:
Each of these domains of Governance may exist at multiple geographic levels - global, regional, and local - within the overall enterprise.
Corporate Governance is thus a broad topic, beyond the scope of an enterprise architecture framework such as TOGAF.
This and related subsections are focused on Architecture Governance; but they describe it in the context of enterprise-wide governance, because of the hierarchy of governance structures within which it typically operates, as explained above.
In particular, this and following sections aim to:
Governance is essentially about ensuring that business is conducted properly. It is less about overt control and strict adherence to rules, and more about guidance and effective and equitable usage of resources to ensure sustainability of an organisation's strategic objectives.
The following outlines the basic principles of corporate governance, as identified by the OECD1:
Supporting this, the OECD considers a traditional view of governance as the "… system by which business corporations are directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among different participants in the corporation, such as, the board, managers, shareholders and other stakeholders, and spells out the rules and procedures for making decisions on corporate affairs. By doing this, it also provides the structure through which the company objectives are set, and the means of attaining those objectives and monitoring performance", OECD (1999).
The following characteristics have been adapted from Naidoo (2002) and are positioned here to highlight both the value and necessity for governance as an approach to be adopted within organizations and their dealings with all involved parties:
1 OECD Principles of Corporate Governance, (1999), Organisation for Economic Co-operation and Development [Online], available at: http://www.oecd.org/EN/document/0,,EN-document-76-3-no-15-8293-0,00.html [2001, December].
Technology Governance is a key capability, requirement, and resource for most organizations because of the pervasiveness of technology across the organizational spectrum.
Recent studies have shown that many organizations have a balance in favour of intangibles rather than tangibles that require management. Given that most of these intangibles are informational and digital assets, it is evident that businesses are becoming more reliant on information technology: and the governance of information technology - IT Governance - is therefore becoming an even more important part of Technology Governance.
These trends also highlight the dependencies of businesses on not only the information itself but also the processes, systems, and structures that create, deliver, and consume it. As the shift to increasing value through intangibles increases in many industry sectors, so risk management must be considered as key to understanding and moderating new challenges, threats and opportunities.
Not only are organizations increasingly dependent on information technology for their operations and profitability, but also their reputation, brand, and ultimately their value are also dependent on that same information and the supporting technology.
IT Governance provides the framework and structure that links IT resources and information to enterprise goals and strategies. Furthermore, IT Governance institutionalizes best practices for planning, acquiring, implementing, and monitoring IT performance, to ensure that the enterprise's information technology assets support its business objectives.
In recent years, IT Governance has become integral to the effective governance of the modern enterprise. Businesses are increasingly dependent on information technology to support critical business functions and processes; and to successfully gain competitive advantage, businesses need to manage effectively the complex technology that is pervasive throughout the organisation, in order to respond quickly and safely to business needs.
In addition, regulatory environments around the world are increasingly mandating stricter enterprise control over information, driven by increasing reports of information system disasters and electronic fraud. The management of IT related risk is now widely accepted as a key part of enterprise governance.
It follows that an IT Governance strategy, and an appropriate organization for implementing the strategy, must be established with the backing of top management, clarifying who owns the enterprise's IT resources, and, in particular, who has ultimate responsibility for their enterprise-wide integration.
As with Corporate Governance, IT Governance is a broad topic, beyond the scope of an enterprise architecture framework such as TOGAF. A good source of detailed information on IT Governance is the COBIT Framework (Control OBjectives for Information and related Technology). This is an open standard for control over information technology, developed and promoted by the IT Governance Institute, and published by the Information Systems Audit and Control Foundation (ISACF).
COBIT also provides a generally accepted standard for good IT security and control practices to support the needs of enterprise management in determining and monitoring the appropriate level of IT security and control for their organisations.
The IT Governance Institute has also developed and built into the COBIT framework a set of Management Guidelines for COBIT, which consist of Maturity Models, Critical Success Factors (CFSs), Key Goal Indicators (KGIs), and Key Performance Indicators (KPIs). The framework responds to management's need for control and measurability of IT, by providing management with tools to assess and measure their organisation's IT environment against the IT processes that COBIT identifies.
Architecture governance is the practice and orientation by which enterprise architectures and other architectures are managed and controlled at an enterprise-wide level. It includes the following:
As mentioned above, IT governance has recently become a board responsibility as part of overall business governance. The governance of an organization's architectures is a key factor in effective IT/Business linkage, and is therefore increasing becoming a key board level responsibility in its own right, .
This section aims to provide the impetus for opening up IT and Architecture Governance so that the business responsibilities associated with Architecture activities and artefacts can be elucidated and managed.
Phase G of the TOGAF Architecture Development Method is dedicated to Implementation Governance, which concerns itself with the realization of the architecture through change projects. Implementation Governance is just one aspect of Architecture Governance, which covers the management and control of all aspects of the development and evolution of enterprise architectures and other architectures within the enterprise.
Architecture Governance needs to be supported by an Architecture Governance Framework, described in detail in the following section, which assists in identifying effective processes so that the business responsibilities associated with architecture governance can be elucidated, communicated, and managed effectively.
Copyright © The Open Group, 2003