IT Governance is a subset of corporate governance, focused on information and the technology and the performance and risk management around the handling of information and the technology. It is how organisations align their IT strategy with business mission, ensuring they stay on track to achieve their strategies and goals.
The use of IT has continued to mature throughout organisations and IT has become a platform or service on top of which the functions of the company are built. If you examine an organisation today there is a core platform of servers, workstations and networks which underpin the finance systems, sales, marketing, production and other activities. Each of these activities has different requirements and expertise. IT decision on spending is becoming dispersed throughout organisations, according to a survey conducted by BT of 1,000 IT "decision-makers". This has been backed by research by Garner which estimates by 2020, 35% of organisations’ technology budget will be spent outside the IT department.
This is creating “shadow IT”, and has been given impetus by the growth of consumer technology and cloud computing, which make it increasingly easy to deploy technology without going through the corporate IT department. With businesses under pressure to innovative, flexible and adaptive it has been realised they can often deploy solutions more rapidly by bypassing the IT department. BT’s study showed nearly three-quarters of respondents say they are more concerned about security with the move to a more distributed approach to IT. The various departments are very keen to purchase and deploy IT based solutions however they don’t want to support them or take responsibility for them working and are happy for central IT to provide this function.
Ensuring that shadow IT is subject to proper governance is a challenging task for CIOs. Part of the solution is by supporting the business in meeting its objectives by liaising with all parts of the business. They are the experts on what they need; they need support on ensuring the requirements can be met within the corporate governance framework. Shadow IT should not be considered a problem but should be adopted as part of a distributed IT function.