Entrance to IT Governance

The Information Technology governance  is of the modern management concepts that come within the context of multiple concepts of governance and good governance with its various sectoral allocations after its importance doubled in the last decades of the 20th century following the failure of some governments and  collapse of international companies dominated and stormed by waves of corruption due to the weakness and/or absence of the inadequacy of traditional regulatory and supervisory frameworks; and  to successfully cope with such challenges there was no choice but to seriously work on how to limit the reasons behind; and the diverse concepts of governance were the best protective solution to achieve it depending on the dominantly regulatory frameworks that define responsibilities, reduce conflict of interests, achieve control and accountability, and provide an effective tool for risk management  according to clear-measured structures and methodologies for applying, evaluation and auditing with international criteria supported by the principles of transparency, disclosure and justice to ensure the rights of shareholders and stakeholders and enhance the success and competitive feature of the organization.  IT governance, like any other governance concept, has its special importance and privacy in principles, objectives, and methodologies of applying.  The high importance of IT governance is represented in the influential role that IT’s tools play as the main carrier of the operations and services of companies and organizations, especially in light of the shift to providing electronic and/or smart services that imposed the use of information technology in all technical, financial and administrative operations “E2E”, M2M”, so that these operations are direct, integrated and online which is considered the most important criterion that makes the distinguished competitive feature in today’s financial and business markets and because of the quality of the services offered some companies have topped the global ranking and others have crossed the trillion dollar barrier for the first time in history and, in a hetero scene,  some others tragically left the scene.  That fact has seriously put the boards of directors in a compelling position that had no choice but to ride the risk especially since the use and integration of information technology as integrated solutions in companies were neither easy nor smooth due to the huge size of its investments, and the difficulty of its applying, operation, and maintenance in the ‘7/24′ system owing to its technical intricacies, accelerating developments, and risks of hacking and breaking through which made its governance the most perfect and appropriate solution, and its importance was exactly represented there.  The principles, objectives, and methodologies of applying, also vary with neither differences nor collisions according to its pioneers who perfectly worked to innovate, develop, and frame its 3 most famous frameworks:   ITIL, COSO, and COBIT.  The last one, COBIT, was considered the most common in use for its multiple features of which the integration of its principles and objectives with the governance of organizations was the most important factor, and because it was originally a review and auditing tool of information systems when the first version was designed and issued in a year (1996).   And comprehensiveness was of its features for all tasks and activities of the company and/or organization, and the operations of its application and evaluation were clear and with precise procedures, and therefore it was directly reflected in the quality of the outputs.   Of its principles we, as a clarification, mention the separation of governance from management, meeting the needs of stakeholders, and covering the project for the organization from start to finish in one integrated framework.  As for its operations, they were divided into (4) groups which were consisting of (34) control procedures of which (271) sub-procedures were created and called control objectives that included ideal controls starting with the procedures of preparation and planning and ending with the procedures of evaluation and appreciation.  Finally, in light of the high and obvious importance of IT governance as an urgent need for any company and/or organization, it has to take some initial procedures to get involved in the voluntary application of its principles in preparation for the official application.  Some of those most important procedures are as follows.  One of the company/organization’s board of directors should be an IT specialist and preferably independent. Otherwise, the IT governance specialist should be appointed as the board’s advisor, at least. The governance committee’s missions should be enlarged to include those of the IT governance ones and, IT specialist(s), at least one, should be appointed to that committee.  The internal and external auditors’ reports must include the part relating to the review and auditing of information systems and technology to find out possible holes and/or errors to cure them and take its features and to make the decision-makers, including the board of directors, aware of such positive effects and provide the specialists in the Information Technology Unit with experience in dealing successfully with such holes and errors and finding them efficient solutions and, the work performance and environment of that sector consequently improve in preparation for its governance.