Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

IT governance: Best practices for aligning IT and business strategy

The unprecedented pace of AI’s evolution and its use have put a strain on organizations.

According to a 2026 study from the IBM Institute for Business Value study, 77% of organizations reported that AI adoption is outpacing their governance capabilities.

Although governance practices — including the discipline of IT governance — predate AI, the challenges presented by AI adoption and findings such as those in the IBM study show how important IT governance is to overall organizational outcomes.

“IT governance helps ensure that the organization is making good decisions versus making poor decisions, and it ensures that the ability to make good decisions is embedded in everyday work,” says Sharon Stufflebeme, managing director of CIO solutions at Protiviti.

Despite its proven value, adoption of IT governance is still not universal, according to governance experts. Large enterprises, public companies, and those in regulated industries generally have robust IT governance. Smaller entities and privately held ones are less likely to have a mature IT governance program or any at all.

Moreover, some organizations that have IT governance in place may find it ineffective due to siloed IT activities, miscommunication, and failure to enforce policies, experts add.

That doesn’t just hinder effective and efficient IT operations, it can hurt the organization itself, says Nehawa Ngundam Abam, an IT governance and risk analyst at insurance company Starr and a member of the Emerging Trends Working Group with governance association ISACA.

“IT governance is still highly relevant today, and arguably even more so than in the past, because in the modern enterprise there is so much more technology and technology risk than before,” Abam says. “And without effective governance, IT can easily become super fragmented and misaligned with business objectives, and it can introduce cybersecurity, compliance, and reputational risks.”

IT governance and its value

IT governance is a foundational framework for aligning IT implementations and investments with business strategy.

“At its core IT governance is about ensuring that IT supports and enables the business in a controlled, measurable, and strategic way,” Abam says.

By following a formal framework, organizations can produce measurable results tailored to achieve their strategic goals. A formal program also takes stakeholders’ interests into account, as well as the needs of staff and the processes they follow. In the big picture, IT governance is an integral part of overall enterprise governance.

“It’s how we think about the collection of investments we’re making,” says Bill Briggs, who as CTO of Deloitte Consulting advises executives on the impact that emerging technologies may have on their organizations and who serves as executive sponsor of Deloitte’s CIO program.

“It’s the intentionalizing of expected spend and returns, it’s investing for growth versus keeping the lights on, and it’s ensuring what’s promised is what’s delivered,” he adds.

Briggs says a strong IT governance program creates guidance for how investments get approved, how much autonomy each position should have, how to evaluate and select IT vendors and technical solutions, where and how to innovate, how to best deploy workers, and more.

The pillars of IT governance

IT governance has five domains or pillars. ISACA identifies them as:

  • Value delivery
  • Strategic alignment
  • Performance management
  • Resource management
  • Risk management

Stufflebeme identifies and lists them slightly differently as strategic alignment, value management, risk management, resource management, and performance management.

“I define them in that order because of the crucial order in which they need to be viewed today. That strategic alignment pillar is critical in this age of AI as is the value management,” she explains.

Furthermore, IT governance through its risk management pillar ensures that the IT department is also aligned with the organization’s overall governance, risk, and compliance (GRC) program, experts add.

As such, IT governance helps organizations adhere to the many regulations governing the protection of confidential information, financial accountability, data retention, disaster recovery, and business continuity.

IT governance also supports the organization’s efforts to meet the expectations of shareholders, stakeholders, and customers — expectations that often exceed regulatory requirements.

IT governance frameworks

To ensure they have an effective IT governance program in place and can mature it over time, CIOs typically use a framework of best practices and controls.

Frameworks include implementation guides to help organizations phase in an IT governance program with fewer speedbumps. They also provide roadmaps on how to improve and mature a governance program.

The most commonly used frameworks are:

  • COBIT: Published by ISACA, COBIT is a comprehensive framework of globally accepted practices, analytical tools and models (PDF) designed for governance and management of enterprise IT. With its roots in IT auditing, ISACA expanded COBIT’s scope over the years to fully support IT governance.
  • ITIL: Formerly an acronym for Information Technology Infrastructure Library, ITIL focuses on IT service management. It aims to ensure that IT services support core processes of the business. The five foundational stages of the ITIL lifecycle are service strategy, design, transition (such as change management), operation, and continual service improvement. ITIL is designed to bring “together business, product, and service perspectives around value, experience, and outcomes, supporting confident decision-making across strategy and delivery, with continual improvement at its core.”
  • ISO/IEC 38500: This international standard provides guiding principles for corporate governance of IT. It is designed to help board members, directors, and executives evaluate, direct, and monitor the use of IT across their organization. It is designed so that organizations of all sizes, regardless of the extent of their IT use, can use it.

Other notable frameworks include:

  • CMMI: The Capability Maturity Model Integration method, developed by the Software Engineering Institute, is an approach to performance improvement. CMMI uses a scale of 1 to 5 to gauge an organization’s performance, quality, and profitability maturity level. It allows for mixed mode and objective measurements to be inserted, which some view as critical for measuring risks that are qualitative in nature.
  • FAIR: Factor Analysis of Information Risk (FAIR) is a relatively new model that helps organizations quantify risk. The focus is on cyber security and operational risk, with the goal of making more well-informed decisions. Although it’s newer than other frameworks mentioned here, it has gained a lot of traction with Fortune 500 companies.

Most IT governance frameworks are designed to help CIOs evaluate how their IT department is functioning overall, what key metrics management needs, and what return IT is giving back to the business from its investments.

Where COBIT is used mainly for risk, ITIL helps to streamline service and operations. Although CMMI was originally intended for software engineering, it now involves processes in hardware development, service delivery, and purchasing. As previously mentioned, FAIR is squarely for assessing operational and cyber security risks.

Embed governance into everyday work and other best practices

Experts agree that frameworks are useful, but they also stress that adherence to the framework does not necessarily mean effective IT governance is in place.

“Using a framework is not good if it’s just for the sake of checking boxes,” Stufflebeme says. “It’s important to understand the value of each governance pillar and how you measure each pillar.”

“Frameworks are to guide but not replace critical thinking and business judgment and organizational adaptability,” Abam adds. “If it becomes a document exercise, then I think organizations create an appearance of maturity without truly improving their governance, risk management, and resilience.”

Abam and others say the most effective IT governance programs are those where the controls are embedded into everyday work and where workers know and are empowered to follow the policies established by the governance program.

“A lot of governance today can be done with controls that are built digitally into systems,” says Marco Bill, senior vice president and CIO at Red Hat. He uses AI and automation to make adherence to governance happen easily without slowing work and becoming a bottleneck.

Experts offer other best practices for building a strong IT governance discipline:

  • Engage business executives in the process. “It’s important that governance is business-driven and not purely IT-driven; it should be a balance between the two efforts,” Abam says. “That creates a tendency for governance to be more effective, when it’s positioned as an enterprisewide function tied to business operational resilience, customer trust, and business risk management.”
  • Treat governance as a continuous activity. “It’s not manual, static reporting or point-in-time audits and annual reports,” Abam explains. Rather, it needs real-time risk monitoring, the use of risk registers, dashboard reporting, and ongoing policy enforcements via automation and continuous monitoring. Embed governance early into transformation initiatives.
  • Ensure ongoing stakeholder buy-in. “Governance can’t operate in isolation. It has to have stakeholder buy-in and be collaborative and cross-functional, with ongoing conversations between IT, risk, legal, compliance and other teams, because when IT is disconnected from other leaders, actions become reactive rather than strategic,” Abam says
  • Establish clear accountability and ownership. Program components must be owned by leaders who have clear accountability for outcomes, Abam adds.
  • Create a distinct AI governance program. AI governance should be address separately, while also being part of the overall IT governance discipline, says Thomas Phelps, CIO and senior vice president of corporate strategy at Laserfiche and an advisory board member for the SIM Research Institute. “Because AI is so new, it’s worth having a separate effort. Plus, AI changes so fast, that you need to address [its governance needs] more often that IT governance,” he adds.
  • Integrate IT governance into the corporate governance program. “If it’s done right,” Briggs says, “it’s viewed as part of organizational governance, not IT shop governance or CIO governance.”

More on IT governance:

  • Rethinking IT governance for agility and innovation
  • The keys to effective IT governance in the digital era
  • 7 IT governance myths
  • 7 IT governance mistakes — and how to avoid them
  • What is CGEIT? A certification for seasoned IT governance professionals


Read More from This Article: IT governance: Best practices for aligning IT and business strategy
Source: News

Category: NewsJuly 2, 2026
Tags: art

Post navigation

PreviousPrevious post:Addressing consequence blindnessNextNext post:How AI automation is reshaping the IT leadership pipeline

Related posts

6 new rules of IT leadership — and what they replace
July 6, 2026
Playing to win at the AI casino
July 6, 2026
AI doesn’t eliminate inefficiency. It amplifies it
July 6, 2026
시스코, 사내 AI 비서로 ‘섀도 AI’ 차단…직원당 주 5~6시간 업무 절감
July 6, 2026
벤더 종속 vs 빠른 구축…MS·AWS FDE 도입 전 따져볼 것들
July 6, 2026
채용·출장비 줄인 SAP, AI 투자 재원 확보 나서
July 6, 2026
Recent Posts
  • 6 new rules of IT leadership — and what they replace
  • Playing to win at the AI casino
  • AI doesn’t eliminate inefficiency. It amplifies it
  • 시스코, 사내 AI 비서로 ‘섀도 AI’ 차단…직원당 주 5~6시간 업무 절감
  • 벤더 종속 vs 빠른 구축…MS·AWS FDE 도입 전 따져볼 것들
Recent Comments
    Archives
    • July 2026
    • June 2026
    • May 2026
    • April 2026
    • March 2026
    • February 2026
    • January 2026
    • December 2025
    • November 2025
    • October 2025
    • September 2025
    • August 2025
    • July 2025
    • June 2025
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.