IT Governance Model

Templates
Optimize governance to align with
how your organization functions.

Info-Tech Research Group Inc. is a global leader in providing IT

research and advice. Info-Tech’s products and services
combine actionable insight and relevant advice with ready-to-
use tools and templates that cover the full spectrum of IT
concerns.
© 1997-2023 Info-Tech Research Group Inc.
Controlled
Governance Model –
Centralized IT and
Drive stakeholder alignment
satisfaction with controlled
governance.
Five key principles for building a controlled
governance framework

Disentangle Measure Enforce

Govern Make risk-
governance to drive standards
toward informed
and improvem and
value decisions
management ent behavior

Governance bodies will focus Governance must To remain agile, Measuring and To drive organizational
on setting the direction, ensure that the use governance levels need to reporting on the success, it’s critical that
of IT resources is be determined based on performance of IT governing bodies have a
investment mix, and
optimized to the risk to the will be critical in strong focus on
prioritization for IT in line produce value, organization, and building trust in the ensuring behaviors
with organizational goals. based on business decisions will be new model and support the
Governance bodies will goals and strategy. supported with risk data. identifying organization’s
manage escalated IT leadership will need improvement direction. This will be
to be empowered to opportunities. critical in aligning with a
exceptions and monitor
make decisions within Governance bodies will modernization agenda
performance toward goals, the defined risk thresholds all have an element of and building common
without involvement in the using risk information and performance architecture and
day-to-day management of to work collaboratively to measurement to drive components.
Info-Tech Research Group | 3
work. drive success. continuous
Proposed governance model
Enterprise
Defines organizational goals.
Directs or regulates the Executive
Audit and Risk
performance and behavior of the Board Leadership
Committee
enterprise, ensuring it has the Committee
structure and capabilities to
achieve its goals.
Strategic
Ensures IT initiatives, products, IT Steering
and services are aligned to the Committee
organization’s goals and
strategy and provide expected
value. Ensures adherence to key
principles. IT Project
IT Risk Council
Management
Tactical Office

Ensures key activities and

planning are in place to execute
strategic initiatives.
Change Advisory
Board
Operational
Ensures effective execution of
day-to-day functions and
practices to meet their key
objectives.

Info-Tech Research Group | 4

Committee overview
Committee Name Committee Membership Mandate

CEO, CFO, CTO, CDO, CISO/CRO,

Executive Leadership Provide strategic and operational leadership to the company by establishing
CIO, enterprise architect/chief
Committee goals, developing strategy, and directing/validating strategic execution.
architect, CPO

CISO/CRO, CPO, enterprise risk Govern enterprise risks to ensure that risk information is available and
Enterprise Risk
manager, business unit leaders, integrated to support governance decision-making. Ensure the organization’s
Committee
CFO, CTO, CDO risk posture is defined and an enterprise risk approach is in place.

CIO, product owner, service owner,

Ensure business value is achieved through information and technology (IT)
IT VPs, business relationship
IT Steering Committee investments by aligning strategic objectives and client needs with IT
managers (BRMs), PMO director,
initiatives and their outcomes.
CISO/CRO
Govern IT risks within the context of business strategy and objectives to align
IT Risk the decision-making processes to achieve performance goals. Ensure that a
IT risk manager, CISO, IT directors
Council/Committee risk management framework is in place and risk posture (IT risk
appetite/threshold) is defined.

IT Project Management Portfolio manager, project Ensure the best alignment of IT initiatives and program activity to meet the
Office (PMO) managers, BRMs goals of the business.

Ensure changes are assessed, prioritized, and approved to support change

Service/product owner, change
Change Advisory Board management by optimizing the throughput of successful changes with
manager, IT directors or managers
minimal disruption to business function.

Info-Tech Research Group | 5

Shifted (Hybrid) Model –
Product-Aligned
Governance
Align governance to work practices.
Five key principles for building a product-
aligned governance framework

Govern
Be directive Empower Integrate
toward Integrate
and standard and with
enterprise risk
driven delegate portfolio
goals

Governance bodies focus Product families make Centralized Product direction Risk and compliance
on setting the direction, decisions related to governance bodies must be integrated information must be
their products, will determine the with enterprise acted upon and
goals, guidelines, and
controlling the investment mix, strategy and the included within the
guardrails that will be roadmap, strategy, and allocate to product larger portfolio of product delivery
leveraged by product product vision as well families, and ensure the organization. lifecycle. Ideally, this
owners as they govern as the prioritization of alignment to Alignment to is embedded in the
their products. work. enterprise needs. architectural direction process or
is critical. included in
Governance bodies will
product design.
manage escalated
exceptions and validate
Info-Tech Research Group | 7
alignment where
Product-aligned governance model
Enterprise
Defines organizational goals. Executive
Directs or regulates the Enterprise Risk
Leadership
performance and behavior of the Committee
Committee
enterprise, ensuring it has the Enterprise
structure and capabilities to Enterprise
Project
achieve its goals. Architecture/
Management
Strategic Change Advisory
Office
Ensures IT initiatives, products, Data IT Steering IT Risk
and services are aligned to Governance Committee Committee
organizational goals and
strategy and provide expected
value. Ensures adherence to
key principles. Product Family Product Family Product Family
A B C
Tactical
Ensures key activities and
planning are in place to execute
strategic initiatives.

Operational
Ensures effective execution of
day-to-day functions and
practices to meet their key
objectives.

Info-Tech Research Group | 8

Committee overview
Committee Name/ Committee Membership Mandate
Governing Individual
Executive Leadership CEO, CFO, CTO, CDO, CISO/CRO, Provide strategic and operational leadership to the company by establishing
Committee CIO, enterprise architect/chief goals, developing strategy, and directing/validating strategic execution.
architect, CPO
Enterprise Risk CISO/CRO, CPO, enterprise risk Govern enterprise risks to ensure that risk information is available and
Committee manager, business unit leaders, integrated to support governance decision-making. Ensure the organization’s
CFO, CTO, CDO risk posture is defined and an enterprise risk approach is in place.
IT Steering Committee CIO, product owner, service owner, Ensure business value is achieved through information and technology (IT)
IT VPs, BRM, PMO director, investments by setting the appropriate investment mix to ensure that
CISO/CRO product families achieve their desired outcomes within the strategic
parameters of the organization.
IT Risk Committee IT risk manager, CISO, IT directors Govern IT risks within the context of business strategy and the organization’s
risk appetite. Ensure that a risk management framework is in place and IT
risk appetite and tolerance levels are defined and well communicated.
Data Governance Product data owners, data Provide oversight on high-level alignment and integration of data and
Committee stewards, CDO, IT director, technology in the organization. Ensure that data is trustworthy and consistent
business analysts, data architect, throughout the data lifecycle by using internal standards and policies.
compliance specialists
Enterprise Project Portfolio manager, project Ensure the best alignment of initiatives and program activity to meet the
Management Office managers goals of the business.
(EPMO) Smaller organizations may not require this function, as oversight can be
managed by the product family governance committee.
Enterprise Architecture Enterprise architect, lead/chief Identify target architecture, define and communicate architectural standards,
architect and ensure projects align with standards.

Product Family Product managers, product owners, Ensure that products continue to deliver their intended value to Info-Tech
the Research Group | 9

Committee enterprise architect, security and organization and prevent any duplication of efforts or unnecessary risk across
Example responsibilities by committee
Data & Analytics Product Family
Enterprise Architecture IT Risk Committee
Governance Committee Governance Committee
Define and communicate Set IT risk appetite and risk Define and communicate data Approve product
architecture and technology tolerance levels. standards and policies (e.g. data roadmap/strategy.
roadmaps. encryption, data distribution
policies).
Perform architecture review of Support, monitor, and challenge Improve business decision-making Review and approve resource and
new initiatives. risk-related matters. by providing high-quality data. investment mix within the product
portfolio.
Create and provide defined Escalate material risk to Ensure that clear rules regarding Monitor performance and approve
architecture principles and enterprise risk management. data access and data security are performance improvement
standards. in place and adhered to. recommendations.
Ensure architectural compliance Ensure compliance with regulatory Determine actions for escalated
with standards or provide requirements. issues.
exemptions.
Assess technology for reuse within Assess AI initiatives and use Approve product backlog
the business portfolio. cases. prioritization criteria.
Evaluate solution designs and Product Owners’ Support at the Operational Level
provide recommendations.
• Make product decisions. • Map and prioritize demand • Assess and approve new
• Own and maintain product for shared services/products. products and product feature
roadmap. • Manage product lifecycle. requirements.
• Prioritize produce backlog. • Ensure value realization of • Ensure product compliance
• Monitor and drive adoption products. with regulations.
and use of products.
• Manage internal and
external partnerships.
Info-Tech Research Group | 10
Shifted (Hybrid) Model –
Service-Aligned Governance
Align governance to work practices.
Five key principles for building a service-
aligned governance framework

Be
Integrate
experience Delegate Govern
Emphasize risk, data,
and and across the
value and
customer automate portfolio
security
driven

Governance principles and Hybrid governance Clear business drivers Services must be Risk, security, and
bodies are focused on bodies execute with guide all decision- governed for data/AI/ML use must
ensuring a desired user greater agility as they making to ensure the complexity be evaluated against
and customer have clear standards long-term value of considering multiple the experience and
experience. This and experience technology portfolios, vendors value proposition to
requires alignment to requirements built investments. Central risks, customers, and be properly managed
desired experience into their processes. digital customer delivery models. across how services
principles and Alignment to experience Service expectations, are designed,
rationalization of architectural direction governance ensures measures, and goals implemented, and
technology and data to is critical. that the services are aligned across executed. Ideally,
drive critical customer and experiences portfolios to ensure these are
outcomes. meet customer and shared commitment embedded in the
Info-Tech Research Group | 12
enterprise needs to desired outcomes. process or
based on business Performance metrics included in service
Service-aligned governance model
Enterprise
Executive
Defines organizational goals. Enterprise Risk
Leadership
Directs or regulates the Committee
Committee
performance and behavior of the
enterprise, ensuring it has the
structure and capabilities to Enterprise
achieve its goals. Enterprise Project
Strategic Architecture Management
Office
Ensures IT initiatives, products,
and services are aligned to Data IT Steering IT Risk Digital/Customer
organizational goals and Governance Committee Committee Experience
strategy and provide expected
value. Ensures adherence to
key principles.

Tactical
Ensures key activities and
planning are in place to execute
strategic initiatives.

Operational Servic Servic Servic

e e e
Ensures effective execution of Owner Owner Owner
day-to-day functions and
practices to meet their key
objectives.

Info-Tech Research Group | 13

Committee overview
Committee Name/ Committee Membership Mandate
Governing Individual
Executive Leadership CEO, CFO, CTO, CDO, CISO/CRO, Provide strategic and operational leadership to the company by establishing
Committee CIO, enterprise architect/chief goals, developing strategy, and directing/validating strategic execution.
architect, CPO
Enterprise Risk CISO/CRO, CPO, enterprise risk Govern enterprise risks to ensure that risk information is available and
Committee manager, business unit leaders, integrated to support governance decision-making. Ensure the organization’s
CFO, CTO, CDO risk posture is defined and an enterprise risk approach is in place.
IT Steering Committee CIO, product owner, service owner, Ensure business value is achieved through information and technology (IT)
IT VPs, BRM, PMO director, investments by setting the appropriate investment mix to ensure that service
CISO/CRO owners achieve their desired outcomes within the strategic parameters of the
organization.
IT Risk Committee IT risk manager, CISO, IT directors Govern IT risks within the context of business strategy and the organization’s
risk appetite. Ensure that a risk management framework is in place and IT
risk appetite and tolerance levels are defined and well communicated.
Data Governance Product data owners, data Provide oversight on high-level alignment and integration of data and
Committee stewards, CDO, IT director, technology in the organization. Ensure that data is trustworthy and consistent
business analysts, data architect, throughout the data lifecycle by using internal standards and policies.
compliance specialists
Enterprise Project Portfolio manager, project Ensure the best alignment of initiatives and program activity to meet the
Management Office managers goals of the business.
(EPMO) Smaller organizations may not require this function, as oversight can be
managed by the product family governance committee
Enterprise Architecture Enterprise architect, lead/chief Identify target architecture, define and communicate architectural standards,
architect and ensure projects align with standards.

Digital & Customer Service managers, CMO, CX Provide best-practice guidance on driving a customer-centric strategy and Group
Info-Tech Research | 14

Experience Committee designers, brand stewards, mindset across the organization. Provide a forum for addressing blockers,
Example responsibilities by committee
Enterprise Architecture IT Risk Committee Data & Analytics Digital/Customer
Governance Committee Experience Committee
Define and communicate Set IT risk appetite and risk Define and communicate data Approve customer experience
architecture and technology tolerance levels. standards and policies (e.g. data strategy and roadmap.
roadmaps. encryption, data distribution
policies).
Perform architecture review of Support, monitor, and challenge Improve business decision- Review integrated performance
new initiatives. risk-related matters. making by providing high-quality measures to drive decision-
data. making.
Create and provide defined Escalate material risk to Ensure that clear rules regarding Monitor and approve use of
architecture principles and enterprise risk management. data access and data security are emerging technologies and
standards. in place and adhered to. digital trends based on value and
risk tolerance.
Ensure architectural compliance Ensure compliance with Determine actions for escalated
with standards or provide regulatory requirements. issues.
exemptions.
Assess technology for reuse Assess AI initiatives and use Approve customer experience
within the business portfolio. cases. backlog and integration plan.
Evaluate solution designs and Monitor experience and service
provide recommendations. risks, approve mitigation
Service & CX Owners’ Support at the Operational Level strategies, and ensure escalation
• Make service decisions. • Map and prioritize demand for shared • Assess when required.
and analyze use of emerging
• Own and maintain customer experience services/products. technologies to enhance customer
roadmap. • Manage customer lifecycle. experience.
• Define customer personas and journeys. • Ensure value realization and use of • Review integration roadmap.
• Ensure service accessibility and products. • Ensure compliance with regulations.
roadmaps. Info-Tech Research Group | 15