Problems with IT governance
Nicholas Carr has emerged as a prominent critic of the idea that information technology confers strategic advantage. This line of criticism might imply that significant attention to IT governance is not a worthwhile pursuit for senior corporate leadership. However, Carr also indicates counterbalancing concern for effective IT risk management.
The manifestation of IT governance objectives through detailed process controls (e.g. in the context of project management) is a frequently controversial matter in large scale IT management. See Agile methods. The difficulties in achieving a balance between financial transparency and cost-effective data capture in IT financial management (i.e., to enable chargeback) is a continual topic of discussion in the professional literature,  and can be seen as a practical limitation to IT governance
Relationship to other IT disciplines
IT governance is supported by disciplines such as:
- Business Service Management
- Business Technology Optimization
- Enterprise architecture
- IT asset management
- IT portfolio management
- IT security assessment
- IT service management
- Project governance
- Project management and Program management in the enterprise IT context (including software engineering where appropriate)
There are quite a few supporting mechanisms developed to guide the implementation of information technology governance. Some of them are:
- The IT Infrastructure Library (ITIL) is a detailed framework with hands-on information on how to achieve a successful governance of IT, developed and maintained by the United Kingdom's Office of Government Commerce, in partnership with the IT Service Management Forum.
- Control Objectives for Information and related Technology (COBIT) is another approach to standardize good information technology security and control practices. This is done by providing tools to assess and measure the performance of 34 IT processes of an organization. The ITGI (IT Governance Institute) is responsible for CObIT
- The ISO/IEC 27001 (ISO 27001) is a set of best practices for organizations to follow to implement and maintain a security program. It started out as British Standard 7799 ([BS7799]), which was published in the United Kingdom and became a well known standard in the industry that was used to provide guidance to organizations in the practice of information security.
- The Information Security Management Maturity Model ISM3 is a process based ISM maturity model for security.
- AS8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology
Non-IT specific frameworks of use include:
- The Balanced Scorecard (BSC) - method to assess an organization’s performance in many different areas.
- Six Sigma - focus on quality assurance