IT Governance Institute (ITGI

1. Executive Overview
In 2003, the IT Governance Institute (ITGI) issued a request for proposal for the purpose of conducting
research into the IT governance environment and marketplace. The motivation for the research was the recent
establishment of the ITGI as a stand-alone entity. Having created the entity, the ITGI Board of Trustees was
eager to learn more about the environment in which the organisation would be working: how IT governance is
perceived, whether the need for it is recognised, how the concept itself is recognised, and which tools or
frameworks are considered leaders in the field.

The ITGI has identified several targeted audiences for its deliverables: chief executive officers (CEOs), chief
information officers (CIOs), chief operating officers (COOs), chief financial officers (CFOs), chief technical
officers (CTOs), board members, IT management and practitioners. However, the research was targeted to
reach members of the C-suite to determine their sense of priority about IT governance and their needs for
tools and services to help assure effective governance.

This high-level objective was translated into the following detailed objectives for the project:

1. Survey and analyse the degree to which the concept of IT governance is recognised, established and
accepted within the boardrooms and especially with the CIO.
2. Research which tools and frameworks would be adopted, in cases where IT governance is accepted, and
determine the sources to which organisations will look for expertise and services in this domain.
PricewaterhouseCoopers Brussels was selected to conduct the research.

A first step was to come to an agreement on a definition of IT governance. Referring to many publications on
this subject, most notably ITGI’s own Board Briefing on IT Governance (now in its second edition), a
definition can be summarised very briefly: it is a board or senior management responsibility in relation to IT to
ensure that:

 IT is aligned with the business strategy, or in other words, IT delivers the functionality and services in line
with the organisation’s needs, so the organisation can do what it wants to do.
 IT and new technologies enable the organisation to do new things that were never possible before.
 IT-related services and functionality are delivered at the maximum economical value or in the most efficient
manner. In other words, resources are used responsibly.
 All risks related to IT are known and managed and IT resources are secured.
Moving onward from this definition, there was consensus that IT governance is valuable, and ITGI has the
right tools to handle it. And although IT governance includes things already known and practised, it was
believed that the combination of the concept of governance, the concept of alignment and the known control
framework is indeed the right solution and unique in its kind.

A sample of more than 7,000 respondents1 was developed for the research, to achieve the required number of
completed interviews. In defining the sample, attention was paid to a representative distribution according to
geography, size of organisation, industry sector and job function of the respondent. To boost responses
amongst COBIT®2 users, an additional database of COBIT purchasers was used. These respondents were used for
questions relating to COBIT use. To keep the study unbiased, these respondents were not included in the
general sample, unless otherwise mentioned.

The PricewaterhouseCoopers International Survey Unit conducted interviews with 335 CEO-/CIO-level
persons throughout the world. Of those, 276 interviews were conducted from the random sample of companies
and 59 from the COBIT purchasers database. Each interview was conducted in the native language of the
interviewee. Typically, each interview took between 15 and 30 minutes. The interviews were carried out under
the Market Research Society and Marketing Research Association codes of conduct that guarantee complete
anonymity. None of the information obtained in the interviews was attributed to any individual and all
comments were treated in the strictest confidence.

1 The sample was based on a number of commercial databases of worldwide companies.
2 Control Objectives for Information and related Technology, published by IT Governance Institute, now in its third edition