Figure 2.
The interrelations between governance domains.
Corporate governance has become important, as effective governance ensures that the business
environment is fair and transparent, and that companies can be held accountable for their actions [
76
].
Sustainability
2018
,
10
, 95
7 of 26
In contrast, weak corporate governance leads to waste, mismanagement and corruption. According to
the Organization for Economic Cooperation and Development (OECD), corporate governance is “
a set
of relationships between a company’s management, its board, its shareholders, and other stakeholders, corporate
governance also provides the structure through which the objectives of the company are set, and the means of
attaining the objectives and monitoring performance are determined
” [
77
].
In recent years, IT has been the backbone of every business [
78
]. As a result, the concept of
IT governance has become more important for organisations. IT governance, similarly to corporate
governance, is the process of establishing authority, responsibilities, and communication, along with
policies, standards, control mechanisms and measurements to enable the fulfilment of defined roles
and responsibilities [
79
]. Thus, corporate governance can provide a starting point in the definition
of IT governance [
7
]. According to Herbst et al. (2013), IT governance is defined as “
procedures and
policies established in order to assure that the IT system of an organization sustains its goals and strategies
” [
80
].
It is pertinent, however, to note that there is a difference between IT governance and IT functions;
this difference is not just about the centralisation or decentralisation of IT structures, but also that it is
not the sole responsibility of the CIO [
81
].
The term “information governance” was introduced by Donaldson and Walker (2004) as
a framework to support the work of the National Health Society in the USA. Unfortunately, many
organisations have not yet established a clear distinction between information governance and IT
governance [
82
]. Information governance can be viewed as a subset of corporate governance, with the
main objectives being to improve the effectiveness and speed of decisions and processes, to reduce the
costs and risks to the business or organisation, and to make maximum use of information in terms of
value creation [
83
]. Gartner defines information governance as “
the specification of decision rights and an
accountability framework to ensure appropriate behaviour in the valuation, creation, storage, use, archiving and
deletion of information
” [
84
]. The information governance approach focuses on controlling information
that is generated by IT and office systems, or their output, but does focus on detailed IT or data capture
and quality processes.
