The phrase enterprise information technology governance is frequently used to describe any effort by an organization to move away from unconnected, department-based IT management toward coordinated, enterprise-wide governance of IT resources. Many definitions of IT governance can be found in both the practitioner and academic literature. Most characterize IT governance as the formal description of how organizations make decisions about IT and the scope of that decision-making. For example, Sambamurthy and Zmud define IT Governance as the arrangement of authority patterns over IT activities across an organization.⁴ One of the most widely cited definition is from Weill and Ross, who define IT governance as “specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT.”⁵ Governance, in their view, answers these questions: What decisions must be made? Who should make these decisions? How will decisions be made? What is the process for monitoring results?”⁶

There are notable differences between the private and public sector concepts of enterprise and of IT governance. For example, the IT Governance Institute, which focuses mainly on the private sector, defines IT governance as follows:

• “Enterprise governance is a set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.”⁷

Whereas the National Association of State Chief Information Officers (NASCIO), focusing on the public sector, defines the purpose of IT governance differently:

• “In state government, IT Governance is about ensuring that state government is effectively using information technology in all lines of business and leveraging capabilities across state government appropriately, to not only avoid unnecessary or redundant investments, but to enhance appropriate cross-boundary interoperability. The term ‘appropriate’ is used because in many cases state government has existing statutory constraints and bounding that can often limits as well as empowers proper governance.”⁸

Managing goal attainment, assessing and minimizing risk, and providing oversight of IT investments are the responsibilities of those involved in IT governance. The challenge New York State faces, together with many other governments and private sector organizations, is how IT governance is done best in a large, complex, and multi-unit, multi-level organization like a state government. What is the enterprise? What are the implications and benefits of operating in an enterprise fashion? How can governance best be organized to operate in a newly coordinated way?