Sound IT governance requires breadth & depth: to be effective, IT governance must be constructed on the foundations of law, security practices, risk management, audit standards and regulatory compliance--and on common sense.

• Author: Ulsch, MacDonnell

Despite major efforts to deter it, identity theft--using the Internet and other information technology (IT) tools--remains among the fastest-growing crimes across the globe, and it is increasing daily. As such, it may be convincingly argued that identity theft represents the single largest threat to sustainable IT governance, since identity theft touches at the very core of what is valued so highly, particularly in the U.S.--the individual's privacy.

Privacy is in the American grain, and is cherished throughout other nations and cultures as well. The loss of privacy, particularly at the hands of third parties, has attracted the attention not only of privacy advocates, but of state and federal legislatures, who have been prodigious in writing laws aimed at stemming the tide of such theft.

While identity theft and other information crimes are difficult to stop, there are ways to reduce them and their impact on a business enterprise. Strong IT governance is a critical piece of the solution framework. However, many companies run the risk of defining IT governance too narrowly, resulting in a false sense of security.

For example, IT governance built only on the foundation of legislative fiat reflects a myopic and narrow perspective, and one that is unlikely to stand the test of time, given the increasing threat facing global e-commerce. Conversely, effective IT governance must be constructed on the foundations of law, accepted security practices, risk management, audit standards, regulatory compliance and on common sense.

Governance over IT is complicated, reflecting the complexity and dimension of the threat. Additionally, IT governance is not something that is simply "nice" to have. Today, the company that elects to forgo the planning, development, implementation and monitoring of a comprehensive IT governance plan is rolling the dice of chance.

Additionally, with current and upcoming state and federal legislation, IT governance is becoming more of a mandate. In fact, it may prove to be the defining dimension between effective information management and integrity and information chaos contributing to security breaches, illicit information disclosure and privacy violation.

Ultimately, IT governance may be the great wall separating enterprise success from enterprise failure, as defined by degradation of the brand, reputational liability and even legal liability with substantial financial consequences.

Jefferson Wells hosted more than 250 financial and...