ISYS90026 · Concepts In Information Systems
IT Governance
Week 7 opens Theme 3 with Weill & Ross (2005): IT governance is specifying the decision rights and accountability framework that steers desirable behaviour in the use of IT, so that scattered IT choices still add up to the strategy. The first distinction to lock in is governance ≠ management — governance is oversight and who decides, management is the day-to-day execution. The framework answers three questions: WHAT decisions (the five decision domains), WHO decides (the six archetypes), and HOW it is enforced (three mechanisms). The exam tests one move above all: look at a case action or committee and name which decision domain it is and which archetype is making it.
What this chapter covers
- 011. Governance vs management — governance is oversight and decision rights (who decides); management is day-to-day execution (doing the work)
- 022. The three questions — WHAT IT decisions, WHO has the decision right and accountability, HOW it is enforced
- 033. IT Principles — the strategic role of IT and desirable IT behaviours (cost centre vs strategic partner; digital-first)
- 044. IT Architecture vs IT Infrastructure — the standardisation blueprint vs the shared foundational services (the #1 domain mix-up)
- 055. Business Application Needs & IT Investment — specific app requirements, and how much to spend, fund and track value
- 066. The six archetypes — Business Monarchy, IT Monarchy, Federal, IT Duopoly, Feudal, Anarchy (a political metaphor by centralisation)
- 077. Federal vs Feudal — everyone deciding together enterprise-wide vs each unit deciding for itself (the #1 archetype mix-up)
- 088. The governance arrangements matrix — five domains × six archetypes, recording both input (○) and decision (●) rights, matched to performance goals
Classify the decisions — domains and archetypes on an unseen case
- +2Historical state: each branch chose its own tools with no enterprise coordination, so decision rights sat locally and uncoordinated — this is Feudal shading into Anarchy. The evidence is the "incompatible data silos", the textbook symptom of decentralised-to-chaotic governance.
- +4Technology Council archetype: membership is C-level (CIO, CFO, COO) plus business-unit heads plus IT, deciding enterprise-wide, so it is Federal. It is not a Business Monarchy (that is senior business executives only, with no business-unit reps) and not an IT Duopoly (that is a two-party IT + business deal, not the full C-suite + BU mix).
- +5Map each action to a domain: (i) "IT is a strategic partner / digital-first" = IT Principles; (ii) one customer-data standard for interoperability = IT Architecture (the blueprint); (iii) all systems on the shared private cloud = IT Infrastructure (a shared foundational service); (iv) requirements for the mobile app = Business Application Needs; (v) ranking projects by ROI before funding = IT Investment & Prioritisation.
- +4Action (iii) archetype and contrast: the CIO deciding the cloud mandate alone is an IT Monarchy (IT executives decide), evidenced by "the CIO alone mandates". The contrast is that the Council is Federal (collaborative, many parties at the table) while the cloud mandate is a one-party IT decision — the bank deliberately uses different archetypes for different domains, which is exactly what the arrangements matrix is designed to capture.
Key terms
- IT governance
- Specifying the decision rights and accountability framework that steers desirable behaviour in the use of IT (Weill & Ross 2005), so that individual IT decisions made by many people over time still align with strategic objectives.
- Governance vs management
- Governance is oversight — the rules, committees and processes that direct and control, and who holds decision rights and accountability. Management is the day-to-day execution inside those rules. Governance designs the decision system; it does not make the daily calls.
- Decision rights
- Who has the right to make, and who is accountable for, a class of IT decision. The matrix separates input rights (many people contribute) from decision rights (few people actually decide).
- Five IT decision domains
- The WHAT of governance: IT Principles (the strategic role of IT), IT Architecture (the standardisation blueprint), IT Infrastructure (shared foundational services), Business Application Needs (specific app requirements), and IT Investment & Prioritisation (how much to spend, fund and track).
- IT Architecture vs IT Infrastructure
- Architecture decides what standards (data formats, integration, interoperability — the blueprint); Infrastructure decides what shared services exist and how they are priced (networks, data centres, cloud — the plumbing). Confusing the two is the most common domain error.
- Governance archetypes
- The WHO of governance, named after political systems: Business Monarchy (senior business execs), IT Monarchy (IT execs alone), Federal (C-level + business-unit reps + IT together), IT Duopoly (a two-party IT + business partnership), Feudal (each unit decides locally), and Anarchy (uncoordinated individuals).
- Federal vs Feudal
- Federal = C-level, business-unit reps and IT deciding together enterprise-wide (everyone at the table). Feudal = each business unit deciding for itself, with no enterprise view. This is the single most common archetype mix-up in the exam.
- Governance arrangements matrix
- A grid of five decision domains (rows) × six archetypes (columns); each cell records who has input rights and who has the decision right. It is a tool to specify, analyse and communicate where IT decisions are actually made, and is matched deliberately to the firm's performance goal.
- Governance mechanisms
- The three ways the matrix is enforced: decision-making structures (committees, councils, roles), alignment processes (the workflows for proposing, evaluating and executing IT decisions), and formal communications (intranet, newsletters, training so everyone understands the rules).
IT Governance FAQ
What is the difference between IT governance and IT management?
Governance is about oversight and decision rights — who has the authority to decide, and who is accountable. Management is about execution — running IT day to day inside those rules. Choosing which laptop model to deploy is management; deciding who is allowed to make that call is governance. Treating governance as "running IT" is the most common framing error in this theme.
What are the five IT decision domains?
IT Principles (the strategic role of IT and desirable behaviours), IT Architecture (the enterprise standardisation blueprint), IT Infrastructure (shared foundational services), Business Application Needs (the specific requirements for apps to build or buy), and IT Investment & Prioritisation (how much to spend, what gets funded, and how value is tracked). Listing only some of the five, or swapping Architecture and Infrastructure, loses marks.
What are the six governance archetypes and how do I tell them apart?
Business Monarchy (senior business executives), IT Monarchy (IT executives or the CIO alone), Federal (C-level + business-unit reps + IT deciding together), IT Duopoly (a two-party IT + selected-business partnership), Feudal (each unit decides locally), and Anarchy (uncoordinated). Tell them apart by membership: Federal is everyone at the table for the whole enterprise; Feudal is each unit on its own; a Duopoly is exactly two parties; a Monarchy is one party deciding.
What is the governance arrangements matrix?
A grid of the five decision domains (rows) against the six archetypes (columns). In each cell you record two things — who has input rights and who holds the decision right — so the organisation can specify, analyse and communicate exactly where each IT decision is made. The same firm can use different archetypes for different domains.
Which archetype is best?
None — there is no single best arrangement. Top performers deliberately choose one to match their performance goal: centralised approaches (monarchies) favour efficiency, standardisation and profitability, decentralised approaches (Feudal) favour local innovation and customer responsiveness, and hybrids (Federal, IT Duopoly) balance synergy with responsiveness. The exam loves a case where the chosen archetype contradicts the stated goal.
Is this page official or affiliated with the University of Melbourne?
No. This is an independent AskSia study resource for students taking ISYS90026; it is not produced, endorsed by, or affiliated with the University of Melbourne. Always confirm assessment details against the official Canvas subject page and current handbook.
Exam move
Drill one move until it is automatic: read a case action, then say WHICH decision (one of the five domains) and WHO holds the right (which archetype), backing both with case evidence. Memorise the five domains and six archetypes cold, because the exam is closed-book under LockDown Browser, but spend most of your time on the two boundaries the markers test every time — Architecture (what standards) vs Infrastructure (what shared services) for domains, and Federal (everyone deciding together) vs Feudal (each unit alone) vs IT Duopoly (two parties) for archetypes. Always keep governance (who decides) separate from management (doing the work), state both input and decision rights when you read a matrix cell, and when a case gives you a performance goal, check whether the chosen arrangement actually matches it — a centralised monarchy stalls local innovation. If you are asked to recommend, change the decision rights for the relevant domain and back it with the three enforcing mechanisms (structures, processes, communications), not just "better technology".