Gartner has also just wrapped up an investigation of the nature of governance in 250 Executive Program (ExP) member companies globally via an intense survey and follow-up case studies. Co-author Marianne Broadbent, global research leader for Gartner's Executive Programs based in Melbourne, says IT governance is evolving, along with key shifts in business governance.

"Enterprises that actively design their top-level IT governance arrangements make and implement better IT-related decisions," Broadbent writes. "It is about the arrangements for who makes critical decisions and who is accountable for them."

Gartner found both business and IT governance were poorly understood, and that the problem was compounded by the fact that most enterprises had to cope with multiple levels of business governance, vastly complicating responsibilities for IT decision-making.

Dean Kingsley, a managing partner with Deloitte Touche Tohmatsu, has been involved in the IT Governance Institute's work since its inception. He says strong IT governance can help address the "expectation gap" between business professionals (senior executives and boards of directors) and CIOs in relation to IT outcomes.

"Business professionals like David Murray [CommBank CEO] have been increasingly critical of IT for taking too long, over-promising, under-delivering and costing too much," says Kingsley. "At the same time, IT departments are being expected to do more than ever with fewer resources than ever.

"This situation is unsustainable," Kingsley continues. "IT is critical to the success of most large- and medium-sized organisations around the world, and even a good number of small businesses, unlike 10 years ago when IT played a much less critical role in organisations than it does today. The expectation gap must be bridged."

Kingsley says at the heart of the expectation gap lies the lack of a common vocabulary and shared understanding between business and IT professionals in respect of IT strategy, IT goal setting, the implementation of sustainable IT processes to achieve goals, and performance measurement. IT governance attempts to provide a common vocabulary and shared understanding in these areas.

And he insists CIOs should not wait for their CEO or board to start asking IT governance questions. Instead they should take the lead on issues of IT governance, or risk becoming marginalised within the business, as were the CIOs of several large Australian companies who were either removed or demoted during 2002. "Australian organisations are no different from organisations in other developed countries in having an IT governance problem, and needing to act now on it," Kingsley says.

Those that do may be helping their CIO to a far greater extent than they ever imagined. NRMA CIO David Issa says his is one Australian organisation where the board does take a keen interest in matters IT.

"We've got a couple of board members who are actually in the industry and are very keen on knowing what the developments are within the organisation, while at CEO level now with Mike Hawker we've got a CEO who's very committed to technology and what technology can do for him," Issa says. "That absolutely makes my job easier, especially with the CEO being someone who is basically buying into the idea the technology strategy is going to be enabling his business to move forward."

Queensland University of Technology director information technology services Neil Thelander is even more enthusiastic. The university has an extended management group comprising the vice-chancellor, the pro vice-chancellor and deputy vice-chancellor, plus a handful of IT specialists. Chaired by the vice-chancellor and meeting monthly, it plays an active role in setting strategy and investment priorities, as does an executive team which meets weekly. Thelander says the university has been growing the process over the past three years.