Skip to content
All articles

IT Governance: Data vs Information Governance + Porter's Forces

Dean Jain

Dean Jain

Senior Staff Software Engineer · Enterprise AI, Data & Cloud Architect

· 6 min read

IT GovernanceStrategyData Governance
---
config:
  theme: neutral
  fontSize: 16
---
flowchart LR
    GOV["IT Governance<br/>direct &amp; control the use of IT"]:::gov --> EDM["Evaluate  Direct  Monitor"]:::good
    classDef gov fill:#FFFFFF,stroke:#333333,stroke-width:1px,color:#111111
    classDef good fill:#F0F0F0,stroke:#333333,stroke-width:1px,color:#111111

Figure 1: IT governance is the system by which IT is directed and controlled a continuous cycle of evaluate, direct, monitor.

“IT governance” sounds like bureaucracy, but it’s really the answer to a sharp question: how does the organization make sure its use of IT actually serves the business? Formally, IT governance is the system by which the current and future use of IT is directed and controlled carried out through a continuous loop of evaluating, directing, and monitoring. It spans five domains, hinges on a distinction most people blur (data vs information governance), and done well turns IT from a cost center into a lever against the competitive forces shaping your industry. Here’s the working model.

Summary

  • Governance directs and controls IT via evaluate → direct → monitor, across five domains: value delivery, strategic management, performance management, resource management, and risk management.
  • Data governance ≠ information governance. Data governance is the data itself (IT-owned, technical); information governance is what the data means for business value and compliance (business/legal-owned).
  • Principles anchor it in a global digital economy: free data flow, portability/interoperability, transparency/accountability, processor responsibility, fair competition, and respect for local law.
  • IT is a competitive weapon. Use it against Porter’s five forces rivals, new entrants, substitutes, customers, and suppliers.
  • Governance ties IT to strategy without it, IT investment drifts from the business objectives it’s supposed to serve.

1. What governance is and its five domains

The reason governance exists: organizations invest heavily in information systems for six strategic objectives operational excellence, new products/services/business models, customer and supplier intimacy, improved decision-making, competitive advantage, and survival. Governance is how you make sure the IT spend actually delivers those, rather than sprawling into disconnected projects.

The IT Governance Institute breaks it into five domains:

  • Value delivery IT produces the promised business value.
  • Strategic management IT direction aligns with business strategy.
  • Performance management IT’s performance is measured and managed.
  • Resource management IT resources (people, infrastructure, data) are used well.
  • Risk management IT risks are understood and controlled.

And the work of governance is the three-part loop: evaluate (assess strengths, weaknesses, and the current/future use of IT), direct (set priorities, implement best practices, establish clear ownership of core processes), and monitor (track that it’s working). The unifying requirement: an IT management system is only worthwhile if it aligns with business objectives governance is the mechanism that keeps that alignment true over time.

2. Data governance ≠ information governance

This is the distinction that separates people who say “governance” from people who do it. Data and information governance sound interchangeable; they’re not, and conflating them is why governance programs stall.

---
config:
  theme: neutral
  fontSize: 16
---
flowchart TD
    subgraph DG["Data Governance IT-owned"]
        direction TB
        D1["The data <i>itself</i>: quality, lineage,<br/>storage, security, infrastructure"]:::obs
        D2["Question: is the data correct,<br/>available, protected?"]:::obs
    end
    subgraph IG["Information Governance Business/Legal-owned"]
        direction TB
        I1["What the data <i>means</i>: business value,<br/>compliance, retention, legal risk"]:::gate
        I2["Question: how do we use it,<br/>and are we allowed to?"]:::gate
    end
    DG -->|"data becomes information<br/>when given business meaning"|IG
    classDef obs fill:#FFFFFF,stroke:#333333,stroke-width:1px,color:#111111
    classDef gate fill:#F0F0F0,stroke:#333333,stroke-width:1px,color:#111111

Figure 2: Data governance owns the data itself (technical, IT); information governance owns what the data means for the business (value, compliance, legal).

  • Data governance is about the data itself its quality, lineage, storage, security, and the technical infrastructure that holds it. It’s largely IT-owned, and it answers: is the data accurate, available, consistent, and protected?
  • Information governance is about what the data means its business value, regulatory and compliance obligations, retention, and legal risk. It’s business- and legal-owned, and it answers: how do we use this, what does it commit us to, and are we even allowed to hold it?

The relationship: data becomes information when it’s given business meaning. A row in a table is data; “this is a customer’s health record subject to HIPAA” is information. You need both flawless data governance with no information governance means you protect data perfectly while violating retention law; strong information governance on ungoverned data means good intentions resting on numbers you can’t trust.

To anchor it, a useful set of principles for governing data in a global digital economy: enable free flow of data across borders where lawful, ensure portability and interoperability (no hostage data), demand transparency and accountability for how data is used, hold data processors responsible, preserve fair competition, and respect local law and sovereignty. These keep both kinds of governance honest as data crosses systems and jurisdictions.

3. Governance as a competitive weapon: Porter’s five forces

Governance isn’t only defensive control its strategic management domain is about using IT to win. The sharpest lens for that is Porter’s five competitive forces: the pressures that determine profitability in any industry. IT, governed well, is a lever against each.

---
config:
  theme: neutral
  fontSize: 16
---
flowchart TD
    F["Your firm"]:::gov
    R["Direct competitors<br/>(rivalry)"]:::warn
    NE["New entrants"]:::obs
    SUB["Substitutes"]:::obs
    CUST["Customers<br/>(bargaining power)"]:::server
    SUP["Suppliers<br/>(bargaining power)"]:::server
    R --> F
    NE --> F
    SUB --> F
    CUST --> F
    SUP --> F
    classDef gov fill:#FFFFFF,stroke:#333333,stroke-width:1px,color:#111111
    classDef warn fill:#F0F0F0,stroke:#333333,stroke-width:1px,color:#111111
    classDef obs fill:#DAE8FC,stroke:#333333,stroke-width:1px,color:#111111
    classDef server fill:#DCDCDC,stroke:#333333,stroke-width:1px,color:#111111

Figure 3: Porter's five forces the competitive pressures IT investment is meant to counter, from rivals and new entrants to substitutes, customers, and suppliers.

ForceThe pressureHow governed IT responds
Direct competitorsRivalry pushes margins downDifferentiate with digital products, faster delivery, better data-driven decisions
New entrantsLow barriers let challengers inRaise barriers with proprietary platforms, network effects, switching costs
SubstitutesOther ways to meet the needInnovate the offering (new business models from IS) before a substitute does
CustomersBuyers demand more for lessCustomer intimacy personalization, loyalty, a single view of the customer
SuppliersVendors squeeze termsSupplier intimacy integrated supply chains, multi-sourcing, better information

The link back to governance: deciding which forces matter most and where to invest IT against them is exactly the evaluate → direct work. Governance is what turns “we have technology” into “we use technology to compete.”

4. Where governance lives in the org

Governance has to sit somewhere, and the org structure shapes how it works. The classic forms functional (grouped by specialty), divisional (by product/market/geography), matrix (dual reporting), team/network, and flat each distribute decision rights differently. The governance question isn’t “which structure is best” but “where do IT decision rights live, and who’s accountable?” A common, durable answer is an IT steering committee plus clear process ownership: business and IT leaders jointly evaluate and direct, while named owners are accountable for each core process. That’s the structural expression of the evaluate-direct-monitor loop without owners and a forum, governance is a document nobody follows.

Why it matters: “governance” gets dismissed as overhead because people picture forms and approvals. The real thing is sharper: a system that keeps IT aligned with the business through evaluate → direct → monitor, across five domains. Get the data-vs-information distinction right and you stop confusing “is the data safe?” (IT) with “are we allowed to hold it, and what’s it worth?” (business/legal). Point the strategic side at Porter’s forces and IT stops being a cost center and starts being how you compete. Skip governance and IT spend drifts disconnected projects, ungoverned data, technology with no competitive thesis. The discipline is cheap; the drift is expensive.

References