Are businesses in general and insurance carriers in particular receiving the full benefit from their investment in information technology? Not all benefits can be seen in black or white, so delving into the gray areas has become the focus for those businesses that are using some form of IT governance to track their IT investments. IT governance has been around in various forms for as long as there have been IT departments, according to some industry watchers, but the issue has come into the forefront in the post-Enron era with the major focus being the Sarbanes-Oxley Act requirements passed by Congress for U.S. corporations.

There are two main emphases to IT governance, reports Ron Saull, senior vice president and CIO with Great West Life and IGM Financial. Number one is ensuring the investments a company makes in IT produce value to stakeholders or shareholders, depending on whether a company is public or private. The second emphasis is to identify and manage risks associated with information technology. "One of the risks our company is concerned with is reputational risk–the unauthorized access to confidential client information," he says. "Controlling that risk doesn't necessarily produce value in and of itself, but it certainly protects the investment in your business. Value creation and risk management are what governance is about–to ensure both of those things happen."

Why Insurance?