Forthcoming book · 技術評論社 2026

IT Governance: A Practical Guide.

By Shintaro Tsuruta · CEO, LV3 Corporation · Yokohama

Most IT-governance books are theory. This one is the playbook — ten chapters, three sections, twelve concrete G-steps, and four real-world voyages: Chernobyl's three failures, Singapore's Smart Nation, Estonia's portfolio of investments, NASA's fifteen-year mission. Built on the nautical-navigation analogy: where you are, where you're going, and what it takes to sail between them — for IT.

10
Chapters
12
G-steps
7
Phases
5
Domains

Where you are. Where you're going. And the sea between.

The book follows a single nautical voyage from one shore (the as-is organisation) to another (governed IT). The visual below is a panoramic chart — every icon corresponds to a chapter or G-step in the book. Three legs: Overview & Preparation (chapters 1–3), Implementation (4–8), Measurement & Next Steps (9–10).

Panoramic nautical chart showing the IT Governance voyage — lighthouse, compass, captain hat, coin purse, set square compass, naval boots, ship engine, propellor, telescope, ships sail, ships helm, and the ship along a dotted journey path.
SECTION 1 · CH 1–3

Overview & Preparation

What IT governance actually is, the international standards that anchor it (ISO/IEC 38500, COBIT, NIST CSF 2.0), and the 7-phase / 5-domain / 12-G-step roadmap.

SECTION 2 · CH 4–8

Implementation

Phase 1 → 5. Lay the groundwork, assess current state, design strategy and architecture, set the budget, execute. Nine G-steps live in this section.

SECTION 3 · CH 9–10

Measurement & Next Steps

Phase 6–7. Performance monitoring, BCP, audit, continuous evolution. Plus the future-proofing chapter on AI, cyber, and CSF 2.0.

Ten chapters. Each with its own stretch of coast.

Every chapter has a panorama on the right. The badges show which G-steps that chapter covers. The Japanese subtitle shows the original 章扉 reading.

Ch.1Section 1

What is IT Governance?第1章 — 本質と必要性

Why IT Governance is a board-level concern, not a help-desk one. ISO/IEC 38500, COBIT, NIST CSF 2.0, and the Weill & Ross definition compared. Cloud / AI / DX as governance challenges.

Definitions
Ch.2Section 1

Prerequisite knowledge第2章 — 国際標準と主要フレームワーク

A tour of the international standards and core frameworks. The six principles of ISO/IEC 38500, the governance scope defined by COBIT (ISACA), and ITIL — broken down for practitioners. What to place under governance, and who is accountable for how much.

Frameworks
Ch.3Section 1

The implementation roadmap第3章 — 7つのフェーズ・5つのドメイン・12のGステップ

The book's central diagram. 7 phases (vertical) × 5 domains (horizontal) × 12 G-steps (the practical work). How to keep an organisational change moving when conflict is the norm, not the exception.

Roadmap
Ch.4Section 2

Phase 1 — Laying the groundwork第4章 — 体制・ポリシー・方針

G1: governance framework. G2: stakeholder management and benefit realisation. The first concrete deliverables of the engagement — and the moment most failures begin.

G1 · G2
Ch.5Section 2

Phase 2 — Assess current state第5章 — アセスメント・リスク・コンプライアンス

G3: risk · quality · data management as one integrated discipline. Featured case study: Chernobyl — the three failures of risk, quality, and data, and their corporate-IT analogues.

G3
Ch.6Section 2

Phase 3 — Strategy & architecture第6章 — IT戦略・アーキテクチャ・組織体制

G4: IT strategy + enterprise architecture. G5: organisation, talent, vendor management. Featured case study: Singapore's Smart Nation — what nation-scale strategy design looks like.

G4 · G5
Ch.7Section 2

Phase 4 — Set the budget第7章 — 投資判断とポートフォリオ

G6: investment, budget, portfolio management. G7: project and programme management. Featured case study: Estonia's e-government — three explicit investment categories instead of "we'll figure it out."

G6 · G7
Ch.8Section 2

Phase 5 — Execution第8章 — システム構築と運用管理

G8: system build / acquisition / implementation. G9: operations and incident management. Featured case study: NASA Opportunity — fifteen years of unbroken operations from 225 million km away.

G8 · G9
Ch.9Section 3

Phases 6–7 — Evaluation & improvement第9章 — 評価・改善・継続

G10: performance monitoring & evaluation. G11: business continuity & availability. G12: audit & assurance. ISO/IEC 38500's "performance" principle, applied. The PDCA Check + Act of IT governance.

G10 · G11 · G12
Ch.10Section 3

Adapting to future changes第10章 — 将来の変化に適応するITガバナンス

The "Responsibility" principle of ISO/IEC 38500 extended into the future — the four responsibilities an AI era demands: to create, to continue, to bring to an end, and to judge. Plus cybersecurity escalation, NIST CSF 2.0's GOVERN function, and the regulatory wave still building.

Future

The twelve practical steps. What you actually do, in order.

The 7 phases tell you when. The 5 domains tell you where. The 12 G-steps tell you what — concrete deliverables an engagement can plan against, audit against, and finish.

G1

Governance framework

Phase 1 · Ch.4

G2

Benefit & stakeholders

Phase 1 · Ch.4

G3

Risk · quality · data

Phase 2 · Ch.5

G4

Strategy & architecture

Phase 3 · Ch.6

G5

Org · people · vendors

Phase 3 · Ch.6

G6

Investment portfolio

Phase 4 · Ch.7

G7

Project & program management

Phase 4 · Ch.7

G8

Build · acquire · implement

Phase 5 · Ch.8

G9

Ops & incident management

Phase 5 · Ch.8

G10

Performance monitoring

Phase 6 · Ch.9

G11

BCP & availability

Phase 7 · Ch.9

G12

Audit & assurance

Phase 7 · Ch.9

Four ships. Three reached harbour. One did not.

The book leans on real, named cases — not anonymised composites. Each is examined in the chapter that maps to its lesson.

Chernobyl · 1986

Ch.5 · Phase 2 · G3

Three failures, one explosion. Risk: the RBMK reactor's low-output instability was known and not communicated to the operators. Quality: an emergency-power test that had failed before was rerun with the ECCS disabled. Data: contamination maps were classified for three years; high contamination 300 km from the plant was only confirmed in 1989.

Takeaway: "We knew but we didn't manage. We had no standard. We didn't share the data." The same three failures show up in corporate IT every quarter — at smaller scale, with the same root causes.

Singapore Smart Nation · 2014–

Ch.6 · Phase 3 · G4 · G5

Smart Nation 1.0 set goals first (digital government / digital economy / digital society / digital security). Those goals were then shaped into strategy. The Smart Nation and Digital Government Group (SNDGG) under the Prime Minister's Office gave them an organisation, and the Singapore Government Tech Stack (SGTS) gave them a shared architecture. Goals → strategy → org → architecture, in that order.

Takeaway: Without all four working together, large-scale digital transformation does not happen. Same shape applies inside a corporation.

Estonia e-Government

Ch.7 · Phase 4 · G6 · G7

In a nation of roughly 1.3 million people, government-issued ID cards reach almost every citizen and a wide range of public services run entirely online — funded out of a small national budget. Three explicit investment categories: Mandatory (compliance / security, judged by what's lost if not done), Strategic (e-Residency, internet voting — long-term value, not short-term ROI), Optimisation (efficiency, with measurable cost reduction).

Takeaway: The categories aren't a "feel" — they're embedded in budgeting and investment-decision processes as explicit rules. Move this template into corporate IT.

NASA Opportunity · 2004–2019

Ch.8 · Phase 5 · G9

A 90-day mission that ran 15 years. ~$1 B lifecycle cost for the MER programme — with cost overruns the norm in space programmes (NASA's major projects average ~28% overrun), a comparatively well-managed budget. 800+ recovery attempts after the 2018 dust storm. Standardised incident response, strict change management, 24/7 monitoring, clear inter-team roles — operating an instrument on a planet 225 million km away.

Takeaway: Phase 5 is not "build then ship". It's "keep it running" — and that takes design, not heroism.

Four definitions. One concept, four useful framings.

Each institution emphasises a different facet — system, leadership, cyber risk, decision rights — and the book uses all four. Sources cited verbatim.

Institution / Standard Emphasis Definition (verbatim where cited)
ISO/IEC 385002024 · §3.4 / §3.3 System "System by which the current and future use of IT is governed." Governance itself is "a human-based system comprising directing, overseeing and accountability." Treats governance of IT as a component or domain of organisational governance.
COBIT 2019ISACA Leadership & structure "IT governance is the responsibility of the board of directors and executive management… consists of the leadership, organisational structures and processes that ensure that the enterprise's IT sustains and extends the organisation's strategies and objectives." Operationalised through the EDM domain (Evaluate · Direct · Monitor).
NIST CSF 2.02024 Cyber risk integration Added GOVERN (GV) as a sixth core function "because organisations need to incorporate cyber risk management throughout their corporate governance structure." Covers leadership/accountability, policy, strategic alignment, continuous monitoring/improvement.
Weill & RossMIT CISR · 2004 Decision rights "Specifying the decision rights and accountability framework to encourage desirable behaviour in using IT." Key distinction: "IT Governance is not about making specific decisions — management does that — but rather determines who systematically makes and contributes to those decisions."

Shintaro Tsuruta · 鶴田 信太郎

CEO & Founder · LV3 Corporation · Yokohama

Shintaro founded LV3 in 2017 with a single conviction: that the design discipline IT badly needs is the same one we use to navigate at sea — chart, compass, lighthouse, ship. Since then, LV3 has guided IT-design engagements across finance, manufacturing, accounting, telecommunications, and military sectors.

The book is the consolidated, public-facing version of LV3's IT-Design practice — the same playbook the firm runs by, written so any IT-governance practitioner can pick it up and sail.

→ Read the founder's full background

Heading to print. Japanese edition, August 2026.

🇯🇵 Japanese edition · 図解即戦力

図解 ITガバナンス

Gijutsu-Hyoronsha · 技術評論社

Manuscript fixed · 10 chapters
Series
図解即戦力 (Practical Guide series)
Editor
Murase-san · 村瀬様
Publication
August 2026
Manuscript
10 chapters · FIX
Figures
original artwork
Cover
original artwork
Buy on Amazon.co.jp

Chapter panoramas. Twelve in total.

A subset shown below. Each chapter (and each G-step in a multi-G chapter) gets its own panoramic ship-journey illustration. Twelve panoramas in total.

Chapter 1 voyage panorama — What is IT Governance?
FIG 1Ch.1 — What is IT Governance?
Chapter 4 G1 voyage panorama — Governance framework
FIG 4-G1Ch.4 G1 — Governance framework
Chapter 5 G3 voyage panorama — Risk, quality and data
FIG 5-G3Ch.5 G3 — Risk · quality · data
Chapter 6 G4 voyage panorama — Strategy and architecture
FIG 6-G4Ch.6 G4 — Strategy & architecture
Chapter 7 G6 voyage panorama — Investment portfolio
FIG 7-G6Ch.7 G6 — Investment portfolio
Chapter 8 G8 voyage panorama — Build, acquire, implement
FIG 8-G8Ch.8 G8 — Build · acquire · implement
Chapter 9 G10 voyage panorama — Performance monitoring
FIG 9-G10Ch.9 G10 — Performance monitoring
Chapter 9 G12 voyage panorama — Audit and assurance
FIG 9-G12Ch.9 G12 — Audit & assurance
Chapter 10 voyage panorama — Future adaptation
FIG 10Ch.10 — Future adaptation

Pre-order updates. Speak at your event.

Drop your email for a notification when the Japanese edition ships in August 2026.