Thursday, March 10, 2016

IT Governance

Ensuring that all IT systems, frameworks and practices work together to achieve corporate strategies and objectives can be a challenge.

IT Governance is a way to ensure IT function sustains the strategies and the objectives of a company. Or we can define it as a structure of how a company matches its IT strategy with business strategy in order to achieve its strategies and goals and to implement an appropriate way to measure the performance of its IT. 
IT Governance also helps you to make sure that all stakeholders interests are counted . An IT governance framework should answer key questions like how the IT department is functioning overall, what kind of metrics is needed, and what is the ROI of IT systems. 

Leading IT governance frameworks includes COBIT, ITIL, and finally ISO/IEC 38500:2015.


COBIT is a framework for IT Management and IT Governance. It is a supporting tool-set that allows IT managers to bridge the gap between control requirements, technical issues, and finally business risks. 
The business aspect of COBIT links business goals to IT goals by providing metrics and maturity models to measure the achievement, and identifying responsibilities of IT process owners and business process owners.

COBIT 5 is a framework not only for IT Governance but also for Risk Security and Auditing. Actually COBIT evolves over the time. It was just about auditing back in 1996 when it was on version 1. 

ISO 38500

ISO 38500 is the newest one and has definitions, principles and a model for IT Governance. ISO/IEC 38500:2015 is based on six principles:
  1. Responsibility
  2. Strategy
  3. Acquisition
  4. Performance
  5. Conformance
  6. Human behavior
ISO 38500 also has some guidance to those advising, informing, or assisting governing bodies like directors and auditors.


ITIL is also considered as a kind of IT Governance framework. It is a set of practices for IT Service Management with the focus on aligning IT services with the needs of business. ITIL is mostly about processes, procedures, tasks, as well as some checklists which can be used in any company or organization.
It can be applied by an organization to establish integration with its strategy, deliver value, and maintain some level of competency. 

Labels: , , ,