Get 4 FREE months of Conformio to implement ISO 27001

IT Governance – the basics

The term IT Governance is, at the moment, probably familiar only to those who work in large organizations, or are in contact with them. But it is a very important branch of corporate governance that acts as a bridge between the business and IT. That bridge ensures that long-term consequences can be linked to individual decisions and assigned responsibilities. Accountability is the key concern of IT Governance.

Another key area of IT Governance is strategic alignment between business strategy, business processes, and IT. It’s a very complex principle and is not easy to achieve, but in general, the focus can be either on the company’s ability to achieve its own goals using IT, or the harmony between business and IT.

IT Governance is also responsible for value delivery: making sure that the IT department does what is necessary to deliver the benefits promised. A generic example would be the IT department’s suggested upgrade to the latest version of an operating system (client and server), with the explanation that the latest version of the operating system is the best because it’s the latest. It’s up to IT Governance to find value for the business in that suggestion, examine actual costs (ROI determined), and impact on the business. Only then can the suggestion either be turned into a project or scrapped.

Areas of IT Governance responsibilities

Measuring customer satisfaction (read more on How to avoid unsatisfied customers by managing problems and incidents according to ISO 20000), Service Level Management, Business value management, and process improvement – these are all parts of IT Governance Performance Management tasks. Performance management looks at how IT tracks and monitors implementation strategy, how the success of a project is determined, resource usage, process performance and service delivery.

Risk management as part of IT Governance is all about the safeguarding of IT assets, disaster recovery and continuity of operations including security and information integrity.

And the final area of IT Governance is resource management, i.e. how IT optimizes and manages critical IT resources. This topic covers hardware and software asset management, third-party service providers & outsourcing, and financial management.

Unfortunately, IT Governance is often confused with IT Management practices and in many organizations, IT Governance roles are split between various management functions – or even just expected from IT – by default. You can read here about the actual role of IT Service Management.

IT Governance Framework

There are many IT Governance frameworks available which more or less fit previously described areas. And more information about ITSM Standards and Frameworks is also available.

Most notable of them is ISO 38500, the international standard for the corporate governance of information technology. ISO/IEC 38500 provides guidance to those advising, informing or assisting directors on the effective and acceptable use of Information Technology (IT) within the organization.

Yet, the most popular IT Governance framework is CoBIT. Basically, it’s a set of guidelines and supporting toolset for IT Governance that is accepted worldwide. It’s used by auditors and companies as a way to integrate technology to implement controls and meet specific business objectives. CoBIT is well-suited to organizations focused on risk management and mitigation.

Next on the list is ITIL®, which isn’t focused on IT Governance itself, but gives a clear overview of Service Management. It’s process-related, and the information contained is a useful reference for the improvement of service management function. The same description is valid for ISO 20000 as well, but on an organizational level.

The CMMI (Capability Maturity Model Integration) method is particularly well-suited to organizations that need help with application development, lifecycle issues and improving the delivery of products throughout the lifecycle.

Another framework worth mentioning is the ISO 27000 series, and, most notably, ISO 27001 – which focuses on information security management, which is a strong part of IT Governance.

It’s hard to choose the best IT Governance framework that will fit every need, but common practice seems to be mixing several of them together for best results.