Governance in IT

The primary goals for information technology governance are to ‘guide and direct’, assure the business value in the investments in IT and mitigate the risks that are associated with IT and its management. This can be done by;

  • Good quality information for decision making
  • A suitable organisational structure
  • Project ‘management’ and controls
  • Well-defined roles and responsibilities
  • Business Processes defined and documented
  • Infrastructure managed and monitored
  • Reporting undertaken and reviewed
  • KPI’s identified and in alignment with business delivery

IT governance can be confused with good management practices and IT control frameworks, rather than a management system used by directors and the business executive. Whilst ensuring compliance is an essential component of good governance, it is essential to be focused on delivering value and measuring performance.

The collapse of Enron in 2000, and alleged issues within Arthur Anderson and Worldcom emphasised the need for defined duties and responsibilities of the boards of directors for public and privately held corporations and robust management systems combined with reporting mechanisms and performance indicators.

COBIT v’s ITIL®

COBIT focuses on the definition, implementation, auditing, measurement and improvement of controls for specific processes that span the entire IT life cycle. It is an excellent reference model for IT governance across the IT life cycle – more about the ‘what’ in service delivery.

ITIL primarily focuses on defining the process, functional, operational and organizational attributes that need to be in place for IT management lifecycle to be fully optimized. ITIL is more about the ‘how’ in service delivery.

COBIT can be thought of as defining the CSF and related KPIs that ITIL processes must deliver against, all within a guidance framework tied back to audits.