What is IT governance?

IT governance is a formal way to align IT strategy with business strategy. Stick around for tips for
successfully implementing a governance framework.

Busin
IT
sess
Strat
Strat
egy
egy

What is IT governance for?

IT governance frameworks provide a structure for aligning IT strategy and business strategy to
ensure that IT investments support business objectives.

By following a formal framework, organisations can produce measurable results toward achieving
their strategies and goals. A formal program also takes stakeholders' interests into account, as well
as the needs of staff and the processes they follow.

Who needs IT governance?

A formal IT governance program should be on the radar of any organisation in any industry that
must comply with financial and technological accountability regulations.

However, implementing a comprehensive IT governance program requires much time and effort.

Where tiny businesses might practice only essential IT governance methods, the goal of larger and
more regulated organisations should be a full-fledged IT governance program.

How do you implement an IT governance program?

The easiest way to implement IT governance is to start with a framework that's been created by
industry experts and used by thousands of organisations. Many frameworks include implementation
guides to help organisations implement an IT governance program with fewer speedbumps.

The most commonly used frameworks are:

COBIT
ITIL
CMMI
FAIR

How do I choose which framework to use?

Most IT governance frameworks are designed to help you determine how your IT department is
functioning overall, what critical metrics management needs and what return IT is giving back to the
business from its investments.

Where COBIT and COSO are used mainly for risk, ITIL helps to streamline IT service and operations.

Although CMMI was initially intended for software engineering, it now involves hardware
development, service delivery and purchasing processes.

FAIR is used squarely for assessing operational and cyber security risks.

When reviewing frameworks, consider your corporate culture. Does a particular framework or
model seem a natural fit for your organisation? Does it resonate with your stakeholders? That
framework is the best choice.

But you don't have to choose only one framework. For example, COBIT and ITIL complement one
COBIT and ITIL

another is that CO-BIT often explains why something is done or needed, whereas I-TIL provides
the "how." Some organisations have used CO-BIT and COS-O, along with the I-SO 27 thousand one
standard (for managing information security).

How do you ensure a smooth implementation?

One of the most critical paths to success is with executive buy-in. You can even form a risk
management committee with an executive sponsor and representation from the business.

As with any significant project, you should always keep communication lines open between various
parties, measure and monitor the progress of the implementation, and seek outside help if needed.