User Tools

Site Tools


management:corporate_governance:corporate_governance_of_information_technology

Corporate governance of information technology

Information technology (IT) governance is a subset discipline of corporate governance, focused on information technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system.

Historically, board-level executives deferred key IT decisions to the company's IT management and business leaders. Short-term goals of those responsible for managing IT can be in conflict with the best interests of other stakeholders unless proper oversight is established. IT governance systematically involves everyone: board members, executive management, staff, customers, communities, investors and regulators. An IT Governance framework is used to identify, establish and link the mechanisms to oversee the use of information and related technology to create value and manage the risks associated with using information technology.

Various definitions of IT governance exist. While in the business world the focus has been on managing performance and creating value, in the academic world the focus has been on “specifying the decision rights and an accountability framework to encourage desirable behavior in the use of IT.”

The IT Governance Institute's definition is: “… leadership, organizational structures and processes to ensure that the organisation's IT sustains and extends the organisation's strategies and objectives.”[2]

AS8015, the Australian Standard for Corporate Governance of Information and Communication Technology (ICT), defines Corporate Governance of ICT as “The system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organisation and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organisation.”

Frameworks

There are quite a few supporting references that may be useful guides to the implementation of information and technology (IT) governance. Some of them are:

  AS8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology. AS8015 was adopted as ISO/IEC 38500 in May 2008
  ISO/IEC 38500:2015 Corporate governance of information technology,[4] (very closely based on AS8015-2005) provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations.
  COBIT is regarded as the world's leading IT governance and control framework. COBIT provides a reference model of 37 IT processes typically found in an organization.[5] Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and a maturity model. ISACA published COBIT2019 in 2019 as a "business framework for the governance and management of enterprise IT". COBIT2019 consolidates replaces COBIT 5, which itself replaced COBIT 4.1, Val IT and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with TOGAF and ITIL.
  IGPMM- The Information Governance Process Maturity Model[6] depends on maturing 22 processes that help identify – and improve the management of – information value, cost and risk. CGOC updated the IGPMM in March 2017.[7] The processes reflect the needs of the key information stakeholders, including legal, records information management (RIM), privacy and security, lines of business and IT. The maturation for each business process moves through four stages:
      Stage 1: Ad hoc and inconsistent
      Stage 2: Siloed and manual
      Stage 3: Siloed, consistent and instrumented
      Stage 4: Integrated, instrumented and optimized

Other frameworks offer a partial view on IT Management & IT Governance Processes:

  CMM - The Capability Maturity Model: focus on software engineering
  ITIL - Focus on IT Service management
  ISO/IEC 20000 - Focus on IT Service management
  ISO/IEC 27001 - Focus on Information Security Management
  ISO/IEC 27005 - Focus on Information Security Risk Management
  ISO/IEC 29148 and IREB - Focus on Requirement Engineering
  ISO/IEC 29119 and ISTQB - Focus on Software Testing

Non-IT specific frameworks of use include:

  PRINCE2 and PMBOK - Focus on Project Management
  ISO 22301 - Focus on Business Continuity
  The Balanced Scorecard (BSC) - method to assess an organization’s performance in many different areas
  Six Sigma - Focus on quality assurance
  The Open Group Architecture Framework (TOGAF) - methodology to align business and IT, resulting in useful projects and effective governance

Professional certification

  Certified in the Governance of Enterprise Information Technology (CGEIT) is a certification created in 2007 by ISACA. It is designed for experienced professionals, who can demonstrate 5 or more years experience, serving in a managing or advisory role focused on the governance and control of IT at an enterprise level. It also requires passing a 4-hour test, designed to evaluate an applicant's understanding of enterprise IT management. The first examination was held in December 2008.
  COBIT5 Foundation, COBIT5 Assessor and COBIT5 Implementation are certifications created in 2012 by ISACA.

See also

  Computer security
  Data governance
  Enterprise architecture
  Information governance
  IT portfolio management
  Project governance
  Service governance
  
  
management/corporate_governance/corporate_governance_of_information_technology.txt · Last modified: 2023/10/15 11:02 by wikiadmin