Qamba Knowledge Base
What is IT Governance?
IT governance could best be described as a strategic focus of driving business outcomes through long term planning and leadership. In contrast to IT management which focuses more of the operational side of IT, like keeping systems running, and managing the day to day processes.
IT governance is concerned with aligning IT to reach business outcomes, with a much broader and long term business view compared to IT management, which focuses more on planning, implementing and maintaining IT resources.
Frameworks
While most businesses don’t need to formally introduce a framework to start leveraging IT to achieve strategic outcomes, they can be useful tools to help foster IT governance within an organisation.
AS8015-2005 / ISO 38500:2015
The AS8015-2005 standard was adopted by ISO 38500, so for brevity we’ll talk about them as they are the same thing, as they share similar ideas.
These frameworks define six principles of quality corporate governance of IT:
- Responsibility – Who is responsible for what in IT should be clearly defined.
- Strategy – A plan should be implemented for IT to best support the organization.
- Acquisition – IT resources needs to be justified and valid.
- Performance – Implementations and performance should be continually monitored and evaluated.
- Conformance – Systems and rules should be formalized where required.
- Human behavior – Respect the human factors involved in IT decisions and systems.
IGPMM – Information Governance Process Maturity Model
IGPMM focuses on maturing 22 processes that help improve the management of IT value, cost and risk. According to IGPMM, maturation for each business process moves through four stages.
- Ad-Hoc / Inconsistent
- Siloed / Manual
- Siloed / Consistent
- Integrated / Optimized
COBIT5
COBIT5 defines common IT processes and defines their inputs, output and key objectives and how to measure performance. It has 5 principles:
- Meet stakeholder needs
- Cover the entire enterprise
- Apply a single integrated framework.
- Enable a holistic approach.
- Separate governance from management