By: Nihad Hassan
April 15, 2021
Top 3 IT Governance Frameworks
By: Nihad Hassan
April 15, 2021
Information technology (IT) is defined as the use of computing devices and the internet to store, transmit and retrieve digital data. No matter the size of an organization, utilizing IT has become vital to facilitate business operations, enhance relationships between customers and business partners, and increase the security of confidential information and trade secrets.
Information technology is an integral part of any organization working in all industries or sectors. Incorporating technology in business brings significant benefits for every organization. Most departments within an organization cannot continue operating without IT. For example, finance, sales, HR, and any department that depends on IT systems to complete its work cannot function without using specialized software platforms to conduct their daily operations.
Despite the great advantages of having IT systems, organizations should not expect to gain their value without following a strict process to monitor, evaluate, and govern IT systems' usage and make sure they are aligned with business objectives. Hence, IT governance ensures no conflict between the organization's interests (e.g., represented by executive management and the boards) and those managing its IT systems.
There are many definitions for IT governance; however, for this article, we can define it as the set of processes followed by an organization's IT staff to manage IT risks and use IT systems efficiently to achieve the organization's overall goals. To monitor IT governance implementation within an organization, we need to have a roadmap or a framework to follow.
An Information Technology Governance Framework is a framework that describes the methods used by an organization to manage, implement and monitor IT governance within an organization.
This article will list the most common IT governance frameworks and talk briefly about each one.
Top 3 Most Common IT Governance Frameworks
Information Technology Infrastructure Library (ITIL) Created by the British government's Central Computer and Telecommunications Agency (CCTA) in the 1980's, ITIL is an internationally recognized standard (actually, it is more a 'best practices and recommendations' list than a standard) for IT services management and administration. ITIL lists best practices in delivering IT services, and it currently has five books covering the many various phases of the IT service management lifecycle. ITIL allows businesses to manage IT risks, improve customer relationships, develop cost-effective practices and develop a sustainable IT environment that provides productivity and scale for future growth.
ITIL lifecycle is divided into five distinct phases. Each phase relies on a service principle and performance measures, and each phase is connected with another lifecycle phase to receive the input or send output. The ITIL 5 phases are:
- Service strategy: This phase's objective is to define the type of IT service required by the customers and the type of capabilities that should be developed to meet customer demand.
- Service design: This phase's objective is to design new IT services and improve the existing ones.
- Service transition: This phase's objective is to deploy IT services after finishing development or update.
- Service operation: The phase's objective is to ensure the deployed service is stable and work in a production environment.
- Continual service improvement: This phase works with the previous 4 phases to ensure the services are aligned with business objectives.
COBIT (Control Objectives for Information and Related Technology) COBIT is a globally recognized framework for best practices in IT management. COBIT was developed by the ISACA (Information Systems Audit and Control Association) for IT governance and management. It can be used by any organization working in any industry. COBIT promotes a set of procedures and best practices to help organizations achieve their business objectives by exploiting available resources. It also promotes better risk management practices to mitigate risks associated with IT processes.
Why do organizations use COBIT? Using COBIT, organizations can identify their business goals, align their IT goals with it, and help measure the practices that support an organization's IT goals. Using COBIT, we can measure an organization's IT processes' current performance and identify the ones that need improvements to support business goals (e.g., increase profits).
The Principles of COBIT COBIT is composed of 5 principles:
Meeting stakeholder needs (the best implementation is when the solution meets stakeholder needs and business goals at the same time).
Covering the enterprise end-to-end (meaning the IT solution must consider the entire enterprise work, not just small areas).
Applying a single integrated framework (the framework's implantation must be organized and systematic).
Enabling a holistic approach (study an IT problem from all angles before suggesting a solution).
Separating governance from management (for example, governance ensures that there is control and supervision while management is concerned with processes, steps, and procedures.)
VAL IT (value from IT investments) VALIT is a framework for the governance of information technology developed by the IT Governance Institute (ISACA). VALIT extends and complements COBIT in providing a comprehensive control framework for IT governance. However, the main difference between the two frameworks is that VALIT focuses on the investment decision and the projected profits. In contrast, COBIT focuses on the execution area (is work being done in the right way?).
For the governance to be effective, it should be supported by the top management (leadership); however, leadership support is not enough. VALIT supports top management by providing a comprehensive framework supported with processes and other guideline materials to help management executives understand and discuss and evaluate IT-enabled business investments.
Using an IT governance framework became necessary to support and manage IT services offered by an organization successfully. This article lists the three most popular vendor-neutral IT governance frameworks used by organizations globally to manage an IT governance process effectively.