What Is IT Governance? A Formal Way To Align IT & Business Strategy
What Is IT Governance? A Formal Way To Align IT & Business Strategy
What Is IT Governance? A Formal Way To Align IT & Business Strategy
A formal
way to align IT & business strategy
IT governance is a formal framework that provides a structure for
organizations to ensure that IT investments support business
objectives. The need for formal corporate and IT governance practices
across U.S. organizations was fueled by the enactment of laws and
regulations, including the Gramm–Leach–Bliley Act (GLBA) and the
Sarbanes-Oxley Act, in the 1990 and early 2000s that resulted from the
fallout from several high-profile corporate fraud and deception cases.
[ Check out the top GRC certifications. | Get the latest insights by signing up for our CIO
newsletter. ]
1. What is IT governance?
Essentially, IT governance provides a structure for aligning IT strategy
with business strategy. By following a formal framework, organizations
can produce measurable results toward achieving their strategies and
goals. A formal program also takes stakeholders' interests into
account, as well as the needs of staff and the processes they follow.
In the big picture, IT governance is an integral part of overall
enterprise governance.
[ Looking to upgrade your career in tech? This comprehensive online course teaches you
how. ]
Where COBIT and COSO are used mainly for risk, ITIL helps to
streamline service and operations. Although CMMI was originally
intended for software engineering, it now involves processes in
hardware development, service delivery and purchasing. As previously
mentioned, FAIR is squarely for assessing operational and cyber
security risks.
When reviewing frameworks, consider your corporate culture. Does a
particular framework or model seem like a natural fit for your
organization? Does it resonate with your stakeholders? That
framework is probably the best choice.
But you don't have to choose only one framework. For example, COBIT
and ITIL complement one another in that COBIT often explains why
something is done or needed where ITIL provides the "how." Some
organizations have used COBIT and COSO, along with the ISO 27001
standard (for managing information security).