Closed Captioning Closed captioning available on our YouTube channel

What is IT governance?

CIO | Oct 7, 2019

IT governance is a formal way to align IT strategy with business strategy. Watch this video to learn tips for successfully implementing a governance framework.

Copyright © 2019 IDG Communications, Inc.

IT governance is a formal way to align IT strategy with business strategy. Stick around for tips for successfully implementing a governance framework.

What is IT governance for?

IT governance frameworks provide a structure for aligning IT strategy and business strategy to ensure that IT investments support business objectives.

By following a formal framework, organizations can produce measurable results toward achieving their strategies and goals. A formal program also takes stakeholders' interests into account, as well as the needs of staff and the processes they follow.

Who needs IT governance?

A formal IT governance program should be on the radar of any organization in any industry that needs to comply with regulations related to financial and technological accountability.

However, implementing a comprehensive IT governance program requires a lot of time and effort. Where very small businesses might practice only essential IT governance methods, the goal of larger and more regulated organizations should be a full-fledged IT governance program.

How do you implement an IT governance program?

The easiest way to implement IT governance is to start with a framework that's been created by industry experts and used by thousands of organizations. Many frameworks include implementation guides to help organizations phase in an IT governance program with fewer speedbumps.

The most commonly used frameworks are:


How do I choose which framework to use?

Most IT governance frameworks are designed to help you determine how your IT department is functioning overall, what key metrics management needs and what return IT is giving back to the business from its investments.

Where COBIT and CO-SO are used mainly for risk, ITIL helps to streamline IT service and operations.

Although CMMI was originally intended for software engineering, it now involves processes in hardware development, service delivery and purchasing.

FAIR is squarely for assessing operational and cyber security risks.

When reviewing frameworks, consider your corporate culture. Does a particular framework or model seem like a natural fit for your organization? Does it resonate with your stakeholders? That framework is probably the best choice.

But you don't have to choose only one framework. For example, CO-BIT and I-TIL complement one another in that CO-BIT often explains why something is done or needed where I-TIL provides the "how." Some organizations have used CO-BIT and COS-O, along with the I-SO 27 thousand one standard (for managing information security).

How do you ensure a smooth implementation?

One of the most important paths to success is with executive buy-in. You may even want to form a risk management committee with an executive sponsor and representation from the business.

As with any significant project, you should always keep communication lines open between various parties, measure and monitor the progress of the implementation, and seek outside help if needed.
Featured videos from