What is IT governance?
IT governance is an element of corporate governance, aimed at improving the overall management of IT, and driving improved value from its investment in information and technology.
An IT Governance framework enables organizations to effectively manage its IT risks and ensures that the activities associated with information and technology are aligned with the overall business objectives.
ISO 38500 - the IT governance standard
The international standard for the corporate governance of IT is ISO/IEC 38500:2015. This sets out principles, definitions, and a high-level framework that organizations of all types and sized can use to better align their IT with organizational decisions.
Buy the Standard
Why is IT governance important?
IT governance enables an organization to:
- Demonstrate measurable results against broader business strategies and goals
- Meet relevant legal and regulatory obligations, such as those set out in the EU's GDPR or the CCPA
- Assure stakeholders that they can have confidence in your organization’s IT services
- Facilitate an increase in the return on IT investment
- Comply with certain corporate governance or public listing rules or requirements
Definition of Corporate Governance
Corporate governance is “a toolkit that enables management and the board to deal more effectively with the challenges of running a company. Corporate governance ensures that businesses have appropriate decision-making processes and controls in place so that the interests of all stakeholders are balanced.”- ICSA, The Governance Institute.
A robust corporate governance framework can help you meet the requirements of laws and regulations such as the CCPA and the GDPR.
For instance, the GDPR requires data controllers and processors to be able to demonstrate their compliance with its requirements through certain documentation, including relevant logs, policies, and procedures.
Harnessing the elements of IT Governance will help you create and maintain appropriate policies and procedures to help meet your data privacy requirements.
Learn more about meeting your GDPR compliance obligations >>
IT Governance frameworks, models, and standards
ISO 38500 – The international IT Governance standard
ISO/IEC 38500:2015 is the international standard for corporate governance of IT.
It sets out principles, definitions, and a high-level framework that organizations of all types and sizes can use to better align their use of IT with organizational decisions, and meet their legal, regulatory, and ethical obligations.
As well as ISO 38500, there are numerous widely recognized, vendor-neutral frameworks that organizations can use to implement an IT governance program.
Each has its own IT governance strengths – for instance, COBIT® focuses more on process management and ITIL® on service management – but you might benefit from an integrated approach, using parts of several frameworks to deliver the results you need.
Follow the links below to find out more about each framework.
ITIL®- IT Service Management
Widely adopted around the world, ITIL is a framework for IT service management (ITSM). Its newest iteration ITIL 4, was launched in February 2019.
ITIL is supported by ISO/IEC 20000:2011 – the international standard for ITSM against which organisations can achieve independent certification.
Learn more about ITIL >>
Browse ITIL products >>
COBIT (Control Objectives for Information and Related Technology) is an internationally recognised IT governance control framework that helps organizations meet business challenges in the areas of regulatory compliance, risk management, and aligning IT strategy with organizational goals.
COBIT® 2019, the latest iteration of the framework, was released in November 2018. It builds on COBIT® 5, introducing new concepts and addressing the latest developments affecting enterprise IT.
Learn more about COBIT >>
Browse COBIT products >>
This framework provides structured guidance on how to approach IT governance, and can be useful for benchmarking the balance and effectiveness of IT governance practices within an organization.
The Calder-Moir IT Governance Framework Toolkit provides practical assistance and guidance for practitioners and board members who are tackling the subject.
Learn more about the Calder-Moir IT Governance Framework >>
The five domains or elements of IT Governance
The IT Governance Institute (a division of ISACA) breaks down IT Governance into five domains:
- Value delivery
- Strategic alignment
- Performance management
- Resource management
- Risk management
Other IT Governance frameworks and models to consider
In addition to the frameworks listed above, there are several other models and frameworks you should consider for effective IT governance:
How to establish an IT governance framework
The challenge for many organizations is to establish a coordinated, integrated framework that draws on best-practice IT governance frameworks.
We offer a wide range of products and services, including books, toolkits and training courses, that can support your organization’s compliance with these frameworks. Browse our bestselling IT governance products and services below.