The primary objective of IT governance is the leveraging of IT resources available to the organization and the stewardship of the IT systems in a manner that would create value for the organization.
- IT Management: IT management is all about the plans to operationalize the use of IT resources, directing and controlling the use of such resources, and organizing the management of such resources.
- IT Compliance: Compliance in the IT world can mean creating an adequate strategy which manages both the management of the compliance process as well as the integrity of the compliance system.
- IT Controls: These are specific tasks performed by IT staff to ensure that business objectives are kept top-of-mind.
- Governance, Risk and Compliance (GRC): The grouping of capabilities that combine governance, risk management and performance to achieve reliable business objectives and address uncertainty.
There are five common IT governance frameworks examples that organizations:
- COBIT: Control Objectives for Information and Related Technologies. This framework is created by the Information Systems Audit and Control Association (ISACA) and is designed specifically for enterprise IT. COBIT is considered the industry standard best practice IT governance framework.
- ITIL: Information Technology Infrastructure Library. This framework considers how IT service strategy, design, transition, operations, and service improvement can support core business practices.
- COSO: The Committee of Sponsoring Organizations of the Treadway Commission (COSO) focuses on internal controls, rather than on IT-specific functions, integrating other frameworks like risk management and fraud prevention.
- CMMI: The Capability Maturity Model Integration framework is primarily concerned with performance improvement, using a scale to evaluate an organization’s performance, quality, and profitability.
- FAIR: Factor Analysis of Information Risk is a tool that helps organizations quantify their level of risk.