Board oversight of information technology has not kept pace with the rapid growth of IT as a critical driver of business success. However, this is shortsighted, since effective governance over IT Governance protects shareholder value; makes clear that IT risks are quantified and understood; directs and controls IT investment, opportunity, benefits and risks; aligns IT with the business while accepting IT as a critical input to and component of the strategic plan; sustains current operations and prepares for the future; and is an integral part of a global governance structure. Like most other governance activities, IT Governance engages both board and executive management. Among the board’s responsibilities are reviewing and guiding corporate strategy, setting and monitoring achievement of management’s performance objectives, and ensuring the integrity of the organisation’s systems. Management’s focus is generally on cost-efficiency, revenue enhancement and building capabilities, all of which are enabled by information, knowledge and the IT infrastructure. The four main focus areas for IT Governance are driven by stakeholder value. Two are outcomes: value delivery and risk mitigation. Two are drivers: strategic alignment and performance measurement. Action plans for implementing effective IT Governance, from both a board and an executive management point of view, consist of activities, outcome measures, best practices, critical success factors and performance drivers. In addition, organisations must assess how well they are currently performing and be able to identify where and how improvements can be made. The use of maturity models simplifies this task and provides a pragmatic, structured approach for measurement. Control Objectives for Information and related Technology (COBIT), a third edition of which was issued by the IT Governance Institute in 2000, incorporates material on IT Governance and a Management Guidelines component. COBIT presents an international and generally accepted IT control framework enabling organisations to implement an IT Governance structure throughout the enterprise. The Management Guidelines consist of maturity models, critical success factors, key goal indicators and key performance indicators. This structure delivers a significantly improved framework responding to management’s need for control and measurability of IT by providing tools to assess and measure the organisation’s IT environment against COBIT’s 34 IT processes.
