138:
36:
555:. It is designed for experienced professionals, who can demonstrate 5 or more years experience, serving in a managing or advisory role focused on the governance and control of IT at an enterprise level. It also requires passing a 4-hour test, designed to evaluate an applicant's understanding of enterprise IT management. The first examination was held in December 2008.
412:
use of IT. ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of
Information Technology (IT) within their organizations.
235:
involves everyone: board members, executive management, staff, customers, communities, investors and regulators. An IT Governance framework is used to identify, establish and link the mechanisms to oversee the use of information and related technology to create value and manage the risks associated with using information technology.
430:
IGPMM- The
Information Governance Process Maturity Model depends on maturing 22 processes that help identify – and improve the management of – information value, cost and risk. CGOC updated the IGPMM in March 2017. The processes reflect the needs of the key information stakeholders, including legal,
411:
Corporate governance of information technology, (very closely based on AS8015-2005) provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’
389:
Despite the efforts to manage performance and create value, a study focused on fraud in the UAE demonstrated that corporate governance does not play a major role in reducing fraud, indicating that there is no significant difference in comparison to other traditional techniques for fraud prevention.
264:
as "The system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organisation and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organisation."
234:
Historically, board-level executives deferred key IT decisions to the company's IT management and business leaders. Short-term goals of those responsible for managing IT can conflict with the best interests of other stakeholders unless proper oversight is established. IT governance systematically
426:
published COBIT2019 in 2019 as a "business framework for the governance and management of enterprise IT". COBIT2019 consolidates replaces COBIT 5, which itself replaced COBIT 4.1, Val IT and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with TOGAF and
381:
While directors are responsible for this stewardship it is not unusual to delegate this responsibility to management (business and IT) who are expected to develop the necessary capability to deliver the performance expected. Whilst managing risk and ensuring compliance are essential components of
219:. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It has evolved from
330:
As a result of these corporate governance efforts to better govern the leverage of corporate resources, specific attention was given to the role of information and the underpinning technology to support good corporate governance. It was soon recognized that information technology was not only an
238:
Various definitions of IT governance exist. While in the business world the focus has been on managing performance and creating value, in the academic world the focus has been on "specifying the decision rights and an accountability framework to encourage desirable behavior in the use of IT."
300:
with well-defined accountability for decisions that impact on the successful achievement of strategic objectives and institutionalizing good practices through organizing activities in processes with clearly defined process outcomes that can be linked to the
362:. The problem is increased by terms such as "governance, risk and compliance (GRC)" that establish a link between governance and compliance. The primary focus of IT governance is the stewardship of IT resources on behalf of various
341:
IT governance process enforces a direct link of IT resources & processes to enterprise goals in line of strategy. There is a strong correlation between maturity curve of IT governance and overall effectiveness of IT.
311:
53:
285:. It highlights the importance of value creation and accountability for the use of information and related technology and establishes the responsibility of the governing body, rather than the
422:
typically found in an organization. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and a maturity model.
815:
Brown, Allen E. and Grant, Gerald G. (2005) "Framing the
Frameworks: A Review of IT Governance Research," Communications of the Association for Information Systems: Vol. 15, Article 38.
296:, (2) oversee management's performance and (3) mitigate the risks associated with using information and technology. This can be done through board-level direction, implementing an
670:
Halbouni, Sawsan Saadi; Obeid, Nada; Garbou, Abeer (6 June 2016). "Corporate governance and information technology in fraud prevention and detection: Evidence from the UAE".
658:
370:
is to be achieved from the leveraging of IT resources. While IT management is about "planning, organizing, directing and controlling the use of IT resources" (that is, the
822:, “Exploring the relationship between IT governance practices and business/IT alignment through extreme case analysis in Belgian mid-to-large size financial enterprises”,
277:
first emerged in 1993 as a derivative of corporate governance and deals primarily with the connection between an organisation's strategic objectives, business goals and
398:
There are quite a few supporting references that may be useful guides to the implementation of information and technology (IT) governance. Some of them are:
100:
72:
431:
records information management (RIM), privacy and security, lines of business and IT. The maturation for each business process moves through four stages:
957:
79:
220:
86:
926:
Wilkin, C.L. and
Chenhall, R.H. (2010). A Review of IT Governance: A Taxonomy to Inform AIS, Journal of Information Systems, 24 (2), 107–146.
870:
846:
534:
68:
386:, the primary focus is on delivering value and managing performance (i.e. "Governance, Value delivery and Performance management" (GVP)).
307:
Following corporate governance failures in the 1980s, a number of countries established codes of corporate governance in the early 1990s:
159:
405:
Australian
Standard for Corporate Governance of Information and Communication Technology. AS8015 was adopted as ISO/IEC 38500 in May 2008
323:
292:
The primary goals for information and technology (IT) governance are to (1) assure that the use of information and technology generates
930:
921:
887:
860:
838:
764:
181:
119:
706:
781:
967:
359:
57:
390:
Researchers have contended that due to this lack of contributions, there should be better oversight from senior management.
93:
962:
331:
enabler of corporate governance, but as a resource, it was also a value creator that was in need of better governance.
194:
152:
146:
929:
Wood, David J., 2011. "Assessing IT Governance
Maturity: The Case of San Marcos, Texas". Applied Research Projects,
905:, and S. De Haes, “A Research Journey into Enterprise Governance of IT, Business/IT Alignment and Value Creation”,
937:
46:
453:
334:
In
Australia, the AS8015 Corporate Governance of ICT was published in January 2005. It was fast-track adopted as
286:
228:
722:"A Conceptual Framework on IT Governance Impact on Organizational Performance: A Dynamic Capability Perspective"
374:), IT governance is about creating value for the stakeholders based on the direction given by those who govern.
163:
418:
is regarded as the world's leading IT governance and control framework. COBIT provides a reference model of 37
302:
297:
247:
224:
754:
260:, the Australian Standard for Corporate Governance of Information and Communication Technology (ICT), defines
366:
whose ranking is established by the organisation's governing body. A simple way to explain IT governance is:
592:
582:
363:
634:
587:
212:
254:
to ensure that the organisation's IT sustains and extends the organisation's strategies and objectives."
355:
865:
Renz, Patrick S. (2007). "Project
Governance." Heidelberg, Physica-Verl. (Contributions to Economics)
537:(TOGAF) - methodology to align business and IT, resulting in useful projects and effective governance
208:
558:
COBIT5 Foundation, COBIT5 Assessor and COBIT5 Implementation are certifications created in 2012 by
480:
419:
902:
892:
875:
602:
597:
522:
216:
917:
883:
866:
856:
842:
834:
819:
760:
572:
733:
679:
941:
577:
383:
378:
has helped clarify IT governance by describing a model to be used by company directors.
317:
293:
449:
Other frameworks offer a partial view on IT Management & IT Governance
Processes:
951:
490:
471:
465:
408:
351:
335:
278:
282:
914:
IT Governance: How Top
Performers Manage IT Decision Rights for Superior Results,
809:
698:
622:
IT Governance: How Top Performers Manage IT Decision Rights for Superior Results
35:
525:(BSC) - method to assess an organization’s performance in many different areas
274:
243:
683:
17:
738:
721:
528:
515:
375:
756:
Information Governance for Healthcare Professionals: A Practical Approach
935:(This paper applies a modified COBIT framework to a medium sized city.)
505:
402:
251:
934:
699:"ISO/IEC standard for corporate governance of information technology"
257:
897:
Enterprise Governance of IT: Achieving Strategic Alignment and Value
559:
552:
548:
547:
Certified in the Governance of Enterprise Information Technology (
509:
494:
423:
415:
484:
459:
312:
Committee of Sponsoring Organizations of the Treadway Commission
456:- The Capability Maturity Model: focus on software engineering
131:
29:
907:
International Journal of IT/Business Alignment and Governance
477:
ISO/IEC 27005 - Focus on Information Security Risk Management
853:
Managing IT as a business : a survival guide for CEOs.
841:. "Gouvernance, audit et securite des TI", CCH, 2008(Ed1)
831:
IT Gouvernance : Maitrise d'un systeme d'information
810:"IT Governance: Bureaucratic Logjam or Business Enabler"
782:"New IGPMM Essential in Confronting Data Challenges"
60:. Unsourced material may be challenged and removed.
242:The IT Governance Institute's definition is: "...
211:, focused on information technology (IT) and its
916:Boston, MA, Harvard Business School Publishing,
880:Strategies for Information technology Governance
69:"Corporate governance of information technology"
443:Stage 4: Integrated, instrumented and optimized
703:International Organization for Standardization
635:"Board Briefing on IT Governance, 2nd Edition"
726:Academic Journal of Interdisciplinary Studies
8:
824:Journal of Enterprise Information Management
440:Stage 3: Siloed, consistent and instrumented
501:Non-IT specific frameworks of use include:
474:- Focus on Information Security Management
833:, Dunod, 2004(Ed1) 2006(Ed2), 2009(Ed3),
826:, Vol. 22, No. 5, 2009, pp. 615–637.
737:
624:", Harvard Business School Press, Boston.
273:The discipline of information technology
182:Learn how and when to remove this message
120:Learn how and when to remove this message
27:Subset discipline of corporate governance
551:) is a certification created in 2007 by
145:This article includes a list of general
613:
221:The Principles of Scientific Management
709:from the original on 5 December 2008.
535:The Open Group Architecture Framework
350:IT governance is often confused with
7:
303:organisation's strategic objectives.
58:adding citations to reliable sources
753:Smallwood, Robert F. (2018-10-01).
697:Tranchard, Sandrine (5 June 2008).
620:Weill, P. & Ross, J. W., 2004,
909:, Vol. No. 1, 2010, pp. 1–13.
720:Harguem, Saida (17 January 2021).
487:- Focus on Requirement Engineering
151:it lacks sufficient corresponding
25:
958:Information technology governance
931:Texas State University-San Marcos
912:Weill, P. and Ross, J.W. (2004).
468:- Focus on IT Service management
462:- Focus on IT Service management
434:Stage 1: Ad hoc and inconsistent
136:
34:
882:, IDEA Group Publishing, 2004,
640:. IT Governance Institute. 2003
45:needs additional citations for
518:- Focus on Business Continuity
1:
786:Corporate Compliance Insights
512:- Focus on Project Management
531:- Focus on quality assurance
780:Maher, Heidi (2017-03-03).
672:Managerial Auditing Journal
497:- Focus on Software Testing
262:Corporate Governance of ICT
984:
855:Hoboken, N.J., J. Wiley.,
542:Professional certification
437:Stage 2: Siloed and manual
207:is a subset discipline of
659:Introduction to ISO 38500
287:chief information officer
248:organizational structures
229:Quality Management System
759:. Taylor & Francis.
684:10.1108/MAJ-02-2015-1163
298:organizational structure
289:or business management.
225:Total Quality Management
739:10.36941/ajis-2021-0012
593:IT portfolio management
583:Enterprise architecture
166:more precise citations.
968:Engineering management
808:Blitstein, Ron, 2012.
588:Information governance
196:Information technology
963:Corporate governance
851:Lutchen, M. (2004).
812:, Cutter Consortium.
209:corporate governance
54:improve this article
940:2012-03-18 at the
903:Wim Van Grembergen
895:, and S. De Haes,
893:Van Grembergen, W.
876:Van Grembergen, W.
603:Service governance
598:Project governance
523:Balanced Scorecard
409:ISO/IEC 38500:2015
899:, Springer, 2009.
871:978-3-7908-1926-7
847:978-2-89366-577-1
820:W. Van Grembergen
573:Computer security
192:
191:
184:
130:
129:
122:
104:
16:(Redirected from
975:
818:S. De Haes, and
796:
795:
793:
792:
777:
771:
770:
750:
744:
743:
741:
717:
711:
710:
694:
688:
687:
678:(6/7): 589–628.
667:
661:
656:
650:
649:
647:
645:
639:
631:
625:
618:
187:
180:
176:
173:
167:
162:this article by
153:inline citations
140:
139:
132:
125:
118:
114:
111:
105:
103:
62:
38:
30:
21:
983:
982:
978:
977:
976:
974:
973:
972:
948:
947:
946:
942:Wayback Machine
804:
802:Further reading
799:
790:
788:
779:
778:
774:
767:
752:
751:
747:
719:
718:
714:
696:
695:
691:
669:
668:
664:
657:
653:
643:
641:
637:
633:
632:
628:
619:
615:
611:
578:Data governance
569:
544:
396:
384:good governance
348:
326:(South Africa).
271:
217:risk management
188:
177:
171:
168:
158:Please help to
157:
141:
137:
126:
115:
109:
106:
63:
61:
51:
39:
28:
23:
22:
15:
12:
11:
5:
981:
979:
971:
970:
965:
960:
950:
949:
945:
944:
927:
924:
910:
900:
890:
873:
863:
849:
827:
816:
813:
805:
803:
800:
798:
797:
772:
765:
745:
712:
689:
662:
651:
626:
612:
610:
607:
606:
605:
600:
595:
590:
585:
580:
575:
568:
565:
564:
563:
556:
543:
540:
539:
538:
532:
526:
519:
513:
499:
498:
488:
478:
475:
469:
463:
457:
447:
446:
445:
444:
441:
438:
435:
428:
413:
406:
395:
392:
347:
344:
328:
327:
321:
318:Cadbury Report
315:
294:business value
270:
267:
190:
189:
144:
142:
135:
128:
127:
42:
40:
33:
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
980:
969:
966:
964:
961:
959:
956:
955:
953:
943:
939:
936:
932:
928:
925:
923:
922:1-59139-253-5
919:
915:
911:
908:
904:
901:
898:
894:
891:
889:
888:1-59140-284-0
885:
881:
877:
874:
872:
868:
864:
862:
861:0-471-47104-6
858:
854:
850:
848:
844:
840:
839:2-10-052574-3
836:
832:
828:
825:
821:
817:
814:
811:
807:
806:
801:
787:
783:
776:
773:
768:
766:9781351339728
762:
758:
757:
749:
746:
740:
735:
731:
727:
723:
716:
713:
708:
704:
700:
693:
690:
685:
681:
677:
673:
666:
663:
660:
655:
652:
636:
630:
627:
623:
617:
614:
608:
604:
601:
599:
596:
594:
591:
589:
586:
584:
581:
579:
576:
574:
571:
570:
566:
561:
557:
554:
550:
546:
545:
541:
536:
533:
530:
527:
524:
520:
517:
514:
511:
507:
504:
503:
502:
496:
492:
491:ISO/IEC 29119
489:
486:
482:
481:ISO/IEC 29148
479:
476:
473:
472:ISO/IEC 27001
470:
467:
466:ISO/IEC 20000
464:
461:
458:
455:
452:
451:
450:
442:
439:
436:
433:
432:
429:
425:
421:
417:
414:
410:
407:
404:
401:
400:
399:
393:
391:
387:
385:
379:
377:
373:
369:
365:
361:
357:
353:
352:IT management
345:
343:
339:
338:in May 2008.
337:
336:ISO/IEC 38500
332:
325:
322:
319:
316:
313:
310:
309:
308:
305:
304:
299:
295:
290:
288:
284:
280:
279:IT management
276:
268:
266:
263:
259:
255:
253:
249:
245:
240:
236:
232:
230:
227:and ISO 9001
226:
222:
218:
214:
210:
206:
203:
201:
197:
186:
183:
175:
165:
161:
155:
154:
148:
143:
134:
133:
124:
121:
113:
102:
99:
95:
92:
88:
85:
81:
78:
74:
71: –
70:
66:
65:Find sources:
59:
55:
49:
48:
43:This article
41:
37:
32:
31:
19:
18:IT Governance
913:
906:
896:
879:
852:
830:
829:Georgel F.,
823:
789:. Retrieved
785:
775:
755:
748:
729:
725:
715:
702:
692:
675:
671:
665:
654:
642:. Retrieved
629:
621:
616:
500:
448:
420:IT processes
397:
388:
380:
371:
367:
364:stakeholders
349:
340:
333:
329:
306:
291:
283:organization
272:
261:
256:
241:
237:
233:
204:
199:
195:
193:
178:
172:January 2022
169:
150:
116:
110:January 2022
107:
97:
90:
83:
76:
64:
52:Please help
47:verification
44:
403:AS8015-2005
360:IT controls
324:King Report
213:performance
164:introducing
952:Categories
791:2018-11-21
732:(1): 136.
609:References
394:Frameworks
356:compliance
281:within an
275:governance
269:Background
244:leadership
205:governance
147:references
80:newspapers
529:Six Sigma
516:ISO 22301
376:ISO 38500
252:processes
938:Archived
707:Archived
644:June 24,
567:See also
346:Problems
506:PRINCE2
160:improve
94:scholar
920:
886:
869:
859:
845:
837:
763:
258:AS8015
149:, but
96:
89:
82:
75:
67:
638:(PDF)
560:ISACA
553:ISACA
549:CGEIT
510:PMBOK
495:ISTQB
427:ITIL.
424:ISACA
416:COBIT
314:(USA)
101:JSTOR
87:books
918:ISBN
884:ISBN
867:ISBN
857:ISBN
843:ISBN
835:ISBN
761:ISBN
646:2014
521:The
508:and
493:and
485:IREB
483:and
460:ITIL
368:what
358:and
320:(UK)
250:and
215:and
73:news
734:doi
680:doi
454:CMM
372:how
56:by
954::
933:.
878:,
784:.
730:10
728:.
724:.
705:.
701:.
676:31
674:.
354:,
246:,
231:.
223:,
200:IT
794:.
769:.
742:.
736::
686:.
682::
648:.
562:.
202:)
198:(
185:)
179:(
174:)
170:(
156:.
123:)
117:(
112:)
108:(
98:·
91:·
84:·
77:·
50:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.