In the wake of 9/11 and corporate debacles such as Enron, organizations are taking a serious look at their information technology (IT) groups and questioning the governance models necessary to minimize risks and maximize returns.
At a very broad level, organizations can approach governance on an ad hoc basis and create their own frameworks, or they can adopt standards that have been developed and perfected through the combined experience of hundreds of organizations and people. By adopting a standard IT governance framework, enterprises realize a number of benefits.
What is ‘IT Governance’?
Essentially, governance addresses the proper management of organizations. IT governance takes these concepts one step lower and applies them to the IT group.
Perhaps the best definition can be found in the executive summary of COBIT, which identifies IT governance as “a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes.”
Three Primary IT Standards
To be clear, “ad hoc” refers to frameworks developed within an organization based on the best practice experience found within an organization. In contrast, there are evolving international standards that are maintained by governing bodies that reflect the experience of hundreds of organizations. Now, if we focus on IT standards, there exist three that seem to be at the forefront today. They are:
Currently, the ISACA is finalizing a special version of COBIT called “QuickStart” for small and medium-sized businesses. It will contain a subset of the COBIT standard and focus on elements that are viewed as most critical for organizations that lack the resources to pursue the full standard.
The standard has the following high-level groupings: security policy, organizational security, asset classification and control, personnel security, physical and environmental security, communications and operations management, access control, systems development and maintenance, business continuity management and compliance. The standard is very well-done and covers a great deal of material in a concise manner.
The “library” currently consists of seven books: service support, service delivery, security management, application management, ICT infrastructure management, the business perspective and planning to implement service management. ITIL is very much aimed at identifying best practices in regards to managing IT service levels and a number of organizations, including the U.S. Navy and Procter and Gamble, have adopted ITIL and enjoyed substantial benefits.
The Benefits of Standards
There are a number of compelling reasons to adopt a defined standard:
1. The Wheel Exists — In today’s world time is a precious commodity. Why spend all of the time and effort to develop a framework based on limited experience when internationally developed standards already exist?
2. Structured — The framework of the models provides an excellent structure that organizations can follow. Furthermore, the structure helps everyone be on the same page because they can see what is expected.
3. Best Practices — The standards have been developed over time and assessed by hundreds of people and organizations all over the world. The cumulative years of experience reflected in the models can not be matched by a single organization’s efforts.
4. Knowledge Sharing — By following standards, people can share ideas between organizations, profit from user groups, Web sites, magazines, books and so on. Proponents of company-specific ad hoc approaches do not have this luxury.
5. Auditable — Without standards, it becomes far more difficult for auditors, especially third-party auditors, to effectively assess control. By this, I mean that the auditors themselves should be following standards, as opposed to ad hoc auditing practices. The goal must be to at least certify the organization against at least one base standard and then make recommendations over and above the standard(s), where appropriate.
Which standard is best?
Interestingly, there isn’t a great deal of overlap between the three. COBIT is strong in IT controls and metrics. ISO 17799 covers IT security quite well and ITIL emphasizes processes, notably those surrounding the IT helpdesk.
Rather than select one, organizations would be wise to get an overview of the three and then plan an approach that blends the best practices of each along with the needs of the organization.
For example, customers or a regulatory body may be pressuring an organization to adopt ISO 17799 and, as a result, that should then be at least the initial focus. However, rather than stop with ISO 17799, the same organization should extend its vision to include other standards as well.
Adopt and Adapt
Getting started is the hard part! This is a recurring theme in many articles written about IT governance. The question really is not “do we or don’t we implement?”, but really one of “how do we implement?” At this point there are a substantial number of resources available to help organizations research and implement. Take the area that is of greatest concern to you and/or your stakeholders and start with an incremental approach. All of the standards are huge undertakings and you are far better off to phase in various elements over time than to try and implement everything at once.
Summary
COBIT, ISO 17799 and ITIL all serve as excellent frameworks by which to improve IT governance. The key is to research the standards, review your needs and then move forward with the standard that is the best initial fit. In the end, all three provide best practices for IT organizations to review and eclectically adopt. Firms, moving ahead with the adoption of a standard will be well served to utilized a phased implementation project approach and start with elements of the standard that will yield their organization the most benefits.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.