• IT Governance & CobiT
• Assessments & Audit
• Coaching & Interim
• Consultancy
• Training & Awareness

Background and Objectives of IT Governance

More and more organisations have an improvement of their corporate governance and therefore also of Information Technology (IT) governance very high on their agenda. Therefore they want to respond to the new challenges for an improved internal control framework, as required by the COSO report, the Sarbanes-Oxley law and the Basel II committee. Already before these new milestones, Information Technology and its governance are an issue of growing management concern. The major reasons are:

• IT is a key asset in the execution of an organisational strategy and transformation.
• The realisation of organisational objectives is increasingly dependent on information technology
• Many IT budgets still tend to grow, whilst other expenditures are managed down.
• IT investments of information intensive companies take an increasing part of capital spending.
• Return on investment on intangible assets and added value is difficult to measure.
• Investors are increasingly sensitive to measures that quantify cause-effect relationships between technology spending and organisational performance.

Basically, IT governance is concerned about the realisation of IT opportunities and the mitigation of risk inherently present in its deployment and use. The key objectives of IT governance are:

• To ensure that the IT strategy, policies and plans align with and reflect organisational objectives.
• To ensure that potential business advantage through the use of information technology is timely identified and realised.
• To ensure that opportunities and inherent organisational and technology risks are balanced.
• To ensure that appropriate resource levels are established and allocated to the highest organisational priorities.
• To ensure that IT performance gets measured and optimal structures are established for decision-making.

The board and executive management is responsible for outlining how these objectives will be attained and for clarifying how overall performance will be measured. However straightforward this may sound, the real life tasks at hand are complex and often subject to profound confusion. The key reasons for this are:

• Poor understanding and absence of processes, which elicit IT objectives that are truly aligned with organisational objectives.
• The intangible nature of 'organisational contribution' of information in contrast to the underlying and 'accounted for cost' of IT resources.
• The major challenge to optimise the communication between the business and IT.
• Very often, a still inadequate framework for steering IT and measuring its performance.

CobiT® ¹, the global IT governance framework.

CobiT® (Control Objectives for Information and related Technologies), was first released by the 'IT Governance Institute' (ITGI) in 1996. Since this start its scope was expanded from the original control objectives, to include the audit guidelines and since 2000, also the management guidelines. Nowadays, CobiT® is globally recognised as the authoritative control framework for improving IT governance. More information is available at .

IT governance can be improved as a result of improving controls over IT related processes, such as defined in CobiT®. Such a system improves alignment of IT with the organisational objectives and measures performance. This can result in the delivery of more added value, while managing risks adequately. CobiT® is proposing best practice controls for the organisation. Consequently, it addresses 'what' generic control objectives to achieve over each process. Evidently, each organisation has to translate these controls to make them fit specifically to its own needs. Also, 'how' to implement these controls, is mostly left to the professional judgement of the organisation. Guidance on the "how to be more in control" can be found in other authoritative control frameworks as CMMi (Capability Maturity Model integrated), ITIL (IT Infrastructure Library), ISO 17799 for information security practices. CobiT® is also based on them and can be seen as an overall IT governance control framework which overarches them.

It is in translating a generic 'what' into a specific 'how' that InfoGovernance can bring substantial 'added value' to the table. The key reasons for this are:

• In depth knowledge of the CobiT® framework, by training over seven hundred professionals, in more than fifty workshops, on four continents.
• Implementation experience coming from related consultancy activities in complex IT environ-ments, as well as experience exchanges on a global basis.
• CISA accredited professional.

Our IT governance services

InfoGovernance's services are building on our international experience on four continents. In this way we can promote best practices with a pragmatic implementation approach. These services are designed to assist organisations that are at different stages in their IT governance efforts. Clients include those who are just discovering the need, to the ones who are struggling with very specific implementation issues. InfoGovernance can also help you to set up an implementation project. In the project we can prepare a tailor-made roadmap, which will allow you to progress at the speed, which is in line with your specific needs and resources. Our service offering builds on:

• IT Governance assessment and audit services. We use and offer also a very performant risk, control and incident assessment application.
• IT Governance improvement consultancy services.
• IT Governance 'training' and 'awareness' services.

References

We advised several companies and public administrations on the improvement of IT governance. Furthermore, in public as well as in in-house trainings and workshops, we trained over seven hundred professionals, in more than twenty countries.