The revolution of information technology has brought about much development in recent times. It has become the backbone of most if not all, business. In recent times, many organizations and businesses rely solely on information system to run an effective production line. There are software's that are developed every now and then to facilitate the demand on the market. Not to talk about the recent applications that are developed to run on mobile phones. Example is the Iphone which has got virtually everything that one will need In terms of buttons. With the implementation of IT, access to information has become very easy and convenient. In the conventional business setup, IT was not an integral part of the system. But now it is not so. This is because IT has taken over the operations of almost all business processes. Financial institutions are using it for the forecast of the stock markets; the banks are also using IT to manage their database and financial activities. As we can see almost everything is based on information technology. That means we can't do away with it. Considering the competition in the market not business can survive without IT. This is because we live in an information age where every transaction is based on information available to the customers and the users of the system. The term It governance which was derived from the word corporate governance deals primarily with the connection between business focus and the IT management of an organization. This also highlights the importance of IT related matters in the contemporary organizations. This states that IT decisions should be owned by the corporate board t, rather than by the chief information officer.
Throughout the article we going to get an indebt understanding of what goes on and we will be able to find out why it is important to implement and It governance in an organization
What is IT?
This is a branch of engineering that deals with the use of computers and telecommunications to retrieve and store and transmit data. it can also be described as the study, design, development, implementation and the support of computer based information systems the study, design, development, implementation, support or management of computer-based information system.
What is IT governance?
Governanceis the activity of governing. It relates to decisions that defineexpectations, give authority, or to verifyperformance. It consists either of a separate process or of or a specific part of management
This can be described as a framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensure that the organization's IT supports and enables the achievement of its strategies and objectives. This is based on five distinct areas. IT governance is the responsibility of the board of directors and executive management. It is also an integral part of the enterprise governance and consists of the leadership, organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives. (ITGI, Board Briefing on IT Governance)
The drawing or figure below describes the five distinct areas of IT governance in an organization
This focuses on ensuring the linkage of business and information technology plans by defining, maintaining and validating the IT value preposition and also aligning the IT operations with the business operations. It also adds value whiles maintaining a competitive advantage position to the enterprise products and services. Again it also contains cost whiles improving administrative efficiency and managerial.
The is always about executing the value preposition throughout the delivery cycle ensuring that it delivers the promised benefits against the strategy thereby concentrating on optimizing cost and improving the value of the information system
This is all about the optimal investment and proper management of the critical information technology resources and applications of information, infrastructure and the people. In doing so the organization is able to know as and when outsourcing a particular project is important to the survival of the organization.
This can be described as putting down the necessary information or steps in order to manage risk. This requires risk awareness by senior cooperate officers and a share understanding of the risk to the organization. The following steps are taken into consideration
- Risk identification
- Risk analysis
- Risk assessment
- Risk mitigation
By taking into consideration the above, they are able to safeguard all of the company's IT assets, disaster Recovery and continuity of operations
The company must be able to measure their performance in order to know how they are doing, whether they are making progress or there is more to be done.
This tracks and monitors strategy implementation, project completion, resource usage, project performance and service delivery. Here the use of balanced score card is important.
Aim and objective of IT governance
The main aim and objective of it governance is primarily to deals with connections between business focus and IT management. The goal of clear governance is to assure that, the investment IT infrastructure is in line with general business value and mitigate the risks that are associated with IT project.
Advantages of IT governance
There is alignment between IT and the business;
- it enables IT resources are used responsibly;
- it also helps to manage IT related risks appropriately;
- IT also help in delivering value by enabling the enterprise to exploit opportunities and maximize benefits
- IT also helps the organization to manage their performance according to business needs
Risk control in the IT governance process
This is to ensure that the necessary guidelines are put in place to control an minimize risk in the IT governance process
Standard of measurement
We are looking at
This is the short form of control objective for information technology and related technologies. This is defined as the standard and a good practice in information technologies. This standard provide a good practice across a domain and process framework and also presents activities in a manageable a logical structure.
COBIT processes are strongly focused on control. These practices help in optimizing it investment, ensure service delivery and provide a measurement against which to judge when things go wrong
For IT to be successful in delivering the business requirements management should put an internal control system in place.
- Make a link in between the business requirement and information system
- It also organizes it activities into a generally acceptable process mod
- It also identify the major IT resources to be leverage
This is an internationally recognized information security standard published in December 200. It is the only standard that is devoted to information security management. It defines information as an asset that may exist in many forms and has a balue for the organization. It goal is to protect the asset in order to ensure business continuity, minimize business damage and maximize return on investment
TheInformation Technology Infrastructure Library(ITIL) is maintained by the United Kingdom's Office of Government Commerce (OGC) and was developed with the input of many organizations beginning in the late 1980s. Interestingly, it is not well-known in all countries, but definitely has a growing number of subscribers.
The "library" currently consists of seven books: service support, service delivery, security management, application management, ICT infrastructure management, the business perspective and planning to implement service management. ITIL is very much aimed at identifying best practices in regards to managing IT service levels and a number of organizations, including the U.S. Navy and Procter and Gamble, have adopted ITIL and enjoyed substantial benefits
IT Governance Using COBIT and Val ITis a set of educational materials that professors and teachers can use to explain and present COBIT in their curricula and courses of information systems management, information security
IS0 17799(ISO27002),ITILandCOBIT are all, potentially, part ofany best-practice approach to regulatory and corporate governance compliance. The challenge, for many organizations, is to establish a co-ordinate, integrated framework that draws on all three of these standards. The recently releasedJoint Framework put together by the ITGI (owners of CobiT) and the OGC (owners of ITIL) is a significant step in the right direction.