|Establishing an IT Governance Framework|
The purpose of an IT governance framework is to support effective and efficient management of IT resources to facilitate the achievement of an organisation's strategic objectives. All information and information technology resources fall within the scope of IT governance. (The board has responsibility for the stewardship of all IT resources on behalf and for the benefit of all stakeholders).
An IT governance framework comprises 3 levels of decision-making authority and accountability for the efficient and effective management of IT resources to facilitate the achievement of an organisation’s strategic objectives and satisfy the expectations of all stakeholders.
At level 1, the Board (or the IT Steering Committee appointed by the board) governs IT by:
Also at level 1, the Audit committee will govern IT by:
And, the Risk committee will govern IT by:
At level 2, one or more oversight authorities govern by overseeing the:
At level 3, the IT management delivers by:
Building an IT Governance Framework
An IT governance framework has to be built from the bottom up. IT activities have to be organised. Processes are a powerful way to better organise IT activities as they group activities together under a common purpose. The various IT activities within an organisation need to be identified and associated with a common purpose. Process models like CobiT and ITIL can help to identify IT activities and determine the relationship and common purpose with which individual activities align.
It would be wrong to implement all the CobiT or ITIL processes. These process models are reference sources that provide useful information to help identify IT activities and the related objectives. Only the IT activities necessary to support the business and achieve the organisation's strategic objectives must be implemented. The challenge is to effectively and efficiently manage (track, supervise, check, control) the use of IT resources within each process and to keep each process aligned (plan, build, operate, act) with the organisation's strategic objectives.
The board is expected to evaluate, direct and monitor the IT resources being used across the organisation on behalf of all stakeholders. At a minimum, the board should be clear about the strategic objectives and the priority attached to each objective.
|Last Updated on Tuesday, 10 May 2011 15:16|