This article provides an overview and  summary of IT Governance Management encompassing COBIT 5, ITIL v3, ISO27002, IT Risk Management and Sarbanes Oxley type considerations.

IT Governance is the responsibility of the Board of Directors and covers leadership, organisational structures, policies and processes that ensure that the IT functions support the delivery of organisational strategic goals and objectives. IT governance covers culture, organisation, policy, procedures and practices that deliver IT management and controls across the organisation. IT governance includes frameworks, best practices and standards that help define ‘what’ (policies and controls) are required to ensure good governance and ‘how’ (guidelines and processes) to deliver the required IT capabilities and solutions.

For many organisations, where IT plays a crucial role in all aspects of operations, to maintain the quality of work and achieve organisation targets within set timelines and budgets, the role of IT governance is crucial. It is becoming more apparent to organisations that strong IT governance management makes it easier to achieve wider organisation objectives and avoids any challenges with external stakeholders – i.e. regulators. Effective IT governance leads to right decisions being made by management and ensures that the functioning of the organisation is not hampered. IT governance improves organisation performance and allows the leadership of organisations to manage potential risks that could affect their organisation growth and success.

There are many frameworks (COBIT, ISO/IEC 38500, ITIL, PRINCE2, ISO 9001, Val IT etc.) that are promoted for IT governance management. However, whilst they all deliver some improvements in managing IT governance, not all are designed specifically for addressing all the IT governance requirements. As there is no single framework that covers all IT governance requirements and there has been a push to adopt a number of frameworks in a combined manner. However, Morland-Austin has created a mental map to help IT managers and practitioners to understand the IT governance processes and choose a set of IT frameworks that best fit their IT governance requirements. The most common frameworks that have been packaged together and promoted as best practice IT governance solution-set include the COBIT, ISO 27001/2, ITIL and IT PMO frameworks – deployed in a combined manner. COBIT and ISO 27001/2 provides effective IT governance and management processes and standards by focusing on ‘what’ needs be done to ensure good governance. ITIL and PMO frameworks supports and complements COBIT by providing the ‘how’ — how to plan, design, organise and implement effective IT capabilities and processes – value creation (PMO) and value realisation (ITIL).

IT governance is the most crucial component of the IT GRC concept as it represents a higher control level than IT risk and IT compliance management. IT governance drives and governs the IT risk and IT compliance management processes. In return, IT risk and IT compliance management support IT governance by ensuring that the policies, controls, processes are effectively and efficiently executed and meet the internal and external regulatory requirements.

For more information please contact Morland-Austin at