Assessments can take a variety forms. Understand the difference before selecting an approach.
The ISO 38500 standard for Corporate Governance of IT sets out a framework of 6 principles, a model and guidance for the corporate governance of IT that all companies should apply. Corporate governance of IT is described as the system by which the current and future use of IT is directed and controlled. It is different to management, the system of controls and processes required to achieve the strategic objectives set by the organization's governing body.
The COBIT 5 framework implements the ISO 38500 standard for the corporate governance of IT. Those who "govern" act as stewards and take responsibility for ensuring the organisation delivers "what" the stakeholders expect. This they do by evaluating the internal and external environment, directing management and monitoring operational performance.
Management are expected to align IT operations with business' needs and focus IT activities on the achievement of the business' objectives and the organisation's strategic goals. The integrated process model of the COBIT framework assists with identifying the essential activities and establishing the roles and responsibilities required to deliver "what" is expected. The COBIT 5 framework provides the basic structure which organisations will need to adapt to suit their own particular needs.
The management system (described in APO1) is an important component of the governance framework. It drives efficiency and effectiveness in the use of resources. The management system also supports continuous improvement across all areas, but in particular for service management, information security management, risk management, quality management or the entire IT environment.
An IT governance framework clarifies accountability for decision-making that impacts the organisation's strategic objectives and the benefits realised by the stakeholders. The objective of good governance is effectively and efficiently manage IT resources to facilitate the achievement of the organisation's strategic objectives. This will require organisational structure, governance mechanisms, strategic alignment, value delivery, optimised risk management, resource optimisation and performance management. It will also require respect for the assigned decision-making authority.
Those at the highest level of an organisation, the most senior executives, are responsible for the stewardship of the information and technology resources. They are accountable to the stakeholders for creating value and delivering benefits from investing in and operating information and technology resources. They define "what" is to be achieved. Central to good governance is leadership and direction provided by those who govern (e.g. the board of directors or council).
At the ITGN we use an Operating Model to describe how an IT organisation functions in support of its business operation. The operating model defines the major information and technology capabilities required to support and execute your business strategy; and how the core components of capability (process, technology and people) are used to drive efficiency and effectiveness.
The COBIT 5 framework can be used to organize IT activities into a logical operating model of 37 process in total. While not all the processes might be essential, the integrated nature of the processes will require that at least a few activities of each process will be required. Defining your organisation's own processes will take into account the integration necessary as well as the possible consolidation of activities into fewer processes.
Good governance requires accountability for the outcomes achieved and mutual respect for each others' decision-making authority. An accountability framework clarifies which roles and responsibilities are important to delivering the results expected, who should lead and who supports the value creation. The operating model separates out responsibility and identifies the "touch-points" between process and process area responsibilities.
Usually, a number of processes and process areas support the operating model. The objective of good IT governance is to effectively and efficiently leverage the IT resources in support of achieving the organisaton's strategic objectives.