Assessments can take a variety forms. Understand the difference before selecting an approach.

POPI based on ISO 29100

The ISO 38500 standard for Corporate Governance of IT sets out a framework of 6 principles, a model and guidance for the corporate governance of IT that all companies should apply. Corporate governance of IT is described as the system by which the current and future use of IT is directed and controlled. It is different to management, the system of controls and processes required to achieve the strategic objectives set by the organization's governing body.

The COBIT 5 framework implements the ISO 38500 standard for the corporate governance of IT. Those who "govern" act as stewards and take responsibility for ensuring the organisation delivers "what" the stakeholders expect. This they do by evaluating the internal and external environment, directing management and monitoring operational performance.  

Management are expected to align IT operations with business' needs and focus IT activities on the achievement of the business' objectives and the organisation's strategic goals. The integrated process model of the COBIT framework assists with identifying the essential activities and establishing the roles and responsibilities required to deliver "what" is expected. The COBIT 5 framework provides the basic structure which organisations will need to adapt to suit their own particular needs.

The management system (described in APO1) is an important component of the governance framework. It drives efficiency and effectiveness in the use of resources. The management system also supports continuous improvement across all areas, but in particular for service management, information security management, risk management, quality management or the entire IT environment.  

Privacy Framework

An IT governance framework clarifies accountability for decision-making that impacts the organisation's strategic objectives and the benefits realised by the stakeholders. The objective of good governance is effectively and efficiently manage IT resources to facilitate the achievement of the organisation's strategic objectives. This will require organisational structure, governance mechanisms, strategic alignment, value delivery, optimised risk management, resource optimisation and performance management. It will also require respect for the assigned decision-making authority.

Those at the highest level of an organisation, the most senior executives, are responsible for the stewardship of the information and technology resources. They are accountable to the stakeholders for creating value and delivering benefits from investing in and operating information and technology resources. They define "what" is to be achieved. Central to good governance is leadership and direction provided by those who govern (e.g. the board of directors or council).

it governance framework

Process Integration

At the ITGN we use an Operating Model to describe how an IT organisation functions in support of its business operation. The operating model defines the major information and technology capabilities required to support and execute your business strategy; and how the core components of capability (process, technology and people) are used to drive efficiency and effectiveness.

The COBIT 5 framework can be used to organize IT activities into a logical operating model of 37 process in total. While not all the processes might be essential, the integrated nature of the processes will require that at least a few activities of each process will be required. Defining your organisation's own processes will take into account the integration necessary as well as the possible consolidation of activities into fewer processes. 

Accountability Framework

Good governance requires accountability for the outcomes achieved and mutual respect for each others' decision-making authority. An accountability framework clarifies which roles and responsibilities are important to delivering the results expected, who should lead and who supports the value creation. The operating model separates out responsibility and identifies the "touch-points" between process and process area responsibilities.

Usually, a number of processes and process areas support the operating model. The objective of good IT governance is to effectively and efficiently leverage the IT resources in support of achieving the organisaton's strategic objectives.  

Product Tour

POPI Risk Assessment

The COBIT 4 Maturity Model can provide management with an initial, high-level view of the current level of organisational maturity.

Free POPI Risk tool

PAIA Preparation

Illustration of the process and a management system for the implementation of COBIT 5.

View video

IT Legal Register

Used to perform the capability assessment and manage the subsequent improvement of the IT organisation.

View video

POPI Management System

Managing the IT function and continuously improving its capability.

View video

POPI Capability Assessments

COBIT 5 capability assessments are highly subjective and depend entirely on the assessor's IT knowledge and experience.

The ITGN has the skill, experience and tools needed to ensure reliable results. Read more...

POPI Management System

Improve your IT organisation's efficiency and effectiveness with a management system to coordinate and continuously improve the operational practices.


POPI Expertise

IT governance experts are available to assist establish, implement and improve the governance of IT based on the ISO 38500 standard and COBIT 5 good practices.


Go to top