POPI Implementation Expertise
"IT Governance" means different things to different people. For some, it is "GRC" - governance, risk and compliance. Often this is not much more than the implementation of controls and maintaining a controls checklist for the purpose of regularly checking compliance. This approach to governance is frequently of little interest to operational management focused on providing the business with the services they need to succeed. These IT managers are more likely to prefer "GVP" - governance, value delivery and performance management.
The ISO 38500 standard for the "Corporate Governance of ICT" splits the implementation of governance between "performance" and "conformance". It requires that IT deliver the performance expected by the business whilst conforming the regulatory and other compliance requirements.
The COBIT framework from ISACA has evolved from being a control framework for auditors to a governance and management framework for the board and IT leadership to direct the use of information and technology and create value according to stakeholder expectations. It now supports auditors wishing to evaluate risk and assess internal controls as much as it supports IT leaders aiming to implement a LEAN organisation that is sufficiently agile to respond quickly to changes in business requirements.
The ITGN has a wide range of expertise to assist with the implementation of better IT governance for both GRC and GVP purposes.