What is IT governance? How to implement a robust IT governance strategy

The notion of aligning IT and business strategies is hardly breaking news. However, CIOs are still on the hunt for the most effective ways to unite business and IT operations, and IT governance is a tried and tested way to do exactly that.

Often organisations find that operational and cultural differences between various departments, working towards different goals creates a barrier to achieving successful returns on investments.

IT governance offers a formal framework to align the business and IT aspects of organisation's operations. It should, in theory, mean that businesses can manage and mitigate obsticles to reaching business goals.

The idea: to produce a framework which can provide measurable outcomes aligned with your overall business strategy.

Its aim: to maximise the business return while managing risk.

However, this throws up a couple of queries, like 'how much risk is too much risk?' and 'how can this be regulated?'

A strict IT governance framework promises to ease these concerns and offer a formal definition of IT risk and allow you to manage any variants from the standard.

The concept behind IT governance is essentially the same as governance, risk and compliance or GRC. This is because security procedures are normally incorporated into business strategies.

For example, if a CISO reports directly into the CIO, methodology which shapes your IT governance or GRC is skewed towards security.

How to implement an IT governance strategy

Thanks to the demand for IT governance, there are some 'out of the box' frameworks that are commonly implemented across the globe.


Possibly the world's most used framework, COBIT is designed for the governance of enterprise IT, COBIT is a framework aimed at alleviating problems associated with risk management and mitigation.


CMMI, or The Capability Maturity Model Integration method, has more of a focus on software engineering. CMMI measures an organisations performance and profitability by using a scale of 1 to 5.


ITIL, or Information Technology Infrastructure Library, provides a comprehensive framework for IT management. It is designed to make sure IT services underpin the fundamental processes of the business.

Choosing between frameworks is the next task on your list. And it should be a relatively easy one.

If you have a clear and defined business objective, you'll need to pick the most suitable framework, whether that be to streamline operations or assessing security risks.

You should also consider your corporate culture and how a certain framework would fit into your organisations. This will almost definitely involve talking to your stakeholders and seeing which one jumps out to them.

And while COBIT is considered the leading framework, it focuses more on risk, rather than making business operations more efficient, like other frameworks such as ITIL.

In fact, you don't need to limit yourself to just one. It's likely that your core business operations won't fit into one box, so using compatible frameworks could be the right move for you.

For example, COBIT and ITIL could be used in conjunction, COBIT for risk management and ITIL for business objectives efficiency.

There are a number of organisations successfully aligning business strategies with IT. See: How CIOs are aligning the business and technology.


Copyright © 2018 IDG Communications, Inc.

7 secrets of successful remote IT teams