Formulating an IT governance framework

Abstract

Modern organisations make substantial investments in Information Technology (IT). Corporate governance practices can no longer ignore the importance of effectively governing IT. Consequently, the third King Report on Corporate Governance (King III) makes specific provision for IT governance, which is implemented through the establishment of an IT governance framework. The purpose of this research is to develop a generic IT governance framework, suitable to any large South African organisation in the public or private sector. The literature considered for this research confirmed the extent of standards and practices available in support of IT governance, together with the roles and structures required to implement them. These included well-known publications such as COBIT, Prince2, ITIL and ISO/IEC27000. Based on the literature review, a theoretical Processes, Enablers and Structures (PES) IT Governance Framework was formulated. The framework was further explored by means of a survey of and structured interview with ten Chief Information Officers (CIOs) of South African organisations with a turnover in excess of R1bn per annum. The final PES IT Governance Framework comprises three dimensions, each of which contains a set of constituent components: "¢ Processes: Strategic Alignment, Value Delivery, Resource Management, Risk Management and Performance Measurement. "¢ Enablers: IT Sub Processes, Supporting Documentation, IT Control Framework, Technology Architecture, Desirable Practice, IT Portfolio Management and Regulation. "¢ Structures: The Board, Office of the CIO, IT Steering Committee, Technology Architecture Forum, IT Programme Management Office and Information Security Organisation. As the number of regulatory requirements and associated compliance pressures grow, the importance of an effective IT governance framework also becomes more prominent. The PES IT Governance Framework offers a uniquely practical approach to addressing IT governance principles that are often regarded as abstract. The final PES IT Governance Framework provides clear guidance on how organisations could implement an IT governance framework, which addresses the strategic alignment of IT to business, value delivery by IT investments, IT risk management, IT resource management and IT performance measurement.