IT governance consists of a structured set of strategies, methods, processes, and activities designed to align IT with management and business objectives. IT governance is the responsibility of company directors and managers, who must consider how the impact of technology and its delivery of business value contributes to the company's bottom line.
Technology is currently present in all sectors of a company, serving as a basis for all operations and sectors, while also contributing to management, metrics and performance evaluation, financial management and strategic business planning. Therefore, a broad vision of IT in relation to the business is necessary.
According to COBIT (Control Objectives for Information and related) , a framework focused on IT Governance and maintained by ISACA , an international institute formed by more than 180 IT companies from around the world, good IT governance must follow eight information criteria and requirements for the business, let's look at each of them and what they represent.
Effectiveness
It consists of the relevance and alignment of information with the company's processes and objectives. This information must be delivered in a timely manner, accurately, consistently, and in a manner that can be utilized optimally.
Efficiency
It is related to the delivery of information through the best possible use of resources, with lower financial costs and greater productivity and speed.
Confidentiality
It addresses the importance of protecting company information to prevent leaks and data loss. Much of this information is confidential and can constitute the business's intelligence and differentiator in the market, hence the importance of protecting and keeping this data secure.
Integrity
We can understand integrity as maintaining the trust and authenticity of information, as well as its legitimacy for the business.
Availability
It involves keeping information available whenever required by managers or processed in a company system or method. It also involves protecting data to ensure it is not accessible to people or systems that should not have access to it.
Accordance
Compliance with laws, standards, regulations and organizational obligations related to the company's business and activities.
Reliability
It represents the level of confidence and suitability of information for interpretation and analysis to aid decision-making and the definition of business strategies.
The COBIT Cube
The model represented in the image shows how the fundamentals should relate to the technology resources used and the processes and activities carried out by professionals in the company.
The resources used are organized into:
- Applications
- Information
- Infrastructure
- People
The processes to be implemented are:
- Domains
- Processes
- Activities
We can see that effectively meeting all these concepts is not a trivial task and requires planning and investment. Therefore, IT directors and managers must assess business objectives and implement governance according to this scenario and the company's needs, within their available resources.
By analyzing each of the eight concepts required for good IT Governance, we can clearly understand the importance of IT in companies and how its use can contribute to business success. It's also possible to estimate how much misuse of IT can harm and even compromise a business, in the event of problems or failures in any of the concepts.
A detailed analysis of IT Governance in your company is important to assess whether governance fundamentals are being met and whether the use of technology is aligned with your company's objectives.
This is the first in a series of articles on IT Governance. See the next article for how to define objectives and structure good IT governance in your company.
