IT governance consists of a structured set of strategies, methods, processes and activities, aiming at IT alignment with business management and objectives. IT governance is the responsibility of the company's directors and managers, where they should worry about how the impact of technology and their value delivery to the business contributes to the company's results.
Currently technology is present in all sectors of a company, serving as the basis of all operations and sectors, while contributing to management, metrics and performance evaluation, financial management and strategic business planning, so a broad view of IT in relation to the business is required.
According to COBIT (Control Objectives for Information and Related) , a Framework focused on IT governance and maintained by Isaca , an international institute formed by over 180 IT companies around the world, a good IT governance should follow eight information criteria and requirements for the business, we see each in them and what it represents.
Effectiveness
It consists of the relevance and alignment of information for the processes and objectives of the company. This information should be delivered in the right time, correctly, consistently and so that it can be used in the best way.
Efficiency
It is related to the delivery of information through the best possible use of resources, with lower financial cost and greater productivity and speed.
Confidentiality
It deals with the importance of protecting company information to avoid leaks and data loss. Most of this information is confidential and can constitute the intelligence and differential of the business before the market, so the importance of protecting and keeping this data safe.
Integrity
We can understand integrity as maintaining the confidence and authenticity of information, as well as its legitimacy for the business.
Availability
It consists of maintaining information available whenever it is required by managers or processing in any company system or method. It is also related to data protection to ensure that they are not accessible to people or systems who should not have access to them.
Accordance
Condordance with laws, rules, regulations and organizational obligations related to the business and activities of the company.
Reliability
It represents the level of confidence and adequacy of information for interpretation and analysis in the aid in decision making and the definition of business strategies.
Cobit's cube
The model represented in the image shows how the fundamentals should relate to the technology resources used and the processes and activities performed by professionals in the company.
The resources used are organized in:
- applications
- Information
- Infrastructure
- People
The processes to be implemented are:
- Domains
- Process
- Activities
We can see that meeting all these concepts effectively is not something trivial and requires planning and investment. This is why it is necessary that the directors and guardians of the IT area evaluate the objectives of the business to implement governance according to this scenario and the needs of the company, within its availability of resources.
Analyzing each of the eight concepts that good IT governance requires, we can clearly understand the importance of IT in companies and how technology use can contribute to the success of a business. It is also possible to estimate how misuse of IT can hurt and even compromise a business in case of problems and failures in any of the concepts.
A detailed analysis of IT governance in your company is important to assess whether the foundations of governance are being served and whether the use of technology is aligned with your company's objectives.
This is the first of a sequence of IT governance articles, see in the next article how to define the objectives and structure a good IT governance in your company.
