What is IT Governance? Definition & Best Practices

Speak to an expert

If you need help assessing your infrastructure, or require support integrating the standards and key components of an IT governance framework, get in touch with our experts today.

IT governance definition

IT governance is an element of corporate governance, aimed at improving the overall management of IT and deriving improved value from investment in information and technology.

IT governance frameworks enable organisations to manage their IT risks effectively and ensure that the activities associated with information and technology are aligned with their overall business objectives.

To understand how an organisation’s IT supports and enables the achievement of its strategies and objectives, read IT Governance – A Pocket Guide by Alan Calder.

Why is IT governance important?

IT governance enables an organisation to:

Demonstrate measurable results against broader business strategies and goals.
Meet relevant legal and regulatory obligations, such as those set out in the GDPR (General Data Protection Regulation) or the Companies Act 2006.
Assure stakeholders they can have confidence in your organisation's IT services.
Facilitate an increase in the return on IT investment; and
Comply with certain corporate governance or public listing rules or requirements.

What is corporate governance?

Corporate governance is "a toolkit that enables management and the board to deal more effectively with the challenges of running a company. Corporate governance ensures that businesses have appropriate decision-making processes and controls in place so that the interests of all stakeholders are balanced.”- ICSA, The Governance Institute.

A robust corporate governance framework can help you meet the requirements of laws and regulations such as the DPA (Data Protection Act) 2018 and the GDPR.

For instance, the GDPR requires data controllers and processors to demonstrate their compliance with its requirements through certain documentation, including relevant logs, policies and procedures.

Harnessing the elements of IT governance will help you create and maintain appropriate policies and procedures to help meet your data privacy requirements.

Learn more about meeting your GDPR compliance obligations

IT governance frameworks, models and standards

ISO 38500 – The international IT governance standard

ISO/IEC 38500:2015 is the international standard for corporate governance of IT.

It sets out principles, definitions and a high-level framework that organisations of all types and sizes can use to better align their use of IT with organisational decisions and meet their legal, regulatory and ethical obligations.

Buy a copy of ISO/IEC 38500:2015

As well as ISO 38500, there are numerous widely recognised, vendor-neutral frameworks that organisations can use to implement an IT governance programme.

Each has its own IT governance strengths – for instance, COBIT focuses more on process management and ITIL on service management – but you might benefit from an integrated approach, using parts of several frameworks to deliver the results you need.

Follow the links below to find out more about each framework.

ITIL – IT service management

Widely adopted around the world, ITIL is a framework for ITSM (IT service management). Its latest iteration, ITIL 4, was launched in February 2019.

ITIL is supported by ISO/IEC 20000-1:2018 – the international standard for ITSM against which organisations can achieve independent certification.

Learn more about ITIL

Browse ITIL products

COBIT

COBIT (Control Objectives for Information and Related Technology) is an internationally recognised IT governance control framework that helps organisations meet business challenges in regulatory compliance, risk management and aligning IT strategy with organisational goals.

COBIT 2019, the latest iteration of the framework, was released in November 2018. It builds on COBIT 5, introducing new concepts and addressing the latest developments affecting enterprise IT.

Learn more about COBIT

Browse COBIT products

Calder-Moir IT Governance Framework

This framework provides structured guidance on how to approach IT governance. It can help benchmark the balance and effectiveness of IT governance practices within an organisation.

The IT Governance Control Framework Implementation Toolkit provides practical assistance and guidance for practitioners and board members tackling the subject.

Learn more about the Calder-Moir IT Governance Framework

The five domains of IT governance

The IT Governance Institute (a division of ISACA) breaks down IT governance into five domains:

Value delivery
Strategic alignment
Performance management
Resource management
Risk management

Other IT governance frameworks and models to consider

In addition to the frameworks listed above, there are several other models and frameworks you should consider for effective IT governance:

King reports of corporate governance (versions I to IV).
ISO/IEC 31000:2018 (risk management).
ISO/IEC 27001:2013 (information security).
Business continuity management and disaster recovery.
Knowledge management, including intellectual capital.
Programme management and project governance, including PRINCE2® and PMBOK®.

IT governance auditing

As IT governance plays a crutial role in strategic performance, internal auditors are expected to include it in their audit plans.

Learn more about IT governance auditing

How to establish an IT governance framework

The challenge for many organisations is to establish a coordinated, integrated framework that draws on best-practice IT governance frameworks.

We offer a wide range of products and services, including books, toolkits and training courses, to support your organisation’s compliance with these frameworks. Browse our bestselling IT governance products and services below.