IT Governance consists of a structured set of strategies, methods, processes and activities, with the purpose of aligning IT with management and business objectives. IT Governance is the responsibility of the company's directors and managers, where they must be concerned with how the impact of technology and its delivery of value to the business contributes to the company's results.
Currently, technology is present in all sectors of a company, serving as a basis in all operations and sectors, at the same time contributing to management, metrics and performance evaluation, financial management and strategic business planning, which is why a vision is necessary broad IT perspective in relation to the business.
According to COBIT (Control Objectives for Information and related) , a framework focused on IT Governance and maintained by ISACA , an international institute formed by more than 180 IT companies from around the world, good IT governance must follow eight criteria of information and requirements for the business, let's look at each of them and what they represent.
Effectiveness
It consists of the relevance and alignment of information to the company's processes and objectives. This information must be delivered at the ideal time, correctly, consistently and in a way that can be used in the best way.
Efficiency
It is related to the delivery of information through the best possible use of resources, with lower financial costs and greater productivity and speed.
Confidentiality
It addresses the importance of protecting company information to prevent leaks and data loss. Much of this information is confidential and can constitute the intelligence and differentiator of the business in the market, hence the importance of protecting and keeping this data safe.
Integrity
We can understand integrity as maintaining the trust and authenticity of information, as well as its legitimacy for the business.
Availability
It consists of keeping information available whenever required by managers or processing in any company system or method. It is also related to protecting data to ensure that it is not accessible to people or systems that should not have access to it.
Conformity
Compliance with laws, rules, regulations and organizational obligations related to the company's business and activities.
Reliability
It represents the level of confidence and adequacy of information for interpretation and analysis to assist in decision making and defining business strategies.
The COBIT Cube
The model represented in the image shows how the fundamentals should relate to the technology resources used and the processes and activities carried out by professionals in the company.
The resources used are organized into:
- applications
- Information
- Infrastructure
- People
The processes to be implemented are:
- Domains
- Law Suit
- Activities
We can see that meeting all these concepts effectively is not trivial and requires planning and investment. Therefore, it is necessary for directors and those responsible for the IT area to evaluate the business objectives to implement governance according to this scenario and the company's needs, within its resource availability.
By analyzing each of the eight concepts that good IT Governance requires, we can clearly understand the importance of IT in companies and how the use of technology can contribute to the success of a business. It is also possible to estimate how much the misuse of IT can harm and even compromise a business, in the case of problems and failures in any of the concepts.
It is important to carry out a detailed analysis of IT Governance in your company, in order to assess whether the governance fundamentals are being met and whether the use of technology is aligned with your company's objectives.
This is the first in a series of articles on IT Governance, see in the next article how to define objectives and structure good IT governance in your company.