GOVERNANCE

 

            First, according to Weill and Ross IT governance focuses on specifying the rights and accountability to encourage desirable behavior in the use of IT. IT governance is a subset of discipline of corporate governance focused on IT systems and their performance and risk management (Information Technology Governance, 2013).

            Next, governance is how people should act professionally and admirably in the IT working world.  IT Governance contains a strategic alignment to be used as a method for IT strategy and governance that manages costs, risk, and achieves intercompany synergies (O’Donnell). COBITcontrols based’ is a method that uses planning, organization, acquisition, implementation, delivery, support and monitoring to achieve IT governance.  IT governance is a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes (NetBotz.com).

            Now, according to COBIT, IT governance uses management guidelines that offer tools to help assign responsibility, measure performance, and benchmark the address gaps in capability (IT Governance Institute, pg. 90).  The Guidance for Boards of Directors and Executive Management, 2nd Edition presents information security governance in business terms and contains tools and techniques to help uncover security-related problems.

            Then, when a company has trouble with their governance process, COBIT describes several ways to configure one.  “The IT control environment includes the IT governance process. The IT governance process includes the information systems strategic plan; the IT risk management process; compliance and regulatory management; and IT policies, procedures and standards” (IT Governance Institute, 2007). 

            In conclusion, a company should look towards COBIT for governance guidelines.  The IT governance should include guidelines from a set definition that creates effective and valuable services for an organization.  The rules and governance of a company may include guidelines to deliver and support domains to receive solutions and make them useable for end users.  Defining and managing service levels with third-party services may need to be governed.  The governance guidelines should include ways to manage performance and capacity of clients within the company.  The company should govern how to ensure continuous service; ensure system security; identify and allocate costs; educate and train users; manage service desk and incidents; manage the configuration, problems, data, physical environment, and operations of the company.  There should be a domain that monitors and evaluates IT processes; evaluate internal control; ensure regulatory compliance; and provide IT governance (Sánchez, José, Vicente, & Ocaña, 2013).