IT Governance: A Layered Approach

IT governance is essential to successful IT management. Without an established and maintained IT strategy and policy, IT decision-making is subject to the best intentions of whoever assumes decision authority.

In spite of best intentions, ungoverned IT decision-making may not—and usually does not—fully align with overall business strategy and goals. The opposite is also true. Indeed, companies that do practice IT governance tend to outperform their competitors.

IT Governance Best Practices

Two well-known IT governance frameworks are COBIT and ITIL. The same institution that brought you the PRINCE2 project management method also owns ITIL. It prescribes best practices on how to manage IT services. COBIT does not limit itself to services and focuses on what to govern.

Some suggest that they would pick COBIT over ITIL hands-down. One such proponent is a prominent IT consultant that goes by the alias of “The IT Skeptic”. I  recommend his post on COBIT vs. ITIL, along many other excellent articles on his blog.

However, I hesitate to put the one over the other because they are fit for different purposes. I believe that COBIT is better suited to overall IT governance, establishing what processes and structures should exist to align IT with business strategy. ITIL can then complement COBIT by answering how to do it.

The Missing Pieces: ASL and BiSL

There are COBIT processes that ITIL does not cover. After all, IT infrastructure is only one piece of the puzzle. Application management captures the development and maintenance of applications. Functional management captures the demand function, sometimes called the user organization.

IT Governance Functions

Two frameworks that address these IT functions are ASL and BiSL. They specifically intend to tread where ITIL does not. While all frameworks actively seek alignment, there are some unsettled differences in terminology.

Tailor IT Governance

With no fewer than four frameworks there is a real risk of drowning in bureaucracy. But remember that frameworks can not cause bureaucracy; only their implementations can. Take care to tailor IT governance to the size, risk, maturity, industry and environment of the organization.

In all, the choice is not between COBIT and ITIL. Using a layered approach, COBIT lays down a foundation for ITIL, ASL and BiSL to build on. Great organizations practice IT governance—how do you?