IT Governance

IT governance is a framework that ensures your organization’s IT infrastructure supports and enables the achievement of its corporate strategies and objectives. The full definition can be found in IT Governance: A Pocket Guide by Alan Calder. IT governance framework is a type of framework that defines the ways and methods through which an organization can implement, manage and monitor IT governance within an organization The official IT governance standard is ISO/IEC 38500:2015. It sets out a straightforward framework for the board's governance of information and communications technology and is a key resource for IT governance professionals everywhere in the world.

IT governance frameworks

There are three widely recognised, vendor-neutral, third-party frameworks that are often described as 'IT governance frameworks'. While on their own they are not completely adequate to that task, each has significant IT governance strengths


ITIL, or IT Infrastructure Library®, was developed by the UK's Cabinet Office as a library of best-practice processes for IT service management. Widely adopted around the world, ITIL is supported by ISO/IEC 20000:2011, against which independent certification can be achieved. On our ITIL page, you can access a free briefing paper on ITIL, IT service management and ISO 20000


Control Objectives for Information and Related Technology (COBIT) is an IT governance control framework that helps organisations meet today’s business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals. COBIT is an internationally recognised framework. In particular, COBIT's Management Guidelines component contains a framework for the control and measurability of IT by providing tools to assess and measure the enterprise’s IT capability for the 37 identified COBIT processes.

ISO 27002

ISO 27002 (supported by ISO 27001), is the global best-practice standard for information security management in organisations.

The challenge, for many organisations, is to establish a coordinated, integrated framework that draws on all three of these standards. Leading books on the subject are:

• IT Governance: Guidelines for Directors
• IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT
• IT Governance Today: A Practitioner's Handbook
• Get all of these titles, plus more, in the IT governance library.

Subdomains of IT governance

In addition to the three frameworks listed above, there are many subdomains of IT governance, including:
• Business continuity and disaster recovery
• Regulatory compliance
• Information governance and information security
• Risk management
• Knowledge management, including intellectual capital
• Project governance
• IT service management, including ITIL® and service level management
This site provides extensive information and advice on IT governance, as well as:
• An opportunity to browse our well-stocked IT governance bookshop
• Special tools useful to the IT governance practitioner, including COBIT®
• Training services
• Consulting services
• Material on IT service management (of which ITIL is a key component)
• A selection of IT governance standards
• Calder-Moir IT Governance Framework
• IT governance is a critical component of corporate governance and the Calder-Moir IT Governance Framework provides structured guidance on how to approach this complex subject. The framework also provides a useful tool for benchmarking the balance and effectiveness of IT governance practices within an organisation, and the IT Governance Toolkit provides practical assistance and guidance for practitioners and board members who are tackling the subject.

IT governance auditing

As IT governance plays such a key role in strategic performance, internal auditors are expected to include auditing IT governance in their work plans.

Green IT

An increasingly relevant subject to IT governance is green IT. In the same way that IT governance is critical to the corporate governance of an organisation, green IT has become essential to the decision making, framework building, and business processes, of IT governance. Find further green IT products , including cutting-edge texts, support manuals, and standards on both green IT and the environmental management standard ISO 14001 on our website. Based on our cooperation with the IT Governance Institute (ITGI) and our experience from numerous consulting and auditing projects, we are able to support our clients in all areas of the implementation of IT governance frameworks.

IT governance

For the development, introduction and control of IT governance in a more precise sense, company management has to create the appropriate organisational framework for IT with decision-making powers, roles and responsibilities, and define which functions it has in the following five areas of activity (domains):
• The IT strategy must be brought into line with the strategy of the company as a whole (strategic alignment)
• The value contribution of IT to a company's success is to be measured and evaluated (value delivery)
• Risks are to be identified and managed (risk management)
• Decisions are to be made about goal-oriented and efficient use of resources (resource management)
• The degree of implementation of the first four domains is to be measured and appraised (performance measurement)
IT management
IT management must reach regular decisions within the framework of the defined governance in order to align IT to business and to manage it on a sustained basis.
IT business management
• IT strategy • Information
• Applications
• Organisation
• Infrastructure & technology
• Service management
• Sourcing
• Security
• Investment & prioritization

In this respect, we understand investment & prioritization to be the IT portfolio management with which the strategy is converted, benefit-oriented, into operational measures. Together with IT management, PwC implements a rational form of these decision areas for a uniform and long-term optimization of the information technology.

The following advantages are achieved as a result:

• Sustained alignment of IT to the corporate objective from the point of effectiveness (alignment)
• Securing efficiency (continuous optimization of IT production through well-defined balance between performance and compliance)
• Established control mechanisms for the purpose of functional IT controlling
• Securing business process-oriented adaptability of IT through all-round transparency within the IT processes and systems

IT production

Projects stand for the structured implementation of corporate decisions which, in the end, find their way into the classical IT operation. The decision areas also form the framework for the design of operative process and control frameworks for IT production. The design of the frameworks must comply with the regulatory demands on IT (IT compliance) and should be aligned with international standards and best practices (ITIL, COSO and COBiT).

PwC methods for the design and implementation of these process and control frameworks include:
• a risk analysis on the basis of international standards and industry-related regulatory requirements,
• the description of a framework consisting of process and control elements,
• efficient structuring of the processes using ITIL or comparable methods and support of the rollout.
An audit of already implemented solutions for the IT governance framework according to latest standards can also be carried out by PwC specialists. This includes information on improving the stipulated processes.