[X]
ITIL Serivce Management 7 6 5 4 3 2 1
Click on the area of your interest
Why a Control Framework?

The demand for an IT governance control framework is increasing all the time. The key influence of information on business success is being recognized increasingly and clearly by the management which is demanding a greater understanding of how the information technology (IT) is being operated and of the potential for using IT to achieve competitive advantages. The company’s governing boards want to know whether information is being managed by the organization in such a way that it can ensure the following:

  • Attainment of the targets.
  • Ability and flexibility to learn and change.
  • Sensible approach to the relevant risks.
  • Identification and exploitation of opportunities.

Successful businesses understand the risks, realize the benefits of IT and find a way of

  • adapting the IT strategy to the corporate strategy,
  • breaking down the IT strategy and targets in the organization,
  • establishing organizational structures which enable strategy and objectives to be implemented and achieved,
  • pursuing constructive relationships and communication between core business, IT and external partners and
  • measuring the performance of IT.

Without the use and implementation of a governance and control framework for the IT, companies cannot effectively fulfill the corporate and governance requirements in order to

  • align them with the corporate requirements,
  • create transparency of performance in meeting the requirements,
  • organizing the activities into a generally accepted process model,
  • identifying and effectively utilizing the key resources,
  • defining the management control objectives to be pursued.

In addition, governance and control frameworks develop into best practices in the IT management and are a supporting factor in the creation of IT governance and achieving compliance against the background of an ever growing number of regulations.

Best practices in IT are increasingly being followed for various reasons:

  • Managers of core business processes and members of controlling committees are demanding an improved return.
  • For capital investment in IT, for example by IT having to deliver services which increase value for the stakeholders.
  • Uncertainties associated with increasing expenditure for IT.
  • The demand from regulatory requirements with regard to IT controls in the area of privacy or financial reporting (e.g. Sarbanes-Oxley Act, Basel II) or in specialized areas such as pharmaceuticals, lending or healthcare.
  • The choice of service providers and the management of outsourcing and procurement.
  • Increasing complexity of risks associated with IT, such as network security.
  • Initiatives in the area of IT governance which provide support for the application of control frameworks and best practices. These provide for the monitoring of and improvement in critical activities for IT in order to increase the contribution to value and reduce business risks.
  • The demand for cost optimization by the fact that an increasing number of standardized approaches are being pursued and increasingly fewer developed for specific purposes.
  • The increasing level of maturity and subsequent acceptance of recognized frameworks such as COBIT, ITIL, ISO 17799, ISO 9001, CMM and PRINCE2.
  • The need to measure the company’s own performance against similar companies and generally accepted standards (benchmarking).
webdesign: 100pro.ch