This website uses cookies. View our cookie policy
United Kingdom
Select regional store:

IT Governance - An Introduction

The vast majority of modern organisations rely on IT (information technology) in some capacity. In fact, most would be unable to function without it.

What is IT governance?

Without a formal governance structure, corporate use of IT can often be at odds with wider business objectives, and return on IT investment not properly realised. The negative effects of this disconnection can be considerable.

Using a formal IT governance framework ensures the alignment of an organisation’s IT and business strategy.

The international standard for the corporate governance of IT is ISO/IEC 38500:2015. This sets out principles, definitions and a high-level framework that organisations of all types and sizes can use to better align their IT with organisational decisions.

By following such a framework, organisations can demonstrate measurable results against their broader strategies and goals, ensure they meet relevant legal and regulatory obligations, and assure stakeholders that they can have confidence in the use of IT.

IT governance frameworks

As well as ISO 38500, there are numerous widely recognised, vendor-neutral, third-party frameworks that organisations can use to implement an IT governance programme.

Three of the most popular are ITIL®, COBIT® and ISO 27002. Each has its own IT governance strengths – for instance, COBIT focuses more on process management and ITIL on service management – but you might benefit from an integrated approach, using parts of several different frameworks and standards to deliver the results you need.

Follow the links below to find out more about each framework.


Widely adopted around the world, ITIL is a framework for IT service management (ITSM). Its newest iteration ITIL 4, was launched in February 2019.

ITIL is supported by ISO/IEC 20000:2011 – the international standard for ITSM against which organisations can achieve independent certification.

Learn more about ITIL >>

Browse ITIL products >>


COBIT (Control Objectives for Information and Related Technology) is an internationally recognised IT governance control framework that helps organisations meet business challenges in the areas of regulatory compliance, risk management and aligning IT strategy with organisational goals.

COBIT® 2019, the latest iteration of the framework, was released in November 2018. It builds on COBIT 5, introducing new concepts and addressing the latest developments affecting enterprise IT.

Learn more about COBIT >>

Browse COBIT products >>

ISO 27002

ISO 27002 is the international Standard which supports the implementation of an Information Security Management System (ISMS) based on the requirements of ISO 27001.

It establishes the guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organisation.

Browse ISO 27001 products >>

Subdomains of IT governance

In addition to the three frameworks listed above, there are many subdomains of IT governance, including:

  • Business continuity management (BCM) and disaster recovery;
  • Data privacy, EU GDPR (General Data Protection Regulation) and DPA (Data Protection Act) compliance;
  • Information security and ISO 27001
  • IT service management, including ITIL and service level management;
  • Knowledge management, including intellectual capital;
  • Project governance; and
  • Risk management.

Areas to consider when implementing an IT governance programme

Calder-Moir IT Governance Framework

  • IT governance is a critical component of corporate governance and the Calder-Moir IT Governance Framework provides structured guidance on how to approach this complex subject.
  • The framework also provides a useful tool for benchmarking the balance and effectiveness of IT governance practices within an organisation.
  • The Calder-Moir IT Governance Framework Toolkit provides practical assistance and guidance for practitioners and board members who are tackling the subject.

IT governance auditing

  • As IT governance plays such a key role in strategic performance, internal auditors are expected to include auditing IT governance in their work plans.

How to establish an IT governance framework

The challenge for many organisations is to establish a coordinated, integrated framework that draws on all three of these IT governance frameworks.

We have a wide range of products and services, including books, toolkits and training courses, that can support your organisation’s compliance with these frameworks. Browse our best selling IT governance products and service below.