What does a good IT governance structure look like?

Over the last several months I’ve been asked by many organizations, companies and industry experts about my opinion on what the perfect governance structure looks like.  I have good and bad news for you. The bad news first.  There’s no single blueprint that can be copied and pasted into your organization.  I believe this expectation is the result of a

More

Review of Implementing the NIST Cybersecurity Framework Using COBIT 2019.

I normally don’t do book reviews, but this blog focuses on my personal review of one of ISACA’s latest publications that personally, I really like. Recently, ISACA published Implementing the NIST Cybersecurity Framework using COBIT 2019. This guide illustrates how these two very powerful frameworks to ensure proper governance and management over Information and Technology (I&T) and providing critical protection

More

Assessing Policy Framework Maturity

In my last blog on policy frameworks I stressed the importance of principles, policies and procedures as an important ingredient to a governance framework. I mentioned that my quest for a policy framework maturity model came about when I was completing a process assessment for a client. They asked me to also provide them my opinion of the maturity level

More

Don’t let your digital transformation efforts outpace your ability to govern them – review and assess your policy framework now

In today’s high velocity business environment, it’s easy to lose sight of some basic governing principles that might be viewed as cumbersome and restrictive. Be careful, because governance principles exist to ensure the proper balance of performance and conformance when achieving business objectives. If your organization ignores your essential internal controls, it can introduce vulnerabilities that were never intended. Those

More

How do I interpret COBIT process guidance in the updated 2019 version of COBIT?

This year ISACA released the latest edition of the COBIT framework and one of my favorite parts is the introduction of governance and management objectives.  Check out this short video blog on what these are and how to interpret them. 

Finally! A guide for tailoring a governance system for Information and Technology

Back in November I posted about how excited I was to see ISACA’s update to the COBIT framework and provided some thoughts about navigating through the first two guides. Click here to take a look if you didn’t catch it, as it might help you with my comments in this post. Since that post, ISACA has launched two additional publications

More

IS BALANCING BUSINESS DEMAND AND IT RESOURCE SUPPLY A GOVERNANCE CONCERN?

Of course, it is an IT Governance issue If I asked a hundred IT leaders if they needed additional resources, none of them would reply, “No thanks, we’re good on resources.” We see it all the time. IT departments are traditionally short on resources—or are they? If I added 10 FTEs to your budget today, you would most likely need

More

A new COBIT® is in town and I really like how this looks.

ISACA released the latest version of the framework this month and I can tell you without hesitation that this latest structure is one of the best governance and management frameworks to date for the governance and management of enterprise IT. The first two books of COBIT 2019 have been released with additional publications to follow soon. If you haven’t taken

More

Integrating Enterprise and IT Risk Functions Using Scenarios

The challenges that organizations face today are increasingly more complex than in the past. The constant change of the global economy, dynamics of business risks and opportunities, and an increased threat of cyberattacks add complexities we’ve never faced. Organizations today must constantly scan their environments and take practical steps to make risk-informed decisions that provide value for stakeholders. It is

More

Solving Framework Fatigue. Using COBIT5 to Manage Frameworks and Achieve Business Value

With a multitude of models, standards, bodies of knowledge and frameworks in our industry, it’s easy to see how navigating through these becomes utterly exhausting for an IT service organization. The jigsaw puzzle of frameworks is daunting. Frameworks, whether adopted from industry models or built internally, provide critical structure. Nonetheless, many feel that they are a hindrance. If this sounds

More

Using Multiple Guidance Systems for the Governance of Enterprise IT

The most secured company in the world I’ve been known to tell a story about when my CEO rounded up the executive management team (I was the CIO at the time) and pounded us with the question: “Why are we going out of business as the most secured company in the world?” We couldn’t believe it. There must be some

More

Tips to gaining executive support for IT Governance initiatives

The hardest question I get as an IT governance advisor is, “how do I get executive level support for our IT governance program?”  Surprisingly, this question, which comes from operations as well as executives, is not an isolated issue.  As you might expect, the answer usually starts with “it depends.”  As in, “It depends on what?”  Adopting good governance practices

More

Why am I a huge fan of COBIT?

COBIT5 has been around for a couple of years now, so I should probably stop referring to it as the new release and simply call it the latest.  I was introduced to COBIT back in version 4.0, and have since been involved in several opportunities to use COBIT5.  There are many cool things about it, and it’s difficult to outline

More

The difference between governance and management

By now, it should be understood (through legislation, regulations, standards, etc.) that boards, executives, and IT must collaborate in order to gain alignment and provide value for stakeholders.  The inherent challenge with this is how to do it right when determining how to both govern and manage enterprise IT.  There has been a lot of buzz these days about how

More

MOF – an ideal service management framework addition

As IT service providers move up the enterprise value contribution ladder, the need for a repeatable and reliable service management framework becomes clear.  There are several to choose from – most notably the IT Infrastructure Library (ITIL).  ITIL continues to be one of the best known in our industry.  However, you may be surprised to learn that there is another

More