ISO 38500

• Skip to Content
• Search
• Home
• What is LinkedIn?
• Join Today
• Sign In
• Language

Answers

• Answers Home
• Advanced Answers Search
• My Q&A
• Ask a Question
• Answer Questions

Go back to Home Page | « Previous | Next »

Marcelo H

ISACA Buenos Aires Chapter President (marcelo.gonzalez@adacsi.org.ar)

see all my questions

Do you believe that ISO 38500 is enough to have a good IT Governance?

posted 1 day ago in Corporate Governance

AnswerSuggest Expert

Share This

Answers (3)

Rob S

Evangelist ITSM and IT Governance at CA (formerly Computer Associates)

see all my answers

NO!

You need a framework such as COBIT to assist you!.

Links:

• http://www.isaca.org/Content/ContentGroups/Research1/Deliverables/ITGI_Enab...

posted 1 day ago

Garry B

Manager, Risk and Compliance at Commonwealth Bank of Australia

see all my answers

I agree with Ron that you'll need other tools to get the right balance between risk and control in critical business processes. These tools will include a risk management framework to support decision-making, a controls framework (such as COBIT) to drive process maturity and a service management approach (such as ITIL). Without these components, there is likely to be a disconnect between what business leaders expect from their processes and what the processes actually deliver.

Garry B also suggests these experts on this topic:

• Raymond Y
• David R

posted 23 hours ago

Mark T

Leading expert & seasoned advisor to boards & execs on corporate governance of information technology and ISO 38500.

see all my answers

Answering this question requires first that we all understand exactly what is meant by "IT Governance". Sadly that's a concept that is itself truly variable, and the reason why ISO 38500 defines the concept of Governance of IT. Governance of IT is the system that organisations use to direct and control the USE of IT. Note the emphasis on use - in many cases, people talking about "IT Governance" are only thinking of the supply aspects. In reality, no matter how well supply is organised and managed, the value of IT investment can be undone in a moment by inappropriate behaviour on the business use side.

It’s also important to note that one simple way to understand governance is that it is the oversight of management – providing overall direction and policy, and monitoring performance and conformance. While marketing people have tried to make their products and frameworks attractive by labelling them “governance” in reality, the tasks that are done day to day and periodically to plan, implement, operate, maintain and protect IT assets and related resources are management tasks, performed or supervised by managers. The governance bit is setting the overarching policies that control how managers make decisions, and monitoring that management does it job properly.

In addition to the framework for oversight and policy setting which is provided in ISO 38500, the governors of the organisation need to be assured that managers are using appropriate processes and controls. For this reason, ISO 38500 explicitly recommends the selection and use of appropriate frameworks. That does not necessarily mean CobiT or any other particular framework – but it does mean that to the extent that is appropriate in the organisation’s situation, there should be a conscious determination of what level of formality, rigour and adherence to contemporary practice is required.

Now, many organisations have attempted to achieve good management of IT supply by using CobiT, but not all of them have seen substantial improvement in their success with IT. Often this is because the CobiT implementation focuses on supply, when the main problems are in the demand side. Using ISO 38500 to guide behaviour on both demand and supply sides can make a significant difference to the level of success attainable through implementing management frameworks.

Governance of IT can be developed purely by building on the guidance in ISO 38500. But an effective system for governance of IT depends on effective management systems and these management systems can be based on available frameworks. However, just implementing a framework will not of its own accord create an effective system for governance. There generally needs to be specific work to define and implement the oversight as well as the management detail.

For further discussion on the relationship between ISO 38500 and management activities, see the May 2009 edition of The Infonomics Letter.

Links:

• http://www.infonomics.com.au/Newsletter.htm
• http://www.infonomics.com.au

Mark T also suggests this expert on this topic:

• John T

posted 25 minutes ago

Browse Categories

View All

Management

• Business Analytics
• Change Management
• Corporate Governance
• Labor Relations
• Organizational Development

• Planning

• Company
  • Customer Service
  • About LinkedIn
  • Learning Center
  • Blog
  • Advertising
  • Press
  • Partners
  • Careers
• Tools
  • Overview
  • Outlook Toolbar
  • Browser Toolbar
  • Developers
  • Polls
• Products
  • LinkedIn Answers
  • LinkedIn Jobs
  • Recruiting Solutions
  • LinkedIn Updates
  • Company Directory
  • Jobs Directory

Copyright © 2009 LinkedIn Corporation. All rights reserved.

• User Agreement
• Privacy Policy
• Copyright Policy

Use of this site is subject to express terms of use, which prohibit commercial use of this site. By continuing past this page, you agree to abide by these terms.

SOURCE