Frameworks for IT Governance Implementation

Introduction

At the end of 2001 the Enron Corporation bankruptcy caused a major fraud scandal. After Enron a number of other big companies followed, such as Worldcom, Adelphia Communications Corporation and Peregrine Systems. These scandals caused a loss of confidence in capital markets and accounting practices. In order to restore the confidence, the Sarbanes Oxley Act was adopted in 2002. The SOX Act’s intent was to draw a direct and enforceable relationship between senior corporate management and the integrity and quality of their companies’ financial statements.

The fraud scandals and the resulting laws such as Sarbanes and Oxley drew a lot of attention to corporate governance, which is the system by which business corporations are directed and controlled. The attention to Corporate Governance also leads to questions whether IT is sufficiently in control, since IT plays a vital role in supporting the business processes. IT governance is an integral part of corporate governance and focuses on direction and control over IT. Van Grembergen defines IT governance as the organizational capacity exercised by the Board, executive management and IT management to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT.

In this chapter we will explain how IT governance can be implemented. Two frameworks are commonly used for IT governance implementations: Cobit and ITIL. We will discuss and compare Cobit 4.1 and ITIL V3, the last versions of both frameworks. In a first section we look into ITIL V3 and cover the evolution of the framework, the processes included and structure of the ITIL V3 process descriptions. In the next section we will discuss Cobit 4.1, following the same structure. In a last section we will compare both frameworks, covering the mutual coverage of processes and the structure of the process descriptions (Van Grembergen, De Haes, & Guldentops, 2003).