Comparison of the four most popular IT Governance

  • Detail

A big comparison of four IT governance models

it governance models include COBIT, ITIL, iso/iec 17799 and PRINCE2. In specific IT governance work, how to reasonably apply these models and what are the differences between them

since it also made the sample slip out of IT Governance in the experimental process, organizations and experts all over the world have invested a lot of energy in studying it governance architecture and put forward many effective models. Among them, the more mature models include COBIT of American IT Governance Institute, ITIL of British government, iso/iec17799 of international information security management standard model, PRINCE2 of IT project management standard model, etc. In specific IT governance work, how to reasonably apply these models and what are the differences between them

cobit vs. itil

cobit is based on many existing architectures, such as the capability maturity model of SEI (Software Engineering Institute), CMM's division of five levels of software enterprise maturity, and IS09000 standards. COBIT focuses on what enterprises need, rather than how they need to do, on the basis of summarizing these standards. It does not include specific implementation guidelines and steps. It is a control framework rather than a specific process framework. COBIT gives the evaluation, measurement and audit methods of it from the strategic, tactical and operational levels. Its target audience is information system auditors, senior enterprise managers and senior IT managers, such as CIO

Based on the best practice of enterprises, the British government collects and analyzes the information of various organizations to solve service management problems, finds out those practices that are beneficial to the Department and other departments, and finally forms ITIL. It lists the best objectives, activities, inputs and outputs of each service management process and the relationship between each process, but does not define a wide range of control architecture. It focuses on methods and implementation processes. Because it focuses on it services and then fiber glove Management (ITSM), its vision is narrower than COBIT, mainly focusing on the tactical and operational aspects of it. Its target audience is it personnel and service managers

although the two standards have many differences, COBIT and ITIL have very consistent guiding principles. Information system auditors usually use the self-evaluation methods of COBIT and ITIL to evaluate the enterprise IT service management environment. COBIT provides key objective indicators (KGIS), key performance indicators (KPIs) and key success factors (CSFs) for each process, which can be combined with ITIL process to establish the benchmark of ITIL process management

Figure 1 project governance structure model

Figure 2 integration of IT governance objectives

Figure 3 organic integration of four models

cobit vs. iso/iec17799

iso/iec17799 emphasizes the effectiveness, economy, comprehensiveness, universality and openness of the information security management system, in order to provide a high-quality and practical reference for organizations that want to achieve a certain management effect. Its biggest feature is extensive but not in-depth, and only for reference

unlike iso/iec17799, COBIT is completely based on it. Its it standards reflect the strategic objectives of the enterprise. IT resources include people, systems, data and other related resources. IT management is the planning and processing of IT resources under the guidance of it standards

cost vs. prince2

prince2 provides a general management method for project management, including it projects, with built-in best practices that have proved successful in project management practices, and provides a common language for all participants to be widely understood and accepted. Prince can bring projects:

1 Controllable and well-organized start, process and end

2. Reexamine the project plan and business status at the decision point; Under the favorable policies of the government to vigorously develop new energy vehicles,

3 Automatically manage and control any deviation from the plan

4. Shareholders and senior managers only intervene in the project at the right time

5. Establish a smooth communication channel among the project team, project management and other personnel of the organization

cobit gives how to effectively manage it projects from the strategic, tactical, technical and other levels, and defines 13 specific control objectives in detail: project management architecture, user participation in project startup, project team identity and responsibilities, project definition, project approval, project stage approval, project main plan, system quality assurance plan, assurance method plan, formal project risk management, test plan, training plan Review plan after implementation. In addition to giving specific control objectives of project management, COBIT also gives critical success factors related to project management, and defines the most important implementation guidelines for project management, so as to achieve internal and external control of IT project process. Key goal indicators define some metrics to tell managers whether an IT project management process has achieved its business needs at key points (or milestones) of the project; Key performance indicators are defined as the yardstick of IT project management process in promoting the achievement of project objectives

from the comparison between the two, we can see that COBIT focuses on the management of 13 control objectives and PRINCE2 on the management of processes

prince2 manages various activities in project management from the perspective of process, which is more convenient for us to mainly talk about how to calibrate and test the specific implementation of project management, while COBIT expounds the project management "how to achieve and what goals to achieve" from the perspective of control objectives, so as to facilitate the enterprise to control and review the implementation of the overall process of project management. At the same time, COBIT gives the maturity model of project management, which is convenient for the organization to self evaluate or the third party to evaluate the maturity of enterprise project management, so as to continuously improve the implementation process of project management

of course, the vision of PRINCE2 and COBIT is not limited to the management of specific projects. They include not only project level management, but also project management within the organization. The purpose is enterprise project management (EPM) or project governance. Plan project management from the perspective of long-term development strategy of the enterprise

at the same time, for each process and control objective, Prince and COBIT only specify "what to do", as for "how to do", neither of them provide specific implementation technologies and tools. You can use any tools that are helpful to you according to your actual needs, such as Gantt chart, critical path, project software, risk control software, etc

integrated implementation strategy

in order to achieve the goal of IT governance strategy, we need to manage it organizational structure and roles, metrics, processes, technologies, controls, and personnel

cobit, ITIL, iso/iec17799 and PRINCE2 have their own advantages in managing it in the above aspects, which are specifically reflected in:

bit focuses on it control and it measurement

il focuses on it process management, emphasizing it support and it delivery

o/iec17799 focuses on it security control

ice2 focuses on project management, emphasizes the controllability of the project, defines the specific responsibilities of personnel and roles in project management, and realizes the continuous improvement of project management quality

when applying the IT governance architecture model in an organization, you should pay attention to:

1 We should focus on solving the biggest problems in the process of organizational informatization. Because for any organization, it is not feasible to adopt a complete set of standards. On the contrary, we should start from the biggest problem

2. Find out the most suitable implementation scheme for the enterprise environment by tailoring the model

3. First complete the training, then carry out organizational change, and make certain achievements in a single field (such as training experience), and then turn to other problematic fields

4. Before starting the project, evaluate the current environment, which is conducive to evaluating the effect of progress

in addition, in the specific implementation process of the organization, the successful implementation cases of other organizations, training institutions and third-party consulting institutions can provide good help. (end)

Copyright © 2011 JIN SHI