See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/220895831

Methodology for IT Governance Assessment and Design

Conference Paper · January 2006

DOI: 10.1007/978-0-387-39229-5_16 · Source: DBLP

CITATIONS READS
11 1,762

2 authors:

Sérgio Clementi Tereza Cristina M. B. Carvalho

Centro Universitário Fundação Santo André University of São Paulo
8 PUBLICATIONS   13 CITATIONS    142 PUBLICATIONS   859 CITATIONS   

SEE PROFILE SEE PROFILE

Some of the authors of this publication are also working on these related projects:

Secure communication for heterogeneous wireless networks View project

Science DMZ View project

All content following this page was uploaded by Sérgio Clementi on 23 December 2017.

The user has requested enhancement of the downloaded file.

Methodology for IT Governance Assessment and Design
Methodology for IT Governance Assessment
and Design
Tereza Cristina M. B. Carvalho*, Sérgio Clementi**
*Laboratory of Computer Architecture and Networks – Escola Politécnica – University of São Paulo
carvalho@larc.usp.br
**Fundação Santo André sergio.clementi@fsa.br
Abstract— IT Governance has become an
increasingly important topic for most of the
enterprises. In this sense, IT governance is an
important process in delivering business value from
IT. A number of IT governance frameworks at
different levels of analysis have been proposed as
the MIT – CISR framework and COBIT [2][5],
among others. However, there is no proposal of a
formal and systematic methodology for IT
Governance assessment and design, taking into
account the possibility of joint usage of multiple
frameworks. This paper presents a formal and
systematic methodology for IT governance
assessment and design, specified through different
phases, their activities and expected outcomes from
each phase. As result of the proposed methodology
application, it will be mapped the business
objectives into business role of IT and defined the
type of decisions to be taken, the possible
archetypes for making IT decisions, and the
mechanisms for implementing and assessing IT
Governance.
Key Words - Frameworks for IT Governance, IT Governance
Methodology, IT Governance Design, IT Governance Assessment
I. INTRODUCTION
IT Governance has become an increasingly
important topic for most of the enterprises. In North
America and Western Europe the increasing
investments in IT (now around 4.2 % the annual
revenues) have focused attention on ensuring that IT
delivers value [2]. Similar trends have been
observed in Brazil, where, according to research
developed by FGV-EAESP, the average
investments in IT have also increased: in 1988, it
1
was 1.3% of the net revenue, while in 2003 it went
up to 4.9% of the net revenue [11].
Nowadays, IT is completely embedded in the
enterprises; there is usually demand for IT from all
areas of the enterprise. IT is pervasive and it is
expected that new IT technologies would bring new
business opportunities to the enterprises. According
to [2], firms with focused strategies and good IT
governance had more than 20% higher profits
than other firms following the same strategies.
In this sense, IT governance is an important process
in delivering business value from IT and in
mitigating IT risks. A number of IT governance
frameworks at different levels of analysis have been
proposed. This paper presents a formal and
systematic methodology for IT governance
assessment and design, specified through different
phases, their activities and expected results from
each phase. As result of the proposed methodology
application, it will be mapped the business
objectives into business role of IT and defined the
type of decisions to be taken, the possible
archetypes for making IT decisions, and the
mechanisms for implementing and assessing IT
Governance.
This paper has 5 sections in addition to this
introductory one. The second section discusses
some basic concepts about which is considered IT
Governance. The third section presents an overview
of the MIT-CISR IT Governance framework that is
taken as basis for the development of the
methodology proposed in this paper. The fourth
section describes the proposed methodology for IT
Governance design and assessment composed of
different phases, detailing for each phase their
activities and the expected outcomes. In the fifth
Methodology for IT Governance Assessment and Design
section, it is discussed the validation of this
methodology considering some scientific checking
criteria and its practical application. In the last
section, some conclusions and final discussions are
presented.
II. IT GOVERNANCE CONCEPT
But what is exactly IT Governance? According to
Peterson [4], IT Governance is the system by which
an organization’s IT portfolio is directed and
controlled. IT Governance describes:
− The distribution of IT decision-making
rights and responsibilities among different
stakeholders in the organization.
− The rules and procedures for making and
monitoring decisions on strategic IT
concerns.
In relation to MIT-CISR framework, Weill and Ross
[2] state “Governance is about systematically
determining who makes each type of decision (a
decision right), who has input to a decision (an
input right) and how these people (or groups) are
held accountable for their role”. In this case, IT
Governance is responsible for specifying the
decision rights and accountability framework to
encourage desirable behavior in the use of IT.
COBIT considers IT Governance as being a
structure of relationships and processes to direct
and control the enterprise in order to achieve the
enterprise’s goals by adding value while balancing
risk versus return over IT and its processes [1][5].
From these definitions, it can be said that IT
Governance is focused on [3][9](see Figure 1):
• Creation of business value (strategic
alignment).
• Preservation of business value (risk
management).
III. OVERVIEW OF THE MIT-CISR FRAMEWORK
The MIT-CISR framework is built up over six
components (see Figure 2)[2]:
2
IT Value
Delivery
IT Stakeholder
Risk
Strategic Value
Management
Alignment Drivers
Performance
Management
www.itgi.org
Figure 1 – IT Governance Concept
• Enterprise strategy and organization: provides
the direction for IT structure and desirable
behaviors motivating governance.
• IT governance arrangements: assign decision
rights to different IT archetypes for key decisions
aiming to achieve business performance goals.
• Business performance goals.
• IT organization and desirable behaviors are
aligned and harmonized with the enterprise
strategy and organization.
• IT governance mechanisms: provide the tools
for implementing and supporting the IT
governance decisions. It covers decision-making
organizational structures; alignment processes
(e.g., SLA) and communication approaches.
They have to be harmonized with IT governance
arrangements.
• IT metrics and accountabilities define how IT
will contribute to the enterprise performance
goals and provide means for assessing the IT
effectiveness.
Besides these components, this framework defines
also IT decision types and IT archetypes. As IT
decisions are considered IT principles (business role
of IT); IT architecture; IT infrastructure; business
application needs and IT investment and
prioritization. The IT archetypes specify who is
responsible for IT decisions and can include
business monarchy (top managers); IT monarchy
(IT specialists); Feudal (BU - Business Units);
Federal (corporate members, BUs and, optionally,
IT people); IT duopoly (IT group and another
group) and Anarchy (not well defined). The IT
Methodology for IT Governance Assessment and Design 3

archetypes and decisions are used to develop the MIT-CISR framework focuses on IT, but it can be
Governance Arrangements Matrix (see Figure 3). In easily extended to other assets, such as human,
this matrix, they are presented which archetypes financial, physical, IP (Intellectual Property) and
contribute (input) to the decision taking processes enterprise’s relationship (e.g., customer
and which ones (decision) really take the decisions. relationship).

IV. IT GOVERNANCE METHODOLOGY

Enterprise IT Governance Business
Strategy & Arrangements Performance The proposed methodology has
- Decision Rights via
Organization Monarchies, Federal etc. Goals as objective to present a
systematic way to design the IT
Governance for an enterprise.
IT Organization IT Governance IT Metrics
& Desirable − It is described in terms
Mechanisms &
Behavior (e.g., Committees, budgets etc.)
Accountabilities of different phases and
their relationship.
IT Decision − It specifies the inputs,
Domains the procedures and the
•Principles
•Architecture expected results for each
•Infrastructure
•Applications phase.
•Investment

It takes as basis the Governance

Arrangements Matrix and the
Governance Design Framework
Harmonize What Harmonize How proposed by Weil and Ross in
[2], described in Section III.
Figure 2 - MIT-CISR Governance Design Framework
The phases of this methodology
Decision Domain
are (Figure 4):
− Phase 1 – Enterprise
IT Business
IT Principles Architecture
IT
Application IT Investment Setting Information: its
Infrastructure
Needs purpose is to acquire basic
Input Decision Input Decision Input Decision Input Decision Input Decision knowledge about the
Business
company and the IT
Monarchy Governance status.
IT
− Phase 2 – Assessment of
Governance Archetype

Monarchy IT Governance
Feudal

Federal
? Performance: in this phase
it is identified the IT
decision makers and
contributors, the adopted
IT Governance
Duopoly
mechanisms and how the
IT Governance results are
Anarchy evaluated in terms of
financial metrics and
Figure 3 - Governance Arrangements Matrix effective use of the IT
resources.
Methodology for IT Governance Assessment and Design 4

A. Phase 1 - IT Governance Settings

1.Enterprise Setting Before deciding for one IT Governance

Information Framework or another, it is important to assess
Enterprise Setting Scenario the enterprise settings. The enterprise settings
New Enterprise 2.Assessment IT Gov capture the industry, the size, the number of
Strategy Performance business units and the relationship among the
IT Governance Scenario & Need for Redesign business units (the level of synergy desired
between business units) [2].
3. Redesign of IT Patterns from Top
Need for ITG Redesign

Redesign

Governance Manager Enterprises First of all, it should be understood which is the

Need for

New IT Governance Design basic strategy that guides the enterprise. As basis
4.Implementation of the Legenda: it can be considered the three value disciplines
New IT Governance
[10] [2] (see Table 1):
Reconfigure

Phases
New IT Governance Scenario
Need for

5.Assessment and Managmt Input • Operational Excellence: where business

Performance
of IT Governance Indicators emphasizes efficiency and reliability, leads
the industry in price and convenience,
minimizes overhead costs and streamlines
Figure 4 – General Overview of the Proposed
the supply chain.
Methodology
• Customer Intimacy: there is focus on the
− Phase 3 – Redesign of IT Governance. Based cultivation of customer relationships, lifetime
on the analysis of the previous phases, the IT value to the company, customer service, and
governance is reviewed taking
into account the decision Table 1 – Business Value Disciplines [2][10]
makers, the effectiveness of the Operational Customer Intimacy Product Leadership
IT governance mechanisms and Excellence
the business performance goals Business
Supply chain
Customer service,
Product creation &
versus IT Governance metrics processes optimization market-place mgmt. awareness, time to
and accountabilities.
Efficiency and
Flexibility and market.
− Phase 4 – Implementation of reliability responsiveness.
Constant innovation.

the New IT Governance. In Organization
Central Authority,
Empowerment
Ad-hoc, organic &
and skills low empower. close to customer. cellular.
this phase, it is planned how a

Critical skills at
Critical skills at
Critical skills spread
New IT Governance will be
organization core. org. boundary. in group structures.
implemented considering the
activities to be developed, the Management
Control, standard
Customer lifetime.
Rewarding innovative
systems operating proced.
Satisfaction. capacity.
allocated human resources and

Quality mgmt.
Risk management.
the time for their execution.
IT
Integrated low
Single view of
System for
The IT Governance cost transaction customer data. collaboration.
implementation plan is systems.
Tools for segment
Modeling and
executed and continuously identification. simulation tools.
evaluated.
responsiveness and customization based on
− Phase 5 – Assessment and Management of IT deep customer knowledge.
Governance. Based on the metrics and
• Product (Service) Leadership: it prioritizes
accountability indicators specified previously,
the continuous product innovation, the
the IT governance effectiveness is evaluated. If
embracing of new ideas and new solutions for
some problems are detected, the IT mechanisms
the problems with rapid commercialization.
and behaviors are analyzed and reviewed.
Methodology for IT Governance Assessment and Design 5

In addition, it should be considered the − Audit the current IT Governance mechanisms.

organizational design that reflects the level of o Identify the used types of IT Governance
synergy desired between business units. In this case, mechanisms (decision-making, alignment
it can be identified: the centralized management and communication mechanisms), how
structure (high BU synergy) and the distributed they are defined, how they are applied,
management based on BU autonomy. Table 2 their objectives, their expected desirable
summarizes the main differences between these two behaviors, their effectiveness and how their
types of organizational design in terms of business effectiveness is evaluated.
processes; organization and skills; management o Evaluate the IT Governance awareness and
systems; and IT infrastructure [2] engagement.
Other important aspects include the firm size o Audit IT Governance Metrics and
(number of BUs), environment stability and Accountabilities.
performance goals. As performance goals, it should − Audit incentive and reward systems, verifying if
be identified which are the most important they are aligned with the organizational goals.
performance indicators, such as: profit (ROI (Return − Assess the IT Governance performance in terms
On Investment) or ROE (Return On Equity)); asset of the importance of its outcomes, the impact on
utilization (ROA – Return on Assets); revenue the business and in which enterprise areas it
growth, among others. works best and worst. The effective use of IT for
cost control, growth, asset utilization and
This phase will result in the description of the business flexibility should be evaluated.
Enterprise Setting Scenario. − Audit Financial Performance considering the
Table 2 – Types of Organizational Design [2] business goals (e.g., profit – ROE, ROI, percent
margin, asset utilization – ROA, growth –
BU Synergy BU Autonomy percentage change in revenue).
Business
Some standard
Independent and distinct
processes across BUs. BU’s processes.
processes

Some processes
BU decision making. The acquired data should be analyzed identifying
integrated across BUs.

Top-down leadership.
BU innovative capacity.
the enterprise’s strategy, which kind of IT decisions
Organization
and skills
Remove duplication.
BU skills focused on local has been taken under IT Governance, who are the
value discipline.
Synergies centrally
Few mandated processes.
decision makers, how the decisions are made and
Management

systems
defined and coordinated.

BUs focused on BU and
firmwide strategy.
IT
Integrated firmwide
infrastructure and
shared services.
B. Phase 2 - Assessment of IT Governance
In this phase, they are identified the IT decision
makers and contributors, the adopted IT
Governance mechanisms and how the IT
Governance results are evaluated in terms of
financial metrics and effective use of the IT
resources.

Enterprise financial and
risk management.

Tailored BU’s
infrastructure and systems.
monitored, how the performance goals have been
achieved. As result, it is obtained the current IT
Governance scenario.
The current IT Governance scenario is presented to
the enterprise’s board, which should validate the IT
Governance Map. It should foster discussions about
the IT Governance status related to current positive
outcomes, current inefficiencies and goals to its
improvements defining which key performance
indicators should be prioritized.

For this purpose, the following activities should be

performed (Figure 5):
− Map the enterprise’s current governance onto the
Governance Arrangements Matrix and the
Governance Design Framework.
Methodology for IT Governance Assessment and Design 6

Enterprise Setting Scenario and identification of the actions to be

taken to improve its harmonization with
2.1 Map IT Governance enterprise strategy and organization.
ITG Information Acquisition

− Review of the business performance

2.2 Audit
• ITG Mechanisms
• ITG Awareness
• ITG Metrics and
Accountabilities
2.3 Audit Incentive and
Reward Systems
2.4 Assess ITG Performance
2.5 Audit Financial Performers
2.6 Analyze ITG Information
Legenda:
2.7 Validate the
Steps
IT Governance Scenario
IT Governance Scenario &
Need for Redesign
Figure 5 – Phase 2 – Assessment of IT Governance
As result of this phase, the IT Governance
scenario will be described and some specific needs
for redesign will be identified.
C. Phase 3 - Redesign of IT Governance
Based on the analysis of the previous phases, the IT
governance is reviewed taking into account the
decision makers, the effectiveness of the IT
governance mechanisms and the business
performance goals versus IT Governance metrics
and accountabilities (see Figure 6).
For this purpose, first of all the Governance Design
Framework should be reviewed through:
− Redefinition of the strategy mission, making
clear the strategy intent through a clear,
concise statement;
− Identify new desirable behaviors in harmony
with the strategic direction (e.g., process
optimization in harmony with the strategy of
operational excellence).
− Review of the IT Governance arrangements
(decision makers and contributors versus
types of decisions to be taken (section III)
goals (e.g., expected ROI (Return On
Investments) or profits), stating clearer
business objectives (e.g., cost reduction,
improvement of the customer retention)
for IT Governance and a benchmark for
assessing the success of governance
efforts.
− Identification of the need for new
Governance Mechanisms or the
reduction of their number (Well-
designed mechanisms reinforce and
encourage desirable behaviors and lead
to outcomes specified in the IT metrics
and accountabilities).
− Review of the IT Governance Metrics
and Accountabilities, verifying if they
are harmonized with the business
performance goals.
− Review the IT Governance communication
approaches.
Based on the new resulting Governance Design
Framework, the Governance Arrangements Matrix
should be also reviewed.
At this point, the Governance Design Framework
and the Governance Arrangements Matrix should be
compared with those ones of the similar top
performers enterprise in terms of culture, structure,
strategy and business goals. For this purpose, it can
be taken as reference the research results published
in [2]. The basic differences should be identified
and evaluated verifying the need for redefinition of
the enterprise IT Governance.
The redesign of the IT Governance should be
completed identifying the changes to be made in the
Governance Design Framework, the Governance
Matrix Arrangements, the IT Governance
mechanisms, the IT Governance metrics and
accountabilities. In addition, the Incentive and
Reward Systems should be reviewed to assure that
they are aligned with the organizational goals.
Methodology for IT Governance Assessment and Design 7

The new IT Governance design should be presented responsible for different IT Governance activities
and discussed with the enterprise’s leaders (e.g., and, programming the necessary training and
senior managers) and/or with the person or group of launching its start. The execution of the IT
people responsible for the IT Governance Governance implementation and its milestones
implementation. As result, it can be necessary to do should be constantly evaluated as well the
some adjustments and reviews in the presented IT employees reaction to the undergoing changes.
Governance design. However, if the enterprise has decided for
outsourcing the IT Governance implementation, at
New Enterprise IT Governance Scenario & first it has to define how the outsourced company
Strategy Need for Redesign
will be selected considering previous experience,
team qualification, cost and time to delivery the IT
3.1 Review ITG Patterns from Top Governance implementation, among other relevant
Design Framework Manager Enterprises
Need for IT Governance Redesign

features for the considered enterprise. Once the

outsourced company has been selected, the other
3.2 Review Governance 3.3 Compare with activities to be performed are basically the same as
Arrangements Matrix Top Performers
in the case of internal implementation. The firm’s
employees will be involved in a lower degree but
3.4 Redesign IT Governance
they will have to work together with the outsourced
company’s team in order to guarantee the success of
Need for ITG
Adjustment

I&R Review

3.5 Review Incentive and Reward the IT Governance implementation.

Need for

Systems
Legenda:

Steps At the end of this phase, a new IT Governance

3.6 Validate of ITG Design
scenario will have been implemented.
New IT Governance Design

Figure 6 – Phase 3 - Redesign of IT Governance

3. Redesign of IT Governance

The main outcome of this phase is the New Design New IT Governance Design
of the IT Governance. 4.1 Detail the IT Governance
Need for ITG Redesign

Implementation Plan

Need for ITG Plan Adjustment

D. Phase 4 - Implementation of The New IT Governance
In this phase, the IT Governance implementation 4.2 Validate the IT Governance
Implementation Plan
plan is detailed, executed and continuously
evaluated (see Figure 7).
The plan for the implementation of the new IT 4.3 Execute the IT Governance
Implementation Plan
Governance should be detailed, describing the
activities of each phase of implementation, the
necessary resources and time for its execution 4.4 Evaluate the IT Governance
Implementation
besides its expected outcomes. This IT Governance
implementation plan should be presented and Legenda: New IT Governance Scenario
discussed with the IT and/or BU’s (Business Unit) Steps
leaders. Once the plan has been approved, its
execution can start. Figure 7 – Phase 4 - Implementation of The New IT
Governance
At this point, the enterprise can decide for its
implementation internally or by a third party
company. In the first case, it should proceed
allocating the necessary resources and the team
Methodology for IT Governance Assessment and Design 8

E. Phase 5 – Assessment and Management of IT

Governance This analysis will serve as basis for the diagnose of
Based on the metrics and accountability indicators the IT Governance to be discussed with the IT and
specified previously, the IT Governance business leaders. As consequence, it can be decided
effectiveness is evaluated. If some problems are for IT Governance adjustment or redesign.
detected, the IT mechanisms and behaviors are
analyzed and reviewed (see Figure 8). In Figure 4, it can be verified that these phases are
not necessarily executed in sequence. The transition
New IT Governance from the current phase to any other will depend on
Scenario
the outcomes got from the current phase. For
3. Redesign of IT Governance instance, the assessment of IT Governance in Phase
5 can result in its redesign (Phase 3) or
4. Implementation of IT Governance
Legenda: reconfiguration (Phase 4).
5.1 Get Information on
Need for ITG Redesign

Steps V. METHODOLOGY VALIDATION

Need for Reconfigure

• Business Goal Indicators

• IT Goal Indicators
As it was already mentioned the proposed
OK

• Effective use of IT
methodology took as basis the MIT-CISR
5.2 Analyze ITG Information Problem framework for IT Governance design and
Missconfiguration Detected
5.4 Problem Identification
assessment and its IT Governance research carried
• Desirable Behavior out in around 250 enterprises existing worldwide.
• IT Mechanisms
• Reward and Incentive System
This allows us to assure the practical benefit from
5.3 Specification
of Management the application of the proposed methodology in the
Reconfiguration 5.5 Diagnose ITG Problems IT Governance design and assessment of the
5.6 Validate the ITG Scenario
nowadays enterprise.

During this methodology conception, it was taken as

Figure 8 –Assessment and Management of IT
reference the WALFORD’s criteria of an effective
Governance
methodology. According to [WALFORD90], an
In this phase, at first it should be collected effective methodology must fulfill the following
information about the financial performers, the requirements:
customer perspective in relation to the enterprise, − Formal description – A methodology must
the employee performance, product and service consist of a set of operations or activities
innovation capability, need for new business specified in a written, graphical or algorithm
indicators, the evaluation of the IT efficiency and forms or any combination of these forms as long
reliability taking as reference the predefined IT as it meets the need for no ambiguity.
Metrics, the need for IT metrics, the evaluation of − Definable activities – The activities must be
the effective use of IT related to cost control, asset capable of definition.
utilization and business alignment, among other − Complete transformation – The
specific issues important for each business. transformation must be essentially complete, i.é,
no additional activity must be necessary in order
As result of this information analysis, it can be
to produce a usable result.
decided for the system management reconfiguration
− Implementable actions – all specified activities
introducing new IT Metrics and/or Business
must be capable of implementation.
Indicators or even modifying the target values for
such metrics and indicators. Through this analysis,
The proposed methodology for IT Governance
it can also be identified problems related to the IT
design and assessment satisfies the criteria defined
desirable behaviors, the efficiency of the IT
in [WALFORD90]. The methodology is described
mechanisms, the impact of the Incentive and
formally in a systematic manner through the
Reward Systems on the IT governance objectives.
Methodology for IT Governance Assessment and Design
detailing of their phases and the corresponding
activities. The activities of each phase are defined
allowing the usage of the proposed methodology by
any enterprise that wants to design or assess its IT
Governance. The complete transformation is
achieved; being described the input and the output
(outcomes) of each phase. All the specified
activities are capable of implementation since the
proposed methodology was based on the MIT-CISR
framework and its IT Governance research carried
out in around 250 worldwide enterprises.
Additionally, the proposed methodology satisfies
the critical success factors of the IT Governance,
identified as [2]:
• Transparency: More transparency in the
process of IT Governance implementation
normally results in more confidence from
the enterprise employees.
• Engagement and education: the managers
should be educated and engaged in this
process.
• Ownership: it should be ensured that IT
governance is owned and has metrics and
incentives.
• Alignment between incentives and
metrics: Unaligned incentives and metrics
governance destroy governance.
• Governance Design: the IT Governance
should be designed at enterprise and BU
levels. It should be known when it has to be
redesigned.
VI. CONCLUSIONS
IT Governance has become an increasingly
important topic for most of the enterprises. As it
was already mentioned, firms with focused
strategies and good IT governance had more than
20% higher profits than other firms following the
same strategies [2]. In this sense, IT governance is
an important process in delivering business value
from IT and in mitigating IT risks. A number of IT
governance frameworks at different levels of
analysis have been proposed as the MIT – CISR
framework and COBIT (Control Objectives for
Information and related Technologies). However, it
has not been developed yet a methodology that
9
allows the implementation of IT Governance in a
systematically and gradually way.
This paper proposes a methodology for IT
Governance design and assessment detailed in a
systematic way through the description of its
phases, corresponding activities and the resulted
outcomes of each phase. It took as basis the MIT-
CISR framework that is very simple and practical
once it is based on field research in enterprises of
different sizes, with different strategies and from
different industry branches.
The proposed methodology supports the usage of
different frameworks simultaneously. Figure 9
shows an example of joint usage of MIT-CISR,
COBIT, ITIL (IT Infrastructure Library) and BSC
(Balanced ScoreCard) [7] [8]. The selection of the
proper IT Governance mechanisms depends mainly
on the enterprise strategy and performance goals as
it discussed in section IV, where the proposed
methodology is described.
MIT – CISR Frameworks
Process
Control COBIT
BSC
Process
ITIL
Execution
Figure 9 – Joint Usage of MIT-CISR Frameworks and
other IT Governance Mechanisms
Finally, it should be emphasized that the proposed
methodology can be adopted by enterprises, which
want to implement the IT governance from scratch
or need to redesign already existing IT governance.
In both cases, the process of IT Governance
implementation can be performed gradually.
Methodology for IT Governance Assessment and Design
REFERENCES
[1] ITG. Control Objectives for Information and related
Technologies – 3rd edition issued by the IT Governance
Institute in 2000.
[2] WEILL, P.; ROSS, J. R. IT Governance: how top
managers manage IT decision rights for superior results,
HBS – 2000.
[3] GREMBERGEM, W. V.; HAES, S. D.; GUKDENTOPS,
E. Structures, Processes and Relational Mechanisms
for IT Governance. In: Strategies for Information
Technology Governance, IDEA, US, 2004.
[4] PETERSON, R.R. Integration Strategies and Tactics for
Information Technology. In: Strategies for Information
Technology Governance, IDEA, US, 2004.
[5] GUKDENTOPS, E. Governing Information Technology
through COBIT, In: Strategies for Information
Technology Governance, IDEA, US, 2004.
[6] CARVALHO, T. C.M.B. IT Governance Frameworks.
Business Intuition Conference, Riga – Letonia, October
2004.
[7] CLEMENTI, S.; SORTICA, E. A.; CARVALHO, T. C.
M. B. TI Governance: A comparison between COBIT
and ITIL. CATI - Congresso Anual de Tecnologia de
Informação, FGV-EAESP. São Paulo – SP, Brazil, June
2004.
[8] CLEMENTI, S.; SORTICA, E. A.; CARVALHO, T. C.
M. B. TI Governance: A Virtual Enterprise under
COBIT and ITIL assessment. SLADE 2004 - XVII
View publication stats
10
Congresso latino Americano de Estratégias. Camboriú –
SC, April 2004.
[9] HAES, S. D.; GREMBERGEM, W. V. IT Governance
Structures, Processes and Relational Mechanisms:
Achieving IT/Business Alignment in a Major Belgian
Financial Group . In: ICSS 2005 -.International
Conference on System Sciences. Hawaii, 2005.
[10] TREACY, M.; WIERSEMA, F. The disciplines of
market leaders. Addison Wesley, 1995.
[11] GODINHO, R. Chega de tecnologia. Queremos solução.
B2B Magazine, p 28-36, Brazil, Agosto 2004.
[12] WALFORD, R. B. Information Networks, A Design and
Implementation Methodology, Addison Wesley, 1990.
[13] CARVALHO, T. C. M. B. A Comparative Analysis
Between MIT-CISR IT Governance Framework and
CobiT, CATI - Congresso Anual de Tecnologia de
Informação, FGV-EAESP. São Paulo – SP, Brazil, June
2005.
.
ACKNOWLEDGMENT
The authors thank Peter Weill from the MIT-CISR for all
the support given to development of the propped methodology
in this paper.