Frameworks

There are quite a few supporting references that may be useful guides to the implementation of information technology governance. Some of them are:

• AS8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology. AS8015 was adopted as ISO/IEC 38500 in May 2008
• ISO/IEC 38500:2008 Corporate governance of information technology, (very closely based on AS8015-2005) provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations.
• Control Objectives for Information and related Technology (COBIT) is regarded as the world's leading IT governance and control framework. CobiT provides a reference model of 34 IT processes typically found in an organization. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model. Originally created by ISACA, COBIT is now the responsibility of the ITGI (IT Governance Institute).
• The IT Infrastructure Library (ITIL) is a high-level framework with information on how to achieve a successful operational Service management of IT, developed and maintained by the United Kingdom's Office of Government Commerce, in partnership with the IT Service Management Forum. While not specifically focused on IT governance, the process related information is a useful reference source for tackling the improvement of the service management function.

Others include:

• ISO27001 - focus on Information Security
• CMM - The Capability Maturity Model - focus on software engineering
• TickIT is a quality-management certification program for software development

Non-IT specific frameworks of use include:

• The Balanced Scorecard (BSC) - method to assess an organization’s performance in many different areas.
• Six Sigma - focus on quality assurance
• TOGAF - The Open Group Architectural Framework - methodology to align business and IT, resulting in useful projects and effective governance.