Have you heard of ITIL, COBIT, COSO, ISO27000, and other character sets? All are elements that fit into a frame of reference that is trying to be implemented to make this government of information technology fulfill its purpose.
The governance of information technology is nothing more than a continuation of corporate governance, but focused on information technology, its performance, and the management of the risk that not having it can cause.
From multiple economic events, especially cases of fraud in financial and accounting information of very large companies, which generated enormous losses in their shareholders, it has been made aware that information technology in companies cannot continue to be a black box. The governance of information technology then implies the implementation of an administration system where all the «players» of the company, including the Board of Directors, participate in the decision process on the use and application of information technology and communications (ICT).
The simple fact of questioning the administration of ICTs, seems to accuse that until then there is no proper administration. However, it is imperative to clarify that the administration of ICT in its technical and application aspects is appropriate, and what is lacking is the responsibility of senior management regarding the results of the application of these technologies. Managers can no longer say that IT processes run behind their backs, but must be part of them.
The reference frameworks for the administration of ICT have always existed, however the absence of them in practice in companies now has greater repercussions in terms of the level of risk that is managed by not having availability of them, or through a generation of unreliable information.
A partir de legislación en Estados Unidos gestada principalmente por hechos fraudulentos en la información financiera de las empresas, se han generado una serie de lineamientos y directrices sobre las cuales se han construido algunos modelos de mejores prácticas en la administración de la información.
COBIT, (Control Objectives for information and related technology, or Control Objectives for Computing and its related technologies) is a set of good practices or a reference framework created by the Information Systems audit. And Control Association (ISACA) and the ITGovernance Institute (ITGI) in 1992, which delivers a series of commonly accepted measures, indicators, processes and best practices that allow IT administrators, auditors and users to maximize the benefit derived from the use of ICT and appropriate development of ICT governance. Subsequently they have announced ValIT to Obtain value from ICT, and RiskIT to assess and mitigate risk. It is announced to collect all this, and other things in version 5 of CobiT.
This frame of reference clearly defines seven characteristics that must be present in the management of information:
- Effectiveness Efficiency Confidentiality Integrity Availability Adherence to the standard (Compliance) Reliability
And it generates the quality cycle (plan, do, verify, and act) on technology resources including applications, information, infrastructure and people.
The processes to be generated within the information technology area have been divided into six large groups, on top of the operations themselves, to be controlled by this quality cycle. And that is where the «alphabet soup» of the different standards proposed to administer each of them begins to play.
- Service Management: ITIL, Information Technology Library Infrastructure. Software / Application Development: CMMI, Capability Maturity Model for Integration. Project Management: PPBok (Project Management Knowledge Book) and PRINCE2. IT Security: ISO 27000 (Formerly ISO 17799 / BS 7799) Technology Planning: AS8015 provides some elements Quality System: ISO 9000 / Six Sigma.
A set of characters and standards are clearly seen, and the underlying question is, what should be done with all this? We consider that most of these reference frameworks, such as CobiT and ITIL, are still under development, and that it would be good to wait at least six months to identify possible drawbacks in applications already in progress, to have some of the learning curve traveled. In the same way, it is necessary to start a study of these standards to identify specific implementation opportunities, especially in the area of information technology service administration, through the two central processes that ITIL offers.
