CobiT definition:

Establish an IT strategy committee at the board level. This committee should ensure that IT governance, as part of enterprise governance, is adequately addressed; advise on strategic direction; and review major investments on behalf of the full board.

Bill says,

One of the important things to remember when looking at a framework such as CobiT is that it isn’t right for everyone, or rather, parts of it may need to be adjusted to fit your organization. Whether your IT Strategy Committee will be a different group than your IT Steering Committee (which is the next control object), is a question of the size, maturity and industry of your company. As defined by Cobit, this IT Strategy Committee is at the board level, which may very well work in certain companies. Perhaps those companies have boards interested in having an IT Strategy Committee alongside their Executive Compensation Committee. But not in my experience.

Certainly large IT investments or directions changes that have a material impact on the business should be raised to the board level, but at least in my company we would never form such a committee at the board level; there simply would be no interest in it. Does that mean you shouldn’t do this? Of course not – if you an get the interest at the board level then go for it! Otherwise, you simply implement your IT Strategy Committee at a lower level in the organization, certainly including senior business managers.

At my company we have both an IT Strategy Committee, which meets only once a year, and an IT Steering Committee, which meets quarterly. The Strategy Committee’s role is very big picture and simply serves as a beacon of “true north” from an IT investment and direction standpoint. Every decision we make should align with the annual strategy developed and/or approved by the IT Strategy Committee.

The governance around how that strategy comes to fruition is done at the IT Steering Committee level, which we’ll discuss next.

The second step in Defining the IT Processes, Organization and Relationships is to form a solid IT Strategy Committee.


PO4.1 IT Process Framework

CobiT definition: Define an IT process framework to execute the IT strategic plan. This framework should include an IT process structure and relationships (e.g., to manage process gaps and overlaps), ownership, maturity, performance measurement, improvement, compliance, quality targets and plans to achieve them. It should provide integration amongst the processes that are specific to IT, […]

Read the full article →

ME4 Provide IT Governance

CobiT definition: Establishing an effective governance framework includes defining organisational structures, processes, leadership, roles and responsibilities to ensure that enterprise IT investments are aligned and delivered in accordance with enterprise strategies and objectives. Control over the IT process of Provide IT governance that satisfies the business requirement for IT of integrating IT governance with corporate […]

Read the full article →

ME3 Ensure Compliance With External Requirements

CobiT definition: Effective oversight of compliance requires the establishment of a review process to ensure compliance with laws, regulations and contractual requirements. This process includes identifying compliance requirements, optimising and evaluating the response, obtaining assurance that the requirements have been complied with and, finally, integrating IT’s compliance reporting with the rest of the business. Control […]

Read the full article →

ME2 Monitor and Evaluate Internal Control

CobiT definition: Establishing an effective internal control programme for IT requires a well-defined monitoring process. This process includes the monitoring and reporting of control exceptions, results of self-assessments and third-party reviews. A key benefit of internal control monitoring is to provide assurance regarding effective and efficient operations and compliance with applicable laws and regulations. Control […]

Read the full article →

ME1 Monitor and Evaluate IT Performance

CobiT definition: Effective IT performance management requires a monitoring process. This process includes defining relevant performance indicators, systematic and timely reporting of performance, and prompt acting upon deviations. Monitoring is needed to make sure that the right things are done and are in line with the set directions and policies. Control over the IT process […]

Read the full article →

DS13 Manage Operations

CobiT definition: Complete and accurate processing of data requires effective management of data processing procedures and diligent maintenance of hardware. This process includes defining operating policies and procedures for effective management of scheduled processing, protecting sensitive output, monitoring infrastructure performance and ensuring preventive maintenance of hardware. Effective operations management helps maintain data integrity and reduces […]

Read the full article →