IT Governance

The system by which the current and future use of IT is directed and controlled


Corporate governance, the management practices for controlling organisations, has been formally adopted by most of the countries in the world following the publication in the UK of the Cadbury report, (Financial Aspects of Corporate Governance)in December 1992. All G-20 countries and a total of around 85 countries have corporate governance codes in place.

IT Governance fits into the overall Corporate Governance strategy of the organisation.

IT Governance focuses on the performance and risk management of IT and has two primary goals:


  • Ensuring that IT-enabled investments deliver business value and that risks are managed and mitigated where appropriate.


  • Assurance that the business meets compliance with internal policies and statutory and regulatory requirements such as, The Combined Code, Sarbanes-Oxley Act, Basel II, and Solvency II, Companies Act, Data Protection and Privacy regulations, Computer Misuse and Regulation of Investigatory Powers Acts.

Since 2008, IT Governance has been specified by an international standard ISO/IEC 38500 - Corporate Governance of Information Technology

Corporate governance of IT is defined by ISO/IEC 38500 as:
“The system by which the current and future use of IT is directed and controlled”.


  • Information and technology have become pervasive in all aspects of business and personal life, and absolutely fundamental to business survival. Organisations that fail to direct and control their IT to the best competitive advantage should expect to be left as road kill on the information superhighway.
  • Governance and regulatory requirements across the OECD are evolving rapidly. Executives are required by law to provide a duty of care to their shareholders to ensure that they provide entrepreneurial leadership over IT; thus generating value and optimising risk.
  • The proliferation of internal and external threats seeking to exploit our dependence on information and technology are continuing to rise at an alarming rate.  Safeguarding the security of your information and the continuity of your business has never been so important.
  • Regulators have teeth! Billions of pounds of revenue have been wiped out through financial penalties issued by regulators and the information commissioner for failing to comply with corporate governance, data protection and privacy regulations.
  • It is estimated that between 50% and 75% of IT investments projects still fail because of ineffectual executive oversight or Change Management.
  • IT is typically more than 50% of the annual capital investment and more than 30% of the total cost base. Second only to staff costs.
  • Organisations who employ the governance of IT effectively on average increase their return on IT investment by 15-20%.


View our services

Ziran : the agile IT governance and management consultancy.

Whether you know what you want, or would like simply like to have a chat, we'd love to hear from you!