A Brief Comment On Governance

Everyone knows how important the computer has become today and how it will be important in the future, making us in some way dependent on it for almost everything. Not long ago, the computer was a means to process data and perform calculations, and became commonly used in everyday people and businesses. That was the time when, for example, banks  had automated their operations and made available to customers of its ATMs, which helped to reduce queues and make the service faster.

With the evolution of processors and the emergence of the Internet, effectively the world has globalized the emerging ‘information age‘, and with the advent of mobile and wireless information networks have become geographically and socially available. Probably a lot of ‘ages‘ will arise, with new approaches to new needs arise.

The computer has become an ally to run the business, both operationally and strategically in the pursuit of excellence, aligning IT with the business. With this, the risks were more easily managed and the financial return was greater for the company, adding business value.

In this business scenario arose the concept of corporate governance, through processes and policies governing the way a company is given in all areas and IT governance is a part of corporate governance. And why governance is so important today?

Well, Governance is the act of governing, ie, to manage, take care, and serve as a guide for achieving goals, managing their targets and measuring performance. Governance is a broad term, but when applied in the business it shows a guideline of how to achieve success and stay on success. The three areas that contribute to good governance are the Management, Audit and IT. Where Management is the area that manages the entire company, it is part of the audit that evaluates and accredits the company that runs the IT and strategic planning management.

Another important component in aligning business with IT is the development of the plan derived from the IT Director IT strategic planning and strategic planning of this organization.

The IT Master Plan should be reviewed periodically, and new strategies can be adopted, depending on the new scenarios that arise. It indicates all the planning in the short, medium and long-term implementation of projects, operations, budgets, costs, resources, quality and so on. Just as the choice of the best models of good practice to follow the market, such as COBIT and ITIL.

To better explain the concepts of good practices it is worth recalling that in industrial production model a very significant development in the quality standards was the adoption of standards such as ISO, regulations and practices that facilitated a regulation at the international level, which gave a level quality and compliance procedures equal anywhere in the world facilitating the export and import of products.

In this sense, when we think of quality, compliance and procedures, we think, in continuous improvement, best practices and processes. Continuous improvement is when the company has reached a desired level of quality, but always continues to improve. The best practices are the norms, standards and procedures to perform their actions through processes. The processes are the activities or certain tasks divided into shares. Have an input, intermediates, and should produce an output as well as goals and objectives, responsible, and key performance indicators.

An important concept of quality is the PDCA cycle, which organizes the processes into four categories: plan, do, check and act. It is a cycle, as follows this order: first if you plan to make only after what is planned, then monitors and checks if the result is what is made in accordance with what is planned for later able to take an attitude, or is, an action with respect to the results.

COBIT, ITIL, ISO 20000 and ISO 27000 are some examples of good practices for IT governance. They are described through processes.


Cobit processes have focused on more strategic area. COBIT means, control objectives for information and technology. The objectives of COBIT will guide other IT initiatives, for example, regarding the use of the ITIL v3, v4 PMBOK, any other standard or set of best practices for IT.

Cobit is responsible for the strategic alignment of business with IT, it controls are defined and driven by business goals and objectives. It contains much to do and secondly little about how. According to COBIT, controls are “a set of policies, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or corrected”. An important concept of COBIT are the focus areas of governance, that are: strategic alignment, value delivery, risk management, performance measurement, resource management and resource monitoring.

COBIT 210 has a set of control objectives divided into 34 process areas. The 34 process areas of COBIT are grouped into four areas that represent a cycle similar to the PDCA cycle. These four domains are Plan and Organize (PO), Acquire and Implement (AI), Deliver and support (DS), Monitoring Evaluate (ME).

Also, the CobiT defines the level of maturity for its 34 processes, which has six levels of maturity. The maturity levels of the process areas of COBIT are lacking (level 0), initial (level 1), repeatable (level 2), set (level 3), managed (level 4) and optimized (level 5).

An important observation regarding the maturity of the processes is that, processes may be at different levels, because the company does not ripen all processes at once, for example, if a majority of processes are at level 5, cannot be in a process Level 2, because the problems of a particular sector of the company affects other sector and it is very difficult to raise both the levels of maturity in many areas while leaving others in a very low level.


ITIL is a library of best practices for IT infrastructure. Version 2 consisted of seven books, among which the best known books were the delivery of IT services and IT service support and version 3 of 5 books, which are:

  • Strategy Service
  • Project Service
  • Transition Service
  • Operation Service
  • Continuous Improvement Of Service

ITIL has its focus more toward the operational area and its support processes and delivering IT services were the most used in version 2. In the version 3 processes were integrated very similar to the PDCA cycle, making all its processes seem interdependent virtually. And this is one of the main differences from v2 to v3. However, not all processes are used at once, as a rule, which is obliged to adopt all the processes, because, good practices should shape up to the real needs of each company.


Leave a Reply

Follow by Email