This article may need to be rewritten to comply with Wikipedia's quality standards.(December 2021) |
Val IT is a governance framework that can be used to create business value from IT investments. It consists of a set of guiding principles and a number of processes and best practices that are further defined as a set of key management practices to support and help executive management and boards at an enterprise level. The latest release of the framework, published by IT Governance Institute (ITGI), based on the experience of global practitioners and academics, practices and methodologies was named Enterprise Value: Governance of IT Investments, The Val IT Framework 2.0. It covers processes and key management practices for three specific domains and goes beyond new investments to include IT services, assets, other resources and principles and processes for IT portfolio management.
Val IT allows business managers to get business value from IT investments, by providing a governance framework that consists of
The major domains are as follows:
Currently (as of 2006) a relatively short body of work, it will evolve and expand over time, with documents available for download via the Val IT Page at ISACA, and include:
Val IT is tightly integrated with COBIT Version 4, also from the Information Systems Audit and Control Association (a.k.a. ISACA). The Framework document explains the difference between COBIT and Val IT as follows:
Val IT extends and complements COBIT, which provides a comprehensive control framework for IT governance. Specifically, Val IT focuses on the investment decision (are we doing the right things?) and the realisation of benefits (are we getting the benefits?), while COBIT focuses on the execution (are we doing them the right way, and are we getting them done well?)
COBIT Version 5 incorporates Val IT (and Risk IT) to its framework:
The COBIT 5 process reference model is the successor of the COBIT 4.1 process model, with the Risk IT and Val IT process models integrated as well.
Value Measuring Methodology (VMM), which has the motto "it's not just about ROI any more", provides more specific guidance than Val IT about:
Each of the following major processes/activities have a responsibility assignment (RACI) matrix, indicating the responsibilities of the senior executives, business managers, and information managers, along with the major and minor COBIT control objectives associated with the activity.
As with COBIT, Val IT can be adapted for use with many other domains that are yet to develop an engineering perspective, by either removing the phrases "Information Technology" and "IT-enabled", or replacing them with the name of your domain of interest (e.g. "Marketing"), and then "season to taste".[ citation needed ]
Project management is the process of leading the work of a team to achieve all project goals within the given constraints. This information is usually described in project documentation, created at the beginning of the development process. The primary constraints are scope, time, and budget. The secondary challenge is to optimize the allocation of necessary inputs and apply them to meet pre-defined objectives.
Information technology (IT) governance is a subset discipline of corporate governance, focused on information technology (IT) and its performance and risk management. The interest in IT governance is due to the ongoing need within organizations to focus value creation efforts on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality management system.
COBIT is a framework created by ISACA for information technology (IT) management and IT governance.
In business and accounting, information technology controls are specific activities performed by persons or systems designed to ensure that business objectives are met. They are a subset of an enterprise's internal control. IT control objectives relate to the confidentiality, integrity, and availability of data and the overall management of the IT function of the business enterprise. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls. ITGC include controls over the Information Technology (IT) environment, computer operations, access to programs and data, program development and program changes. IT application controls refer to transaction processing controls, sometimes called "input-processing-output" controls. Information technology controls have been given increased prominence in corporations listed in the United States by the Sarbanes-Oxley Act. The COBIT Framework is a widely used framework promulgated by the IT Governance Institute, which defines a variety of ITGC and application control objectives and recommended evaluation approaches. IT departments in organizations are often led by a chief information officer (CIO), who is responsible for ensuring effective information technology controls are utilized.
A federal enterprise architecture framework (FEAF) is the U.S. reference enterprise architecture of a federal government. It provides a common approach for the integration of strategic, business and technology management as part of organization design and performance improvement.
Project portfolio management (PPM) is the centralized management of the processes, methods, and technologies used by project managers and project management offices (PMOs) to analyze and collectively manage current or proposed projects based on numerous key characteristics. The objectives of PPM are to determine the optimal resource mix for delivery and to schedule activities to best achieve an organization’s operational and financial goals, while honouring constraints imposed by customers, strategic objectives, or external real-world factors. Standards for Portfolio Management include Project Management Institute's framework for project portfolio management. and Management of Portfolios by Office of Government Commerce.
A project management office is a group or department within a business, government agency, or enterprise that defines and maintains standards for project management within the organization. The PMO strives to standardize and introduce economies of repetition in the execution of projects. The PMO is the source of documentation, guidance and metrics on the practice of project management and execution.
IT portfolio management is the application of systematic management to the investments, projects and activities of enterprise Information Technology (IT) departments. Examples of IT portfolios would be planned initiatives, projects, and ongoing IT services. The promise of IT portfolio management is the quantification of previously informal IT efforts, enabling measurement and objective evaluation of investment scenarios.
Data governance is a term used on both a macro and a micro level. The former is a political concept and forms part of international relations and Internet governance; the latter is a data management concept and forms part of corporate data governance.
Value measuring methodology (VMM) is a tool that helps financial planners balance both tangible and intangible values when making investment decisions, and monitor benefits.
SOA Governance is a set of processes used for activities related to exercising control over services in a service-oriented architecture (SOA). One viewpoint, from IBM and others, is that SOA governance is an extension (subset) of IT governance which itself is an extension of corporate governance. The implicit assumption in this view is that services created using SOA are just one more type of IT asset in need of governance, with the corollary that SOA governance does not apply to IT assets that are "not SOA". A contrasting viewpoint, expressed by blogger Dave Oliver and others, is that service orientation provides a broad organising principle for all aspects of IT in an organisation — including IT governance. Hence SOA governance is nothing but IT governance informed by SOA principles.
Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.
Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The core of ISM includes information risk management, a process which involves the assessment of the risks an organization must deal with in the management and protection of assets, as well as the dissemination of the risks to all appropriate stakeholders. This requires proper asset identification and valuation steps, including evaluating the value of confidentiality, integrity, availability, and replacement of assets. As part of information security management, an organization may implement an information security management system and other best practices found in the ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27035 standards on information security.
Business–IT alignment is a process in which a business organization uses information technology (IT) to achieve business objectives, typically improved financial performance or marketplace competitiveness. Some definitions focus more on outcomes than means ; for example,
alignment is the capacity to demonstrate a positive relationship between information technologies and the accepted financial measures of performance.
Enterprise life cycle (ELC) in enterprise architecture is the dynamic, iterative process of changing the enterprise over time by incorporating new business processes, new technology, and new capabilities, as well as maintenance, disposition and disposal of existing elements of the enterprise.
Environmental, Social, and Corporate Governance (ESG) is an evaluation of a firm’s collective conscientiousness for social and environmental factors. It is typically a score that is compiled from data collected surrounding specific metrics related to intangible assets within the enterprise. It could be considered a form of corporate social credit score. Research shows that such intangible assets comprise an increasing percentage of future enterprise value. While there are many ways to think of intangible asset metrics, these three central factors together, ESG, comprise a label that has been adopted throughout the United States financial industry. They are used for a myriad of specific purposes with the ultimate objective of measuring elements related to sustainability and societal impact of a company or business.
Risk IT provides an end-to-end, comprehensive view of all risks related to the use of information technology (IT) and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues.
IT risk management is the application of risk management methods to information technology in order to manage IT risk, i.e.:
Benefits Realization Management (BRM) is one of the many ways of managing how time and resources are invested into making desirable changes.
NIST Cybersecurity Framework is a set of guidelines for mitigating organizational cybersecurity risks, published by the US National Institute of Standards and Technology (NIST) based on existing standards, guidelines, and practices. The framework "provides a high level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes", in addition to guidance on the protection of privacy and civil liberties in a cybersecurity context. It has been translated to many languages, and is used by several governments and a wide range of businesses and organizations.