I
i
Glossary Term

IT governance

IT governance is a framework that ensures an organization’s technology and IT teams effectively support the broader business goals.

By IT Brew Staff

less than 3 min read

Back to Glossary

Definition:

IT governance is a critical element of an organization’s overall strategy, and a priority for the executive who oversees the IT function. When implemented correctly, IT governance allows teams to maintain compliance, invest appropriately in IT teams and infrastructure, and mitigate tech-related risks, all while speeding up IT decision-making in support of broader organizational goals.

Some popular IT governance frameworks include:

  • COBIT: This framework (also known as Control Objectives for Information and Related Technologies) is developed by ISACA and focused on processes for managing IT in the context of the broader business.
  • ISO/IEC 38500: This framework, a collaboration between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), is designed to give consultants, executive managers, auditors, and others the tools to effectively use IT within their organizations.
  • TOGAF: The Open Group Architecture Framework gives enterprise architects and other IT pros guidance on implementing enterprise IT architecture, with an emphasis on standardization and modularization.
  • CMMI: The Capability Maturity Model Integration framework aims to give organizations the tools to measure capability and performance, and adjust accordingly.
  • ITIL: The Information Technology Infrastructure Library model offers guidelines for continuous improvement within an IT organization, including a focus on value and a commitment to iterative improvements based on feedback. The latest version, ITIL 4 features 34 practices across three categories: general management practices, service management practices, and technical management practices.
  • FAIR: Factor Analysis of Information Risk helps organizations figure out their risk profile, particularly cybersecurity and operational risk, with an aim toward building more effective cyber defense programs.
  • COSO: This framework, by the Committee of Sponsoring Organizations of the Treadway Commission, helps organizations get a grip on their internal controls, which could translate into a reduction in fraud, mitigating risk, and ensuring the optimal flow of information to stakeholders.

With these frameworks in place, an organization can set priorities and direction for IT. It’s important to note that IT governance differs from IT management, with the former being more strategic than tactical. While many organizations embrace a centralized governance model that could determine decisions for all of IT, others have a decentralized governance model that allows teams and divisions to apply their own frameworks and make their own decisions, at the risk of misalignment with other units.

Related content on IT governance

Photo collage of an AI icon in between two hands pointing at each other contained within abstract shapes.
Software

Who owns AI governance (and is it IT)?

Photo collage showing a woman from behind speaking into a headset, with abstract AI network nodes and patterns around her.
IT Operations

IT help desks face new challenges as workplaces go all-in on AI

Close up of lake water with binary code overlaid on it simulating a “data lake”
IT Strategy

How data is key to IT strategy for 2026

Back to Glossary