Skip to content. | Skip to navigation

Personal tools

Reference and guide to SFIA version 7. Framework status: Current standard.

Enterprise IT governance GOVN

The establishment and oversight of an organisation's approach to the use of Information systems and digital services, and associated technology, in line with the needs of the principal stakeholders of the organisation and overall organisational corporate governance requirements. The determination and accountability for evaluation of current and future needs; directing the planning for both supply and demand of these services; the quality, characteristics, and level of IT services; and for monitoring the conformance to obligations (including regulatory, legislation, control, and other standards) to ensure positive contribution of IT to the organisation's goals and objectives.

Enterprise IT governance: Level 7

Leads the establishment and maintenance of a function that provides a consistent and integrated approach to IT governance in line with the organisation's corporate governance requirements. At the highest levels in the organisation's governance activities, provides assurance to principal stakeholders that IT services meet the organisation's obligations (including legislation, regulatory, contractual and agreed standards/policies). Ensures that a framework of policies, standards, process and practices is in place to guide provision of enterprise IT services, and that suitable monitoring of the governance framework is in place to report on adherence to these obligations as needed. Establishes the appropriate guidance to enable transparent decision-making to be demonstrated, working with senior leaders to ensure the needs of principal stakeholders are understood, the value proposition offered by enterprise IT is accepted by these stakeholders and the evolving needs of the stakeholders and their appetite for balancing benefits, opportunities, costs and risks is embedded into strategic and operational plans.

Enterprise IT governance: Level 6

Within a defined area of accountability, determines the requirements for the appropriate governance of enterprise IT, ensuring clarity of responsibilities and authority, goals and objectives. Puts in place and maintains governance practices and resources to enable governance activity to be conducted with reasonable independence from management activity, in line with the organisation's corporate governance requirements. Undertakes and/or directs reviews as necessary to ensure management decision-making is transparent, and that an appropriate balance between benefits, opportunities, costs and risks can be demonstrated to principal stakeholders. Establishes and maintains the policies for compliance with the organisation's obligations (including legislation, regulatory, contractual and agreed standards/policies), holding the management team to account. Acts as the organisation's contact for relevant regulatory authorities. Ensures proper relationships between the organisation and external parties, with valid interest in the organisation's governance, are in place.

Enterprise IT governance: Level 5

Reviews current and proposed information systems for compliance with the organisation's obligations (including legislation, regulatory, contractual and agreed standards/policies) and adherence to overall strategy. Provides specialist advice to those accountable for governance to correct compliance issues.