Frameworks and methodologies for IT governance and management
IT governance is the system that ensures that the use of ICT is directed and controlled at the level of an organization, sustaining and extending the organization's strategies and objectives (ISO/IEC, 2015). COBIT - Control Objectives for Information and Related Technology is one of the most used enterprise governance of information and technology (EGIT) frameworks (ISACA, 2019).
COBIT specifically differentiates between governance and management. Management is the group of processes that ensures the execution of the organizational activities, in alignment with the direction set as part of the Governance processes.
IT Management processes cover activities such as building, implementation, maintenance, operation, and support of IT systems, as well as transversal processes referring to risk, security, and data protection management.
In the IT industry, project management tools and techniques are used in conjunction with IT-specific frameworks and tools, such as software development, maintenance, IT support, quality assurance and control, security, or data protection frameworks, guides, and standards.
The main project management frameworks are:
|PMBoK, proposed by PMI (PMI, 2017)|
|PM² - the Project Management methodology developed by the European Commission (European Commission, 2018)|
|IPMA International Competence Baseline (ICB)|
|Project Planning and Project Management (P2M) developed by the PM Association of Japan (PMAJ)|
|ISO 21500:2012 Guidance on Project Management|
|Global Alliance for Project Performance Standards (GAPPS)|
|Procedures for Project Formulation and Management (PPFM) by the Indian Ministry of Defence (Mohindra & Srivastava, 2019)|
An overview of specific IT frameworks and methodologies is presented below.
|Area||Frameworks & methodologies|
|IT governance and information management||
COBIT (Control Objectives for Information and Related Technology), developed by ISACA (Information Systems Audit and Control Association)
ISO/IEC 38500:2015 Information technology - Governance of IT for the organization
(ISACA, 2019) (De Haes, Van Grembergen, Joshi, & Huygh, 2020) (ISO/IEC, 2015)
|IT Service Management - ITSM||
family of standards – Information technology — Service management
ITIL - IT Infrastructure Library
The Open Group Architecture Framework TOGAF
Microsoft Operations Framework MOF
(ISO/IEC, 2018b) (Shiff, 2021) (Ohlinger, Sharkey, & Cai, 2017) (The Open Group, 2018)
ISO/IEC 27001 Information security management
ISO/IEC 27002 Information technology - Security techniques - Code of practice for information security controls
(CIS, 2021) (ISO/IEC, 2018) (ISO/IEC, 2013)
|Software development and maintenance||
Systems development life cycle SDLC
Rational Unified Process RUP
Object Oriented Analysis and Design OOAD
Scrum Agile, Kanban
Feature driven development FDD
Extreme Programming XP
Rapid Application Development RAD
(Satzinger, Jackson, & Burd, 2007) (Schwaber & Sutherland, 2020)
The Constructive Cost Model for cost estimation COCOMO
(Albrecht, 1979) (Longstreet, 2012) (Pressman, 2001) (Jørgensen, 2007)
|IT Quality assurance and control||
ISO/IEC 9001:2015 Quality management systems
ISO/IEC/IEEE 90003:2018 Software engineering - Guidelines for the application of ISO 9001:2015 to computer software
ISO/IEC/IEEE 29119 family of standards – Software and systems engineering - Software testing
Total Quality Management TQM
Capability Maturity Model Integration (CMMI)
International Software Testing Qualifications Board ISTQB
(ISO/IEC/IEEE, 2013) (ISO/IEC, 2015) (Godfrey, 2004) (ISTQB, 2012)
Albrecht, A. J.
(1979). Measuring application development productivity. Proceedings of the
Joint SHARE, GUIDE, and IBM Application Development Symposium (pp.
83–92). Monterey, California: IBM Corporation.
CIS. (2021). CIS Controls Version 8. Center for Internet Security. Retrieved from https://www.cisecurity.org/controls/v8/
De Haes, S., Van Grembergen, W., Joshi, A., & Huygh, T. (2020). Enterprise Governance of Information Technology: Achieving Alignment and Value in Digital Organizations. Cham, Switzerland: Springer Nature Switzerland AG.
European Commission. (2018). PM2 Project Management Methodology Guide 3.0. Brussels, Luxembourg: Publications Office of the European Union. doi:10.2799/755246
Godfrey, S. (2004). What is CMMI? NASA. Retrieved Oct. 3, 2021, from https://ses.gsfc.nasa.gov/ses_data_2004/040601_Godfrey.ppt
ISACA. (2019). COBIT 2019 Framework: Introduction and Methodology. ISACA.
ISO/IEC. (2013). ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls. International Organization for Standardization, International Electrotechnical Commission. Retrieved from https://www.iso.org/standard/54533.html
ISO/IEC. (2015). ISO 9000:2015 Quality management systems — Fundamentals and vocabulary (4 ed.). International Organization for Standardization, International Electrotechnical Commission. Retrieved from https://www.iso.org/standard/45481.html
ISO/IEC. (2015). ISO/IEC 38500:2015 Information technology - Governance of IT for the organization. International Organization for Standardization/International Electrotechnical Commission. Retrieved from https://www.iso.org/standard/62816.html
ISO/IEC. (2018). ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary (5 ed.). International Organization for Standardization, International Electrotechnical Commission. Retrieved from https://www.iso.org/standard/73906.html
ISO/IEC. (2018b). ISO/IEC 20000-1:2018 Information technology — Service management — Part 1: Service management system requirements (3 ed.). International Organization for Standardization, International Electrotechnical Commission. Retrieved from https://www.iso.org/standard/70636.html
ISO/IEC/IEEE. (2013). ISO/IEC/IEEE 29119-1:2013 Software and systems engineering — Software testing — Part 1: General concepts (1 ed.). International Organization for Standardization/International Electrotechnical Commission/Institute of Electrical and Electronics Engineers. Retrieved Oct. 10, 2021, from https://www.iso.org/standard/45142.html
ISTQB. (2012). ISTQB in a Nutshell. ISTQB Marketing Working Group. Retrieved Oct 3, 2021, from https://www.istqb.org/documents/ISTQB_201202_v10.pdf
Jørgensen, M. (2007). Forecasting of software development work effort: evidence on expert judgment and formal models. International Journal of Forecasting, 23(3), 449.
Longstreet, D. H. (2012, Feb). Function Points Analysis training course. Retrieved Mar 13, 2012, from Software Metrics: http://www.softwaremetrics.com/Function%20Point%20Training%20Booklet%20New.pdf
Mohindra, T., & Srivastava, M. (2019). Comparative Analysis of Project Management Frameworks and Proposition for Project Driven Organizations. PM World Journal, VIII(VIII). Retrieved from https://pmworldlibrary.net/wp-content/uploads/2019/09/pmwj85-Sep2019-Mohindra-Srivastava-comparative-analysis-of-project-management-frameworks.pdf
Ohlinger, M., Sharkey, K., & Cai, S. (2017, Aug 6). High Availability and the Microsoft Operations Framework. Retrieved Oct 3, 2021, from Microsoft Docs: https://docs.microsoft.com/en-us/biztalk/core/high-availability-and-the-microsoft-operations-framework
PMI. (2017). A Guide to the Project Management Body of Knowledge (PMBOK Guide), 6th Ed. Pennsylvania: Project Management Institute.
Pressman, R. S. (2001). Software Engineering - A Practitioner's Approach. New York: McGraw-Hill.
Satzinger, J. W., Jackson, R. B., & Burd, S. (2007). Systems Analysis & Design In A Changing World. Boston: Thomson Course Technology.
Schwaber, K., & Sutherland, J. (2020, Nov). The 2020 Scrum Guide. Retrieved Dec 27, 2020, from ScrumGuides.org: https://www.scrumguides.org/scrum-guide.html
Shiff, L. (2021, Jun 14). Popular IT Service Management (ITSM) Frameworks. Retrieved Oct 3, 2021, from BMC Blogs: https://www.bmc.com/blogs/itsm-frameworks-popular/
The Open Group. (2018). The TOGAF® Standard, Version 9.2 (9.2 ed.)