November 22, 2021

Frameworks and methodologies for IT governance and management

IT governance is the system that ensures that the use of ICT is directed and controlled at the level of an organization, sustaining and extending the organization's strategies and objectives (ISO/IEC, 2015). COBIT - Control Objectives for Information and Related Technology is one of the most used enterprise governance of information and technology (EGIT) frameworks (ISACA, 2019).

COBIT specifically differentiates between governance and management. Management is the group of processes that ensures the execution of the organizational activities, in alignment with the direction set as part of the Governance processes.

IT Management processes cover activities such as building, implementation, maintenance, operation, and support of IT systems, as well as transversal processes referring to risk, security, and data protection management. 

In the IT industry, project management tools and techniques are used in conjunction with IT-specific frameworks and tools, such as software development, maintenance, IT support, quality assurance and control, security, or data protection frameworks, guides, and standards. 

The main project management frameworks are: 

PMBoK, proposed by PMI (PMI, 2017)
PM² - the Project Management methodology developed by the European Commission (European Commission, 2018)
Prince 2
APM BoK
IPMA International Competence Baseline (ICB)
Project Planning and Project Management (P2M) developed by the PM Association of Japan (PMAJ)
ISO 21500:2012 Guidance on Project Management
Global Alliance for Project Performance Standards (GAPPS)
Procedures for Project Formulation and Management (PPFM) by the Indian Ministry of Defence (Mohindra & Srivastava, 2019)

An overview of specific IT frameworks and methodologies is presented below.

Area Frameworks & methodologies
IT governance and information management COBIT (Control Objectives for Information and Related Technology), developed by ISACA (Information Systems Audit and Control Association)
ISO/IEC 38500:2015 Information technology - Governance of IT for the organization
(ISACA, 2019) (De Haes, Van Grembergen, Joshi, & Huygh, 2020) (ISO/IEC, 2015)
IT Service Management - ITSM ISO/IEC 20000 family of standards – Information technology — Service management
ITIL - IT Infrastructure Library
The Open Group Architecture Framework TOGAF
Microsoft Operations Framework MOF
(ISO/IEC, 2018b) (Shiff, 2021) (Ohlinger, Sharkey, & Cai, 2017) (The Open Group, 2018)
IT Security CIS Controls V8
ISO/IEC 27001 Information security management
ISO/IEC 27002 Information technology - Security techniques - Code of practice for information security controls
(CIS, 2021)  (ISO/IEC, 2018)   (ISO/IEC, 2013)
Software development and maintenance Systems development life cycle SDLC
Waterfall
Rational Unified Process RUP
Spiral development
Object Oriented Analysis and Design OOAD
Scrum Agile, Kanban
Feature driven development FDD
Extreme Programming XP
Rapid Application Development RAD
(Satzinger, Jackson, & Burd, 2007) (Schwaber & Sutherland, 2020)
Software estimation Function Point Analysis FPA
The Constructive Cost Model for cost estimation COCOMO
(Albrecht, 1979) (Longstreet, 2012) (Pressman, 2001) (Jørgensen, 2007)
IT Quality assurance and control ISO/IEC 9001:2015 Quality management systems
ISO/IEC/IEEE 90003:2018 Software engineering - Guidelines for the application of ISO 9001:2015 to computer software
ISO/IEC/IEEE 29119 family of standards – Software and systems engineering - Software testing
Total Quality Management TQM
Capability Maturity Model Integration (CMMI)
Six-sigma
International Software Testing Qualifications Board ISTQB
(ISO/IEC/IEEE, 2013) (ISO/IEC, 2015) (Godfrey, 2004) (ISTQB, 2012)

Other lists of software/project management and decision making tools are in these slides.

References

Albrecht, A. J. (1979). Measuring application development productivity. Proceedings of the Joint SHARE, GUIDE, and IBM Application Development Symposium (pp. 83–92). Monterey, California: IBM Corporation.

CIS. (2021). CIS Controls Version 8. Center for Internet Security. Retrieved from https://www.cisecurity.org/controls/v8/

De Haes, S., Van Grembergen, W., Joshi, A., & Huygh, T. (2020). Enterprise Governance of Information Technology: Achieving Alignment and Value in Digital Organizations. Cham, Switzerland: Springer Nature Switzerland AG.

European Commission. (2018). PM2 Project Management Methodology Guide 3.0. Brussels, Luxembourg: Publications Office of the European Union. doi:10.2799/755246

Godfrey, S. (2004). What is CMMI? NASA. Retrieved Oct. 3, 2021, from https://ses.gsfc.nasa.gov/ses_data_2004/040601_Godfrey.ppt

ISACA. (2019). COBIT 2019 Framework: Introduction and Methodology. ISACA.

ISO/IEC. (2013). ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls. International Organization for Standardization, International Electrotechnical Commission. Retrieved from https://www.iso.org/standard/54533.html

ISO/IEC. (2015). ISO 9000:2015 Quality management systems — Fundamentals and vocabulary (4 ed.). International Organization for Standardization, International Electrotechnical Commission. Retrieved from https://www.iso.org/standard/45481.html

ISO/IEC. (2015). ISO/IEC 38500:2015 Information technology - Governance of IT for the organization. International Organization for Standardization/International Electrotechnical Commission. Retrieved from https://www.iso.org/standard/62816.html

ISO/IEC. (2018). ISO/IEC 27000:2018 Information technology — Security techniques — Information security management systems — Overview and vocabulary (5 ed.). International Organization for Standardization, International Electrotechnical Commission. Retrieved from https://www.iso.org/standard/73906.html

ISO/IEC. (2018b). ISO/IEC 20000-1:2018 Information technology — Service management — Part 1: Service management system requirements (3 ed.). International Organization for Standardization, International Electrotechnical Commission. Retrieved from https://www.iso.org/standard/70636.html

ISO/IEC/IEEE. (2013). ISO/IEC/IEEE 29119-1:2013 Software and systems engineering — Software testing — Part 1: General concepts (1 ed.). International Organization for Standardization/International Electrotechnical Commission/Institute of Electrical and Electronics Engineers. Retrieved Oct. 10, 2021, from https://www.iso.org/standard/45142.html

ISTQB. (2012). ISTQB in a Nutshell. ISTQB Marketing Working Group. Retrieved Oct 3, 2021, from https://www.istqb.org/documents/ISTQB_201202_v10.pdf

Jørgensen, M. (2007). Forecasting of software development work effort: evidence on expert judgment and formal models. International Journal of Forecasting, 23(3), 449.

Longstreet, D. H. (2012, Feb). Function Points Analysis training course. Retrieved Mar 13, 2012, from Software Metrics: http://www.softwaremetrics.com/Function%20Point%20Training%20Booklet%20New.pdf

Mohindra, T., & Srivastava, M. (2019). Comparative Analysis of Project Management Frameworks and Proposition for Project Driven Organizations. PM World Journal, VIII(VIII). Retrieved from https://pmworldlibrary.net/wp-content/uploads/2019/09/pmwj85-Sep2019-Mohindra-Srivastava-comparative-analysis-of-project-management-frameworks.pdf

Ohlinger, M., Sharkey, K., & Cai, S. (2017, Aug 6). High Availability and the Microsoft Operations Framework. Retrieved Oct 3, 2021, from Microsoft Docs: https://docs.microsoft.com/en-us/biztalk/core/high-availability-and-the-microsoft-operations-framework

PMI. (2017). A Guide to the Project Management Body of Knowledge (PMBOK Guide), 6th Ed. Pennsylvania: Project Management Institute.

Pressman, R. S. (2001). Software Engineering - A Practitioner's Approach. New York: McGraw-Hill.

Satzinger, J. W., Jackson, R. B., & Burd, S. (2007). Systems Analysis & Design In A Changing World. Boston: Thomson Course Technology.

Schwaber, K., & Sutherland, J. (2020, Nov). The 2020 Scrum Guide. Retrieved Dec 27, 2020, from ScrumGuides.org: https://www.scrumguides.org/scrum-guide.html

Shiff, L. (2021, Jun 14). Popular IT Service Management (ITSM) Frameworks. Retrieved Oct 3, 2021, from BMC Blogs: https://www.bmc.com/blogs/itsm-frameworks-popular/

The Open Group. (2018). The TOGAF® Standard, Version 9.2 (9.2 ed.)

1 comment:

  1. Great job for publishing such a nice article. Your article isn’t only useful but it is additionally really informative. Thank you because you have been willing to share information with us. Read more info about service management reports

    ReplyDelete

Engineering complexity: because it works !

Why do we build complex products, like smart phones, AI, or Hermix ? Because complexity works. It delivers benefits and value, to the econo...