17799.14 In comparison with COBIT, which has 34 high-level objectives that cover 215 control objectives, the committee’s framework has two high-level objectives (i.e., effectiveness, and consistency with U.S. laws and values) that cover 30 control objectives. Although no one framework has the same high-level and control objectives as the committee’s framework, they nevertheless provide guidance for achieving all of the committee’s information and communications technologies criteria. Analysts advise that organizations judiciously select specific frameworks or criteria based on their relevance to well-defined objectives and the readiness of the organization to apply them.15 This method applies also to implementing the committee’s framework.

Most IT organizations surveyed worldwide16 and in the United States17 have adopted a framework. While many have developed their own, there is increasing adoption of formal frameworks based on reports of their efficacy, such as a 30 percent increase in productivity over 2 years through a consistent application of formal frameworks.18 Failures with framework implementation are often related to inappropriate selection of criteria, as well as to formulaic implementations that emphasize process and checklists by those who do not understand the objectives or how to evaluate whether they have been achieved.

14

The IT Governance Institute (ITGI), IT Governance Global Status Report—2006, ITGI, Rolling Meadows, Ill., 2006.

15

D. Aron and A. Rowsell-Jones, Success with Standards, Gartner EXP, Stamford, Conn., May 2006.

16

The IT Governance Institute (ITGI), IT Governance Global Status Report—2006, ITGI, Rolling Meadows, Ill., 2006.

17

C. Symons, IT Governance Survey Results: More Work to Be Done, Forrester Research, Cambridge, Mass., April 14, 2005.

18

D. Aron and A. Rowsell-Jones, Success with Standards, Gartner EXP, Stamford, Conn., May 2006.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement