is the first of three action levels of the business management of the GRC (governance, risk, compliance).

IT is no self-purpose but supports the company targets and the company processes in nearly all areas of the company. This has to ensure the IT- Governance in practice by the components: leadership, organizational structures and processes. The challenge for a company is the establishment of IT control mechanisms to align the information technology in a way that the company targets are supported to an optimum level and the decision-making structures including responsibilities are effectively organized.
The IT governance includes a wide area of tasks in the IT management and is a part of the corporate governance of a company at the same time.

To ensure the integration of the IT-governance in the corporate governance it is expedient to use the CobiT frameworks because they set up a connection between control frameworks of a company and the usual norms (ISO/IEC 27001:2013) and models (ITIL) in IT. Furthermore, CobiT with the version 5.0 is not only a framework for auditors but rather for the governance of the whole IT of a company.
The IT governance is in close connection to IT compliance and IT risk management. IT compliance refers to law/ corporate compliance and the IT risk management concentrates on the capture, assessment and treatment of IT systems. The IT governance deals with the areas IT controlling, IT processes and IT management. Summarized the three areas are named as IT- GRC.

For successful management of IT governance methods, procedure models and concepts are essential factors and could receive an important contribution through approved norms and standards. Thereby IT strategy, IT portfolio management, IT security, IT risk management are supported usefully and thus the compliance of legal basic conditions or the compliance belonging to IT governance is represented sustainably.


Targets mentioned from the “IT Governance Institute (ITGI)”:

  • IT gears to the requirements of the company
  • Realization of the promised benefit
  • Increase of the company value and the benefit of IT
  • Responsible dealing with IT resources
  • Suitable management of IT risks and related risks

Modern SW tools, for example QSEC-Suite, support the systematic and complete realization of processes and contribute to measurement and control of the efficiency of the IT referring to the company targets.

Do you have further questions about the topic IT governance regarding to the norm ISO/IEC 38500: 2015 (Information technology–Governance of IT for the organization), ITIL or similar topics? Our experienced specialists from WMC Wüpper Management Consulting GmbH are available for conversation with you.

More information to the topic IT strategy you obtain here:


IT Strategy- and Organization

With the high degree of using the information technology (IT) to support the core processes in companies a good IT strategy and IT organization develops to be a decisive factor of competition.

Many companies have already acknowledged this strategic value and raised this topic to get the top management attention. The optimized IT strategy builds the framework to manage the information technology of a company and ensures that all tasks can be implemented in a useful, innovative, reliable and economical manner. The concept must be aligned in a way to meet the complex requirements of a user and the technical evolution together with the constantly changing requirements of the business.

Success factors for an optimized IT strategy and IT organization:

  • Extent and orientation of the future action to reach the company’s targets are visualized
  • Financial efforts for the IT perimeter can be planned and optimized in the long term
  • Unprofitable investments are avoided
  • A successful support from the IT for the success of a company is ensured

The today’s infrastructure platforms provide the basis of the company communication and considerably influence the course of action of the business processes and the quality of the results.
The increasing cost pressure within the companies requires a further development to achieve more efficient and favourably priced IT infrastructures.
For companies it becomes more and more important to professionally manage the IT infrastructure platforms.

Further starting points are e.g.:

  • Configuration Management
  • Change Management
  • Release Management
  • Operations Management

Essential subarea of the IT strategy:

  • Infrastructure strategy
  • Application strategy
  • Innovation strategy
  • Sourcing strategy
  • Investment strategy

The WMC consultants support you in any necessary concept and optimization of the IT strategy and IT processes of your IT organization, the IT operations, the IT infrastructure and the IT service management in accordance with ITIL. We develop an IT strategy in cooperation with you and geared to your personal needs and of course we help you to establish this IT strategy in your company.

Learn more about OSEC ISMS & GRC Software:

Our ISMS Software