TI Governance - State of the art
DOI:
https://doi.org/10.18046/syt.v9i17.1052Keywords:
Corporate governance, COSO, Cobit, ISO/IEC 38500, Calder-Moir, ISO 27002, ITIL, ISO/IEC 20000, IT governance.Abstract
This paper evaluates the state of the art andconcepts that links corporate governance andIT governance. Makes an historical review ofthe frameworks’ evolution and related standardsup to now. Helps the reader to have a generalunderstanding of the IT Governance topics andlets develop our own concept of it. Helps to usefurther the control frameworks, standards andregulations for a proper implementation of thesein his organization to align IT with the corporategovernance.References
Aldama y Miñon, E. (2003). Informe de la Comisión Especial para el fomento de la transparencia y seguridad en los mercados y en las sociedades cotizadas. Obtenido de CNMV: http://www.cnmv.es/Portal_Documentos/Publicaciones/CodigoGov/Informefinal.PDF
Arveson, P. (1998). The Deming Cycle. Obtenido de Balanced Scorecard Institute: http://www.balancedscorecard.org/thedemingcycle/tabid/112/default.aspx
Basel Commitee on banking supervision. (2005). Basel II: International Convergence of Capital Measurement and Capital Standards: A Revised Framework. Basilea: Bank for International Settlements.
Basel Committee on banking supervision. (2006). Enhancing Corporate Governance in Banking Organizations. Basilea: Bank for International Settlements.
Bosch, A. (2008). Conferencia Curso de verano Gobierno de TI: ItSMF- COSO- ISO 38500 y Gobienro de TI. Universidad Politécnica de Madrid. Obtenido de You tube: http://www.youtube.com/watch?v=37zvCvb31cw&feature=relmfu
Bryce, R. (2002). Pipe Dreams: Greed, Ego, and the Death of Enro. New York: PublicAffairs.
BS15000 Associates Group. (n.d). The ISO 20000 ( BS15000 / BS 15000 ) ITSM Standard. Obtenido de BS15000 Associates Group: http://www.bs15000.org.uk/
Cadbury, A. (1992). Report of the Committee on the Financial Aspects of Corporate Governance. Londres: Gee (Professional Publishing Ltd.).
CAF / IAAG. (Abril de 2005). Lineamientos para un Código Andino de Gobierno Corporativo (versión revisada). Obtenido de CAF: http://gc.caf.com/upload/pubs/Lineamientos%20para%20un%20Codigo%20Andino%20de%20GC.pdf
Calder, A. (2006). Nueve claves para el éxito. Una visión general de la implementación de la norma NTC-ISO/IEC 27002. Bogotá: Instituto Colombiano de Normas Técnicas y Certificación, ICONTEC.
Calder, A. (2008). The Calder-Moir IT Governance Framework. Obtenido de IT Governance: http://www.itgovernance.co.uk/calder_moir.aspx
Carrillo, J. (2009). Conferencia en III Curso de verano: Gobierno de TI- ITSMF - Universidad . Obtenido de You Tube: http://www.youtube.com/watch?v=xUL8IBalh9I&feature=relmfu
Chrissis, M. B., Konrad, M., & Shrum, S. (2011). CMMI for Development®: Guidelines for Process Integration and Product Improvement (3a ed.). Upper Saddle River, NJ: Addison-Wesley Professional.
Committee on Sponsoring Organizations of the Treadway Commission [COSO]. (1992). Internal Control - Integrated Framework. Durham, North Carolina: American Institute of CPAs.
Cram, A. (2007). The IT Balanced Scorecard Revisited. Information system Control Journal , 5, 1-5.
Financial Reporting Council. (2005). Internal Control: Revised Guidance for Directors on the Combined Code. London: Financial Reporting Council.
Forrester, E., Buteau, B., & Shrum, S. (2011). CMMI for Services: Guidelines for Superior Service (2a ed.). Upper Saddle River, NJ: Addison-Wesley Professional.
Garbarino, H. (2010). Gobierno de TI. Organización, Administración y Control de las TI. Un encuadre en Pymes. Obtenido de http://www.ort.edu.uy/: http://www.ort.edu.uy/fi/pdf/investigaciontuteladagarbarinoort.pdf
Hofmann, H. F., Yedlin, D. K., Mishler, J. W., & Kushner, S. (2011). CMMI(R) for Outsourcing: Guidelines for Software, Systems, and IT Acquisition. Addison-Wesley Professional.
Iqbal, M., & Nieves, M. (2007). ITIL V3 Service Strategy Book. Office of Government Commerce/The Stationery Office.
ISO/IEC. (2005a). ISO/IEC 20000-1:2005 Information technology -- Service management -- Part 1: Specification. ISO.
ISO/IEC. (2005b). ISO/IEC 20000-2:2005 Information technology -- Service management -- Part 2: Code of practice. ISO.
ISO/IEC. (2005c). ISO/IEC 27001:2005 Information technology -- Security techniques -- Information security management systems -- Requirements. ISO.
ISO/IEC. (2005d). ISO/IEC 27002:2005 Information technology -- Security techniques -- Code of practice for information security management. ISO.
ISO/IEC. (2008). ISO/IEC 38500 Corporate governance of information technology. ISO.
IT Governance Network. (Agosto de 2008). Implementing ISO 38500. Obtenido de IT Governance Network: http://itgovernance.com/web/content/view/40/2/
ITGI. (2003). Board Briefing on IT Governance, Second Edition. Rolling Meadows, IL: IT Governance Institute.
ITGI. (2006). IT Control Objectives for Sarbanex-Oxley: The role of IT in the Design and Implementation of the Internal Control Over Financial Reporting (2 ed.). Rolling Meadows, IL: IT Governance Institute.
ITGI. (2007). Cobit 4.1. Rolling Meadows, IL: ITGI.
ITGI. (2008a). IT Governance Global Status Report 2008. Rolling Meadows, IL: IT Governance Institute.
ITGI. (2008b). Alineando COBIT® 4.1, ITIL® V3 e ISO/IEC 27002 en beneficio de la empresa. Rolling Meadows: ITGI.
Izquierdo, F. (2009). Frameworks de IT- Governance – Estado del arte. GRC Symposium. Bogotá: ISACA - Colombian Chapter.
Jeter, L. (2003). Disconnected: Deceit and Betrayal at WorldCom. Hoboken, NJ: John Wiley & Sons.
Kaplan, R., & Norton, D. (1996). The Balanced Scorecard. Boston, MA : Harvard Business School Press.
Lacy, S., & Macfarlane, I. (2007). ITIL V3 Service Transition Book. Office of Government Commerce/The Stationery Office.
McLean, B., Elkind, P. (Escritores), & Gibney, A. (Dirección). (2005). Enron: The Smartest Guys in the Room [Película].
Microsoft. (Julio de 2010). Microsoft Operations Framework. MOF Extended Guidance. Obtenido de Microsoft Corporation: www.microsoft.com/mof
Office of Government Commerce . (2007). ITIL V3 Service Operation Book. Office of Government Commerce/The Stationery Office.
Olivencia, M. (1998). El Gobierno de las Sociedades Cotizadas. Madrid: Comisión Especial para el estudio de un código ético de los consejos de administración de las sociedades.
Organización para la Cooperación y el Desarrollo Económico [OCDE]. (1999). Principios de la OCDE para el gobierno de las sociedadesISBN 13 – 9789264471269 . OECD Publishing.
OCDE. (2004). OCDE Principios de Gobierno Corporativo. Madrid: Ministerio de Economía y Hacienda de España.
Palao, M. (2010). Reflexión sobre el Estado del Arte del Buen Gobierno TIC. Bogotá: ISACA.
Phillips, M., Gallagher, B. P., Richter, K. J., & Shrum, S. (2011). CMMI® for Acquisition: Guidelines for Improving the Acquisition of Products and Services (2a ed.). Addison-Wesley Professional.
PriceWaterhouseCoopers. (Agosto de 2009). Coso Report. Control Interno . Obtenido de Camara de Comercio de Bogotá: http://camara.ccb.org.co/documentos/4663_pwc___ccb___coso_report.pdf
Project Management Institute. (2010). A Guide to the Project Management Body of Knowledge. Pmbok Guide (4a ed.). Newton Square: Project Management Institute.
Real Academia Española. (2005). Diccionario de la lengua española (22 ed.). Madrid: Espasa Calpe.
RiskIT. (2009). Enterprise Risk: Identify, Govern and Manage IT Risk, in Risk IT. Rolling Meadows, IL: ITGI.
Ross, J., & Weil, P. (November de 2002). Six IT Decision Your IT People Shouldn't Make. Harvard Business Review , 85-94.
Rudd, C., & Lloyd, V. (2007). ITIL V3 Service Design Book Publisher. Office of Government Commerce/The Stationery Office.
Sarbanes-Oxley. (Julio de 2002). Sarbanes-Oxley Act of 2002 Pub. L. No. 107-204, 116 Stat. 745. Wahington: The U.S Government Printing Office (GPO).
Spalding, G. (2007). OGC, Office of Government Commerce, ITIL V3 Continual Service Improvement Book. 2th Print, 2007 Publisher: TSO – The Stationery Office. ISBN 9780113310494 by George Spalding . Office of Government Commerce/The Stationery Office.
Toomey, M. (Mayo de 2009). A Framework for Governance and Management of IT. Obtenido de The Infonomics Letter: http://www.infonomics.com.au/Web%20Content/Documents/The_Infonomics_Letter_May_2009.pdf
Val IT. (2008). Enterprise Value: Governance of IT Investments. The Val IT Framework 2.0. Rolling Meadows, IL: ITGI.
Weill, P., & Ross, J. (2004). IT Governance. How top performers manage IT decision rights for superior results. Boston, MA.: Harvard Business School Press.
Weill, P., Subramani, M., & Broadbent, M. (2002). Building IT Infrastructure for Startegic Agility. MIT SLOAN Management Review , Fall, 10.
Winter, J. (2002). Report of the High Level Group of Company Law Experts of Modern Regulatory Framework for Company Law in Europe. Obtenido de European Commission: http://ec.europa.eu/internal_market/company/docs/modern/report_en.pdf
Arveson, P. (1998). The Deming Cycle. Obtenido de Balanced Scorecard Institute: http://www.balancedscorecard.org/thedemingcycle/tabid/112/default.aspx
Basel Commitee on banking supervision. (2005). Basel II: International Convergence of Capital Measurement and Capital Standards: A Revised Framework. Basilea: Bank for International Settlements.
Basel Committee on banking supervision. (2006). Enhancing Corporate Governance in Banking Organizations. Basilea: Bank for International Settlements.
Bosch, A. (2008). Conferencia Curso de verano Gobierno de TI: ItSMF- COSO- ISO 38500 y Gobienro de TI. Universidad Politécnica de Madrid. Obtenido de You tube: http://www.youtube.com/watch?v=37zvCvb31cw&feature=relmfu
Bryce, R. (2002). Pipe Dreams: Greed, Ego, and the Death of Enro. New York: PublicAffairs.
BS15000 Associates Group. (n.d). The ISO 20000 ( BS15000 / BS 15000 ) ITSM Standard. Obtenido de BS15000 Associates Group: http://www.bs15000.org.uk/
Cadbury, A. (1992). Report of the Committee on the Financial Aspects of Corporate Governance. Londres: Gee (Professional Publishing Ltd.).
CAF / IAAG. (Abril de 2005). Lineamientos para un Código Andino de Gobierno Corporativo (versión revisada). Obtenido de CAF: http://gc.caf.com/upload/pubs/Lineamientos%20para%20un%20Codigo%20Andino%20de%20GC.pdf
Calder, A. (2006). Nueve claves para el éxito. Una visión general de la implementación de la norma NTC-ISO/IEC 27002. Bogotá: Instituto Colombiano de Normas Técnicas y Certificación, ICONTEC.
Calder, A. (2008). The Calder-Moir IT Governance Framework. Obtenido de IT Governance: http://www.itgovernance.co.uk/calder_moir.aspx
Carrillo, J. (2009). Conferencia en III Curso de verano: Gobierno de TI- ITSMF - Universidad . Obtenido de You Tube: http://www.youtube.com/watch?v=xUL8IBalh9I&feature=relmfu
Chrissis, M. B., Konrad, M., & Shrum, S. (2011). CMMI for Development®: Guidelines for Process Integration and Product Improvement (3a ed.). Upper Saddle River, NJ: Addison-Wesley Professional.
Committee on Sponsoring Organizations of the Treadway Commission [COSO]. (1992). Internal Control - Integrated Framework. Durham, North Carolina: American Institute of CPAs.
Cram, A. (2007). The IT Balanced Scorecard Revisited. Information system Control Journal , 5, 1-5.
Financial Reporting Council. (2005). Internal Control: Revised Guidance for Directors on the Combined Code. London: Financial Reporting Council.
Forrester, E., Buteau, B., & Shrum, S. (2011). CMMI for Services: Guidelines for Superior Service (2a ed.). Upper Saddle River, NJ: Addison-Wesley Professional.
Garbarino, H. (2010). Gobierno de TI. Organización, Administración y Control de las TI. Un encuadre en Pymes. Obtenido de http://www.ort.edu.uy/: http://www.ort.edu.uy/fi/pdf/investigaciontuteladagarbarinoort.pdf
Hofmann, H. F., Yedlin, D. K., Mishler, J. W., & Kushner, S. (2011). CMMI(R) for Outsourcing: Guidelines for Software, Systems, and IT Acquisition. Addison-Wesley Professional.
Iqbal, M., & Nieves, M. (2007). ITIL V3 Service Strategy Book. Office of Government Commerce/The Stationery Office.
ISO/IEC. (2005a). ISO/IEC 20000-1:2005 Information technology -- Service management -- Part 1: Specification. ISO.
ISO/IEC. (2005b). ISO/IEC 20000-2:2005 Information technology -- Service management -- Part 2: Code of practice. ISO.
ISO/IEC. (2005c). ISO/IEC 27001:2005 Information technology -- Security techniques -- Information security management systems -- Requirements. ISO.
ISO/IEC. (2005d). ISO/IEC 27002:2005 Information technology -- Security techniques -- Code of practice for information security management. ISO.
ISO/IEC. (2008). ISO/IEC 38500 Corporate governance of information technology. ISO.
IT Governance Network. (Agosto de 2008). Implementing ISO 38500. Obtenido de IT Governance Network: http://itgovernance.com/web/content/view/40/2/
ITGI. (2003). Board Briefing on IT Governance, Second Edition. Rolling Meadows, IL: IT Governance Institute.
ITGI. (2006). IT Control Objectives for Sarbanex-Oxley: The role of IT in the Design and Implementation of the Internal Control Over Financial Reporting (2 ed.). Rolling Meadows, IL: IT Governance Institute.
ITGI. (2007). Cobit 4.1. Rolling Meadows, IL: ITGI.
ITGI. (2008a). IT Governance Global Status Report 2008. Rolling Meadows, IL: IT Governance Institute.
ITGI. (2008b). Alineando COBIT® 4.1, ITIL® V3 e ISO/IEC 27002 en beneficio de la empresa. Rolling Meadows: ITGI.
Izquierdo, F. (2009). Frameworks de IT- Governance – Estado del arte. GRC Symposium. Bogotá: ISACA - Colombian Chapter.
Jeter, L. (2003). Disconnected: Deceit and Betrayal at WorldCom. Hoboken, NJ: John Wiley & Sons.
Kaplan, R., & Norton, D. (1996). The Balanced Scorecard. Boston, MA : Harvard Business School Press.
Lacy, S., & Macfarlane, I. (2007). ITIL V3 Service Transition Book. Office of Government Commerce/The Stationery Office.
McLean, B., Elkind, P. (Escritores), & Gibney, A. (Dirección). (2005). Enron: The Smartest Guys in the Room [Película].
Microsoft. (Julio de 2010). Microsoft Operations Framework. MOF Extended Guidance. Obtenido de Microsoft Corporation: www.microsoft.com/mof
Office of Government Commerce . (2007). ITIL V3 Service Operation Book. Office of Government Commerce/The Stationery Office.
Olivencia, M. (1998). El Gobierno de las Sociedades Cotizadas. Madrid: Comisión Especial para el estudio de un código ético de los consejos de administración de las sociedades.
Organización para la Cooperación y el Desarrollo Económico [OCDE]. (1999). Principios de la OCDE para el gobierno de las sociedadesISBN 13 – 9789264471269 . OECD Publishing.
OCDE. (2004). OCDE Principios de Gobierno Corporativo. Madrid: Ministerio de Economía y Hacienda de España.
Palao, M. (2010). Reflexión sobre el Estado del Arte del Buen Gobierno TIC. Bogotá: ISACA.
Phillips, M., Gallagher, B. P., Richter, K. J., & Shrum, S. (2011). CMMI® for Acquisition: Guidelines for Improving the Acquisition of Products and Services (2a ed.). Addison-Wesley Professional.
PriceWaterhouseCoopers. (Agosto de 2009). Coso Report. Control Interno . Obtenido de Camara de Comercio de Bogotá: http://camara.ccb.org.co/documentos/4663_pwc___ccb___coso_report.pdf
Project Management Institute. (2010). A Guide to the Project Management Body of Knowledge. Pmbok Guide (4a ed.). Newton Square: Project Management Institute.
Real Academia Española. (2005). Diccionario de la lengua española (22 ed.). Madrid: Espasa Calpe.
RiskIT. (2009). Enterprise Risk: Identify, Govern and Manage IT Risk, in Risk IT. Rolling Meadows, IL: ITGI.
Ross, J., & Weil, P. (November de 2002). Six IT Decision Your IT People Shouldn't Make. Harvard Business Review , 85-94.
Rudd, C., & Lloyd, V. (2007). ITIL V3 Service Design Book Publisher. Office of Government Commerce/The Stationery Office.
Sarbanes-Oxley. (Julio de 2002). Sarbanes-Oxley Act of 2002 Pub. L. No. 107-204, 116 Stat. 745. Wahington: The U.S Government Printing Office (GPO).
Spalding, G. (2007). OGC, Office of Government Commerce, ITIL V3 Continual Service Improvement Book. 2th Print, 2007 Publisher: TSO – The Stationery Office. ISBN 9780113310494 by George Spalding . Office of Government Commerce/The Stationery Office.
Toomey, M. (Mayo de 2009). A Framework for Governance and Management of IT. Obtenido de The Infonomics Letter: http://www.infonomics.com.au/Web%20Content/Documents/The_Infonomics_Letter_May_2009.pdf
Val IT. (2008). Enterprise Value: Governance of IT Investments. The Val IT Framework 2.0. Rolling Meadows, IL: ITGI.
Weill, P., & Ross, J. (2004). IT Governance. How top performers manage IT decision rights for superior results. Boston, MA.: Harvard Business School Press.
Weill, P., Subramani, M., & Broadbent, M. (2002). Building IT Infrastructure for Startegic Agility. MIT SLOAN Management Review , Fall, 10.
Winter, J. (2002). Report of the High Level Group of Company Law Experts of Modern Regulatory Framework for Company Law in Europe. Obtenido de European Commission: http://ec.europa.eu/internal_market/company/docs/modern/report_en.pdf
Downloads
Published
2011-07-13
Issue
Section
Reviews
License
This journal is licensed under the terms of the CC BY 4.0 licence (https://creativecommons.org/licenses/by/4.0/legalcode).