IT Best PracticesIT Governance

Corporate Governance Guidelines from IIA and ISACA

In 2019, ISACA launched COBIT 2019 with an international framework for enterprise governance information and technology (EGIT). Meanwhile, the Institute of Internal Auditors (IIA) had produced Guiding Principles of Corporate Governance in partnership with Neel Corporate Governance Center. Both parties emphasized how board members must pay attention to corporate governance. In this article at ISACA, Graciela Braga shares views on both frameworks.

Corporate Governance Guide

The purpose of including both the IIA and ISACA approaches is to enable the steering committee to make informed decisions and align IT with business. Neither COBIT nor the IIA document wants to bind users to a rigorous guideline. They both approach corporate governance from different angles. The IIA document pays attention to ‘age, size, complexity and extent of international operations’. On the other hand, COBIT 2019 emphasizes enterprise requirements and factors that help personalize corporate governance features. Nonetheless, both think that it serves as an ‘alignment between stakeholder needs and enterprise objectives’.


COBIT 2019 has six enterprise governance principles that match with the IIA publication:

  • The framework must provide IT value per the stakeholder requirements by balancing benefits, risks, and resources.
  • Though the governance components might differ in their outlook, they must synchronize well.
  • It should allow room to include changes.
  • Management activities are different from governance rules.
  • You need to customize the governance components to suit the needs of the enterprise.
  • The governance approach should have all the functions related to your enterprise, IT, and data.

Even the components between IIA and ISACA methodologies regarding corporate governance are similar:

  • Processes
  • Organizational structures
  • Principles, policies, and procedures
  • Information
  • Culture, ethics, and behavior
  • People, skills, and competencies
  • Services, infrastructure, and applications

You cannot leave IT governance for corporate governance and vice versa. So, use both COBIT 2019 and Guiding Principles of Corporate Governance for the board of directors.

To view the original article in full, visit the following link:

Related Articles

Back to top button

We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.