Best Practices

The following documents reflect years of thinking by leading experts in IT governance and related topics. Their counsel and advice stand as good, tested, global practices to ensure the implementation of effective governance within an enterprise.

Please Note: To view PDF files, Adobe Acrobat Reader must be installed. Documents in PDF format will open in a new browser window and may take a few minutes to download, depending on your connection speed. The files may also be saved directly to your computer by right-clicking on the document link and choosing 'Save Target As'. 

• Enterprise Value: Governance of IT Investments
  The Val IT publications help those with an interest in value delivery from IT. The series consists of four volumes, available for free download:

• COBIT 4.1
  This newest version of ISACA’s world-renowned IT governance and control framework offers incremental changes to version 4.0, presenting a streamlined, pragmatic and business-focused approach to implementing IT governance enterprisewide.

• IT Control Objectives for Sarbanes-Oxley 2nd Edition
  ITGI has released an updated edition of its well-received publication, IT Control Objectives for Sarbanes-Oxley. The first edition, published in 2004, has been downloaded more than 250,000 times. Companies around the world have used it as a tool for evaluating IT controls in support of Sarbanes-Oxley compliance. Experts from many organizations, including the top 10 accounting and professional firms, provided input and direction for the update. Now available in Japanese and Italian.

• Information Security Governance: Guidance for Boards of Directors and Executive Management 2nd Edition
  Reviews the increasing importance of governance over the security aspect of information and related systems. Based on the IT governance framework described in the Board Briefing on IT Governance.

• IT Governance Domains Practices and Competencies: IT Alignment - Who Is in Charge?
  For any enterprise to achieve long-term sustainable success, it is essential that employees in all elements that comprise the enterprise fully understand corporate objectives and work together in a properly controlled and coordinated way to ensure that those objectives are met. This publication explains why IT alignment is important and discusses various means to achieve alignment, such as the IT strategy committee, IT steering committee and IT investment committee. Concludes with a case study.

• IT Governance Domains Practices and Competencies: Measuring and Demonstrating the Value of IT
  Performance measurement issues are the focus in this volume, which often include:
  • Who needs the measures
  • What and how to measure
  • How to make measurements meaningful to stakeholders
  • What scorecard system to use, and how to interpret results
  • How to use scorecards to motivate improvements
  • How to assure reliable measures

• IT Governance Domains Practices and Competencies: Governance of Outsourcing
  This volume focuses on outsourcing IT activities, which has become common practice around the world as organizations strive for more effective and efficient IT services. The research examines:
  • The primary reasons for outsourcing
  • The level of satisfaction
  • What works, and what does not work
  • The customer’s responsibilities - Is the customer in sufficient control?
  • Who should be responsible for what
  • How to monitor the provider’s capability

• IT Governance Domains Practices and Competencies: Optimising Value Creation from IT Investments
  This volume, one of the five-part IT Governance Domains Practices and Competencies series, focuses on a frequently raised issue in most organizations, the challenge of achieving adequate returns on IT investment. It examines the relevance of value to IT governance, categories of IT investment, value return targets, the hurdle rate concept, defining and quantifying expected benefits, realizing the benefits and managing the IT investment portfolio.

• IT Governance Domains Practices and Competencies: Information Risks—Whose Business Are They?
  This volume, part of IT Governance Domains Practices and Competencies series, focuses on information risk management, which is a key IT governance area and a top management concern. It examines why information risk management is important, the risks themselves, information risk management best practices, responsibility for the management of IT risks and a suggested action plan.

• Board Briefing on IT Governance, 2nd Edition
  Board Briefing on IT Governance explores the meaning of IT governance, its relationship to enterprise governance and the actions boards and senior management should take to effect IT governance. The newly revised second edition offers insight into a newly defined facet of IT governance—resource management—and includes detailed material on the roles and responsibilities of those involved in various aspects of the IT governance framework. Now available in German and Japanese.

• COBIT Quickstart
  This is an abbreviated version of COBIT designed for small to medium enterprises, or those organizations in which IT is not strategically critical to enterprise success. Available from the ISACA Bookstore.