IT Governance as a part of Corporate Governance is based on control frameworks, sets of best practices, and legal requirements that have been introduced recently to monitor and improve critical IT activities, reduce risk, and increase business value.

The U.S. Public Company Accounting Oversight Board (PCAOB) created in 2002 by the Sarbane-Oxley Act (SOX) suggested that IT control and IT audit should be based on the framework provided by The Committee of Sponsoring Organizations of the Treadway Commission (COSO) 92/94 report "Internal Control - Integrated Framework". Similarly, the E.U. adopted in 2005 the International Financial Reporting Standards (IFRS) as a legal obligation for corporations and businesses. These changes have greatly increased the responsibility of Chief Information Officers (CIO) and put the emphasis on the concept and importance of IT Governance.

As active members of the Association Française de l'Audit et du Conseil Informatique (AFAI), the Paris based Information System Audit and Control Association (ISACA) Chapter, the Directors of ASK have largely contributed to the development of this concept in France and to the creation of the Institut de la Gouvernance des Systèmes d'Information (IGSI), an IT Governance Institute, in cooperation with the Club Informatique des Grandes Entreprises Françaises (CIGREF), a CIO French association.

Due to the widening missions devolved to the IT function and the speed of technological changes, Senior Management Teams have to transform their organizations in order to prioritize clients’ services, processes management and traceability, services provisions definition and monitoring, IT flexibility, costs control and transparency, etc.

In this context, how can one ensure better IT governance? What are the factors of improvement of the IT Service and the constraints that should be put on its optimization?
The firms involved in IT benchmarking generally use a global methodology based on four criteria: quality, adequacy, cost, and value creation.


According to ASK, IT Governance should make good use of tried-and-true International standards;
- Sets of best practice like: "Control Objectives for Information and Related Technologies" (COBIT) created by the IT Governance Institute (ITGI), an ISACA-associated think-tank, the "Information Technology Infrastructure Library" (ITIL), first developed within the U.K. government during the eighties.
- Product suites like the "Compatibility Maturity Model Integration" (CMMi V1.2) created in the U.S. by members of the industry, government agencies, and The Software Engineering Institute (SEI).
IT Governance should also use management and measurement systems based on the Balanced Scorecard (BSC).
This vision of ours integrates the short term (performance), the medium term (alignment), and the long term (strategy).