Summary: IT governance aligns technology resources with business objectives. According to Gartner, 80% of CIOs have made it a strategic priority in 2025.
IT budgets have never been higher. Yet according to a Gartner CIO survey, nearly one in two companies feels that its IT investments are not delivering the expected value. The problem isn’t the technology itself, it’s how it’s being managed.
That’s precisely the role of IT governance. It provides a framework for decision-making, oversight, and measurement to ensure that every franc invested in digital truly serves the organization’s strategy. This topic matters just as much to executive leadership as it does to IT teams, and mastering it has become a major competitive advantage.
IT governance refers to the set of structures, processes, and decision-making mechanisms that enable an organization to direct and control its IT resources. In other words, it goes well beyond technical management, it connects business strategy to technology decisions.
In practical terms, it addresses three fundamental questions. First, which IT investments should take priority? Second, who makes the decisions and based on what criteria? Third, how are results measured?
It’s therefore important to distinguish information systems governance from day-to-day IT management. On one hand, IT management focuses on daily operations: maintenance, support, and incident resolution. On the other hand, governance operates at a strategic level. It sets the direction, defines responsibilities, and evaluates overall IS performance against business objectives.
ISO/IEC 38500, the leading international standard, defines IT governance as the system by which the current and future use of technology is directed and controlled. This standard establishes six core principles: responsibility, strategy, acquisition, performance, conformance, and human behavior.
Why is this topic commanding so much attention from leadership in 2026? Because the impact of digital on business performance keeps growing. In Switzerland, corporate IT spending exceeded CHF 48 billion in 2025 according to Statista, and the Federal Council has placed digital transformation among its strategic priorities. In this context, IT management can no longer rely on intuition. The challenges fall across four major areas.
Without governance, IT projects multiply without coherence. Each department launches its own initiatives, duplications pile up, and budgets spiral out of control. A clear governance framework ensures that every project directly supports a business objective. It also makes it possible to prioritize investments when resources are limited.
Cyberattacks, outages, data loss, IT risks are a constant threat to business continuity. According to the IBM Cost of a Data Breach 2025 report, the average cost of a data breach reached $4.4 million globally (2025 figures). A robust IT governance framework integrates risk management from the very start of every project.
GDPR in Europe, Switzerland’s new Data Protection Act (nLPD) which came into force in September 2023, FINMA requirements in the financial sector, and healthcare regulations, compliance obligations continue to grow. In French-speaking Switzerland, companies subject to the nLPD must now document their data processing activities and report breaches to the FDPIC. IT governance structures the processes needed to meet these requirements without improvisation. It documents decisions, tracks access, and ensures the transparency demanded by regulators.
However, governance isn’t just about control. It also aims to maximize the value generated by information systems. New digital services, process automation, and improved customer experience, IT becomes a growth driver when it’s properly managed.
Several frameworks structure governance practices. Each one addresses specific needs, which is why organizations often combine them.
| Framework | Primary focus | Organization | Target audience |
|---|---|---|---|
| COBIT 2019 | Overall IT governance and management | ISACA | Executives, auditors, CIOs |
| ITIL 5 | IT service management | Axelos / PeopleCert | Operational teams, ITSM |
| TOGAF | Enterprise architecture | The Open Group | Architects, IS planners |
| ISO/IEC 38500 | IT governance principles | ISO | Executive management |
| CMMI | Process maturity | ISACA (CMMI Institute) | Development teams |
COBIT remains the most comprehensive framework for IT governance. It covers 40 governance and management objectives across five domains. Its strength lies in its ability to link business objectives to IT processes through a goal cascade system. COBIT 2019 also introduces design factors that allow the framework to be tailored to the size and industry of each organization.
If you’d like to master this framework in depth, our COBIT 2019 Foundation training course gives you the practical skills you need.
ITIL 5 focuses on IT service management with an emphasis on delivering value to the business. The framework organizes support, delivery, and continual improvement activities around a more flexible approach than previous models. It builds on the service value chain and reusable management practices to adapt IT services to user needs, business objectives, and technological change.
TOGAF provides a methodology for designing and managing enterprise architecture. It structures digital transformation by ensuring consistency across business processes, applications, data, and technical infrastructure. This framework is particularly valuable during major IS modernization programs.
Beyond theoretical frameworks, operational IT governance rests on five concrete pillars. In practice, any organization can implement them progressively.
Every IT initiative must be tied to a measurable business objective. That’s why an IT steering committee, made up of both business and IT representatives, validates priorities and resolves resource conflicts.
Delivering projects on time and within budget isn’t enough. You also need to measure the value actually created. Metrics such as IT project ROI, tool adoption rates, and operational cost reductions help track this value creation.
Every IT decision carries risk. A regularly updated risk matrix identifies threats and mitigation actions. This proactive approach helps avoid unpleasant surprises.
Budget, skills, infrastructure, IT resources are finite. Governance optimizes their allocation based on strategic priorities. It also identifies where teams need to upskill.
Finally, consolidated dashboards shared between the IT department and executive leadership report on IT performance. Key indicators cover service availability, user satisfaction, budget adherence, and project delivery timelines.
How do you move from theory to practice? Here’s a structured approach in five steps that works regardless of organizational size.
Step 1: Assess your current maturity. Before changing anything, you need to take stock of where you stand. An IS audit identifies strengths, weaknesses, and the maturity level of existing processes. Models such as CMMI can help position the organization on a maturity scale.
Step 2: Define objectives and choose a framework. Based on the assessment, the organization selects one or more reference frameworks and sets clear objectives. These goals must be aligned with the overall strategy and validated by executive leadership.
Step 3: Structure the governance. This step involves establishing the decision-making bodies. Steering committee, roles and responsibilities, arbitration processes, approval workflows, each element must be formalized and communicated clearly.
Step 4: Deploy and support adoption. Rollout happens in successive waves, starting with the most critical processes. Change management is essential. Training teams on the new frameworks accelerates adoption.
Step 5: Measure, adjust, and improve. IT governance is never set in stone. Performance indicators, user feedback, and evolving business needs feed into a cycle of continual improvement.
Artificial intelligence is transforming IT governance in several ways. Rather than replacing existing frameworks, it enhances them by bringing speed and precision to analysis.
In risk management, machine learning algorithms detect abnormal patterns in logs and data flows well before a human analyst could spot them. According to McKinsey, generative AI could automate up to 70% of IT management tasks by 2030.
For resource optimization, AI analyzes infrastructure usage patterns and recommends adjustments. It identifies underutilized servers, predicts peak loads, and optimizes budget allocation accordingly.
On the compliance front, AI tools speed up audits by automatically cross-referencing internal policies with regulatory requirements. For example, solutions like Microsoft Purview and ServiceNow GRC now include AI engines capable of scanning thousands of configurations in just minutes.
AIOps (Artificial Intelligence for IT Operations) applies machine learning to infrastructure monitoring. According to Gartner, by 2026, 30% of large enterprises will use AIOps to automate incident detection and resolution. In practice, AIOps platforms correlate alerts, reduce noise (by up to 90% fewer alerts according to Moogsoft), and suggest automated remediation.
Audit firms are now adopting AI to analyze massive volumes of logs, detect anomalies in access patterns, and identify compliance gaps. This approach significantly reduces audit time while increasing the scope of controls.
In a multi-cloud environment, AI optimizes costs by identifying oversized resources, recommending reserved instances, and forecasting budget trends. Tools like Azure Cost Management and AWS Cost Explorer already incorporate these capabilities.
AI doesn’t replace governance. It makes it more responsive and more precise. But the responsibility for decisions remains with people.
That said, adopting AI in IT governance also raises new questions. Who validates an algorithm’s recommendations? How do you ensure transparency in automated decisions? These questions call for an update to existing governance frameworks to incorporate ethical considerations and AI-related accountability.
Many organizations struggle when implementing IT governance. Four mistakes come up time and again.
Confusing governance with bureaucracy. Too many processes kill the process. If governance slows down decision-making instead of speeding it up, it’s poorly calibrated. The right framework adapts to the size and culture of the organization.
Keeping IT in a silo. IT governance can’t be the exclusive domain of the IT department. Without active involvement from executive leadership and business units, IT decisions remain disconnected from operational realities.
Overlooking training. Rolling out COBIT or ITIL without training teams is like handing out tools without instructions. Investment in training directly determines the success of the initiative.
The most effective IT governance is the kind teams embrace, not the kind imposed on them.
Forgetting to measure. Without metrics, there’s no way to know whether governance is delivering results. Dashboards should be simple, shared, and reviewed regularly.
Digital transformation significantly amplifies the need for governance. Cloud computing, DevOps, microservices, hybrid work, each technological shift creates new decision points and control requirements.
For example, in a cloud environment, governance must cover vendor selection, data residency, cost management, and access security. Multi-cloud management demands clear policies to prevent sprawl and cost overruns.
Similarly, DevOps, which accelerates delivery cycles, requires adapted governance. Traditional controls designed for waterfall cycles need to be rethought so they integrate into continuous integration pipelines without slowing them down.
According to ISACA, organizations that align their IT governance with their digital transformation strategy achieve results twice as fast in terms of value creation. This figure underscores the importance of an integrated approach where governance supports change rather than holding it back.
Ultimately, IT governance isn’t a luxury reserved for large corporations. It’s a strategic lever available to any organization that wants to get the most out of its digital investments. By structuring decisions, managing risks, and measuring value created, it transforms IT into a true performance engine.
Let’s come back to the central finding: nearly one in two companies believes its IT investments aren’t generating enough value. An appropriate governance framework, combined with team upskilling, can fundamentally change that situation. With over 20 years of experience in professional training and centers in Geneva and Lausanne, we support organizations in building that maturity.
What is the difference between IT governance and IT management?
IT management covers day-to-day operations: maintenance, support, and problem resolution. IT governance operates at a strategic level. Defines priorities, responsibilities, and control mechanisms to align IT with business objectives.
Which IT governance framework should I start with?
COBIT 2019 is the most comprehensive framework for an overall governance approach. If your priority is improving IT services, start with ITIL 5. The two are complementary and can be deployed progressively.
How long does it take to implement IT governance?
Initial deployment typically takes between 6 and 18 months depending on the size of the organization and its starting maturity level. Continual improvement then carries on permanently. The first benefits are often visible within the first three months.
ITTA is the leader in IT training and project management solutions and services in French-speaking Switzerland.
Our latest posts
Subscribe to the newsletter
Consult our confirmed trainings and sessions
Monday to Friday
8:30 AM to 6:00 PM
Tel. 058 307 73 00
ITTA
Route des jeunes 35
1227 Carouge, Suisse
Monday to Friday, from 8:30 am to 06:00 pm.
