IT governance framework

The attention of both the public and corporate management has increasingly been focusing on the topic of IT governance in recent years with discussions about corporate governance, good corporate management and compliance. IT governance concerns the organisation, steering and control of IT within a company to bring IT processes into consistent alignment with the corporate strategy.

Analogue to the governance of the company as a whole, IT must be integrated into a holistic framework which is oriented at the corporate objective and sets guidelines and standards. Information technology and its efficiency, risks and costs have to be managed just as professionally as every other critical success factor of a company.

PwC has developed a framework into which business-oriented IT management has been integrated. The core element is the IT governance framework which is made up of the three levels: IT governance, IT management and IT production.


Based on our cooperation with the IT Governance Institute (ITGI) and our experience from numerous consulting and auditing projects, we are able to support our clients in all areas of the implementation of IT governance frameworks.

IT governance

For the development, introduction and control of IT governance in a more precise sense, company management has to create the appropriate organisational framework for IT with decision-making powers, roles and responsibilities, and define which functions it has in the following five areas of activity (domains):

  • The IT strategy must be brought into line with the strategy of the company as a whole (strategic alignment)
  • The value contribution of IT to a company's success is to be measured and evaluated (value delivery)
  • Risks are to be identified and managed (risk management)
  • Decisions are to be made about goal-oriented and efficient use of resources (resource management)
  • The degree of implementation of the first four domains is to be measured and appraised (performance measurement)

IT management

IT management must reach regular decisions within the framework of the defined governance in order to align IT to business and to manage it on a sustained basis. IT management has the following areas of decision at its disposal:

  • IT business management
  • IT strategy
  • Information
  • Applications
  • Organisation
  • Infrastructure & technology
  • Service management
  • Sourcing
  • Security
  • Investment & prioritization

In this respect, we understand investment & prioritization to be the IT portfolio management with which the strategy is converted, benefit-oriented, into operational measures. Together with IT management, PwC implements a rational form of these decision areas for a uniform and long-term optimization of the information technology. 

The following advantages are achieved as a result:

  • Sustained alignment of IT to the corporate objective from the point of effectiveness (alignment)
  • Securing efficiency (continuous optimization of IT production through well-defined balance between performance and compliance)
  • Established control mechanisms for the purpose of functional IT controlling
  • Securing business process-oriented adaptability of IT through all-round transparency within the IT processes and systems

IT production

Projects stand for the structured implementation of corporate decisions which, in the end, find their way into the classical IT operation. The decision areas also form the framework for the design of operative process and control frameworks for IT production. The design of the frameworks must comply with the regulatory demands on IT (IT compliance) and should be aligned with international standards and best practices (ITIL, COSO and COBiT). 

PwC methods for the design and implementation of these process and control frameworks include:

  • a risk analysis on the basis of international standards and industry-related regulatory requirements,
  • the description of a framework consisting of process and control elements,
  • efficient structuring of the processes using ITIL or comparable methods and
  • support of the rollout.

An audit of already implemented solutions for the IT governance framework according to latest standards can also be carried out by PwC specialists. This includes information on improving the stipulated processes.

Contact us

Marcus Messerschmidt

Marcus Messerschmidt

Leiter CIO Advisory, PwC Germany

Tel: +49 211 981-4872

Dr. Markus Böhm

Partner, PwC Germany

Tel: +49 69 9585-1664

Follow us