There are a lot of framework choices. How do I choose?
Most companies go with CoBIT or ITIL, but others can also fit the bill. For operations, try ITIL. For application development and lifecycle issues, try CMMI. For risk, use CoBIT. CoBIT is also a great umbrella framework. But combining frameworks can also make sense, says Ron Saull, an IT Governance Institute trustee. You might want to use CoBIT as an overall framework; then use ITIL for your operations, CMMI for development and ISO 17799 for security. In fact, combining frameworks is fairly common; the PricewaterhouseCoopers study found that in 65 percent of cases, companies use CoBIT and ITIL together or with lesser-known frameworks. But most importantly, use a framework that fits your corporate culture and that your stakeholders are familiar with. If the company is using one of these frameworks and can leverage it to be its IT governance framework, all the better.