KPI and metrics are essential tools for management
that are implemented in all areas of the business.
Today, enterprise use of IT and related technology
requires huge investments in IT. Therefore,
stakeholders are interested in confirming that IT
investments are strategically aligned, managed
effectively and help the achievement of common
business goals. To ensure stakeholder expectations
are met, management uses IT governance practices
that are defined by the global standard from the
International Organization for Standardization (ISO)
ISO 38500 and COBIT® 5.
IT Governance and Metrics
The IT governance mechanism ensures that
stakeholder needs, conditions and options
are evaluated to determine balanced, agreed-
on enterprise objectives. IT governance also
ensures that direction is set through prioritization
During the past 30 years, enterprises have been
embracing new methods to transform their
operations to use IT and related technology to
provide a higher level of customer service. The
pace at which enterprises are adopting these
new methods is rapid. To handle the speed of this
transformation, management relies on technology
resources and vendors, resulting in an increased
dependency on technology and skilled resources.
The pace and dependencies can create a lack
of enterprise control; therefore, enterprises use
key performance indicators (KPIs) to measure the
performance of IT service delivery.
Although many enterprises today conduct return
on investment (ROI) analysis of new IT projects and
sometimes incorporate the total cost of ownership
(TCO) calculation into the business case that they
present to the board of directors for approval,
only about 25 percent of enterprises conduct ROI
analysis after the completion of a project. 1, 2, 3
However, ROI and TCO are not the only criteria
for approving IT projects; they are only two of
the many considerations in the decision-making
process. A positive ROI does not necessarily mean
that the project will be approved. It is a strategic
decision that is based on business requirements and
stakeholder expectations. Therefore, enterprises
should conduct a cost-benefit analysis that may
require quantitative and qualitative indicators.
Enterprises that want to effectively monitor the
activities of IT so that they are in line with the
business goals use KPIs or key measurement
metrics. Performance indicators/metrics not only
help to monitor achievements compared against
goals, but also help to evaluate the effectiveness
and efficiency of business processes. Metrics also
help enterprises allocate and manage resources.
Performance metrics enhance and influence
decisions that are related to business such as
budgets, priorities, resourcing and activities.
Do you have
to say about
Visit the Journal
pages of the ISACA®
web site ( www.isaca.
org/journal), find the
article and click on
the Comments link to
share your thoughts.
Sunil Bakshi, CISA, CGEIT, CISM, CRISC, ABCI, AMIIB, BS
25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP
Has worked in IT, IT governance, information security and IT risk
management. He has 40 years of experience in various positions in
different industries. Currently, he is a freelance consultant and visiting
faculty at the National Institute of Bank Management in India.
Disponible également en français
Metrics for IT Governance