The global skills and competency framework for the digital world

Enterprise IT governance GOVN

The establishment and oversight of an organisation's approach to the use of Information systems and digital services, and associated technology, in line with the needs of the principal stakeholders of the organisation and overall organisational corporate governance requirements. The determination and accountability for evaluation of current and future needs; directing the planning for both supply and demand of these services; the quality, characteristics, and level of IT services; and for monitoring the conformance to obligations (including regulatory, legislation, control, and other standards) to ensure positive contribution of IT to the organisation's goals and objectives.

Moving to SFIA 8 

  • The skill has been renamed and the skill descriptions have been improved to reflect that governance is a broad concept which has some universal principles as well as some specifics according to the context in which it is being applied.
  • Level 5 has been removed. This reflects that professionals may contribute specialist knowledge to governance processes, reviews and developments — but that does not imply they need the SFIA skill of Governance. Governance is also referenced in many SFIA skills.
  • The existing skill descriptions have also been edited for readability and guidance notes have been added 
  • Details available here - SFIA 8 Governance 
  • SFIA 7 skill descriptions will remain available for you to use 
  • Previous SFIA assessments may be impacted by this change. 


Defined at these levels: 5 6 7

Enterprise IT governance: Levels 1-4

This skill is not typically observed or practiced at these levels of responsibility and accountability.

Enterprise IT governance: Level 5

Reviews current and proposed information systems for compliance with the organisation's obligations (including legislation, regulatory, contractual and agreed standards/policies) and adherence to overall strategy. Provides specialist advice to those accountable for governance to correct compliance issues.

Enterprise IT governance: Level 6

Within a defined area of accountability, determines the requirements for the appropriate governance of enterprise IT, ensuring clarity of responsibilities and authority, goals and objectives. Puts in place and maintains governance practices and resources to enable governance activity to be conducted with reasonable independence from management activity, in line with the organisation's corporate governance requirements. Undertakes and/or directs reviews as necessary to ensure management decision-making is transparent, and that an appropriate balance between benefits, opportunities, costs and risks can be demonstrated to principal stakeholders. Establishes and maintains the policies for compliance with the organisation's obligations (including legislation, regulatory, contractual and agreed standards/policies), holding the management team to account. Acts as the organisation's contact for relevant regulatory authorities. Ensures proper relationships between the organisation and external parties, with valid interest in the organisation's governance, are in place.

Enterprise IT governance: Level 7

Leads the establishment and maintenance of a function that provides a consistent and integrated approach to IT governance in line with the organisation's corporate governance requirements. At the highest levels in the organisation's governance activities, provides assurance to principal stakeholders that IT services meet the organisation's obligations (including legislation, regulatory, contractual and agreed standards/policies). Ensures that a framework of policies, standards, process and practices is in place to guide provision of enterprise IT services, and that suitable monitoring of the governance framework is in place to report on adherence to these obligations as needed. Establishes the appropriate guidance to enable transparent decision-making to be demonstrated, working with senior leaders to ensure the needs of principal stakeholders are understood, the value proposition offered by enterprise IT is accepted by these stakeholders and the evolving needs of the stakeholders and their appetite for balancing benefits, opportunities, costs and risks is embedded into strategic and operational plans.