Course Overview

This five-day intensive course enables participants to develop the necessary expertise and knowledge to support an organization in implementing and managing Corporate Governance of IT as specified in ISO/IEC 38500:2008. Participants will also gain a thorough understanding of best practices used to appropriately govern a Corporate Governance of IT system across all the principles of ISO/IEC 38500. ISO/IEC 38500 applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization. This training is consistent with COBIT 5 (Control Objectives for Information and Related Technology) and CGEIT (Certified in the Governance of Enterprise IT).

Who should attend?

  • Project managers or consultants wanting to prepare and to support an organization In the implementation of Corporate Governance of IT
  • ISO 38500 auditors who wish to fully understand the Corporate Governance of IT implementation process
  • CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • Members of groups monitoring the resources within the organization
  • External business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies
  • Vendors of hardware, software, communications and other IT products
  • Internal and external service providers (including consultants)
  • Members of an information security and/or IT team
  • Expert advisors in information technology
  • Technical experts wanting to formalize, amend, and/or extend the organizations IT-related objectives

Learning objectives

  • To understand the implementation of the Corporate Governance of IT by adhering to the governance framework and principles of ISO/IEC 38500
  • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a Corporate Governance of IT
  • To understand the relationship between the components of a Corporate Governance of IT, including responsibility, strategy, acquisition, performance, conformance, and human behavior
  • To acquire the necessary expertise to support an organization in implementing, managing and maintaining a Corporate Governance of IT as delineated in ISO/IEC 38500
  • To acquire the necessary expertise to manage a team implementing  a Corporate Governance of IT
  • To develop the knowledge and skills required to advise organizations on best practices in the management of Corporate Governance of IT
  • To improve the capacity for analysis and decision making in the context of the management of Corporate Governance of IT

Course Agenda

Day 1: Introduction to IT Governance and ISO/IEC 38500
  • Introduction and a brief history of Corporate Governance of IT
  • Presentation of the standards ISO/IEC 38500, COBIT 5, and CGEIT
  • Overview of the fundamental principles of the Corporate Governance of IT
  • Governance model for the Corporate Governance of IT
  • Assigning roles and accountabilities
  • Establishing the GEIT Project Team and drafting the GEIT Project Plan
  • The difference between governance and management
  Day 2: IT Strategy and Acquisition
  • Strategic alignment of IT-related objectives with enterprise objectives through goal cascading
  • Meeting stakeholder needs through benefits realization, risk optimization, and resource optimization
  • Formulating a strategy through:
- Mapping out the big picture - Deciding how to get there - Acting effectively to manage risk - Evaluating changes
  • Effectively managing changes in business strategy which are due to the dynamic nature of a business environment
  • Establishing an IT strategy committee with the focus on offering advice on IT value, risk, and performance.
  • Acquisition – Balancing benefits opportunities, costs, and risks
  • Categorizing IT investments
  • Managing investments through
- Business case - Program management - Benefits realization
  • Preparing an acquisition and procurement process
  • Calculation of benefits using financially-oriented and nonfinancially-oriented cost-benefit techniques
  • Drafting and implementing cost optimization strategies
  Day 3: Performance and Risk Management
  • Implementation of an IT service management system
  • Continuous improvement through the following frameworks:
- Six Sigma - Total Quality Management (TQM) - Plan-Do-Check-Act (PDCA)
  • Interoperability of diverse systems and organizations
  • Risk management: identification, analysis and treatment of risk (drawing on guidance from ISO 31000)
  • Implementing a Business Continuity Management System and a Recovery Strategy
  Day 4: Resource Management, Conformance, and Human Behaviour
  • Establishing an effective Human Resource Management
  • Drafting and incorporating HR strategies
  • Contract Management, Relationship Management, and Asset Management through SLAs and OLAs
  • Management and governance of data
  • Record and monitor IT resource utilization and availability
  • Outsourcing practices: Onsite, Offsite, and Offshore
  • Measure continuous performance of service delivery
  • Governance of conformance to legal requirements and other standards
  • Governance of human behavior and management of organizational and cultural change
  Day 5: Certification Exam


ISO 38500 Foundation Certification or a basic knowledge of ISO 38500 is recommended.

Educational approach

  • This training is based on both, theory and practice: - Sessions of lectures illustrated with examples based on real cases - Practical exercises - Review exercises to assist the exam preparation - Practice test similar to the certification exam
  • To benefit from the practical exercises, the number of training participants is limited

Search Course

Managing Operational Incidents

January 30,2023 / 0 Comments

Implementing Risk and Resilience

January 30,2023 / 0 Comments

Resilient Culture

January 27,2023 / 0 Comments