ISO/IEC 38506:2020 信息技术 IT治理 ISO/IEC 38500在IT投资治理中的应用

标准编号：ISO/IEC 38506:2020

中文名称：信息技术 IT治理 ISO/IEC 38500在IT投资治理中的应用

英文名称：Information technology — Governance of IT — Application of ISO/IEC 38500 to the governance of IT enabled investments

发布日期：2020-02

标准范围

本文件为所有形式的组织（无论是私营、公共还是政府实体）的管理机构提供了关于IT支持的投资治理的指导，无论组织的规模或其行业或部门如何，都将同样适用。本文件中的术语业务和业务成果包括本文件涵盖的所有组织形式。该文件还为与理事机构互动的其他各方，如项目人员、会计师、管理顾问、投资组合经理和治理支助人员提供了指导。本文件范围内的IT使能投资可以是任何规模的投资，从收购业务到纳入IT的任何业务变革、构建新的业务服务或提高IT运营服务的有效性和效率以获得竞争优势，无论这些服务是内部服务还是由外部方提供。战略创新的资源分配是通过为理事机构在短期、中期和长期创新项目之间的投资资源分配决策提供指导来解决的。本文件还提供了可应用于与业务收购相关的尽职调查流程的指导。本文件可为ISO/IEC 38500中记录的原则的应用提供指导，用于对IT支持的投资进行排名，包括评估投资银行背景下或由投资公司执行的IT元素的价值和风险。本文件没有规定或定义IT支持的投资所需的具体管理实践。ISO/IEC TS 38501包含了对IT有效治理的实施安排的指导。ISO/IEC TS 38501中的结构有助于识别与IT治理相关的内部和外部因素，定义有益的结果并识别成功的证据。ISO/IEC TR 38502包含了关于组织的理事机构和管理层之间的整合的指导。本文件根据ISO/IEC TR 38504:2016的原则编写。

This document provides guidance on governance of IT enabled investments to the governing body of all forms of organizations, whether private, public or government entities, and will equally apply regardless of the size of the organization or its industry or sector. The terms business and business outcome throughout this document include all forms of organization covered by this document.
The document also provides guidance to other parties interacting with governing bodies such as project personnel, accountants, management consultants, investment portfolio managers and governance support staff.
IT enabled investments within the scope of this document could be investments of any scale from acquiring businesses to any business change incorporating IT, building new business services or addressing effectiveness and efficiency gains in IT operational services to gain competitive edge, whether those services are internal or provided by external parties.
Resource allocation for strategic innovation is addressed by providing guidance to the governing body's decision for investment resource allocation between short-, medium- and long-term innovation projects.
This document also provides guidance that can be applied in the due diligence process related to business acquisitions. This document may provide guidance on the application of the principles documented in ISO/IEC 38500 for ranking IT enabled investments including assessing the value and risks of IT elements in the context of investment banking or as performed by investment companies.
This document does not prescribe or define specific management practices required for IT enabled investments.
ISO/IEC TS 38501 contains guidance on the implementation arrangement for the effective governance of IT in general. The constructs in ISO/IEC TS 38501 can help to identify internal and external factors relating to the governance of IT and to define beneficial outcomes and identify evidence of success. ISO/IEC TR 38502 contains guidance on the integration between the governing body and management of an organization in general.
This document is written in accordance with the principles of ISO/IEC TR 38504:2016.

标准预览图