Val IT is a framework for the governance of IT investments, produced by the IT Governance Institute (ITGI) that guides an organization through IT investment, risk assessment and value realization. The focus for ValIT is on the investment that business makes on IT and help evaluating if the investments provide good returns. Returns or the value delivered by the investments are again based on perception. Val IT is a formal statement consisting of a set of guiding principles, and a number of processes conforming to those principles that are further defined as a set of key management practices.

ValIT principles and processes

• IT-enabled investments will be managed as a portfolio of investments
• IT-enabled investments will include the full scope of activities that are required to achieve business value
• IT-enabled investments will be managed through their full economic life cycle
• Value delivery practices will recognize that there are different categories of investments that will be evaluated and managed differently
• Value delivery practices will define and monitor key metrics and will respond quickly to any changes or deviations
• Value delivery practices will engage all stakeholders and assign appropriate accountability for the delivery of capabilities and the realization of   business benefits
• Value delivery practices will be continually monitored, evaluated and improved

In order to obtain return on investment, the Val IT principles should be applied by the stakeholders of the IT-enabled investments in the following ValIT processes:

• Value governance – which seeks to maximize the value on investment by establishing a governance framework
• Portfolio management – which ensures that the organizations IT investments in IT portfolios is aligned with the overall organizational objectives
• Investment management – which is to ensure that IT investments are made after understanding the business requirements clearly, risks are identified and IT project are managed through their entire financial cycle.

Relationship amongst Val IT Principles, Processes and Practices and CobIT

Val IT help organizations realize optimal value from their IT-enabled business investments at an affordable cost and an acceptable level of risk. Val IT is guided by a set of principles applied in value management processes that are enabled by Key management practices cross-referenced to COBIT key controls and are measured by Key outcome and performance metrics.

Conclusion:

Organizations do not tend to look at IT investments only as solutions implementation. The perspective is now changing to view IT investments as a change enabler. Organizations have realized that business processes can be more effective by investments in technology but in IT as a whole. Val IT provides best practices for the organizations to channelize the IT investments in portfolios that are in sync with the overall organizational objectives. It also provides the means to clearly measure monitor and maximize the returns from investment in IT.

The solution has become a part of the problem

Bottom-line - Organizations keep asking themselves: What is my GRC ROI? 

Integrated GRC - Convergence between governance, risk and compliance

Adopting an integrated approach for managing their governance, risk and compliance activities has become a top priority for those organizations who have witnessed time and revenue leakage in pursuing independent GRC initiatives. However most of these same organizations end up interpreting Integrated GRC in a wrong way and thus they fail to achieve expected benefits out of it. Integrated governance, risk and compliance is not a single, monolithic GRC structure with a single, one-way bottom-up reporting line. Rather, it is a mutual, two-way approach towards eradicating duplicated effort, complexity and cost and about greater communication, collaboration, and cooperation.

An integrated GRC brings together the focus on complex and disparate risk and compliance activities and directs organizational efforts more efficiently, in alignment with organizational strategy and culture. Also a more comprehensive view of risk management and regulatory compliance simplifies business processes and systems and improves control over them.

Integrated GRC offers several benefits to the organizations pursuing them, most notable ones are:

•Identifying and managing risks more quickly
•Reduced costs through reduction in duplication and identification of synergies
•Greater collaboration among stakeholders both external and internal
•Greater focus on key business processes and activities
•Identifying and responding to opportunities/ threats more quickly
•Improved control and assurance environment
•Improved financial and non-financial reporting
•Supporting business units more effectively