KKP 1 ( KUIS 12 )
How does IT governance fit into an organization’s overall governance?
- Define the requirements and objectives for, and drive the establishment of, IT governance in an enterprise, considering values, philosophy, management style, IT awareness, organization, standards and policies.
- Ensure that an IT governance framework exists and is based on a comprehensive and repeatable IT process and control model that are aligned with the enterprise governance framework.
- Establish appropriate management governance structures, such as an enterprise investment committee, IT strategy committee, IT steering committee, technology council, IT architecture review board, business needs committee and IT audit committee.
- Ensure that the enterprise and IT governance frameworks enable the enterprise to achieve optimal value for the enterprise.
- Confirm that the IT governance framework ensures compliance with applicable external requirements and ethical statements that are aligned with, and confirm delivery of, the enterprise’s goals, strategies and objectives.
- Obtain independent assurance that IT conforms with relevant external requirements; contractual terms; organizational policies, plans and procedures; generally accepted practices; and the effective and efficient practice of IT.
- Apply IT best practices to enable the business to achieve optimal value from implementation of IT services and IT-enabled business solutions.
- Ensure the establishment of a framework for IT governance monitoring (considering cost/benefits analyses of controls, return on investment for continuous monitoring, etc.), an approach to track all IT governance issues and remedial actions to closure, and a lessons-learned process.
- Ensure that appropriate roles, responsibilities and accountabilities are established and enforced for information requirements, data and system ownership, IT processes, and benefits and value realization.
- Report IT governance status and issues, and effect transparency in reporting.
- Establish a communications plan to continuously market, communicate and reinforce the need and value of IT governance across the enterprise.
The Executive Summary makes five recommendations for management with respect to IT. What are these recommendations?
- Strategic Alignment, focusing on aligning IT with the business and collaborative solutions.
- Value Delivery, concentrating on optimizing expenses and proving the value of IT.
- IT Asset Management, focusing on knowledge and IT infrastructure.
- Risk Management, addressing the safeguarding of IT assets and disaster recovery.
- Performance Measurement, concentrating on the success of both business and IT leadership in carrying out the approved strategy.
How would an auditor likely view a company’s IT environment if the organization had implemented the above recommendations?
The auditor would be very helpful a company that they audit has implemented those recommendations because the risk of audit is decreasing and they can do the audit process in shorter term.