Information Technology Reference
In-Depth Information
Chapter 5
IT Governance
Overview
One notable role of the IS auditor among others is to assess whether IT governance in an en-
terprise has been implemented properly, is working, and is contributing to the success of the
enterprise. The IS auditor is also a professional person in the enterprise charged with adding
value to the enterprise by providing effective IT assurance services. A good understanding
of IT governance and its implementation by the IS auditor is essential in order to ensure that
IT enables enhanced performance of the enterprise. In this chapter, we shall review how IT
governance is implemented in an enterprise and the process of performing IT governance
audits.
ISACA defines IT governance as 'IT governance is the responsibility of the board of direct-
ors and executive management. It is an integral part of enterprise governance and consists
of the leadership and organisational structures and processes that ensure that the enterprise's
IT sustains and extends the enterprise's strategies and objectives.'
IT governance is also about how we use and manage information systems, technology,
communication, business, and other processes related to usage of IT resources in the en-
terprise. High dependence on IT means that IT resources need to be used efficiently and
prudently. The use of IT has brought about many benefits to enterprises and has had an im-
pact throughout all levels of an enterprise. It is therefore important that consideration should
be given to proper governance of IT in order to achieve organizational goals.
IT governance is also of concern to many other stakeholders and not just IT professionals.
If IT governance has to be effective, the involvement of key stakeholders is required. In an
enterprise stakeholder such as shareholders, the board, senior management, business part-
ners, IT suppliers, and IS auditors need to be concerned with IT governance. IT governance
is part of corporate governance and contributes to the overall implementation of governance
in an enterprise.
Many enterprises that have implemented IT governance have experienced many benefits
which include value addition to the business, protection of IT resources, effective mitigation
of risk, and efficient use of human resources. Through the use of IT, many enterprises have
been able to add value by introduction of new business processes, identification of revenue
leakages, and in many cases, introduction of new and efficient products.
Search WWH ::




Custom Search