Information Technology Reference
In-Depth Information
IT governance is the responsibility of the board of directors and the executive management.
However, the role of the board and that of management should be separated and their per-
formance measured using different metrics. The IS auditor should develop and use differ-
ent performance metrics which can be used to access the contribution of each level to the
success of the enterprise.
The purpose of IT governance is to direct IT activities to ensure that IT performance en-
ables achievement of objectives of the enterprise and realization of benefits. In order to
achieve high performance and good results, IT objectives should be aligned to business ob-
jectives. Where IT objectives are not aligned to business objectives, the result would be
having IT operating and pulling in one direction and the business pulling in a different dir-
ection. One of the roles of the board and management is to ensure the two are aligned so
that the enterprise is able to perform successfully.
The IS auditor should consider reviewing the effectiveness of the alignment between IT
goals and those of the business and assess whether the alignment is effective. It is possible
to have a well-designed goal alignment on paper but not implemented. The IS auditor is
required to review all activities of the board and management in order to assess that IT ob-
jectives are properly aligned to business objectives. The IS auditor can collect data on IT
governance activities of the enterprise from many sources especially from members of the
board and management.
IS auditors play a significant role in the successful and effective implementation of IT gov-
ernance in an enterprise. Information systems auditors regularly provide IT assurance ser-
vices which help to ensure effective implementation and maintenance of IT governance. In
order to provide an effective IT assurance service, IS auditors should have a good under-
standing of IT governance and how it is implemented.
Information systems auditors are best positioned to provide leading best practice recom-
mendations to the board and executive management so that the enterprise can improve the
quality and effectiveness of IT governance. The role of the IS audit team is also that of a
consultant and that of providing value-addition services.
The other important role of IS auditing is to help ensure compliance with IT governance
initiatives. These initiatives could be of concern to various levels in the enterprise. Com-
pliance could be based on a governance framework developed internally by the enterprises
or an international IT governance framework developed by professional associations or in-
ternational standards organisations.
Reporting on IT governance may cross divisional, functional, and departmental boundaries
as it applies to all. The best lead team composition for IT governance is where the team
members (consisting of senior managers) come from various departments with represent-
ation from the board. The team members should represent all functions of the enterprise.
Search WWH ::
Custom Search