Information Technology Reference
In-Depth Information
Implementation of IT governance should be an end-to-end process and not limited to par-
ticular functions.
IT Governance Structure
In order for IT governance to be implemented successfully in an enterprise, it should be
part of the enterprise processes and structures of governance. On the onset, an IS auditor
would be interested in finding out if these structures and processes do exist and used effect-
ively in the enterprise.
IT governance is a board of directors' initiative, and the board should take ownership of the
process by giving guidance and clear expectations of what management should do. In order
to ensure that IT governance is part of the board activities, it is important that IT issues are
part of the board agenda. The board agenda should not only include IT budget items but all
IT management issues which require board guidance.
The board should also ensure that management of IT is regularly addressed at senior man-
agement level so that all issues are picked up and, where necessary, escalated to the board
for support and approval. If issues are not discussed at this level it is likely that they will
never be addressed until a major incident happens.
The board and senior management should ensure that IT performance assessment is reg-
ularly conducted and reported to the board. It is only through such reports that the board
would be able to appreciate use of IT in the enterprise and get involved in enterprise IT
governance.
It is important that the board and management make use of IS audit assurance services so
that independent assessments of IT governance are conducted regularly. IS audits can be
conducted by IT internal or external auditors focusing on IT performance, compliance, or
other areas the board might deem necessary.
The first point of implementing IT governance is to set up a framework that will be used
to drive the implementation. The framework will outline clear responsibilities for all in-
volved in implementing IT governance. The framework will also indicate objectives of the
framework which will be used by various key stakeholders. The framework can be based
on various available IT governance standards, which we will cover later in the chapter.
IT governance needs to be supported by setting up an IT strategy or governance committee.
The committee will be responsible for implementing and monitoring IT strategies as de-
termined by the board. The committee will also be a link between the board and manage-
ment. The IT strategy committee will also be responsible for providing an oversight role
over lower-level committees, such as IT project teams and IT management teams.
Information Technology Strategy, Policies, and Procedures
Search WWH ::
Custom Search