Information Technology Reference
In-Depth Information
The framework developed for IT governance requires to be supported by IT strategies,
policies, and procedures. These strategies and policies will provide further guidance to
management on how IT should be implemented so that business objectives can be
achieved.
The enterprise's IT strategy will give a general direction as to how IT will be implemented
in the enterprise. Management will be responsible for implementing the strategy under the
supervision of the board. The IT strategy committee will provide a critical role of ensuring
clear communication and interpretation of IT strategies. The IT strategy committee would
possibly consist of some members of the board and executive management. The exact com-
position will depend on the structure and size of the enterprise.
The board and management will develop an IT policy to support the IT strategy. The policy
will be used by management to guide operations of IT. An IT policy is developed to cover
various areas such as IT operations, information security, IT risk, information systems, and
disaster recovery and help desk management. The actual implementation of an IT policy
will be carried out by the head of IT function supervised by senior management and sup-
ported by specialist IT staff and all users in the enterprise.
IT standards can be used to ensure that the enterprise is using best practice IT strategies and
systems. Standards are used to support IT policies and procedures and would have been
approved by management prior to implementation.
Procedures support various business processes which have been implemented in the en-
terprise. Procedures are important in that they enable compliance with business rules and
also ensure that the enterprise is not exposed to unnecessary risks. Without procedures, em-
ployees may conduct business activities the way they deem fit and expose the enterprise to
various risks.
Procedures are often embedded in IT systems, and this ensures that when a business pro-
cess is being carried out, it is subjected to various controls through a procedure in the sys-
tem and users are not allowed to ignore the procedures.
The IS auditor has an important role of ensuring that IT governance is successful in an en-
terprise. The board will regularly require that the IS audit team conducts an audit which
will require assessment of IT governance in the enterprise. The IS auditor will be interested
in reviewing how the board is involved in IT governance and how it is giving guidance to
management. The IS auditor would also like to see how the board is assessing performance
of IT and what type of reports they receive from management.
The IS auditor will regularly review IT policies and how they are implemented in order to
ascertain their effectiveness. Apart from reviewing how the policies are being implemen-
ted, the IS auditor will also test IT operations in order to ascertain if they are compliant
with approved policies.
Search WWH ::
Custom Search