Information Technology Reference
In-Depth Information
IT governance initiatives cannot succeed without supporting strategies, policies, and pro-
cedures. Many enterprises ensure that implementation and operation of strategies, policies,
and procedures are regularly reviewed as part of the overall IT governance review process.
The major challenge of implementing IT governance is that it might introduce cultural
change in the enterprise. IT governance might result into implementation of new systems
or processes which will require changes in the way employees carry out their daily activ-
ities. The enterprise will need to put in place programs to facilitate introduction of cultural
change programs to encourage employees to accept change. Change is normally not easy
to implement as there may be some influential people resisting change within the enter-
prise. Changes resulting from implementing technology might also mean introduction of
new skills or some employees losing their jobs.
Auditing and Monitoring IT Governance
One of the key success factors of ensuring that IT governance is performing well is to reg-
ularly subject the process to an IS audit. An IS audit will be able to uncover weaknesses
in the implementation of IT governance and advise management on how to improve the IT
governance process. Frequent audits add value to the enterprise and ensure that manage-
ment is always compliant and improving governance processes.
The enterprise should ensure that the audit charter gives a clear mandate to the IS audit
team on conducting IT governance audits. The audit charter should also give authority and
timelines for the audits. Access to board information is critical to the audit. The IS audit
team may find it difficult to make any meaningful audits if they have no access to inform-
ation from the board on IT governance processes and outcomes. The IS auditors may be
required to interview board members in order to validate their findings and make appropri-
ate conclusions and recommendations.
Audit objectives for conducting IT governance audits should be clear so that the IS auditor
understands what work is expected to be conducted. Often audit objectives are not clear,
and IS auditors find themselves in conflict with the board and management. Use of kick-off
meetings is important in order to ensure that there is a clear understanding and agreement
on the engagement letter or audit objectives.
Audit objectives for an IT governance audit would include:
a) assessment of board involvement in resolving IT issues
b) review of IT performance reports by the board
c) involvement of the board in IT business planning
d) oversight role of the board in management of IT activities
e) assessment on the use of IT in the enterprise in order to achieve business goals.
Search WWH ::
Custom Search