Information Technology Reference
In-Depth Information
The results of the IT governance audit should be communicated to all stakeholders unless
there is a restriction from the board. All stakeholders need to have a full understanding of
the state of IT governance in the enterprise. This way, everyone will buy in and support
implementation of IT governance and contribute to finding solutions and enhancing enter-
prise performance.
Clear IT performance metrics should be developed which will assist the IS auditor in as-
sessing IT performance. The IS auditors should regularly review how these metrics are
used and whether they effectively assist in analysing IT performance.
The board should put in place monitoring systems which will help in the monitoring of
IT governance performance. Monitoring systems could be automated systems or manual
methods. Monitoring can also be done through regular meetings which will review progress
on IT governance activities.
IT Governance Standards
It was earlier indicated that consideration should be made as to which frameworks or stand-
ards should be used to implement IT governance in the enterprise. Enterprises might opt
to use internally developed frameworks or use internationally accepted standards. In this
chapter, we will focus on international standards.
ISO 38500 (IT governance standard)
is a jointly published standard by the International
Standards organisation (ISO) and International Electrotechnical Commission (IEC). The
standard was published in 2003 and updated in 2004.
ISO 38500 can be used in all types and sizes of enterprises. The standard is also applicable
in public and private enterprises. The standard is used to provide guidance to directors and
executive management on the effective and efficient use of IT in the enterprises.
The ISO 38500 standard comprises definitions, principles, and a model. It sets out six prin-
ciples for good corporate governance of IT which are responsibility, strategy, acquisition,
performance, conformance, and human behaviour.
COBIT 5
is the latest release of the framework published by ISACA. The standard was
published in 2013. COBIT is an integrated and comprehensive framework and does include
some processes covered in ISO 38500 and ITIL. COBIT 5 covers the enterprise end to end,
including all functions in an enterprise. All business functions are supported by the COBIT
enablers.
ISACA has also published COBIT 5 for information security which builds on COBIT 5
framework. The new framework focuses on information security and provides a more de-
tailed guidance for information security professionals and IS auditors.
Search WWH ::
Custom Search