Page 102 - Courses
P. 102

Governance of Enterprise IT

            Thank you for taking on this important audit. I am happy to share my insights related to our
            governance structure and leadership.

            Can you tell me about the role of the CIO in relation to your executive leadership members?

            Sure. We value our CIO as a critical member of our senior management team.

            Does the senior management team meet and discuss progress on a regular basis?

            Certainly. Our CIO is included in the weekly status meeting with our executive team, as well as in all
            of our strategic planning and goal-setting meetings. Additionally, we have an IT governance board.
            The CFO, CIO, CAE, and I all meet to discuss our IT strategy and investment plans.

            Great, thank you. I’d like to ask a couple questions related to how the IT function is integrated into
            the organization. You noted that the CIO meets regularly with senior management. Does she also
            meet with the board as well?

            Yes. The CIO has access to the board and provides regular updates when our organization has major
            IT initiatives or investments in process.

            Do these updates also include additional updates related to IT service deliveries connected to
            strategic and tactical plans of the organization?

            Yes. Our CIO provides updates on major IT initiatives, as well as how IT is connected and critical to
            the success of our organizational goals. As an organization, we are dependent upon our technology
            infrastructure to operate and grow our business. We also have an IT steering committee that meets
            with business owners to ensure alignment. Our CIO should be able to provide you with additional
            details on those meetings.

            Given the importance of IT, are you using cost benefit analyses to determine the best IT investment
            decisions?

            Yes. Not only do we complete a cost benefit analysis before IT investments, but we also evaluate the
            projects and investments post-implementation to see if we have met our return on investment.

            Scenario — Conversation Between Audit Manager and CIO

            This scenario shows a conversation between an audit manager (left) and a CIO (right).

            Hello! Thank you for making time to share your perspective with me as we work through the internal
            audit of IT governance. The CEO mentioned that you could offer some valuable insight and
            information.

            I am happy to help however I can. This is an important audit and I want to be sure you have all the
            information that you need.

            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   97   98   99   100   101   102   103   104   105   106   107