Governance of Enterprise IT


















             TOPIC 6: SUMMARY


            The IIA GTAG “Auditing IT Governance”

            Most of the content in this course is based on The IIA GTAG “Auditing IT Governance” that assists
            internal auditors in providing assurance services over IT governance. For more information, review
            The IIA’s Model Internal Audit Activity Charter and other guidance, found on The IIA’s website.

            Summary

            IT governance is key to an entire organization’s structure and strategy. It supports the organization’s
            regulatory, legal, environmental, and operational requirements to enable the achievement of
            strategic plans and aspirations.

            Those charged with the responsibility for decision making at the highest levels must be informed as
            they consider the strategic impact that IT governance has organizationwide. Because IT governance
            is a strategic element of an organization’s entire governance structure, it is important for the CAE to
            communicate the results from IT governance audits with senior management, the board, and the
            audit committee, so together they may address any apparent weaknesses as they work to carry out
            their individual responsibilities.

            IIA Standard 2060: Reporting to Senior Management and the Board

            The chief audit executive must report periodically to senior management and the board on the
            internal audit activity’s purpose, authority, responsibility, and performance relative to its plan and
            on its conformance with the Code of Ethics and the Standards. Reporting must also include
            significant risk and control issues, including fraud risks, governance issues, and other matters that
            require the attention of senior management and/or the board.














            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.