Page 30 - Courses
P. 30

IT Essentials — Introduction to IT

            In addition to the CIO and/or CTO, organizations may also have a chief information security officer
            (CISO) to oversee IT security, and often a dedicated data protection officer (DPO), chief data officer
            (CDO), and/or a chief privacy officer (CPO) to oversee data privacy and compliance with regulations
            related to privacy. To avoid conflicts of interest, the DPO, CDO, CPO, and CISO often function
            independently of IT.

            To have a “seat at the table” is to be included in the organization’s decision-making body. This could
            include upper management, C-suite personnel, or the board. Having a seat at the table implies a
            level of position, power, and respect that comes with the ability to help shape and impact the
            direction of an organization.

            It is important for IT leadership to have a seat at the table to better understand the organization it
            supports and its critical processes, priorities, and strategic objectives. IT leadership should
            participate at the initiation stage of enterprise (business driven) projects to provide meaningful
            input regarding key business decisions that will require direct or indirect IT support.

            Benefits of Effective IT Operations

            It is also important for IT operations to be run as a business and be competitive with external
            sourcing options. Duties may be performed in-house or outsourced depending on strategy (e.g.,
            protecting intellectual property, maintaining control of core activities, or economies of scale),
            budget and staffing requirements, or combinations thereof. IT operations should:

               •  Manage and maintain service level agreements (SLAs).
               •  Provide and monitor key performance indicators (KPIs) and key risk indicators (KRIs).
               •  Retain relationship managers to manage the services offered internally, externally, and
                   to the organization as a customer.

            Oftentimes, IT operations is simply referred to as IT.

            Oversight Processes

            Key elements and components of IT governance oversight processes include:






















            Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
   25   26   27   28   29   30   31   32   33   34   35