Page 34 - Courses
P. 34
IT Essentials — Introduction to IT
Governance Risk Six
Sally: Thank you. Your explanations correspond with what my auditors have articulated in prior
engagements. As a department, we frequently have challenges assigning audit observations to audit
clients. The business, or audit client, states the finding belongs to IT, and IT states it belongs to the
business. Is this noted in the risk register too?
Roman: Yes it is. Lack of clarity and/or ownership of formal IT risk. Organizations may view IT-related
risks as the responsibility of the CIO or IT function. However, most IT-related risks ultimately are
owned and should be accepted by the appropriate business function. With the proper understanding
of who owns and takes responsibility for risks, the business function is more apt to fund IT risk
mitigation efforts and collaborate with IT in creating value and optimizing decisions.
Sally: I think we have one more item that you wanted to talk about from the risk register.
Roman: Yes, you are right, the last entry is Inefficient or ineffective project governance or
management. Business-critical IT projects should be completed on time, in scope, and on budget.
Project governance is critical to ensure all projects are appropriately prioritized and resourced, and
delivered timely and effectively. Project management helps ensure critical project aspects are
transparent to all stakeholders, giving those responsible a clear and accurate understanding of
project status, issues, risks, and deliverables. It also means that "scope creep," or the tendency for a
project’s requirements to increase over time, is effectively managed.
Sally: Thank you Roman, you provided an excellent overview of the governance-related items in the
risk register. Have a great day.
Governance Risk Seven
Sally: I think we have one more item that you wanted to talk about from the risk register.
Roman: Yes; you are right. The last entry is Inefficient or ineffective project governance or
management. Business-critical IT projects should be completed on time, in scope, and on budget.
Project governance is critical to ensure all projects are appropriately prioritized and resourced, and
delivered timely and effectively. Project management helps ensure critical project aspects are
transparent to all stakeholders, giving those responsible a clear and accurate understanding of
project status, issues, risks, and deliverables. It also means that "scope creep," or the tendency for a
project’s requirements to increase over time, is effectively managed.
Sally: Thank you, Roman. You provided an excellent overview of the governance-related items in the
risk register. Have a great day.
Copyright © 2020 by The Institute of Internal Auditors, Inc. All rights reserved.
