Page 90 - Courses
P. 90

Governance of Enterprise IT

            Effective Management of IT Resources
            Senior management provides day-to-day direction that tactically aligns with the overall strategic
            guidance of the board to ensure the effective, efficient, and acceptable use of IT resources.

            Organizational Governance and IT Governance Relationship

            Alignment of organizational objectives and IT is more about governance and less about technology.
            Governance assures alternatives are evaluated, execution is appropriately directed, and risk and
            performance are monitored.

            This image shows the relationship between organizational governance and IT governance.

            Governance is defined by the International Standards for the Professional Practice of Internal
            Auditing (Standards) as “the combination of processes and structures implemented by the board to
            inform, direct, manage, and monitor the activities of the organization toward the achievement of its
            objectives.”

            Corporate governance is the exercise of ethical and effective leadership by the board toward the
            achievement of ethical culture, good performance, effective control, and legitimacy.

            Business governance is a subdiscipline of organizational governance, responsible for performance
            processes.

            IT governance is the leadership, structure, and oversight processes that ensure the organization’s IT
            supports the objectives and strategies of the organization.

            IT governance supports the organization’s regulatory, legal, environmental, and operational
            requirements to enable the achievement of strategic plans and aspirations.

            Three Lines Model

            The IIA’s Three Lines Model helps organizations identify structures and processes that best assist the
            achievement of objectives and facilitate strong governance and risk management.

              The board is responsible for governance.
              First Line Role: IT operational management is responsible for implementing and maintaining
               processes and controls to manage risks.
              Second Line Role: Compliance functions and risk management are responsible for monitoring
               risks across the organization.
              Third Line Role: Internal audit is responsible for providing independent assurance that risk
               management and controls are operating effectively, and advising senior management and the
               board when deficiencies are identified.




            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   85   86   87   88   89   90   91   92   93   94   95