Page 91 - Courses
P. 91

Governance of Enterprise IT

            The Five Areas of IT

            A typical IT governance framework would focus on five key areas:

            IT governance provides strategic direction of IT and the alignment of IT and the organization with
            respect to services and projects, organization objectives, up-to-date IT strategy, linkage between
            business objectives, and IT initiatives.

            Considerations:
                 Does IT have a strategic plan?
                 Is there linkage between organization objectives and IT initiatives?
                 Are the IT services and projects aligned with the organization strategy?

            IT governance can help determine what processes are in place to ensure that risks have been
            adequately addressed. Governance can also:
                 Ensure that enterprise risk management (ERM) includes risk aspects of IT investments.
                 Define responsibilities for risk management.
                 Define a common risk analysis methodology.
                 Define strategies for addressing risks.
                 Ensure continuous monitoring of threats, occurrence, and impact in a holistic manner.

            Considerations:
                 Have IT risks been adequately addressed?
                 Does enterprise risk management (ERM) include risks related to IT?
                 Is there continuous monitoring of threats and a holistic view of impacts?

            IT governance helps IT and the organization create a partnership designed to drive maximum value.
            The organization will be able to oversee the delivery of value by IT, and measure return on
            investments (ROI), IT tactical plan execution, and the benefits achieved at each level of the
            organization.

            Considerations:
                 Is there a partnership between IT and the organization to drive value?
                 Is return on investment (ROI) measured?
                 Are there benefits to the organization?
                       o  System uptime.
                       o  Automation in software development.
                       o  Software development lifecycle (SDLC) strategy.
                       o  Operational strategy.
                       o  Revenue.

            IT governance provides the mechanisms to verify strategic compliance (i.e., achievement of strategic
            IT objectives) and measure IT performance and its contribution to the bottom line (i.e., delivery of
            promised organization functionality). Additional metrics include continuous monitoring and


            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.
   86   87   88   89   90   91   92   93   94   95   96