Governance of Enterprise IT

            Challenges and Benefits of IT Governance

            A robust IT governance framework provides several benefits, as well as several challenges:





























            Internal Audit’s Role

            IIA Standard: 2110.A2 – The internal audit activity must assess whether the information technology
            governance of the organization supports the organization’s strategies and objectives.

            The internal audit activity is uniquely positioned and staffed within an organization:
                 To assess whether the IT governance of the organization supports the organization’s
                   strategies and objectives.
                 To make recommendations as needed.

            Internal audits of IT governance may be divided into both assurance and consulting activities
            depending on the robustness of the IT governance system in place. Independence should not inhibit
            the internal audit activity from providing advice, if management takes full responsibility for
            implementation and operation of controls.

            It is important to ensure your internal audit charter includes the necessary statements regarding
            assurance and consulting, and independence and objectivity. Review The IIA’s Model Internal Audit
            Activity Charter on The IIA’s website to see how the topics of assurance and consulting, purpose and
            mission, and independence and objectivity are addressed.

            Internal audits of IT governance should focus on the organization’s implementation of governance
            practices, which include clearly defined policies, roles and responsibilities, risk appetite alignment,
            effective communication, tone-at-the-top, management of IT value, and clear accountability.
            Internal audit assessments will likely include:




            Copyright © 2021 by The Institute of Internal Auditors, Inc. All rights reserved.