Page 15 - ITGC_Audit Guides
P. 15
support internal devices and applications as well as
coordinate with external or outsourced service Outsourcing IT Elements
providers (including “cloud” providers) and to the Cloud
consultants. Outsourcing IT elements to
The decision to perform duties in-house rather than external parties and/or use of the
outsource may be a matter of enterprise strategy “cloud” is now commonplace, with
(e.g., protecting intellectual property, maintaining different models and combinations
control of core activities, or for economies of scale), to choose from. Typical services
budget and staffing requirements, or combinations either fully or partially outsourced
thereof. to external providers include: SaaS
(Software as a Service), PaaS
This reinforces the need for the CIO to manage IT as
a business and be competitive with other potential (Platform as a Service), and IaaS
external sourcing of technology options. (Infrastructure as a Service). More
detail on the functionality and
As part of managing IT as a business, the IT characteristics of these service
organization should manage and maintain service models is available in the “IT
level agreements (SLAs), provide and monitor key
performance indicators (KPIs) and key risk indicators Network” section of this guide.
(KRIs), and retain relationship managers to manage
the services offered internally, externally, and to the organization as a customer.
From internal audit’s perspective, how technology is delivered in an organization, by whom, and
for whom must be understood to assess most processes, functions, systems, or projects. Even
strategic assessments will require a good understanding of the technology supporting the
direction of an organization’s business.
Process Oversight: IT Service Delivery and Project Portfolio
Management
The IT function delivers processes and services to the organization through IT operations
(supporting business processes), system development, IT infrastructure, and information security
(IS). Overseeing the delivery of these processes and services in collaboration with non-IT
management is essential. IT governance provides the strategies, mechanisms, and
measurements for delivering business value, fosters a partnership with the organization, and
helps ensure the establishment and oversight of jointly owned objectives.
In addition to delivering core IT processes, services, and IT infrastructure, IT manages and
delivers a portfolio of projects in support of the organization (i.e., software development or
acquisition) or in support of the overall IT direction (i.e., infrastructure or architectural design
projects). The delivery of projects on time, within scope, and on budget is a major challenge to
both IT and the business function.
Process oversight establishes accountability and helps ensure deliverables meet both the needs
of the organization and customer.
7 — theiia.org
