Page 87 - CITP Review
P. 87

IT governance objectives
            The IT Governance Institute (ITGI) defines the objectives of IT governance as

               … to understand and manage the risks associated with implementing new technologies, and
               addressing enterprise challenges and concerns such as (a) aligning IT strategy with the business
               strategy, (b) cascading strategy and goals down the enterprise, (c) providing organizational structure
               that facilitates the implementation of strategy and goals, (d) insisting that an IT control framework be
               adopted and implemented, and (e) measuring IT’s performance.

            IT governance is the responsibility of the BoD and executive management. It is an integral part of
            enterprise governance and consists of the leadership and organizational structures and processes that
            ensure that the organization’s IT sustains and extends the organization’s strategy and objectives.

            IT governance simultaneously takes the following three forms, which work together to result in effective
            change management:

               1.  A structure
               2.  A set of processes
                                                                     2,3
               3.  Monitoring using appropriate measures and metrics.
            Structure includes roles and responsibilities, IT organization structure, CIO, expert on BoD, IT strategy
            committee, and IT steering committee. In general, structure involves the existence of responsibility
            functions such as IT executives and one or more IT committees.

            Process includes activities such as strategic IT planning; service level agreements (SLAs) with third-party
            IT providers; application of COBIT, ITIL, and other applicable frameworks and best practices; alignment of
            IT with enterprise goals and objectives; and governance maturity models. Basically, processes ensure
            strategic decision-making and monitoring of IT effectiveness and efficiency.

            Monitoring involves measuring IT performance using proprietary metrics. Traditional measures are cost-
            benefit and return on investment (ROI), and a more modern one is balanced scorecard. It is advisable to
            consider intangible performance factors as well.


            Project management
            Project management (PM) would be applicable in direct proportion to the number or scope of major IT
            projects. All entities go through changes in IT, but those that strictly use commercial, standard, and
            popular software, hardware, and infrastructure products have a low level of need for project
            management, or just some simple, basic application of PM principles.



            2
              Steven De Haes and Wim Van Grembergen, “IT Governance Structures, Processes and Relational Mechanisms:
                                                                                           th
            Achieving IT/Business Alignment in a Major Belgian Financial Group.” Proceedings of the 38  Hawaii International
            Conference on System Sciences, (2005).
            3
              Paul L. Bowen, May-Yin Decca Cheung, and Fiona H. Rohde, “Enhancing IT Governance Practices: A Model and
            Case Study on an Organization’s Efforts.” International Journal of Accounting Information Systems 8 (2007):
            191–221.


            © 2019 Association of International Certified Professional Accountants. All rights reserved.    3-3
   82   83   84   85   86   87   88   89   90   91   92