Page 89 - CITP Review
P. 89
Exhibit 3-1 — Project management and IT governance
Govern IT portfolio management Executive management and BoD
Strategy and alignment:
High-level plans
Exception reports
Funding
Direction
Manage Program management Middle Management
Project management office (PMO) and PMPs
Broad management of all projects
Funding, prioritizing, and monitoring major IT
programs
Tactical activities
Execute Project management IT staff (possibly others)
Execute individual IT projects
Detailed plans
Changes communicated and incorporated
One key aspect of IT governance is the structure of committees that have oversight of major IT projects
(that is, changes to IT and thus change management functionality). One important part of IT governance
process is the application of frameworks and best practices such as project management (particularly
useful for change management). The overall objective of IT governance leads to the mitigation of risks
associated with change management, and activities therein provide assurance of effective change
management. Effectual project management reduces the risks in changes to IT.
Management of the IT function
The control environment basically refers to management of the IT function. It would specifically include
controls and activities at the organizational level as well as certain IT function activities. Some examples
of control environment controls or activities would be: management of computer operations, IT
governance, budgets (both capital and operating), managing major IT projects, employing best practices
in programming (where applicable), managing IT human resources, IT strategy (especially strategic
plans), IT investment, alignment of IT with the business model and entity goals and objectives, entity’s IT
risk assessment, and IT policies and procedures.
© 2019 Association of International Certified Professional Accountants. All rights reserved. 3-5
