Page 94 - CITP Review
P. 94

This body of documents associated with planning provides the CITP with a source for assessing IT-
            related risk. That is, the CITP will want to obtain a copy of the strategic plan, business model, and
            associated plans.

                                                                                           8
            The CITP can review these plans, along with the IT P&P, for areas of IT-related risk.  Using a review of the
            strategic plans, especially the IT risk assessment, the CITP should be able to identify risks, measure risks,
            and design follow-up procedures where necessary.


            Value delivery management
            The factors that determine whether IT governance is relevant are virtually identical for whether project
            management is relevant. Any entity that has large or risky IT projects should employ the principles of
            project management. The P&P of that entity should reflect the intent to follow project management
            principles, including the structure and processes of project management.

            The Project Management Institute (PMI) defines project management in its PMBOK as “… the application
            of knowledge, skills, tools, and techniques to project activities to meet project requirements.”

            In other words, it involves planning, organizing, monitoring, and controlling the project activities in order
            to accomplish the project requirements. The three basic requirements are generally considered to be
            resources, time (deadline), and functionality — with quality and risks factors to be considered and
            managed as well. The objectives of project management are associated with these five factors of IT
            projects. But effective project management clearly involves leading, planning, organizing, and controlling
            IT projects — including personnel, resources, risks, and the environment.

            Like IT governance, evidence of the presence of project management should become evident in a review
            of the P&P and interview of the CIO or manager of the IT function; however, an assessment of the
            effectiveness of project management takes more evidence, such as evaluating the processes associated
            with managing IT projects.

                                                                                          9
            COBIT’s planning and organizing process of manage projects (referred to as PO10 ) provides guidance
            related to this role, and project management in general as it relates to IT.


            Resource management
            A major responsibility of executive management related to IT is to ensure that the entity acquires the
            resources necessary to accomplish the goals and objectives of the entity, especially those outlined in the
            strategic plan. Resources include the following:

              Infrastructure
              Hardware
              Software

            8
              The review of the strategic plans could assist in identifying areas related to many other objectives the CITP might
            have.
            9
              See http://www.isaca.org/popup/Pages/PO10-Manage-Projects.aspx?utm_referrer=direct%2Fnot%20provided.
            Last accessed September 10, 2019.


            © 2019 Association of International Certified Professional Accountants. All rights reserved.    3-10
   89   90   91   92   93   94   95   96   97   98   99