Page 97 - CITP Review
P. 97
Some IT situations have a high inherent risk in almost all instances, for example, customized software
(in-house), transfers of data between two systems, communication of data from one system to another,
and logical access controls, especially remote and internet.
Performance management
Business performance management (BPM) more or less combines aspects of DSS, EIS, and business
intelligence (BI) into an integrated set of processes, methodologies, metrics, and tools designed to
measure and manage the entity’s overall financial and operational performance. BPM is an effective tool
to align plans, objectives, and strategies with ongoing operations. The monitoring and measuring
performed by BPM provides the means to ensure strategic success.
BPM has, at a minimum, the following components:
A set of integrated management and analytical processes supported by technology that addresses
operational and financial activities and goals
Tools to assist in defining, measuring, and managing performance against goals
A system to plan, report, model, analyze, and monitor key performance indicators (KPIs) that are
11
linked to strategy
IT governance roles & responsibilities
As plans relate to IT, executive management must handle issues such as the following:
Constant changes, including improvements, in hardware and software
How to integrate the IT function across all business units and other entity functions
How to make IT a strategic advantage
How to efficiently and effectively manage all aspects of the IT function
All these issues, and others, have the potential to introduce substantive risks to the business entity.
One way to frame these types of issues is to consider them in the framework of the primary functions of
management: plan, organize, direct, and control. In these functions, one can identify areas of risks and
opportunities for controls. Thus, the CITP could benefit from familiarity with the IT risk implications and
considerations of these functions.
IT governance implementation
12
By defining an organizational hierarchy and implementing a formal framework, IT governance helps
mitigate risks associated with IT and ensure compliance with internal and external requirements.
11
Efraim Turban, Ramesh Sharda, Jay E. Aronson, and David King, Business Intelligence. (Upper Saddle River, NJ:
Pearson, 2008), 85.
12
Matthew Bogusch, Rory Heenan, and Khoa Huynh. IT Governance, Risk & Controls course materials, module 2.
Durham, NC: AICPA (2019).
© 2019 Association of International Certified Professional Accountants. All rights reserved. 3-13