Page 97 - CITP Review
P. 97

Some IT situations have a high inherent risk in almost all instances, for example, customized software
            (in-house), transfers of data between two systems, communication of data from one system to another,
            and logical access controls, especially remote and internet.


            Performance management
            Business performance management (BPM) more or less combines aspects of DSS, EIS, and business
            intelligence (BI) into an integrated set of processes, methodologies, metrics, and tools designed to
            measure and manage the entity’s overall financial and operational performance. BPM is an effective tool
            to align plans, objectives, and strategies with ongoing operations. The monitoring and measuring
            performed by BPM provides the means to ensure strategic success.

            BPM has, at a minimum, the following components:

              A set of integrated management and analytical processes supported by technology that addresses
               operational and financial activities and goals
              Tools to assist in defining, measuring, and managing performance against goals
              A system to plan, report, model, analyze, and monitor key performance indicators (KPIs) that are
                                11
               linked to strategy



            IT governance roles & responsibilities

            As plans relate to IT, executive management must handle issues such as the following:

              Constant changes, including improvements, in hardware and software
              How to integrate the IT function across all business units and other entity functions
              How to make IT a strategic advantage
              How to efficiently and effectively manage all aspects of the IT function

            All these issues, and others, have the potential to introduce substantive risks to the business entity.

            One way to frame these types of issues is to consider them in the framework of the primary functions of
            management: plan, organize, direct, and control. In these functions, one can identify areas of risks and
            opportunities for controls. Thus, the CITP could benefit from familiarity with the IT risk implications and
            considerations of these functions.




            IT governance implementation
                                                       12
            By defining an organizational hierarchy and implementing a formal framework, IT governance helps
            mitigate risks associated with IT and ensure compliance with internal and external requirements.

            11
              Efraim Turban, Ramesh Sharda, Jay E. Aronson, and David King, Business Intelligence. (Upper Saddle River, NJ:
            Pearson, 2008), 85.
            12
              Matthew Bogusch, Rory Heenan, and Khoa Huynh. IT Governance, Risk & Controls course materials, module 2.
            Durham, NC: AICPA (2019).


            © 2019 Association of International Certified Professional Accountants. All rights reserved.    3-13
   92   93   94   95   96   97   98   99   100   101   102