Page 98 - CITP Review
P. 98

IT governance frameworks
            There are variety of established frameworks are commonly used by organizations as a starting point for
            their IT governance program. Some key advantages of using established frameworks include the following:

              The frameworks are designed by governance bodies and industry leaders.
              The frameworks are revised periodically to align with current best practices in the marketplace.
              The frameworks are generic and easily customizable to specific IT environments.
              The frameworks are well-known and familiar, often providing for a quicker and easier way to bring IT
               employees and third parties up to speed.

            Commonly used frameworks for IT governance include the following:

              COBIT (Control Objectives for Information and Related Technology)
               –  Focus: IT auditing, risk management, and mitigation
              ITIT (Information Technology Infrastructure Library)
               –  Focus: Delivery of IT services that better align with business needs
              ISO 17799 (IT Code of Practice for Information Security Management)
               –  Focus: Implementing, maintaining and improving information security management
              COSO (Committee of Sponsoring Organizations)
               –  Focus: Enterprise risk management, internal control, and fraud deterrence


            Implementation phases
            The implementation of an IT governance framework is a four-phase process, made up of the following:

              Phase 1: Develop of a project plan that addresses the following:
               –  Scope
               –  Deliverables
               –  Time frames
               –  Resources
              Phase 2: Perform an IT risk assessment
               –  Risk identification
               –  Risk estimation and evaluation
               –  Risk mitigation strategy
              Phase 3: Obtain approval from project sponsor or senior management
              Phase 4: Rollout of the IT governance program
               –  Pilot program
               –  Phased approach with the most critical areas implemented first


            Common pitfalls
            Common pitfalls that organizations face when implementing an IT governance framework include the
            following:

              Lack of ownership and accountability
              Not tailoring a generic framework to their specific business
              Too much change, too quickly
              Lack of a clear organization mission
              Lack of alignment between IT and the business
              Ineffective or insufficient communication



            © 2019 Association of International Certified Professional Accountants. All rights reserved.    3-14
   93   94   95   96   97   98   99   100   101   102   103