54%(28)15 out of 28 people found this document helpful
This preview shows page 1 - 5 out of 15 pages.
[25 points] ~ Learning Objective: To demonstrate an understanding of key IT governance concepts.The IT Audit Director has asked you to perform some preliminary research as it relates to an upcoming audit of your company’s approach to IT governance. The Institute of Internal Auditors (IIA) standards have been revised and now require that you consider the role of IT governance when developing your IT audit plan. Write a response back to your IT Audit Director stating the key areas that the team should focus on for the audit. In your answer, consider the followingshort answer essay prompts:a. In your own words, what are the key elements of IT governance?b. How do you know when IT governance is not working? Scan through today’s headlines and provide an example. What aspects of IT governance were lacking?c. Board versus management – when defining IT governance, why is clearly defining roles and responsibilities, and accountability important?2. [25 points] ~ Learning Objective: To demonstrate an
understanding of the role of risk management in today’s economy, including the importance of establishing a common risk language.Why does a car have brakes? In class, when I asked this Consider the following scenario:Maria Alvarez, the Chief Operating Officer (COO) of a globalmanufacturing company, recently attended a conference on corporate governance. One of the topics discussed was the subject of Enterprise Risk Management, or ERM for short. She could not believe what she heard ... Atlunch, later that day, she spoke to her company’s Chief Compliance Officer (COO): “Mihal,” she said, “this ERM concept is all wrong. Hire a Chief Risk Officer and let that person have responsibility for risk – no way. It’s another example of academics, accounting and consulting firms dreaming up some idea to sell to corporate America. They’re just out to fatten their wallets. Risk management is part of our day-to-day operations – it’s embedded in our daily decision-making. If we set up a separate group to monitor a list of risks, we are only going to cause more troubles. It’s no