A robust IT governance framework provides several benefits, including: Competitive advantage. Improved speed to market. Effective information security and compliance. Process automation and innovation. More informed decision making. Better understanding of root causes related to problems leading to continuous process improvement. Activities that are in the IT governance scope include: 2 Align IT investments and priorities with business objectives. Manage, evaluate, prioritize, fund, measure, and monitor requests for IT services, and the resulting work and deliverables, in a more consistent and repeatable manner that optimizes returns to the business. Maintain responsible utilization of resources and assets. Establish and clarify accountability and decision rights – clearly defined roles and authority. Ensure that IT delivers on its plans, budgets, and commitments. Manage major risks, threats, change, and contingencies proactively. Improve IT organizational performance, compliance, maturity, staff development, and outsourcing initiatives. Champion innovation within IT and the entire organization. 2 Gad J. Selig, Implementing IT Governance: A Practical Guide to Global Best Practices in IT Management , (Zaltbommel, NL: Van Haren Publishing, 2008), 9-10. Proper alignment between the organization and IT means: Senior management and the board understand the potential and limitations of IT. IT senior management understands the objectives and corresponding needs of the organization. This understanding is applied and monitored throughout the organization via an appropriate governance and accountability structure.
10 Auditing IT Governance Key Risks Just as the benefits of IT governance can help an organization achieve financial and nonfinancial objectives, improve operations, and control risk, the negative impacts can be detrimental to the entire organization. Emphasis on technical or financial aspects of IT instead of emphasis on the organizational context of using IT as a business enabler usually results in negative outcomes, poor return on IT investments, or failure to demonstrate the benefits created through IT investments. Other examples of negative impacts include: Financial losses due to business disruption. Higher costs to run business operations. Poor quality or failure to meet new customer expectations and unsatisfied customers. Core business processes are negatively impacted by poor delivery of IT services. Unidentified risks and threats expose the entire organization to security breaches. Penalties resulting from failing to meet regulatory requirements. IT Governance Components Implementation and maintenance of an IT governance program depends on components that can help senior management and the board direct, monitor, and measure IT performance. As shown in Figure 3, the key components of effective IT governance have been grouped into three categories: Process Areas –
You've reached the end of your free preview.
Want to read all 40 pages?
- Fall '16