IT Corporate Governance Part 2

IT Corporate Governance Part 1

A group project on poor IT Governance

Auditing the Management of IT

As like any other field, management is the most important aspect. Plan, control, direct and act the the most common management term.

In auditing the management of IT, the following aspects should be reviewed:-

• Information Systems Strategy - review of the IT short term and long term plan, IT steering committee
• Policies And Procedures - review of the IT standards, security policy, operation manual
• Information System (IS) Management Practices - IT budget, personnel management, project management, change management
• IS Organisational Structure And Responsibilities - review of the IT organisation chart, job descriptions

The level of controls effectiveness should be assessed to determine whether there is any exposure. For example, if the IT Security Policy is last updated 5 years ago, then, the controls in place might not be highly effective as technology keeps on changing. The controls should also be revised and updated accordingly.

IT Control - IT Plan

Purpose of IT plans is to ensure that the use of IT is aligned with the mission and business strategies of the organization

It is also to highlight the IT requirements in achieving the business objectives.

In general there are two types of plan, i.e. short-range and long-range plan.

As like any other plan,it should be reassessed periodically and amended as necessary in response to changing business and IT conditions.

Management should establish processes to capture and report feedback from business process
owners and users regarding the quality and usefulnessof long- and short-range plans.

Risks
Failure to plan and re-assessed the plan could lead to:-

• IT failures to meet the organisation’s missions and goals
• IT failures to match short-range plans with long-range plans
• IT projects failures to meet short-range plans
• IT failures to meet cost and time guidelines
• Missed business opportunities
• Missed IT opportunities