Published by Robert E. Davis at Smashwords
Copyright 2011 Robert E. Davis, MBA, CISA, CICA. All rights reserved.
Smashwords Edition, License Notes
This ebook is licensed for your personal enjoyment only. This ebook may not be re-sold or given away to other people. If you would like to share this book with another person, please purchase an additional copy for each recipient. If you’re reading this book and did not purchase it, or it was not purchased for your use only, then please return to Smashwords.com and purchase your own copy. Thank you for respecting the hard work of this author.
Depending on the abstraction level, IT governance can be viewed as a framework, methodology, or technique. As a framework, IT governance enables a “system of controls” assisting in assuring organizational goals and objectives are achieved effectively and efficiently. As a methodology, IT governance furnishes a description of the role entity direction and controls play in achieving information systems objectives. Lastly, as a technique, IT governance provides processes and steps that can generate superior financial and/or reputational returns for stakeholders.
If you view IT governance as a framework for assisting in organizational governance, then structurally, IT governance should be implemented as an organizational program with objectives, goals, policies, procedures, standards, and rules designed to accomplish management’s intentions. To drive controls, IT governance should subsequently receive ‘significant program’ status because other program results are directly impacted by IT governance effectiveness results -- such as control self-assessment (CSA) and quality control (QC) programs. Furthermore, efficiency of controls should be obtained through models available to assist in deploying IT governance; including The Institute of Internal Auditors’ Systems Auditability and Control (SAC) framework and the Information Systems Audit and Control Association’s Control Objectives for Information and related Technology (COBIT) framework.