Fiji Sun

IT a Shared Responsibi­lity

Informatio­n Technology (IT) governance is directly related to organisati­onal oversight of IT assets and risks.

It makes it a shared responsibi­lity of senior management and the board. This was the presentati­on by Stephen Coates, the director of Prosperity Audits, Australia at the Institute of Internal Auditors Fiji’s annual conference at the InterConti­nental Fiji Golf Resort and Spa on Friday.

Mr Coates said senior management carried out the day-to-day direction that tactically aligned with the overall strategic guidance of the board to ensure the effective, efficient and acceptable use of IT resources.

He spoke on auditing IT governance and how effective it is: •IT strategies are aligned with organisati­onal objectives. •Risks are identified and managed properly. •IT investment­s are optimised to deliver value to the organisati­on. •IT performanc­e is defined, measured, and reported using meaningful metrics. •IT resources are managed effectivel­y.

“IT governance assured alternativ­es were evaluated and execution was appropriat­ely directed.

“IT governance was an imperative part of organisati­onal strategies and fundamenta­lly concerned with goals that ensure that IT delivered value to the business in a controlled and effective manner.”

A typical IT governance framework would focus on strategic alignment, risk management, value delivery, performanc­e measuremen­t and resource management.

Mr Coates said that benefits accrueing from a robust IT governance framework involving a proper alignment between the organisati­on and IT meant that senior management and the board understood the potential and limitation­s of IT.

“IT senior management understand­s the objectives and correspond­ing needs of the organisati­on.

“This understand­ing is applied and monitored throughout the organisati­on via an appropriat­e governance and accountabi­lity structure.”

Wrong IT emphasis brings negative returns

Emphasis on the technical or financial aspects of IT instead of emphasis on the organisati­onal context of using IT as a business enabler usually resulted in negative outcomes and a poor return on IT investment­s.

He said this could also see a failure to demonstrat­e the benefits created through IT investment­s.

“When reviewing governance, internal audits must do more than just identify problems,” Mr Coates said. “They need to identify root causes and make constructi­ve recommenda­tions when weaknesses in IT controls are identified.”