IT a Shared Responsibility
Information Technology (IT) governance is directly related to organisational oversight of IT assets and risks.
It makes it a shared responsibility of senior management and the board. This was the presentation by Stephen Coates, the director of Prosperity Audits, Australia at the Institute of Internal Auditors Fiji’s annual conference at the InterContinental Fiji Golf Resort and Spa on Friday.
Mr Coates said senior management carried out the day-to-day direction that tactically aligned with the overall strategic guidance of the board to ensure the effective, efficient and acceptable use of IT resources.
He spoke on auditing IT governance and how effective it is: •IT strategies are aligned with organisational objectives. •Risks are identified and managed properly. •IT investments are optimised to deliver value to the organisation. •IT performance is defined, measured, and reported using meaningful metrics. •IT resources are managed effectively.
“IT governance assured alternatives were evaluated and execution was appropriately directed.
“IT governance was an imperative part of organisational strategies and fundamentally concerned with goals that ensure that IT delivered value to the business in a controlled and effective manner.”
A typical IT governance framework would focus on strategic alignment, risk management, value delivery, performance measurement and resource management.
Mr Coates said that benefits accrueing from a robust IT governance framework involving a proper alignment between the organisation and IT meant that senior management and the board understood the potential and limitations of IT.
“IT senior management understands the objectives and corresponding needs of the organisation.
“This understanding is applied and monitored throughout the organisation via an appropriate governance and accountability structure.”
Wrong IT emphasis brings negative returns
Emphasis on the technical or financial aspects of IT instead of emphasis on the organisational context of using IT as a business enabler usually resulted in negative outcomes and a poor return on IT investments.
He said this could also see a failure to demonstrate the benefits created through IT investments.
“When reviewing governance, internal audits must do more than just identify problems,” Mr Coates said. “They need to identify root causes and make constructive recommendations when weaknesses in IT controls are identified.”