Accueil
Envoyer
Imprimer
Partager
Like Larry, I am a fan of the ISACA/ITGI guidance on IT governance, and his summary of it is excellent – highly recommended (although I even more strongly recommend checking out the complete guidance, available at itgi.org/).
He has these as the IT governance issues of 2011:
- IT risk management
- The establishment of a governance framework
- A sense of teamwork and of enterprise
- Value delivery through IT
- A more activist information security department and board of directors
- Cloud computing
- Continuous auditing and assurance
To pick on a couple: Larry does not (IMHO) emphasize sufficiently the need for risk management within IT to be integrated with and supportive of enterprise or corporate risk management. As Risk IT says (which he references), what is important is the effect that IT-related activities may have on business risks. There are no “IT risks” per se.
Then, why is selection and establishment of a governance framework so critical? I am more interested in results, and here are my top IT governance priorities:
- Include IT-related activities to enable as well as support enterprise strategies and goals. Be part of, if not lead, strategy-setting
- Provide leadership as technology enables new corporate strategies and initiatives. In these days of mobile computing, cloud, and ‘big data’, IT should be taking the lead to explain what is possible to management – rather than waiting to meet their (ignorant) requirements
- Integrate IT risk activities into the enterprise risk management process, and (if necessary and appropriate) taking a lead to ensure effective ERM
- Ensure that decisions are made on reliable, current, timely, and available (where it is needed, when it is needed) information. Move from managing based on old, inconsistent, and fragmented data to current information that is reliable
- Simplify the IT infrastructure, eliminating duplicative or redundant applications and data repositories, to not only contain cost but build the platform for the future
- Support all the compliance requirements, preferably through a strategy that relies on a single SET of solutions rather than an incompatible rag-bag
Which Marks is right? Or are we both wrong?
Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.
normanmarks.wordpress.com/
He has these as the IT governance issues of 2011:
- IT risk management
- The establishment of a governance framework
- A sense of teamwork and of enterprise
- Value delivery through IT
- A more activist information security department and board of directors
- Cloud computing
- Continuous auditing and assurance
To pick on a couple: Larry does not (IMHO) emphasize sufficiently the need for risk management within IT to be integrated with and supportive of enterprise or corporate risk management. As Risk IT says (which he references), what is important is the effect that IT-related activities may have on business risks. There are no “IT risks” per se.
Then, why is selection and establishment of a governance framework so critical? I am more interested in results, and here are my top IT governance priorities:
- Include IT-related activities to enable as well as support enterprise strategies and goals. Be part of, if not lead, strategy-setting
- Provide leadership as technology enables new corporate strategies and initiatives. In these days of mobile computing, cloud, and ‘big data’, IT should be taking the lead to explain what is possible to management – rather than waiting to meet their (ignorant) requirements
- Integrate IT risk activities into the enterprise risk management process, and (if necessary and appropriate) taking a lead to ensure effective ERM
- Ensure that decisions are made on reliable, current, timely, and available (where it is needed, when it is needed) information. Move from managing based on old, inconsistent, and fragmented data to current information that is reliable
- Simplify the IT infrastructure, eliminating duplicative or redundant applications and data repositories, to not only contain cost but build the platform for the future
- Support all the compliance requirements, preferably through a strategy that relies on a single SET of solutions rather than an incompatible rag-bag
Which Marks is right? Or are we both wrong?
Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.
normanmarks.wordpress.com/
