Future Finance, Fintech, DeFi | Daily News

What are the top issues for IT governance?

Larry Marks (no relation) has had an article published by ISACA on “top IT governance issues of 2011“. He has a great surname, but I am not persuaded that his points and priorities are so great.

What are the top issues for IT governance?
Like Larry, I am a fan of the ISACA/ITGI guidance on IT governance, and his summary of it is excellent – highly recommended (although I even more strongly recommend checking out the complete guidance, available at itgi.org/).

He has these as the IT governance issues of 2011:
- IT risk management
- The establishment of a governance framework
- A sense of teamwork and of enterprise
- Value delivery through IT
- A more activist information security department and board of directors
- Cloud computing
- Continuous auditing and assurance

To pick on a couple: Larry does not (IMHO) emphasize sufficiently the need for risk management within IT to be integrated with and supportive of enterprise or corporate risk management. As Risk IT says (which he references), what is important is the effect that IT-related activities may have on business risks. There are no “IT risks” per se.

Then, why is selection and establishment of a governance framework so critical? I am more interested in results, and here are my top IT governance priorities:
- Include IT-related activities to enable as well as support enterprise strategies and goals. Be part of, if not lead, strategy-setting
- Provide leadership as technology enables new corporate strategies and initiatives. In these days of mobile computing, cloud, and ‘big data’, IT should be taking the lead to explain what is possible to management – rather than waiting to meet their (ignorant) requirements
- Integrate IT risk activities into the enterprise risk management process, and (if necessary and appropriate) taking a lead to ensure effective ERM
- Ensure that decisions are made on reliable, current, timely, and available (where it is needed, when it is needed) information. Move from managing based on old, inconsistent, and fragmented data to current information that is reliable
- Simplify the IT infrastructure, eliminating duplicative or redundant applications and data repositories, to not only contain cost but build the platform for the future
- Support all the compliance requirements, preferably through a strategy that relies on a single SET of solutions rather than an incompatible rag-bag

Which Marks is right? Or are we both wrong?

Norman Marks, CPA, is vice president, governance, risk, and compliance for SAP's BusinessObjects division, and has been a chief audit executive of major global corporations for more than 15 years. He is the contributing editor to Internal Auditor’s “Governance Perspectives” column.

Jeudi 9 Juin 2011

Nouveau commentaire :

Your email address will not be published. Required fields are marked *
Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Finyear: latest news, derniers articles