Auditing IT Governance

Effective IT governance helps ensure that IT supports business goals, optimizes business investment in IT, and appropriately manages IT-related risks and opportunities. Organizations that realize the IT is no longer a support process and embeds value and risks need a structured approach for better managing Information Technology, enable its capability to deliver added value enterprise wide and for setting up a risk management program to address new risks arising for usage of IT in business processes. In order to assess if IT Governance is in line with industry practices, IT Auditors need a good understanding of processes and applicable standards, particular audit work programs and experience in assessing potential problem indicators.IT Governance, Audit, ISACA, CGEIT, Val IT, Value Governance, Portfolio Management, Investment Management

Audit Methodology for IT Governance

The continuous development of the new IT technologies was followed up by a rapid integration of them at the organization level. The management of the organizations face a new challenge: structural redefinition of the IT component in order to create plus value and to minimize IT risks through an efficient management of all IT resources of the organization. These changes have had a great impact on the governance of the IT component. The paper proposes an audit methodology of the IT Governance at the organization level. From this point of view the developed audit strategy is a strategy based on risks to enable IT auditor to study from the best angle efficiency and effectiveness of the IT Governance structure. The evaluation of the risks associated with IT Governance is a key process in planning the audit mission which will allow the identification of the segments with increased risks. With now ambition for completeness, the proposed methodology provides the auditor a useful tool in the accomplishment of his mission.IT Governance, Corporate Governance, IT Audit Process, IT Risk

IT governance in SMEs: trust or control?

It is believed by many scholars that a small and medium-sized enterprise (SME) cannot be seen through the lens of a large firm. Theories which explain IT governance in large organizations and methodologies used by practitioners can therefore not be extrapolated to SMEs, which have a completely different economic, cultural and managerial environment. SMEs suffer from resource poverty, have less IS experience and need more external support. SMEs largely contribute to the failure of many IS projects. We define an out-sourced information system failure (OISF) as a failure of IT governance in an SME environment and propose a structure for stating propositions derived from both agency theory and theory of trust. The theoretical question addressed in this paper is: how and why do OISFs occur in SMEs? We have chosen a qualitative and positivistic IS case study research strategy based on multiple cases. Eight cases of IS projects were selected. We found that trust is more important than control issues like output-based contracts and structured controls for eliminating opportunistic behaviour in SMEs. We conclude that the world of SMEs is significantly different from that of large companies. This necessitates extra care to be taken on the part of researchers and practitioners when designing artefacts for SMEs

Risk Management in IT Governance Framework

The concept of governance has an already old contour: the system by which business corporations are directed and controlled. The most praised principles regarding shareholder rights, transparency and board accountability now constitute the foundation for new tendencies evolved from such ground. Executive compensation, transparency and shareholder reporting are new issues attached to board responsibilities. Besides such almost negative approaches the board faces a more and more prominent role from risk management and IT governance perspective. Nowadays is generally acknowledged that the board is in charge for managing and controlling the risks to assets of the enterprises and business future. IT Governance has emerged as a support for corporate governance, as an important part of board’s striving efforts to perform better in a competition environment. These responsibilities, risk management and IT Governance, remain within the framework of old concept of corporate governance and are fed from its substance. The interaction between these concepts is the core interest of this research.IT Governance is defined as procedures and policies established in order to assure that the IT system of an organization sustains its goals and strategies. The management of the organisations face a new challenge: structural redefinition of the IT component in order to create plus value and to minimize IT risks through an efficient management of all IT resources of the organisation. The evolution of the present IT environment is a natural process according to which business environment should adapt.Corporate Governance, IT Governance, IT risk, Risk Management.

Passion & IT Governance

15 page(s

THE SHIFT TO IT GOVERNANCE – A GLOBAL APPROACH

Statistics show that the IT expenditures recorded a constant growth during the last 20 years, which shows a continuous growth of the effort of the companies or states dedicated to the extension of the IT sector. Unfortunately, these efforts have not alwayIT Governance, Maturity model, Maturity levels

IT Governance Impact Model: How mature IT Governance affects Business Performance

This paper presents a theory based model that proposes and explains the positive impact of IT governance on the business performance of the firm. The study takes the resource based perspective and integrates the economic theory of complementarities, the concept of resource relatedness as well as the knowledge based view. The proposed increase of business performance is grounded in the generation of sustainable competitive advantage through super-additive value synergies, which are considered as being hard to copy by competitors. The theoretical model is developed and substantiated in two stages. During the first stage, eleven exploratory case studies of major multinational corporations were used for theory building. During the second stage, eight case studies with comparable companies were conducted for theory refinement and substantiation. The results suggest that IT governance is positively related to business performance through the mediators IT relatedness and business process relatedness. It is argued that the latter two are complementary in the sense that they do not only increase business performance independently, but add extra value if available concurrently. The results furthermore imply that the absorptive capacity of the IT department has a significant moderating effect

IT-Governance als Führungskonzept

Governance ist eine Sammlung von Grundsätzen der Geschäftsführung, die durch den Einsatz geeigneter Instrumente Transparenz und ein ausgewogenes Verhältnis von Führung und Kontrolle anstreben, wie sie beispielsweise im Swiss Code of Best Practice for Corporate Governance beschrieben sind. Gelten dieselben Prinzipien für den E-Government-Bereich, oder sind die Schwerpunkte aufgrund des Auftrages der öffentlichen Hand anders zu setzen

IT Governance for SMEs

IT Governance is placing information technology (IT) and information systems (IS) on the agenda of CEOs. However research on the IT/IS value proposition is elaborate and strongly focused on large firms. Despite the numerous successes illustrating the advantages of IT Governance in organizations it is commonly accepted that the processes of developing and using IS are not straightforward. The focus of this research is the complex relation of IT/IS and small and medium-sized enterprises (SMEs) in an outsourced environment