IT governance focuses specifically on information technology systems, their performance and risk management.
The primary goals of IT governance are to assure that the investments in IT generate business value, and to mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications and infrastructure.
KnowledgeLeader provides policies, tools, articles, and other resources to help you:
- Develop IT governance checklists, policies, and procedures;
- Understand current IT governance activities;
- Discover best practices to address IT governance;
- Improve IT governance standards in all business areas.
IT governance thought leaders share their techniques and approaches through articles providing ideas, best practices, and actionable advice. Many of these offer suggestions and advice from industry leaders regarding IT governance. Select one of the areas below to view a sample of IT governance information available on KnowledgeLeader.
Chief Information Officer Job Description
The Chief Information Officer is responsible for all aspects of the organization’s information technology and systems. This sample document outlines the related roles and responsibilities.
COBIT Baseline Review Report – Sample Report
This sample report provides a template to assess the maturity of IT processes and controls using the COBIT framework.
COBIT® Framework
Control Objectives for Information and Related Technology (COBIT) is a management tool for IT. It has been developed by ISACA as an accepted standard for good IT security and control practices. It is intended for use by management, IT auditors, and control and security practitioners. COBIT defines what needs to be done to implement an effective control structure.
Data Management: Data Backup and Storage Policy
The purpose of this policy is to specify the procedures to backup and allow for recovery of important data in the event of accidental or intentional corruption, loss, or destruction of the data. For data critical to the ongoing operation of the business, offsite storage will facilitate keeping the business operational in the event of a physical disaster at the original site.
Director of IT Project Management – Job Description
This position is involved in the definition, management and implementation of significant technology focused projects. In this role, the director focuses on IT projects and aligning technology solutions with business strategies, primarily working with senior management.
ITIL Glossary Terms & Acronyms
ITIL® is a consistent and comprehensive documentation of best practice for IT Service Management. This guide provides definitions to commonly used ITIL acronyms and terms.
IT General Controls Questionnaire
IT general controls are critical and central to business processes. This excel-based template provides a number of COBIT areas and the related control objectives for each IT general control. You can document items such as whether the control exists; whether it was designed properly; related test procedures; and management action plan for deficiencies. This questionnaire has been updated with areas defined in COBIT 4.1.
IT General Controls Scoping Questionnaire
This questionnaire has been designed to facilitate an assessment of existing controls to determine if they align with the IT Governance Institute (ITGI) control objectives. This questionnaire will allow the reviewer to determine which control objectives and illustrative controls are in-scope, and document which control objectives and illustrative controls are currently addressed with existing controls.
IT Project Governance Work Program
The purpose of this document is to provide the general steps used to execute an IT project governance audit. This work program identifies major areas to be investigated during an IT project governance review as well as critical control validation tests to perform.
Systems Management: Downloading Policy
The purpose of this policy is to ensure that downloading of large data files does not degrade company network response unnecessarily; planning for increased company network bandwidth is not skewed adversely by unnecessary large download activity; and the company is protected against copyright infringement action.
Are you looking for: IT governance; governance of IT; governance and IT; IT governance model; IT governance institute; IT governance models; IT governance framework; IT governance process; IT governance tools: IT governance COBIT? Visit our KL Topics tab and click on IT governance to view all of our related content.
2011 IT Audit Benchmarking Survey Report
Protiviti conducted this inaugural IT Audit Benchmarking Survey with input from close to 500 professionals, in order to analyze IT audit trends and gaps in today's dynamic technology environment. We define “IT audit” as the process of collecting and evaluating evidence of the management of controls over an organization’s information systems, practices, controls and operations. Perhaps not surprisingly, we found that the growth and prevalence of technology throughout most operations in a company are outpacing the assessment, management and monitoring of related IT risks. The key trends and takeaways from the study are discussed further in this report.
Auditing IT Projects: Early Warning Signs Of Material Risk
IT projects are often materially significant and yet the nature and magnitude of their risks go unnoticed until disaster strikes. Focusing on the early warning signs of IT project peril, this article provides a straightforward starting point for seeing, monitoring, auditing and managing the risks of an IT project.
Data Center Storage: Migration and Retiring Aging Systems
Why migrate? If it's not broken, don't fix it, right? Wrong. Sooner or later, we must migrate. It is in your best interest to organize the task of data migration well and use it frequently.
The Effect of IT Governance Maturity on IT Governance Performance
There are several best practice-based frameworks that detail effective arrangements for the internal structure of an IT organization. This article has studied the correlation between IT Governance maturity and IT Governance performance.
Enabling Effective IT Governance: Leveraging ISO/IEC 38500:2088 and COBIT to Achieve Business-IT Alignment
Most organizations are revisiting their IT strategy and goals to align with the business strategy. Effective IT Governance is the need of the hour to achieve improved performance and for compliance with external requirements.
Entity-Level Considerations
This section of Protiviti's “Guide to the Sarbanes-Oxley Act: IT Risks and Controls – Frequently Asked Questions" addresses entity-level considerations. Topics covered include: How does management consider the entity-level issues around IT risks and controls? Are there separate “entities” which just include IT operations or processes? And, what IT Governance issues should be considered for purposes of complying with Sections 404 and 302 of Sarbanes-Oxley?
IT Governance Frameworks Help Align Business and IT Interests and Objectives
In order for the CIO and his/her IT organization to move forward in today’s challenging environment, IT Governance is a must. Strong governance helps define and implement IT strategies, business strategies, and set priorities. In this article, Protiviti’s Przemek Tomczak provides readers with a framework for designing a successful IT Governance program.
Global Technology Audit Guide (GTAG) 7: Information Technology Outsourcing
This edition of the Global Technology Audit Guide from The IIA provides the chief audit executive (CAE), internal auditors, and management with information on the types of IT outsourcing activities, the IT outsourcing lifecycle, and how outsourcing activities should be managed by implementing well-defined plans that are supported by a companywide risk, control, compliance, and governance framework.
Global Technology Audit Guide (GTAG) 12: Auditing IT Projects
Whether IT projects are developed in house or are co-sourced with third-party providers, they are filled with challenges that must be considered carefully to ensure success. Insufficient attention to these challenges can result in wasted money and resources, loss of trust, and reputation damage. Early involvement by internal auditors can help ensure positive results. Auditing IT Projects from The IIA provides an overview of techniques for effectively engaging with project teams and management to assess IT project risks.
Global Technology Audit Guide (GTAG) 15: Information Security Governance
Information is a significant component of most organizations’ competitive strategy either by the direct collection, management, and interpretation of business information or the retention of information for day-to-day business processing. This guide will provide a thought process to assist the chief audit executive in incorporating an audit of information security governance (ISG) into the audit plan, focusing on whether the organization’s ISG activity delivers the correct behaviors, practices, and execution of information security.
The Importance of Strong IT Governance During a Financial Crisis
The recent financial crisis and its lingering consequences have sparked many questions about how the economic downturn could have been prevented or how its effects might have been mitigated. One area that has not been given as much attention is the importance of strong IT Governance during difficult times. In this podcast, Protiviti Managing Director Jonathan Wyatt discusses the keys to effective IT Governance.
The Importance of Understanding and Defining Risk Appetite
FS Insights, a quarterly publication from Protiviti’s Financial Services Practice, provides timely coverage of issues facing the financial services industry and insights to help you identify and manage risks and adapt to the changes affecting financial services companies. This issue features the articles: The Importance of Understanding and Defining Risk Appetite; and The Importance of Strong IT Governance During a Financial Crisis.
IT Audit – Assessing and Managing Risks Effectively within the IT Environment
IT internal auditors – those who focus specifically on risks within the IT environment – have become integral to an organization's internal audit plan and ongoing efforts. IT audit activities are especially important given today's technology-driven organizations that require IT auditors to explore new technologies, identify and help to mitigate emerging risks, develop creative solutions to complex challenges, and encourage new practices to enhance both business and IT functions. Discussing in this episode the realm of IT audit and emerging trends in the field is Protiviti Managing Director David Brand. Dave is leader of Protiviti’s IT Audit practice in the United States, and also leads the company's Internal Audit and Financial Controls practice in the Midwest.
IT Service Climate—An Essential Managerial Tool to Improve Client Satisfaction With IT Service Quality
Although client satisfaction surveys can assess client satisfaction with IT service quality, they cannot easily be used to pinpoint how internal IT behaviors influence client satisfaction and prescribe solutions. This research fills the gap by introducing the concept of an IT service climate - a validated ten-item instrument that significantly explained client ratings of IT service quality The authors recommend this measure as an effective diagnostic tool for managers aiming to improve quality and client satisfaction.
Overall IT Risk and Control Approach and Considerations When Complying with Sarbanes-Oxley
This section of Protiviti's “Guide to the Sarbanes-Oxley Act: IT Risks and Controls – Frequently Asked Questions" addresses having an overall IT risk and control approach when complying with Sarbanes-Oxley. Topics covered include: Why is it so important to consider IT when evaluating internal control over financial reporting? How should Section 404 compliance teams define “IT risks and controls”? And, what guidance does COSO provide with respect to IT controls?
Spreadsheet Risk Management: Frequently Asked Questions - Second Edition
Many companies rely on spreadsheets as a key application that supports operational and financial reporting processes. A simple search of your network may surprise you as it will reveal thousands, if not millions, of spreadsheets in use. Do you know who manages them? What is the purpose of these spreadsheets? How reliable are their calculations? Who ensures the results they produce are valid? This publication is designed to answer frequently asked questions about spreadsheet risk based on real business need.
Social Media Use in Companies – Managing the Risks Effectively
Social media has exploded worldwide with Facebook, Twitter, YouTube, LinkedIn and many other sites revolutionizing the way in which people send and receive information. This communication transformation has clearly brought many benefits in terms of connecting with others worldwide, but it also has created a new spectrum of risks for companies. In this podcast, Protiviti Managing Directors Tom Andreesen and Cal Slemp discuss social media-related risks that companies must address.
Understanding Risk-Based IT Audit Planning
Fast-moving changes in technology have added to the potential risks companies face. It is not always easy for senior management to wrap its arms around IT risks confronting their organization. However, internal audit departments can help shed light on the issue through risk-based IT audit planning.
Are you looking for: IT governance; governance of IT; governance and IT; IT governance model; IT governance institute; IT governance models; IT governance framework; IT governance process; IT governance tools: IT governance COBIT? Visit our KL Topics tab and click on IT governance to view all of our related content.
KnowledgeLeader features descriptions of, and links to, many of the most useful business IT governance related sites on the web, including:
CIO.com
Serving chief information officers and other IT leaders, CIO.com, CIO magazine, CIO Executive Programs, CIO Custom Solutions Group and the CIO Executive Council
IT Governance Institute (ITGI)
To achieve success in this information economy, governance of IT is a critical facet of enterprise governance. The IT governance institute (ITGI) exists to assist enterprise leaders in their responsibility to ensure that IT goals align with those of the business, it delivers value, its performance is measured, its resources properly allocated and its risks mitigated. Through original research, symposia and electronic resources, the ITGI helps ensure that boards and executive management have the tools and information they need for IT to deliver against expectations.
International Standards for the Professional Practice of Internal Auditing
The Standards represent the basic principles of the practice of internal audit. They are intended to provide a framework for internal audit activities, establish the basis for evaluation of internal audit performance, and foster improved organizational processes and operations. The Standards consist of Attribute Standards, Performance Standards, and Implementation Standards and are part of the IIA’s Professional Practices Framework.
Are you looking for: IT governance; governance of IT; governance and IT; IT governance model; IT governance institute; IT governance models; IT governance framework; IT governance process; IT governance tools: IT governance COBIT? Visit our KL Topics tab and click on IT governance to view all of our related content.
>> Sign up now for a
30-day free trial or an
annual subscription.
Find out more about our
subscription prices and group discounts.
If you have any questions please
contact us.