Premium Essay

It Governance

In: Business and Management

Submitted By apriyana
Words 10762
Pages 44
Global Technology Audit Guide

Auditing IT
Governance

Global Technology Audit Guide (GTAG®) 17
Auditing IT Governance

July 2012

GTAG — Table of Contents
Executive Summary......................................................................................................................................... 1
1. Introduction................................................................................................................................................ 2
2. IT Governance Risks................................................................................................................................... 7
3. Aligning the Organization and IT — Key Considerations................................................................ 12
4. The Role of Internal Audit in IT Governance............................................................................ 15
Conclusion....................................................................................................................................................... 18
Authors and Reviewers.............................................................................................................................. 18
Appendix — IT Governance Risk Assessment/Engagement Planning Considerations............................................. 19

iv

GTAG — Executive Summary
Executive Summary

To support the heightened importance of IT governance and the mandatory nature of the International Standards for the Professional Practice of Internal Auditing (Standards), this
GTAG provides internal auditors with the foundational knowledge necessary to fulfill their responsibilities in providing both assurance and consulting services, applicable in the public and private sector. Some of the key areas of IT governance internal auditors should address are:

As defined by The Institute

Similar Documents

Premium Essay

It Governance

...IT Governance A summary of “Ten Principles of IT Governance” (2004, Peter Weill, Jeanne W. Ross) and “IT Governance Framework” (2005, Craig Symons)  Coming up with new governance mechanisms and policies should not be reactive (patching up problems), but proactive – using the enterprise’s objectives and performance goals as a basis Mature business governance processes can be used for IT governance Governance redesigns should be undertaken only when strategy is being revised, in such cases IT governance can be used for leveraging the strategic transformation CIO’s and senior management’s involvement in IT governance is crucial for its success, because it ensures better alignment of IT with strategy The exception-handling process must be clearly defined, as short as possible and should enable and encourage organizational learning. The owner of the IT governance must be familiar with all aspects of the enterprise (not only IT) and have credibility with all business leaders. The owner of the IT governance must be made also responsible for its performance A layered structure is often necessary for IT governance (possible layers are: enterprise-wide IT governance – driven by enterprise-wide strategies and goals and IT governance at division and business unit levels) The effectiveness of IT governance is severely affected by the effectiveness of its communication and transparency Coordination in the governance of the all six assets, one of which is IT, is critical for maximizing the...

Words: 585 - Pages: 3

Free Essay

Recently the Terms "Governance" and "Good Governance"

...Recently the terms "governance" and "good governance" are being increasingly used in development literature. Bad governance is being increasingly regarded as one of the root causes of all evil within our societies. Major donors and international financial institutions are increasingly basing their aid and loans on the condition that reforms that ensure "good governance" are undertaken. The concept of "governance" is not new. It is as old as human civilization. Simply put "governance" means: the process of decision-making and the process by which decisions are implemented (or not implemented). Governance can be used in several contexts such as corporate governance, international governance, national governance and local governance. Since governance is the process of decision-making and the process by which decisions are implemented, an analysis of governance focuses on the formal and informal actors involved in decision-making and implementing the decisions made and the formal and informal structures that have been set in place to arrive at and implement the decision. Government is one of the actors in governance. Other actors involved in governance vary depending on the level of government that is under discussion. In rural areas, for example, other actors may include influential land lords, associations of peasant farmers, cooperatives, NGOs, research institutes, religious leaders, finance institutions political parties, the military etc. The situation in urban areas is much...

Words: 983 - Pages: 4

Premium Essay

Project Governance

...Project governance is the management framework within which project decisions are made. Project governance is a critical element of any project since while the accountabilities and responsibilities associated with an organisation’s business as usual activities are laid down in their organisational governance arrangements, seldom does an equivalent framework exist to govern the development of project’s capital investments ( Sharma, Stone and Ekinci 2009 ). Project Governance extends the principle of Governance into both the management of individual projects via Governance structures, and the management of projects at the business level, for example via Business Reviews of Projects. Today, many organisations are developing models for ‘Project Governance Structures', which can be different to a traditional Organisation Structure in that it defines accountabilities and responsibilities for strategic decision-making across the project ( Crawford, Cooke-Davies, Hobbs, Labuschagne, Remington and Chen 2008 ). This can be particularly useful to project management processes such as change control and strategic decision-making. The decision making framework of the project governance is supported by three pillars ( Klakegg, Williams, Magnussen and Glasspool 2008 ) namely: structure, people and information. 1. Structure: This refers to the governance committee structure. As well as there being a Project Board or Project Steering Committee, the broader governance environment may include...

Words: 1193 - Pages: 5

Premium Essay

Auditing It Governance

...Global Technology Audit Guide Auditing IT Governance Global Technology Audit Guide (GTAG®) 17 Auditing IT Governance July 2012 GTAG — Table of Contents Executive Summary......................................................................................................................................... 1 1. Introduction................................................................................................................................................ 2 2. IT Governance Risks................................................................................................................................... 7 3. Aligning the Organization and IT — Key Considerations................................................................ 12 4. The Role of Internal Audit in IT Governance............................................................................ 15 Conclusion....................................................................................................................................................... 18 Authors and Reviewers.............................................................................................................................. 18 Appendix — IT Governance Risk Assessment/Engagement Planning Considerations............................................. 19 iv GTAG — Executive Summary Executive Summary To support the heightened importance of IT governance and the mandatory nature of the International Standards for the Professional...

Words: 10762 - Pages: 44

Premium Essay

Good Governance

...Good Governance 1. INTRODUCTION: Governance implies control, direction, and rule with authority or administers laws to govern a system to achieve certain objectives. Good Governance implies running administration according to the defined laws to achieve the objective of promoting the welfare of the people in a democratic oriented order. Bad governance means departing from the norms of laws and subjecting system of administration to whims, idiosyncrasies of the rulers to achieve certain ulterior motives at the cost of national interests. The hallmark of great nations is that they learn from their past experience to become wiser in conducting their current and future affairs. Another distinctive feature of such nations is that they try to understand the emerging long-term trends to identify new challenges, and plan for the future so as to take maximum advantage of the opportunities and avoid the pitfalls that may lie ahead. On the other hand, the nations on the trajectory of decay and ultimate oblivion neither learn from the past nor have the inclination to look ahead into the future to plan for their security, progress and welfare. All it lacks in the context of Pakistan; socially, economically and politically as well. In the words of Mahbbub-ul-Haq, ‘Crisis in Governance’, “Human Development Report in South Asia”: “Governance is the exercise of political, economic and administrative authority to manage the resources of a country. It is always based upon certain rules...

Words: 2646 - Pages: 11

Premium Essay

Governance Structure

...Governance Structure Gregory Hladysh University of Phoenix Governance Structure The Sunrise Software Corporation (SSC) operates in 12 countries worldwide with an Enterprise Resource Planning (ERP) strategy that places a Relational Database Management System (RDBMS) in central location in which all departments have access to manipulate. Although the existing design is working, evolving strategic demands forces the separation of domestic System Development Life Cycle (SDLC) from the global SDLC efforts. Financial obligations of the ERP processes makes planning and project management efforts more exhausting with global and domestic ROI calculation using the same budget path. Breaking out domestic projects creates the need for a new hierarchical governance structure for domestic SDLC within the ERP framework, which includes an executive, program implementation, and ongoing operations level. The activities for each level will create roles and responsibilities that will enhance the decision-making process in determining the priorities of the domestic project portfolio. The new SSC process will engage the ERP to take a more critical role in meeting the needs of the organization by having the empowerment to modify the ERP system during workflow processes to bring about relevant change to extend the competitive advantage. It will also facilitate the decision to buy or build when applicable only upon its benefits when compared with domestic competitors based...

Words: 1725 - Pages: 7

Premium Essay

Governance

...te Corporate governance statement The Board of Directors is accountable to the Shareholder for the overall performance of the Group. In doing so, it is responsible for: • • • The effective, prudent and ethical oversight of the Bank; Setting the business strategy for the Bank, following consultation with the Shareholder; and Ensuring that risk and compliance are properly managed in the Bank. Board of Directors and Membership The Board of Directors recognises its responsibility for the leadership, direction and control of the Bank and the Group and its accountability to the Shareholder for financial performance. As at 31 December 2010, the Board comprised the Chairman, four Non-executive Directors and the Group Chief Executive. The Board sees it as a priority to further enhance its existing skills and experience through the recruitment of further independent Non-executive Directors, with a process having commenced in this regard. The Non-executive Directors are independent of management, with varied backgrounds, skills and experience. There have been a total of 39 board meetings during the financial year, 10 of which were scheduled. The purpose of the 29 unscheduled meetings was to address a variety of matters, including discussions in respect of the difficult market conditions that existed during the financial period and included funding issues, capital matters, legacy related matters and the Bank's Restructuring Plan. All Directors are expected to attend each meeting and the...

Words: 4199 - Pages: 17

Premium Essay

Governance

...Best Practices: Nonprofit Corporate Governance One of the most significant and valuable developments of the post-Sarbanes-Oxley Act environment has been the emergence of governance “Best Practices” proposals designed to enhance and improve corporate responsibility and governance. These proposals have come from a wide variety of sources, ranging from self-regulatory agencies (e.g., NYSE, NASDAQ) and business groups (e.g., The Business Roundtable, The Conference Board, National Association of Corporate Directors) to professional associations (e.g., the American Bar Association) and major corporations (e.g., General Electric, WorldCom, TIAA/CREF). While most of these Best Practices proposals have been recommended for adoption by public companies, their relevance as an aspirational goal for nonprofit corporations and non-public companies is widely recognized. From these and other resources, we have developed the following set of guidelines as “food for thought” concerning governance “Best Practices” to assist nonprofit corporations in responding to the current “corporate responsibility” environment. To set the proper perspective, a few important caveats are in order. First, these are Best Practices guidelines, and do not in most instances, reflect current legal requirements. Instead, the guidelines reflect our perspective on evolving trends in nonprofit governance and law. In many circumstances, adoption of, and adherence to, “Best Practices” may reduce a nonprofit corporation’s...

Words: 4165 - Pages: 17

Premium Essay

Governance

...Koito Case Study Submitted by Weichao on March 12, 2011 Category: Business and Economics Words: 7841 | Pages: 32 Views: 160 Report this Essay 1. The Japanese corporate governance system differs vastly from the US system. Discuss corporate governance issues that may arise under the Japanese keiretsu system from the perspective of a) financiers b) owners c) suppliers and d) employees. A Japanese keiretsu is effectively a system of cooperation among various stakeholders. From the Japanese point of view, corporate governance includes maximization of long-term corporate value for shareholders and accountability to all the stakeholders, particularly shareholders (Corporate Governance Committee of Japan 1997). This model appears more attractive than the Anglo-Saxon corporate governance model since it takes social benefits into account. However, it must be noticed that the workability of this model relies on a flawless functioning of the market economy, which is not always the case in Japan (ibid). The later paragraphs will discuss in detail the corporate governance issues related to the Japanese keiretsu system in relation with financiers, owners, suppliers and employees. a) Financiers As shown in Exhibit 8 – Ownership Structure of Major Japanese Automotive Assemblers (1989), banks in Japan usually hold a substantial portion of equity in borrowing companies. The Japanese model is often perceived as efficient since it encourages information flow between firms and their lending...

Words: 7863 - Pages: 32

Premium Essay

Corporate Governance

...Volume 15 Issue 1 Special Issue: Comparative Corporate Governance 7-1-2003 Article 13 Corporate Governance in Malaysia Kamini Singam Recommended Citation Singam, Kamini (2003) "Corporate Governance in Malaysia," Bond Law Review: Vol. 15: Iss. 1, Article 13. Available at: http://epublications.bond.edu.au/blr/vol15/iss1/13 This Article is brought to you by the Faculty of Law at ePublications@bond. It has been accepted for inclusion in Bond Law Review by an authorized administrator of ePublications@bond. For more information, please contact Bond University's Repository Coordinator. Corporate Governance in Malaysia Abstract This article examines the corporate governance system in Malaysia. A sound corporate governance system should help create an environment conducive to the efficient and sustainable growth in the Malaysian corporate sector. Since the Southeast Asian financial crisis in 1997 – 98 (‘financial crisis’), corporate governance has become a key policy issue confronting many Southeast Asian countries, including Malaysia. This article considers the distinctive problems of corporate governance in Malaysia, despite several steps for reform that have taken place since the financial crisis. There will be a brief discussion on the meaning of corporate governance and an overview of the present status of corporate governance in Malaysia, in particular after the financial crisis. Keywords corporate governance, Malaysia, Southeast Asian financial crisis This...

Words: 13068 - Pages: 53

Premium Essay

Corporate Governance

... Write down the role of corporate governance in resolving the issue: Solution: Agency Theory: Agency theory shows an association among principal and agent. In this relationship a principal appoint an agent who executes duties on the behalf of principal. Principal gave some sort of power to the agent of making decisions along by keeping in mind his owners interest. Mainly agency theory solves the following two problems: a. Intention of principal and agent are in spar. b. Acceptance of risk from both points of views. Corporate Governance: Corporate governance offer law and regulations, policies and practice to supervise and organize the organizations. They present policies and directions in a proper way that can express the objectives of the organization and its stakeholders. Agency Theory and Corporate Governance: Mainly corporate governance starts with the concept of agency theory. Every person within the association and exterior of it go behind these policies to evade risk and clashes. Corporate governance offer rules and instructions and also classifies responsibilities and rights and duties of stakeholders of an organization. We conclude that corporate governance and agency theory go next to with each other. Role of Corporate Governance: Role of corporate governance in issue resolving is as follows: ...

Words: 285 - Pages: 2

Free Essay

Good Governance

...Reorganizing the bureaucracy has been in the agenda of every administration since the 1940s.While it has been called by various names—streamlining, reorganization or Reengineering, the overarching reason for the reformist to reduce the wage bill, which Has crowded out resources for vital social services. However, data show that these past attempts Failed as personnel services continue to consume a huge chunk of the budget pie. Likewise, the number of personnel has grown while the delivery of government services remains dismal Indicating dissatisfaction with government performance. Reengineering the bureaucracy should not solely be driven by the reduction of workforce as it has always come to be understood in the Philippine experience. A study on government employment around the world argued that an efficient bureaucracy is one whose size, structure and skill mix is able to deliver quality service to the public and contribute to the nation’s socioeconomic and political objectives. Accordingly, the size of public employment is not the only issue involved in evaluating the efficiency of the public workforce. A relatively large work force can be undersized if its size and skills are not commensurate to the responsibilities assigned to it by the population. On the other hand, even a very small civil service can serve a big population if its quality, skill mix and accountability mechanisms are good. Bureaucracy is a subject we all love to talk about. We see it in our organizations...

Words: 322 - Pages: 2

Premium Essay

Corporate Governance

...Code of Corporate Governance – A Critical Comparison between Bangladesh and Malaysia James Bakul Sarkar Assistant Professor in Accounting and MBA Coordinator Faculty of Business ASA University Bangladesh E-mail: jamssarkar@yahoo.com Mob: 0171-6599599 Dewan Muhammad Nur A Yazdani Lecturer in Marketing Faculty of Business ASA University Bangladesh E-mail: dewanm@hotmail.com Mob: 0172-7681817 Md. Abdul Mannan Assistant Professor Department of Business Administration Stamford University Bangladesh Mob:0171-6418892 Code of corporate governance – A critical comparison between Bangladesh and Malaysia Abstract: Corporate governance is the way in which the corporate entities are governed. The question is: Who will determine the way- the entity itself or the regulator. Different stakeholders with quite diversified interests have stakes (interests) in the operation of business. Consequently, the business entity should not be allowed to operate in every respect in the way it likes; the regulators should come forward to impose certain restrictions and principles on the corporate affairs to upkeep the best interests of stakeholders like investors, creditors and after all the capital market. Such restrictions and principles can be termed as Code...

Words: 4437 - Pages: 18

Premium Essay

Corporate Governance

...INTRODUCTION ........1 2.0 WHAT IS CORPORATE GOVERNANCE 2 3.0 CORPORATE GOVERNANCE THEORIES…………………….……………..........3 3.1 Fundamental corporate governance theories……………………..……………….3 3.1.1. Agency Theory………………………………………………………………3 3.1.2. Stewardship Theory…………………………………………………………4 3.1.3. Stakeholder Theory………………………………………………………….4 3.1.4. Transaction Cost Theory…………………………………………………….4 3.1.5. Political Theory……………………………………………………….……..5 4.0 NEED FOR CORPORATE GOVERNANCE………….……………………………..5 5.0 PILLARS OF GOOD CORPORATE GOVERNANCE…….......……………………7 5.1 Leadership…………………………………………………………………...…….7 5.2 Appointments to the board…………………………………….…………………..7 5.3 Strategy & values………………………………………………………………….7 5.4 Structure & Organisation………….....……………………………………………8 5.5 Corporate performance……………………………………………………..……..8 5.6 Corporate compliance……………………………………………………………..8 5.7 Corporate communication………...……………………………………………….8 6.0 OVERVIEW OF DEVELOMENTS IN CORPORATE GOVERNANCE………..….8 6.1 Global Initiatives……………………..……………………………………………8 6.2 Corporate Governance in Kenya……………………………………..……………9 7.0 IRRESISTABLE CASE FOR CORPORATE GOVERNANCE………………........11 8.0 CONCLUSION………………………………………………………………………11 REFERENCES………………………………………………………………………..…12 1.0 INTRODUCTION In today’s environment corporate Governance is not a luxury but a dire necessity for...

Words: 3475 - Pages: 14

Premium Essay

Corporate Governance

...Corporate governance Two definitions: 1. ASX CGC: rules, relationship, systems and processes help a company to monitor and assess risk, optimize performance, create value and provide accountability. a) A narrow definition which consistent with agency theory focuses on relationship between company and shareholders. 2. OECD: a system a company can be directed and controlled, specify rights, responsibilities and rules; set and achieve objectives and monitor performance. b) A board definition consider relationship between company and stakeholders 3. Agency theory c) A contract under which one or more person engage another person or persons to perform some service on their behalf d) Agency problem rise because of the conflict of interest between principle and agent e) Three specific problems: i. Managers try to maximize their wealth at the expense of shareholders ii. Tendency for management to focus on short-term performance iii. Different attitude of managers and shareholders towards risk f) Corporate governance structures, policies and relationships can help to overcome these three related agency problems iv. Independent board of directors v. Independent board chair vi. Independent board subcommittees such as audit, remuneration and nomination 4. Stakeholder theory g) Reject the only important relationship is shareholders and managers, but consider...

Words: 1869 - Pages: 8