- How does IT governance fit into an organization’s overall governance?
Answer :
IT governance can be defined as a set of processes to effectively manage all IT assets, functions, and processes which support business goals and the fusion of business and IT. An enforceable program of IT governance is the key to gaining more value from open source and protecting the interests of your organization.
It is important to understand the context in which FOSS governance fits into your organization’s overall IT governance system. Understanding and targeting open source issues within your organization is the first of many steps in developing and implementing a FOSS governance system. It is crucial to have a full understanding of the impact that using open source has in organization. The following section identifies the areas within an organization’s IT governance structure that are likely to be impacted by the use of FOSS.
2. The Executive Summary makes five recommendations for management with respect to IT. What are these recommendations?
Answer:
recommendations for management with respect to IT :
Recommendations
- Establish an overall cross-functional compliance team and a dedicated sub team managed by a director level person. The team should be supported by C-level executives and include executive from finance, IT, legal, marketing and affected business units.
- Coordinate IT activities within the scope of an overall security and disaster recovery plan.
- Have Finance or Audit take final responsibility to ensure compliance with SOX. Marketing should take the lead on customer data usage decisions affecting privacy as well as the Do Not Call Registry. IT is one input to the whole process.
- How would an auditor likely view a company’s IT environment if the organization had implemented the above recommendations?
Answer :
Auditors must understand the various IT support systems, including networks, databases and operating systems, that support the financial reporting process. However, they must first gather information concerning the IT control environment, which is part of the overall control environment discussed in COSO. The company-level control environment is the foundation for a company’s internal controls and includes the integrity and competence of the entity’s people. To assess the control environment, auditors should examine management’s philosophy and operating style, including how it assigns authority and responsibility and how it organizes and develops its people.
The overall company control environment has a pervasive effect on the reliability of financial reporting. An important step in understanding the IT control environment is to examine the IT organizational structure and the IT governance structure. The IT organizational structure outlines the authority and responsibility of IT personnel. This structure should support controls, such as adequate separation of duties, and provide assurance that the IT objectives will be achieved.
Effective IT governance helps ensure that IT supports the organization’s goals, optimizes the organization’s investment in IT and mitigates IT-related risks. The IT governance process includes the information systems’ strategic plan, the IT risk management process, compliance and regulatory management, IT policies, collaboration, information sharing, operating style, and procedures and standards.
Source :
Dinitriwardani's Blog 