It Governance

In: Business and Management

Submitted By apriyana
Words 10762
Pages 44
Global Technology Audit Guide

Auditing IT
Governance

Global Technology Audit Guide (GTAG®) 17
Auditing IT Governance

July 2012

GTAG — Table of Contents
Executive Summary......................................................................................................................................... 1
1. Introduction................................................................................................................................................ 2
2. IT Governance Risks................................................................................................................................... 7
3. Aligning the Organization and IT — Key Considerations................................................................ 12
4. The Role of Internal Audit in IT Governance............................................................................ 15
Conclusion....................................................................................................................................................... 18
Authors and Reviewers.............................................................................................................................. 18
Appendix — IT Governance Risk Assessment/Engagement Planning Considerations............................................. 19

iv

GTAG — Executive Summary
Executive Summary

To support the heightened importance of IT governance and the mandatory nature of the International Standards for the Professional Practice of Internal Auditing (Standards), this
GTAG provides internal auditors with the foundational knowledge necessary to fulfill their responsibilities in providing both assurance and consulting services, applicable in the public and private sector. Some of the key areas of IT governance internal auditors should address are:

As defined by The Institute…...

Similar Documents

Corporate Governance

...Volume 15 Issue 1 Special Issue: Comparative Corporate Governance 7-1-2003 Article 13 Corporate Governance in Malaysia Kamini Singam Recommended Citation Singam, Kamini (2003) "Corporate Governance in Malaysia," Bond Law Review: Vol. 15: Iss. 1, Article 13. Available at: http://epublications.bond.edu.au/blr/vol15/iss1/13 This Article is brought to you by the Faculty of Law at ePublications@bond. It has been accepted for inclusion in Bond Law Review by an authorized administrator of ePublications@bond. For more information, please contact Bond University's Repository Coordinator. Corporate Governance in Malaysia Abstract This article examines the corporate governance system in Malaysia. A sound corporate governance system should help create an environment conducive to the efficient and sustainable growth in the Malaysian corporate sector. Since the Southeast Asian financial crisis in 1997 – 98 (‘financial crisis’), corporate governance has become a key policy issue confronting many Southeast Asian countries, including Malaysia. This article considers the distinctive problems of corporate governance in Malaysia, despite several steps for reform that have taken place since the financial crisis. There will be a brief discussion on the meaning of corporate governance and an overview of the present status of corporate governance in Malaysia, in particular after the financial crisis. Keywords corporate governance, Malaysia, Southeast Asian financial......

Words: 13068 - Pages: 53

Recently the Terms "Governance" and "Good Governance"

...Recently the terms "governance" and "good governance" are being increasingly used in development literature. Bad governance is being increasingly regarded as one of the root causes of all evil within our societies. Major donors and international financial institutions are increasingly basing their aid and loans on the condition that reforms that ensure "good governance" are undertaken. The concept of "governance" is not new. It is as old as human civilization. Simply put "governance" means: the process of decision-making and the process by which decisions are implemented (or not implemented). Governance can be used in several contexts such as corporate governance, international governance, national governance and local governance. Since governance is the process of decision-making and the process by which decisions are implemented, an analysis of governance focuses on the formal and informal actors involved in decision-making and implementing the decisions made and the formal and informal structures that have been set in place to arrive at and implement the decision. Government is one of the actors in governance. Other actors involved in governance vary depending on the level of government that is under discussion. In rural areas, for example, other actors may include influential land lords, associations of peasant farmers, cooperatives, NGOs, research institutes, religious leaders, finance institutions political parties, the military etc. The situation in urban areas is......

Words: 983 - Pages: 4

It Governance

...Information and technology (IT) governance is a subset discipline of corporate governance, focused on information and technology (IT) and its performance and risk management. The interest in IT governance is due to the on-going need within organisations to focus value creation efforts on an organisation's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders. It has evolved from The Principles of Scientific Management, Total Quality Management and ISO 9001 Quality Management Systems. Management concepts that date back to 1911. Historically, board-level executives deferred key IT decisions to the company's IT management and business leaders. Short-term goals of those responsible for managing IT can be in conflict with the best interests of other stakeholders unless proper oversight is established. IT governance systematically involves everyone: board members, executive management, staff, customers, communities, investors and regulators. An IT Governance framework is used to identify, establish and link the mechanisms to oversee the use of information and related technology to create value and manage the risks associated with using information and technology. Various definitions of IT governance exist. Whilst in the business world the focus has been on managing performance and creating value, in the academic world the focus has been on "specifying the decision rights and an......

Words: 259 - Pages: 2

It Governance

...| 2011 | | Marcela AjaziProfessor WaasMIS 51014 March 2011 | [It Governance] | | Strategy is very critical to any form of organization; IT Governance is defined as the structuring and alignment of IT strategy with business strategy. The structuring also provides successful implementation and achievement of goals as well as measuring IT performance in an organization. IT Governance is important to an organization’s life cycle, especially in this tech savvy era. I think that in order for a company to continue to flourish and expand their success over time, information technology and business strategies should be aligned together in order to stay ahead of their competitors or at least stay on the same page as their competitor’s are to assure that company’s maturity. Additionally, because IT Governance is important, it should be detail orientated towards the size and the regulation of the organization. CIO.com states, “Organizations today are subject to many regulations governing data retention, confidential information, financial accountability and recovery from disasters (Schwartz, 2007).” These are the main drivers that would motivate an organization to implement IT Governance in their infrastructure. I agree with this statement because it is true in its entirety; organizations have so much information that needs to stay confidential from their competitors or to whomever it is not privy to and/or to ensure that a certain organization is within the guidelines of......

Words: 871 - Pages: 4

Project Governance

...Project governance is the management framework within which project decisions are made. Project governance is a critical element of any project since while the accountabilities and responsibilities associated with an organisation’s business as usual activities are laid down in their organisational governance arrangements, seldom does an equivalent framework exist to govern the development of project’s capital investments ( Sharma, Stone and Ekinci 2009 ). Project Governance extends the principle of Governance into both the management of individual projects via Governance structures, and the management of projects at the business level, for example via Business Reviews of Projects. Today, many organisations are developing models for ‘Project Governance Structures', which can be different to a traditional Organisation Structure in that it defines accountabilities and responsibilities for strategic decision-making across the project ( Crawford, Cooke-Davies, Hobbs, Labuschagne, Remington and Chen 2008 ). This can be particularly useful to project management processes such as change control and strategic decision-making. The decision making framework of the project governance is supported by three pillars ( Klakegg, Williams, Magnussen and Glasspool 2008 ) namely: structure, people and information. 1. Structure: This refers to the governance committee structure. As well as there being a Project Board or Project Steering Committee, the broader governance environment may......

Words: 1193 - Pages: 5

Corporate Governance

...Corporate Governance Issues and Responsibility On the basis of the principles and rules outlined by the New Zealand Security Commission and code of ethics adopted by NZFSU and PGGW Wrightson in their company’s prospectus, they have failed to follow good corporate governance in their companies. In this case study, there were many corporate governance issues and some of them are highlighted below Board Composition and review: There was imbalance of independent and non independent directors in the board. Craig Norgate, who was the Chairman of PGG Wrightson failed to promote cooperation and efficiency amongst the board members, and was unsuccessful in trying to maintaining good relationship between the management and the board. The Chairman of NZFSU and PGWW failed to comply with the rules of Corporate Governance that, there should be a mix of balance and skills according to the size and complexity of firms, and in this case study, there were fewer independent directors and the need of them were felt by NZFSU, when the company’s current directors were unable to cope up with the failure of the company The board need to achieve the right mix, and should choose directors who have the required skills and knowledge and can contribute to achieve the goal of the company and provide more benefits to the shareholders. There should be a rigorous process for nomination and selection procedure of a director. The Chairman of Boards of PGG Wrightson and NZFSU, were accused in not......

Words: 2250 - Pages: 9

Corporate Governance

... Write down the role of corporate governance in resolving the issue: Solution: Agency Theory: Agency theory shows an association among principal and agent. In this relationship a principal appoint an agent who executes duties on the behalf of principal. Principal gave some sort of power to the agent of making decisions along by keeping in mind his owners interest. Mainly agency theory solves the following two problems: a. Intention of principal and agent are in spar. b. Acceptance of risk from both points of views. Corporate Governance: Corporate governance offer law and regulations, policies and practice to supervise and organize the organizations. They present policies and directions in a proper way that can express the objectives of the organization and its stakeholders. Agency Theory and Corporate Governance: Mainly corporate governance starts with the concept of agency theory. Every person within the association and exterior of it go behind these policies to evade risk and clashes. Corporate governance offer rules and instructions and also classifies responsibilities and rights and duties of stakeholders of an organization. We conclude that corporate governance and agency theory go next to with each other. Role of Corporate Governance: Role of corporate governance in issue resolving is as follows: ...

Words: 285 - Pages: 2

Human Governance

.... | What is human governance essentially about? |   |   |   | Meeting the education and development needs of members as part of a commitment to help members be knowledgeable and maintain their relevance in today's markets |   |   | 2. | How is human governance different from corporate governance? |   |   |   | Corporate governance is manifested as an external, outside-in rules and regulations to legislate the corporations whereas human governance is an inside-out values-based conviction to guide the human where human is viewed essentially as a non-material soul and embodied in the physical being rather than as machine. Being parameter-driven and rule-based, corporate governance emphasises the letter of the law unlike human governance which is about the spirit of the law. |   |   | 3. | How will human governance benefit us? |   |   |   | As the leading segment of society, business has become the most powerful force for positive change in the world today taking over the role of governments. Decision-making process of business now must take into consideration human well being and the interest of the people.  For business corporations to assume this role is never easy since conflict can arise between serving the self and the public. History shows that the original corporations were actually regulatory agencies such as guilds or local governments and had nothing to do with profits. But, over time, events such as the formation of “joint stock companies” and......

Words: 915 - Pages: 4

It Governance

...Available at: SmartPlanet <http://www.smartplanet.com/blog/thinking-tech/just-how-green-is-cloud-computing/5949> [Accessed 26 August 2011]. Nightingale, L., 2011. Procurement Guide: Including Carbon Emissions within Your ‘Green’ ICT Strategy? Climate Action, [online] Available at: <http://www.climateactionprogramme.org/procurement_guide/how_do_you_incorporate_considerations_surrounding_carbon_emi ssions_into_you/> [Accessed 26 August 2011]. Papers4You.Com, (n.d.). What Is Porter's Generic Strategies Analysis? [online] Available at: <http://www.coursework4you.co.uk/essays-and-dissertations/porter-generic-strategies.php> [Accessed 26 August 2011]. Rahim, M., 2011. Strategic Contexts of IT Management, FIT3136 IT Governance and Strategy for Business. Monash University, unpublished. Schneider, L., (n.d.). What is Cloud Computing? About.com, [online] Available at <http://jobsearchtech.about.com/od/historyoftechindustry/a/cloud_computing.htm> [Accessed 26 August 2011]. Sharma, P.D., 2009. Green Biz is Part of Corporate Social Responsibilities (CSR) – Keys to Success, Knol, [online] Available at: <http://knol.google.com/k/green-biz-is-part-of-corporate-social-responsibilities-csr#> [Accessed 26 August 2011]. Silcock, P., 2010. Green Technology Adoption Driven by Cost Savings Not Environmental Concern, Business Computing World, [online] Available at:......

Words: 4333 - Pages: 18

Governance

...Best Practices: Nonprofit Corporate Governance One of the most significant and valuable developments of the post-Sarbanes-Oxley Act environment has been the emergence of governance “Best Practices” proposals designed to enhance and improve corporate responsibility and governance. These proposals have come from a wide variety of sources, ranging from self-regulatory agencies (e.g., NYSE, NASDAQ) and business groups (e.g., The Business Roundtable, The Conference Board, National Association of Corporate Directors) to professional associations (e.g., the American Bar Association) and major corporations (e.g., General Electric, WorldCom, TIAA/CREF). While most of these Best Practices proposals have been recommended for adoption by public companies, their relevance as an aspirational goal for nonprofit corporations and non-public companies is widely recognized. From these and other resources, we have developed the following set of guidelines as “food for thought” concerning governance “Best Practices” to assist nonprofit corporations in responding to the current “corporate responsibility” environment. To set the proper perspective, a few important caveats are in order. First, these are Best Practices guidelines, and do not in most instances, reflect current legal requirements. Instead, the guidelines reflect our perspective on evolving trends in nonprofit governance and law. In many circumstances, adoption of, and adherence to, “Best Practices” may reduce a nonprofit corporation’s...

Words: 4165 - Pages: 17

It Governance

...ScienceDirect Information & Management journal homepage: www.elsevier.com/locate/im IT governance for enterprise resource planning supported by the DeLone–McLean model of information systems success Edward W.N. Bernroider * Vienna University of Economics and Business Administration, Department for Information Business, Augasse 2-6, 1090 Vienna, Austria A R T I C L E I N F O A B S T R A C T Article history: Received 18 May 2005 Received in revised form 24 August 2007 Accepted 11 November 2007 Available online 1 May 2008 I investigated the role of IT governance in driving the success of ERP projects. The tool for assessing ERP value was a comprehensive, multivariate and validated model adapted from the widely used Delone and McLean model of IS success. This showed that ERP investments were more effective in organizations having an IT governance domain consisting of proactive strategic guidance and participatory team building. Large enterprises, however, under-performed compared to SMEs and needed specific performance drivers, such as top management commitment to become effective. ß 2008 Elsevier B.V. All rights reserved. Keywords: ERP IT governance IT success IT value delivery Empirical survey 1. Introduction Today’s business requirements have moved IT governance into the focus of attention. The core processes underlying effective and comprehensive IT governance are the same as those for an enterprise. IT activities are critically......

Words: 6323 - Pages: 26

Corporate Governance

...1.0 Introductions 2.0 Literature review 3.0 Background and history of Development CG The term of corporate governance not just been introduced but it also drew attention of the public about the weaknesses of Malaysian corporate governance practice due to the Asian Financial Crisis in 1997. After 1998, the government of Malaysia decided to adopt the corporate reforms to enhance the quality of good corporate governance practice in the country. The main sources of the Corporate Governance reforms agenda in Malaysia other than Malaysian Code on Corporate governance are the Capital Market Master Plan (CMP) and also Financial Sector Master Plan (FSMP). This sources provides guidelines on the principles and best practices in corporate governance and the direction for the implementation as well as charts for the future prospects of corporate governance in Malaysia. Malaysian Code on Corporate Governance is an initiative that established by the Financial Committee on Corporate in 1998. This committee is consists of both government and also industry. MCCG was introduced on March 2000. This code brought a systematical change in structure of public and also private corporation. The principles underlying the report focus on four areas which are board of directors, directors’s remuneration, shareholders and accountability and audit. Compliance with the code is not mandatory. However, the listed companies in Bursa Malaysia are required to prepare their annual report on how they......

Words: 2720 - Pages: 11

Governance

...Koito Case Study Submitted by Weichao on March 12, 2011 Category: Business and Economics Words: 7841 | Pages: 32 Views: 160 Report this Essay 1. The Japanese corporate governance system differs vastly from the US system. Discuss corporate governance issues that may arise under the Japanese keiretsu system from the perspective of a) financiers b) owners c) suppliers and d) employees. A Japanese keiretsu is effectively a system of cooperation among various stakeholders. From the Japanese point of view, corporate governance includes maximization of long-term corporate value for shareholders and accountability to all the stakeholders, particularly shareholders (Corporate Governance Committee of Japan 1997). This model appears more attractive than the Anglo-Saxon corporate governance model since it takes social benefits into account. However, it must be noticed that the workability of this model relies on a flawless functioning of the market economy, which is not always the case in Japan (ibid). The later paragraphs will discuss in detail the corporate governance issues related to the Japanese keiretsu system in relation with financiers, owners, suppliers and employees. a) Financiers As shown in Exhibit 8 – Ownership Structure of Major Japanese Automotive Assemblers (1989), banks in Japan usually hold a substantial portion of equity in borrowing companies. The Japanese model is often perceived as efficient since it encourages information flow between firms and their......

Words: 7863 - Pages: 32

Governance

...te Corporate governance statement The Board of Directors is accountable to the Shareholder for the overall performance of the Group. In doing so, it is responsible for: • • • The effective, prudent and ethical oversight of the Bank; Setting the business strategy for the Bank, following consultation with the Shareholder; and Ensuring that risk and compliance are properly managed in the Bank. Board of Directors and Membership The Board of Directors recognises its responsibility for the leadership, direction and control of the Bank and the Group and its accountability to the Shareholder for financial performance. As at 31 December 2010, the Board comprised the Chairman, four Non-executive Directors and the Group Chief Executive. The Board sees it as a priority to further enhance its existing skills and experience through the recruitment of further independent Non-executive Directors, with a process having commenced in this regard. The Non-executive Directors are independent of management, with varied backgrounds, skills and experience. There have been a total of 39 board meetings during the financial year, 10 of which were scheduled. The purpose of the 29 unscheduled meetings was to address a variety of matters, including discussions in respect of the difficult market conditions that existed during the financial period and included funding issues, capital matters, legacy related matters and the Bank's Restructuring Plan. All Directors are expected to attend each meeting and the...

Words: 4199 - Pages: 17

It Governance

...IT Governance A summary of “Ten Principles of IT Governance” (2004, Peter Weill, Jeanne W. Ross) and “IT Governance Framework” (2005, Craig Symons)  Coming up with new governance mechanisms and policies should not be reactive (patching up problems), but proactive – using the enterprise’s objectives and performance goals as a basis Mature business governance processes can be used for IT governance Governance redesigns should be undertaken only when strategy is being revised, in such cases IT governance can be used for leveraging the strategic transformation CIO’s and senior management’s involvement in IT governance is crucial for its success, because it ensures better alignment of IT with strategy The exception-handling process must be clearly defined, as short as possible and should enable and encourage organizational learning. The owner of the IT governance must be familiar with all aspects of the enterprise (not only IT) and have credibility with all business leaders. The owner of the IT governance must be made also responsible for its performance A layered structure is often necessary for IT governance (possible layers are: enterprise-wide IT governance – driven by enterprise-wide strategies and goals and IT governance at division and business unit levels) The effectiveness of IT governance is severely affected by the effectiveness of its communication and transparency Coordination in the governance of the all six assets, one of which is IT, is critical for maximizing the...

Words: 585 - Pages: 3