The Efficient IT Governance Framework
The IIA’s International Professional Practices Framework Glossary defined IT Governance as
‘consists of the leadership, organizational structures, and processes that ensure that the enterprise’s information technology supports the organization’s strategies and objectives’.
The main subject of IT governance is IT assets. IT governance should depend on the regulations which are necessary and also have accordance with the entity’s risk appetite and tolerance. The essential components for the effective IT Governance are process areas (change management, ISMS, software development, project management etc.), organizational structures (roles and responsibilities), norms (including values, standards, policies for IT performance).
An efficient IT governance framework should based on:
- IT & business strategic alignment (services and projects, business objectives, up-to- date IT strategy, linkage between business objectives and IT, etc.)
- Risk management (alignment with top management risk appetite and entity risk tolerance, risk aspects of IT investments, defined role & responsibilities for risk management, defines the risk analysis methodology, establishing committees, mitigating the potential risks using necessary instruments, monitoring activities of threats, etc.)
- Value delivery (the delivery of value level by IT, measuring ROI, IT execution levels, system up-time (infrastructure strategy), degree of automation, IT assets productivity & financial levels, etc.)
- Performance measurement (implementation level of proven norms, achievement of strategic IT objectives, measure IT performance, IT cost & benefit measurement, monitoring and reporting mechanisms effectiveness level, follow-up policies, root cause analysis, problem management, benchmarking against industry practices, etc.)
- Resource management (adaptation of IT assets with HR, efficient internal controlling instruments like HR policies & practices, procedures, guides, segregation of duties, reliable & on-time reporting, communication etc., IT assets planning and sourcing strategies, service level agreements, etc.)
- Independent Audit
These components will provide to the entity’s top management high level of IT Governance performance and assurance. IT Governance efficiency will need strong control environment, risk management, information & communication and monitoring mechanisms which are led by the top management for the effective supporting of entity’s strategies and objectives by the IT assets.
Bulent Hasanefendioglu
TDG Head of Consultancy