IT Governance is a subset discipline of Corporate Governance focused on information technology (IT) systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives, for instance Sarbanes-Oxley in the USA and Basel II in Europe, but more so because of the need for greater accountability for decision-making around the use of IT in the best interest of all stakeholders.
IT capability is directly related to the long term consequences of decisions made by top management. Traditionally, board-level executives deferred key IT decisions to the company’s IT professionals. This cannot ensure the best interests of all stakeholders unless deliberate action involves all stakeholders. IT governance is the responsibility of executives and the board of directors, and consists of the leadership, organisational structures and processes that ensure that the enterprise’s IT sustains and extends the organisation’s strategies and objectives.
IT Governance Audit Resources
- ISO/IEC 38500:2008 – Corporate Governance of Information Technology
- IT Governance – FFIEC Handbook
- IT Governance – MIT CISR
