//
you're reading...
Information Security, IT & TECHNOLOGY

Board Involvement With IT Governance


ISACA-Logo

Interest in IT governance is increasing due to the changing role and relevance of IT within organizations for supporting, sustaining and expanding business. According to the IT Governance Institute, IT governance is the form of leadership, organizational structures and processes that ensure an organization’s IT sustains and extends the organization’s strategies and objectives. While management’s role in IT governance is imperative, practitioners and academics have also long advocated board involvement in IT governance. However, the literature shows that boards may not be very involved in IT governance. This could be because board members may not have the needed IT expertise to provide direction on important operational and strategic IT-related issues. Boards may also not be very involved because IT does not get put on the board’s agenda or board members simply do not understand their roles regarding IT governance.

Our recent Journal article addresses this issue of the board’s role in IT governance by examining the charters of board-level IT committees. We reviewed the committee charters to analyze the prescribed roles and responsibilities of these committees. If the charters are not clear or complete, board members may misunderstand their roles. We found that only 23 Fortune 500 companies had board-level IT committees at the time of our study. We used content analysis to categorize the documented roles and responsibilities according to the 5 IT governance domains:  strategic alignment, value delivery, resource management, risk management and performance measurement. Our Journal article contains our findings and discusses the opportunities for these committees to improve their governance roles.

A topic that we are interested in beyond the scope of our article is the IT auditor’s role in ensuring the effectiveness of these committees or the board at large in terms of IT governance. During an IT governance audit, the auditor should examine the committee charters to ensure committees are set up to fulfill best practices and COBIT-related IT governance roles. Examining meeting minutes and matching them to the prescribed roles could further ensure these committees are effective in their oversight role. In fact, IT-related issues may be discussed and documented in board meeting minutes regardless of whether the company has a specifically designated board-level IT committee. We hope to explore some of these issues in the future.

Read Nancy Lankton and Jean Price’s recent Journal article:
Board-level Information Technology Committees,” ISACA Journal, volume 2, 2016.

Nancy Lankton, CISA, CPA, and Jean Price

[ISACA Journal Author Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 123,336 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,484 other followers

Twitter Updates

Archives

April 2016
M T W T F S S
« Mar   May »
 123
45678910
11121314151617
18192021222324
252627282930  
%d bloggers like this: