Information Technology Governance

Question: Discuss about theInformation Technology Governance. Answer: Introduction: This study will provide a deep understanding about Information technology governance. Information technology governance helps the organization to mitigate the risks arises from changes in external environment. It also helps the organization to comply with rules and regulations lay down by regulating authorities. This study will provide an insight of the importance of IT governance in organization. Analysis IT governance can be defined as organisational capacity enforceable by Board, Management in order to control formulation and implementation of IT strategy so that business can be run effectively with the installation of IT. On the other hand, it is stated that management of an organization plays an important role in process related to IT governance. Different authors quoted different definitions regarding IT governance. But the conclusion can be drawn that IT management should focus on effective supply of IT products and services. The main objective behind IT governance is to enabling the organizations in measuring compliance according to law. With the changes in environment an organization should change the standards lying down for IT governance in order to improvements. (Ozkan and Karabacak, 2010). The recent areas of concern for IT governance are value management, value creation in delivery, management of risk, and integration of IT with governance. It is termed as a process which enables the organization to make an analysis whether its investment in information technology is fulfilling strategic and tactical objectives or not. In oppose to this other factors affecting IT governance are value delivery and level of performance. For creating a value to the organization, management is implementing IT governance in the organization and this trend is increasing day by day. Current and capital expenditure now days has shift towards IT in organizations. Hence, it is being analysed that this increasing expenditure towards IT has lead more importance towards IT governance. The importance of IT governance can be identified from the factor that it helps in analysing the external environment and increased levels of environment fluctuations. Moreover, IT governance helps the organization to face environment changes which includes cloud computing, mobile computing and virtualization. In addition to this, the other factor which lead the importance of IT governance in organization are the compliance and regulatory norms laid down by government for various industries. So, it can be analysed that IT governance reduces and transfers risk by controlling and supporting internal processes (Debreceny, 2013). In oppose to this IT governance also leads to exposure of risk from the external threats. IT governance has become one of the most important components of enterprise risk management. IT faces the threat of security, architecture, user management, development of software for different industries. As a consequence, IT governance provides proper guidance and framework to organization for adoption of good practices. At the same time, IT governance leads the foundation of framework at the national, industry and organizational level. On the other hand, the primary objective of internal IT audit is to assess control, reliability and sustainability of organizations IT environment. Internal audit helps in evaluation of IT plans, strategies, policies, and methods and programmes (Ozkan and Karabacak, 2010). Auditing also helps the organization in making recommendations about various techniques that are going to affect IT governance. In addition to this Auditing is generally of three types. Firstly, in financial auditing the auditors analyzes tests and review the system implemented in organization and thereby making the system more reliable. Secondly, operational auditing makes the system more automatic and efficient in performing of operations. Thirdly, IT auditing places a very important role in compliance audit. IT controls and programmes are an integral part of compliance audit. There are mainly three different approach named financial, operational and compliance auditing. The major differences between these approaches are of the purpose of audit, cost and benefit analysis and inclusion of various fields. Financial auditing used to check the correctness of financial statements (Goldberg, 2011). Compliance auditing reviews compliances and laws. Operational auditing reviews various processes carried out in an organization. There are various risks associated with the auditing. IT is a most important part of making analysis. Overall assessment is dependent upon IT. A more reliable system leads to more accurate results and vice versa. A reliable system can be installed only if there will be IT governance in an organization. In contrary to this, security can also be developed in system after proper formulation of IT governance. Moreover, Audit fieldwork is one of the most important and crucial step for audit process as it includes requests for documents, manager review, proper compilation of audit work, and conducting of in depth research work. In various cases IT auditing is totally different from general auditing. IT auditing is done to review the systems installed in organization and to stop the break down so that an organization can smoothly carried out its functions (Debreceny, 2013). Because organizations are hugely dependent upon IT and any failure in system will go to hamper the productivity of an organization. There are various IT audit standards laid down. The objective, authority, responsibility and responsiveness of the information system should be properly documented in audit charter. The audit charter letter should be agreed at a significant level within the organization. The audit charter should be reviewed at a regular interval. The information contained in audit charter should be in detailed format so that a detailed understanding can be developed. For an internal IT audit, charter should be prepared for day to day activities and for external IT audit charter should be prepared for each audit or non audit assignment. Organizations are adopting risk based IT approach. The objective of this approach is to analyse the risk based on knowledge of the organisations IT strategic plan and organisation operations. Auditor will review systems which are based on technology and control business functions in which high risk is involved. Conclusion From this study it can be analyzed that with the increasing use of IT in organizations, IT governance becomes a major issue. IT governance leads to proper maintenance of system so that there will be no break down. IT governance system is hugely dependent upon the organization structure and managerial personnel. So, from the above study, it can be concluded that IT governance becomes an integral part for the organization success and development. References: Debreceny, R.S. (2013) Research on IT governance, risk, and value: Challenges and opportunities,Journal of Information Systems,27(1), pp.129-135. Goldberg, D.M. (2011) General auditing for IT auditors,ISACA Journal,3, pp.36. Ozkan, S. and Karabacak, B. (2010) Collaborative risk method for information security management practices: A case context within Turkey, .International Journal of Information Management,30(6), pp.567-572.