Governance of Enterprise IT and its benefits
GCTI refers to the ability of an organization to direct and control the role of information technologies to ensure that they sustain and extend their strategic objectives through the effective implementation of projects, the provision of high quality services, risk management and the optimization of resources.
How the Corporate Governance of IT emerges
Some of the main reasons why the Corporate Governance of IT is adopted are very diverse as an example we can mention the following:
- Ambiguity or lack of presentation of results of IT projects and services.
- IT is invested but not responsible for supervising and securing these investments and their respective return.
- The IT department assumes things that the business needs and the business assumes things that can be provided by the IT department, but there is no consensus or agreement of the services to be provided.
- Lack of visibility of the value that IT delivers to the business.
- There are no objectives agreed upon and communicated to all interested parties and no performance is reported with respect to these IT objectives.
COBIT domains
COBIT establishes that the Corporate Governance of IT has 5 key areas of attention that as a whole ensure the creation of IT value and prevent the value already created from being lost. These five domains are:
• Strategic alignment that ensures alignment between business objectives and IT objectives and plans.
• The delivery of value that ensures that investment in IT (projects, services and assets) delivers to the business the promised benefits in support of the strategy.
• Risk management that ensures that the business risks associated with the adoption, operation, use or involvement of IT are under control and that there is an allocation of responsibilities over its management.
• Resource management that ensures that knowledge and IT assets are optimized.
• The evaluation of the performance to measure the IT function, in relation to the established objectives and the effectiveness in the realization of projects and services.
Limitations
Internal controls, regardless of how well designed and how well they operate, can only give reasonable assurance that the entity achieves its control objectives. The probability of achieving this is conditioned by the inherent limitations of internal control.
This includes the reality that human judgments in decision making may be incorrect and that errors in internal control may occur due to human failures such as simple mistakes or mistakes. In addition, controls, whether manual or automatic, can be circumvented by the connivance of two or more people or because the management inappropriately ignores internal controls.
Main Objectives
1. Responsibility: Everyone must understand and accept their responsibilities in the supply or demand of IT. The responsibility for an action carries the authority for its realization.
2. Strategy: The business strategy of the organization takes into account current and future IT capabilities. IT strategic plans meet current and anticipated needs derived from the business strategy.
3. Acquisition: IT acquisitions are made for valid reasons, based on an appropriate and continuous analysis, with clear and transparent decisions. There is an appropriate balance between benefits, opportunities, costs and risks.
4. Performance: IT are sized to support the organization, providing services with the right quality to meet current and future needs.
5. Conformity: The IT function complies with all applicable laws and regulations. Policies and practices in this regard are clearly defined, implemented and enforced.
6. Human Factor: IT policies, practices and decisions demonstrate respect to the human factor, including the current and emerging needs of all personnel involved.
Benefits of implement IT Business Governance
Through the IT Business Governance, IT processes can be used to support compliance with the strategic business objectives and, at the same time, this can be measured and adequate follow-up to the Technology investment and the re-edition of the account. of IT projects and services.
The ISO / IEC 38500 standard applies to the governance of IT management processes in all types of organizations that use information technologies, providing a basis for the objective evaluation of IT governance. In addition to compliance with current legislation, the IT government allows:
1. An appropriate implementation and operation of IT resources.
2. Clarification of responsibilities and measurement of the achievement of the organization’s objectives.
3. The continuity and sustainability of the business.
