IT Governance

S T U D Y N O T E S 3

Dominique P. Alistado
AA 3201 MW 7:30-9:00 PM

IT Governance
Information technology (IT) governance is a a set of policies and
procedures of corporate governance that focuses on the
Role of IT Governance
Evaluating and directing the use of IT to support the organization
Implementing IT and new technologies facilitate the
organization to do new things that were not previously possible.

management and assessment of strategic IT resources.

Monitoring the use of IT to achieve plans
IT-related services and functionality are delivered at the

maximum economical value, in the most efficient manner.

Key Objectives

Using the IT strategy and policies to accomplish its purpose

IT must deliver the functionality and services in-line

with the current and planned needs of the organization

so that the firm can accomplish what it aims to do.

Value Strategy Risk Performance Aligning the IT strategy with the organization's goals
Based on the improved efficiencies, IT provides increased

Deliver Value to Stakeholders. Providing value to stakeholders customer satisfaction, partner satisfaction and loyalty.

is at the heart of governance in general and in particular of IT

governance. Delivering value drives everything else in IT

governance. Components of IT Governance

Set IT Strategy. Creating an IT strategy has to do with

IT value and Performance
determining a vision and direction of current and future
alignment measurement
investments in IT activities.

Manage Risks. Reducing risk and ensuring that investments in IT

resources add value to the corporation. Components of IT Governance

Measure Performance. Operational visibility is important in

every aspect of the business, including IT because if IT

Risk
performance can be measured, then IT assets can also be
Accountability management
governed.
 Disaster Recovery Planning

4. Specify backup and off-site

1. Identify critical applications 3. Provide site backup
storage procedures

Recovery efforts must concentrate on restoring

Operating System Backup. The data librarian, if one

applications that are critical to the short-term

Mutual Aid Pact. An agreement between two or exists, would be a key person to involve in performing
more organizations (with compatible computer this task in addition to the applications and data
survival of the organization. Hence, these
facilities) to aid each other with their data backups procedures discussed next.
applications should be identified and prioritized in
processing needs in the event of a disaster.
the restoration plan. The DRP must be updated to
Application Backup. The DRP should include
reflect new developments and identify critical
applications because they affect other aspects of
Empty Shell. An arrangement wherein the procedures to create copies of current versions of

company buys or leases a building that will serve critical applications such as purchasing backup copies
the strategic plan. This task is a business decision
as a data center and the shell is then available of the latest software upgrades.
and should be made by those best equipped to
and ready to receive whatever hardware the
understand the business problem.
temporary user needs to run essential systems.
Backup Data Files. Databases should be copied daily
to high-capacity, high-speed media, such as tape or
CDs/DVDs and secured off-site. Likewise, master files
Recovery Operations Center. A fully equipped
and transaction files should be protected.
2. Create a disaster recovery team backup data center that many companies share.
In the event of a major disaster, a subscriber can Backup Documentation. The system documentation
occupy the premises and, within a few hours, for critical applications should be backed up and
To avoid serious omissions or duplication of effort resume processing critical applications. stored off-site along with the applications. It may be
during implementation of the contingency plan, task
simplified and made more efficient through the use of
responsibility must be clearly defined and Internally Provided Backup. Permits firms to Computer Aided Software Engineering (CASE)
communicated to the personnel involved. The team develop standardized hardware and software documentation tools.
members should be experts in their areas and have configurations, which ensure functional
assigned tasks. Following a disaster, team members compatibility among their data processing Backup Supplies and Source Documents. The DRP
will delegate subtasks to their subordinates. The centers and minimize cutover problems. should specify the types and quantities needed of
environment created by the disaster may make it critical special items because these are such routine
necessary to violate control principles such as elements of the daily operations which are often
segregation of duties, access controls, and overlooked by disaster contingency planners.
supervision.
Testing the DRP. DRP tests are important and should
be performed periodically because it can measure the
preparedness of personnel and identify omissions or
bottlenecks in the plan.
 e d Data Pr
l iz o

c
a

e
r

gn i s s
t n
Take away from Synchronous Class

eC
In our synchronous sessions, the topic that struck me the Aside from the structure of IT functions two data
e d Data Pr
most is how important it is to segregate IT functions, processing models which are Centralized Data u t o

c
bi

e
especially when they are Incompatible with each other. Processing and Distributed Data Processing. Under the

s
r

gn i s
t s
former, all data processing is performed by one or more

D i
In our previous Accounting Information System class, we large computers housed at a central site that serves
were taught the importance of Internal Control and one users throughout thein which IT services activities are
of which is Segregation of Duties. This internal control consolidated and managed as a shared organization
ensures that there is oversight and review to catch resource, while the latter involves reorganizing the
errors and it helps to prevent fraud or theft. It may be central IT function into small IT units that are placed
the same if applied to IT systems but to me, it appears under the control of end users.
more complicated as new duties are introduced.
Furthermore, I have learned about the importance of
I have learned that separating systems development the physical environment of computer centers as to
from computer operations is vital to avoid unauthorized mitigate risk and create a secure environment.
changes to the application during execution and to
prevent hacking. Similarly, it is important to separate In conclusion, our synchronous class talked about the
Database administration from other functions because risk and controls related to IT governance. IT
if not, the integrity of the database will be threatened. Governance plays an important role in achieving an
It is also important to segregate systems development organization's goals by ensuring that policies and
& maintenance duties because if the developer will do strategy are actually implemented, and that required
the maintenance, he might hide the errors detected. processes correctly followed

References

Hall, J.A. (2011). Information Technology Auditing and Assurance. South-Western Cengage Learning

IT Governance. (n.d.). Mitre. Retrieved from https://www.mitre.org/publications/systems-engineering-guide/enterprise-engineering/enterprise-planning-and-management/it-governance

Spremic, M& Žmirak, Z& Kraljevic, K. (2008). IT governance and performance measurement: research study on Croatian companies. 187-192.

What Is IT Governance? Understanding From First Principles. (2020. November 12). Plutora. Retrieved from https://www.plutora.com/blog/it-governance

Young, M. (2008, Spetember, 9). Leadership - The Role of IT Governance. Retrieved from https://www.computerworld.com/article/2779316/leadership---the-role-of-it-governance.html