Does business understand how IT operates or what it can and cannot do within a certain time frame?
Is the IT organisation faced with dramatic change following a merger/acquisition?
Is there adequate view or control over IT spending, or are IT costs perceived to be too high?
Is there good understanding of IT related risk? Are IT related risks properly managed?
IT GRC ensures that …
Activities and functions of IT organisation(s) support objectives investments are maximised.
IT delivers envisioned benefits against the strategy, costs are optimised, and relevant best practises incorporated.
The optimal investments is made in IT and critical IT resources are responsibly, effectively and efficiently managed and used.
...for embedding IT GRC in the organisation
Some important issues:
Firms with above-average IT governance performance had more than 20% higher profitability than firms with poor governance
Effective IT governance is the single most important predictor of the value an organisation generates from IT
Regulatory and industry requirements
Organisations need to satisfy quality, fiduciary and security requirements for information as for all other assets
Committee of Sponsoring Organisations of the Treadway Commission (COSO) defines widely accepted control framework for enterprise governance and risk management also requires a framework for control over IT