Deputy Auditor Office of the State Auditor Room 1819, One Ashburton Place Boston, MA Co-Chair of Commonwealths Enterprise Security Board Adjunct faculty member John Beveridge, CISA, CISM, CGFM, CFE, CGEIT, CQA
Need for IT Governance Increasing pressure to leverage technology in business strategies Growing complexity of IT environments Fragmented IT infrastructure; fragmented security infrastructures Communication gaps between business and IT managers IT service levels from internal IT functions that appear disappointing Do these conditions sound familiar?
Need for IT Governance Lack of assurance of adequate security by outsourced IT providers IT costs perceived to be out of control; yet under-funded IT security Marginal or unknown ROI/productivity gains on IT investments Impaired organizational flexibility and nimbleness to change User frustration leading to ad hoc solutions Do these conditions sound familiar?
The WATERFALL Navigation Aid -- High Level Control Objectives for Each Process The control of which satisfy is focusing on Is achieved by IT Processes Business Requirements Control Statements Control Practices High-Level Control Objective Users satisfaction Is measured by
Control Models: Structured or organized to present a control framework relative to control objectives and respective internal controls or control practices. Provide statements of responsibilities for control Provide guidance regarding mechanisms to assess the need for control, and to design, develop, implement and exercise control Requires that controls be monitored and evaluated.