Create your own IT governance audit program

Providing oversight to IT presents unique challenges, but implementing a governance program is essential to keeping IT on track with the business goals. This article provides some important guidelines.

Companies depend on IT to stay competitive, so it's no surprise there is a big push to provide the same level of oversight to IT that is traditionally reserved for areas such as finance and accounting. However, governing IT is more involved due to its technical nature, and poses unique challenges for board members and management. Some of the areas management must take into account are: understanding the impact IT has within the company, providing boundaries for IT professionals to do their jobs, establishing performance measurement, and reassuring shareholders that the IT investment is performing according to preset goals.

To help you get your IT governance program moving in the right direction, you need a plan that suits the company's particular needs. To begin, the board must take the lead in developing an IT governance agenda for management to follow. IT governance must have complete board member buy-in and even the non-technical members must be made aware of its importance. The following steps should help with this process:

  • Create an IT strategy committee for better communications between the board and management.
  • Each board meeting includes IT as an agenda item.
  • The board should align IT projects with business goals.
  • Measurements should be established by the board regarding IT performance.
  • The board should challenge management on IT initiatives by benchmarking measurable results.

After the board has established the direction for an IT governance program, it is up to management to put it into action. To help management decide where to begin, the following steps are suggested:

  • Create an outline that will move IT governance forward with clear responsibilities for all IT professionals.
  • Management should promote responsibility among the IT staff for the success of IT projects.
  • Establish a scoring technique to measure current performance results. Monitor these key points: organizational support for the implementation, risk management responsibilities within the organization, the need for interdepartmental sharing of business information, and project communication.
  • Drill down and define the process areas in IT that are critical to managing high risk areas.
  • Manage expectations among IT staff by making it clear this is not an overnight process.
  • Understand the risks associated with IT investment. Consider the company's previous patterns of performance, current IT staff qualifications, complexity of IT environment, and the type of new IT initiatives being considered.
  • Analyze current capability and identify gaps. Find out where improvements are needed most.
  • The program should consist of a series of continuous improvement phases rather than a one- or two-step process.
  • Decide which improvement strategies are the highest priority projects. This decision should be based on the most potential benefit and ease of implementation of an IT project.
  • Align IT strategy with business goals by asking tough questions such as: where does IT fit in the overall strategy for the company, what is management's risk tolerance level with IT investments, and what are the major IT issues facing the organization at the moment.

Putting an IT governance program in place is no small task and may seem like overkill when IT makes up only a small portion of the company's overall budget. However, with today's budget constraints and tight margins, coupled with IT's increasing role in running and growing an enterprise, the work involved in establishing an IT governance program can provide dividends by enabling a more responsive and cost-effective organization. By using these tips to implement your governance program, you should have a clearer picture of your IT organization's strengths and weaknesses.

Editor's Picks

Free Newsletters, In your Inbox