Shelly Huzaynah 21207019
- How does IT governance fit into an organization’s overall governance?
IT governance fit into an organization’s overall governance, it because of these three reason :
- IT contributes directly to market value.
- IT is essential for the achievement of business goals.
- IT involves large investments and business risks.
- The Executive Summary makes five recommendations for management with respect to IT. What are these recommendations?
The recommendations for management with respect to IT :
- Establish an overall cross-functional compliance team and a dedicated sub team managed by a director level person. The team should be supported by C-level executives and include executive from finance, IT, legal, marketing and affected business units.
- Coordinate IT activities within the scope of an overall security and disaster recovery plan.
- Have Finance or Audit take final responsibility to ensure compliance with SOX. Marketing should take the lead on customer data usage decisions affecting privacy as well as the Do Not Call Registry. IT is one input to the whole process.
- How would an auditor likely view a company’s IT environment if the organization had implemented the above recommendations?
Auditors are necessary to revise the procedures used to assess and evaluate their clients’ internal control structures. SAS 941 provides auditors with much-needed guidance regarding the effect of IT on internal controls. The standard requires tests of controls in certain situations, regardless of the level of control risk2 set by the auditor. The evaluation of internal controls is not complete until the auditor obtains a sufficient understanding of the controls’ design and determines whether critical internal controls are present in the automated environment, in operation and working as intended.