Академический Документы
Профессиональный Документы
Культура Документы
net/publication/254864216
CITATIONS READS
0 4,016
1 author:
Haris Hamidovic
Independent Researcher - Information Security
86 PUBLICATIONS 19 CITATIONS
SEE PROFILE
All content following this page was uploaded by Haris Hamidovic on 21 May 2014.
“
In fact, the Bank IT governance is distinct from IT management.
A lack of board oversight for International Governance determines who makes the decisions.
Settlements Management is the process of making and
for IT activities is (BIS) has implementing the decisions.9
dangerous; it puts the pointed out that IT governance is about who is entitled to
”
enterprise at risk. board members make major decisions, who has input and who
in financial is accountable for implementing those decisions.
institutions It is not synonymous with IT management. IT
should address IT as they would any other governance is about decision rights, whereas IT
strategic board agenda item.5 management is about making and implementing
Critical dependency on information technology specific IT decisions.10
calls for a specific focus on IT governance to
ensure that the investments in IT will generate the IT GOVERNANCE FRAMEWORKS
required business value and that risks associated A number of experts suggest frameworks that
with IT are mitigated.6 are detailed and intended for implementation
The main objective of this article is to by middle managers. These are known as IT
provide an introduction to the key elements governance “frameworks.” Some of the frequently
of IT governance, to key industry frameworks cited frameworks are:11
used by organizations, and to guiding principles s #/")412
“
organization’s customers.18 communications.20 Well-
designed, well-understood
Well-designed, well-
PRINCIPLES FOR GOOD CORPORATE GOVERNANCE OF IT and transparent governance
An example of the growing importance of IT governance, mechanisms promote desirable understood and
ISO released in 2008 a new worldwide standard, the objective IT behaviors. Conversely, transparent governance
of which is to provide a framework of principles for directors if mechanisms are poorly
mechanisms promote
”
to use when evaluating, directing and monitoring the use of IT implemented, then governance
in their organizations. In this standard, ISO puts forward six arrangements will fail to yield desirable IT behaviors.
principles for governance of IT:19 desirable results.
1. Responsibility—Individuals and groups within the Effective governance deploys three different types of
organization understand and accept their responsibilities in mechanisms:
respect of the supply of and the demand for IT. Those with s Decision-making structures—Organizational units and roles
responsibility for actions also have the authority to perform responsible for making IT decisions, such as committees,
those actions. executive teams and business/IT relationship managers
The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription
to the ISACA Journal.
Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance
Institute® and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.
Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in
writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St.,
Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date,
volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without
express permission of the association or the copyright owner is expressly prohibited.
www.isaca.org