Controlled environments provide a structured method for effective IT project management. Partially reflecting the COBIT framework; systems and infrastructure delivered to the core business processes through procurement and/or development project management should minimally assist in fulfilling IT architecture criteria for quality requirements, security requirements, and fiduciary requirements.
The entity’s CE affects the IT organizational structure. Centralized structures often have a single computer processing strategy and use a single set of systems and infrastructure software, enabling tighter management control over the IT architecture. Alternatively, in decentralized structures, each profit or cost center generally has its own computer processing strategy, application programs, and infrastructure software, which may result in differences in policies and procedures and various levels of compliance at each location. Nevertheless, IT policies and procedures should demonstrate alignment with the entity’s mission.
“View Part I of the Common Risk Determinants for an IT Architecture series here“