Posted by: Robert Davis
Accountability, Acquire and Implement, Adaptive Systems, Asset Management, Assurance Services, Availability Management, COBIT, COBIT Domains, Control Environment, Control Objectives, Control Objectives for Information and related Technology, Deliver and Support, Due Diligence, Fiduciary Responsibility, Framework, Information Assets Protection, Information Security Governance, Information Security Management, ISG, Key Performance Indicators, Monitor and Evaluate, Performance Measurement, Plan and Organize, Risk Management, Strategic Alignment, Value Delivery
If management views an IAP program as a methodology for achieving information systems goals and objectives, the adopted processes can enable a series of assessments defining control usefulness and control deployment; while conjunctively correlating effectiveness and efficiency directly linked to managerial and employee responsibility, accountability, and authority. Beneficially, regarding an entity’s direction and purpose; when responsibility, accountability, and authority are properly tailored, communication efficiency is improved through reductions in entropy and misunderstanding. Furthermore, management’s deployed IAP controls monitoring assists in ensuring the established fiduciary relationship with stakeholders is fulfilled. As an entity integrated resource, IT should be deployed as managerially required and with a sufficient level of formality, coverage, and control completeness to allow IAP monitoring.