Without clear policies that define acceptable IT related behavior, sustaining an effective and efficient internal control system is a remote possibility. Conversely, the formulation of clear IT policies is a mechanism for creating and propagating transparent plans for the achievement of adopted IT objectives at all organizational levels. Though deploying IT policies cannot guarantee errors, mistakes, omissions, irregularities, or illegal acts are prevented, detected and/or corrected in a timely manner; enforcement of policies addressing IT control issues can reduce unacceptable risks to an acceptable level. Where IT policies are deployed, management is empowered to ensure IT related activities are aligned with IT objectives, and employees are following IT related expectation guidelines. Specifically, if IT policy formulation and enforcement are based on a closed-loop system, there normally are provisions for the measurement and feedback of results as well as for corrective actions to be implemented wherever deemed appropriate.
“View Part I of the Governing IT: Policy Formulation and Enforcement series here“