Management should establish standards as baselines for measuring quantity, weight, extent, value, or quality. Standards can be considered specific goals or objectives against which performance is compared. Selection of points where performance will be measured is critical to effective standards. Employee accountability affects responsibility for meeting standards. Consequently, responsibility for a standard should be directly correlated to activity responsibility. Without accountability, standards become ineffective measurement tools.
Procedures establish methods for accomplishing an activity, through specific performance, while simultaneously complying with prescribed policies. Prior to determining procedures, processes should be identified and classified to determine control objective impact. In order to create an adequate IT governance framework, management must understand and document operational procedures.
Rules are specific and detailed guides that confine and restrict behavior. Comparatively, rules are the simplest operational plan. A rule requires a specific action to be taken regarding a given situation. For example, “This building is a smoke free environment. Violators will be dismissed without exception.”
Davis, Robert E. (2011). Assuring IT Governance. Available from http://www.amazon.com/Assuring-Governance-Assurance-Services-ebook/dp/B0058P58E0 and http://www.smashwords.com/books/view/70359
Davis, Robert E. (2006). IT Auditing: IT Governance. Mission Viejo: Pleier. CD-ROM.