IT Governance, Risk, and Compliance » Human Resources

What Every IT Manager Should Know About Service Delivery and Support – Part XII

Robert Davis — Tue, 12 Jun 2012 21:46:21 +0000

Audit professionals have a significant role in supporting an adequate control environment when providing contributions to strategic, tactical, and operational value through governance improvement recommendations. Consistent with entity oversight responsibilities, board of directors should insist on utilizing perceptive IT auditors to permit control environment enrichment. In particular, an entity’s audit committee should proactively ensure IT service delivery and support are subject to periodic audits, reviews, as well as agreed-upon procedures by highly qualified auditors so individuals responsible for governance can advance entity oversight goals with IT enhancement triggers. Furthermore, a robust IT audit function can usually render superior performance when requested to assist management with operational control issues that may arise.

Lastly, external factors often influence an entity’s environment. Specific external influencers affecting an entity’s ability to achieve objectives include: economics, communities, governments, technologies, competitors, suppliers, and customers. Therefore, it is crucial that the external environment be accurately assessed prior to proceeding with a course of action impacting the entity’s system of controls.

“View Part I of the What Every IT Manager Should Know About Service Delivery and Support series here“

What Every IT Manager Should Know About Service Delivery and Support – Part XI

Robert Davis — Fri, 08 Jun 2012 22:32:17 +0000

Foundationally, the IT control environment should assist in enabling the governing body, management and all other staff in providing reasonable assurance regarding achievement of the following general objectives:

 Operational Efficiency
 Operational Effectiveness
 Operational Economy
 Management Reliability
 Laws and Regulations Compliance
 Internal Policies Compliance

General entity objectives increase in significance when they are collectively considered in relation to operations, management and compliance fiduciary responsibilities. Categorically, these distinct general objectives can be achieved through various criteria establishment that frame aligned focus on meeting entity-centric needs. For instance, IT related information criteria (i.e. effectiveness, efficency, confidentiality, integrity, availability, compliance and availability) can be utilized to satisfy entity-level objectives that have specific fiduciary responsibilities.

“View Part I of the What Every IT Manager Should Know About Service Delivery and Support series here“

What Every IT Manager Should Know About Service Delivery and Support – Part X

Robert Davis — Tue, 05 Jun 2012 21:55:12 +0000

Management’s control methods over compliance with laws and regulations should ensure appropriate measures are deployed to ascertain whether entity personnel understand implemented governance practices, and governance processes are being followed as intended. Legal compliance procedures for ethical control standards should be set by top management and promoted through exemplary behavior.

The importance of responsibilities of those charged with governance is recognized in codes of practice and other regulations or guidance produced for the benefit of oversight committee members. Documented primary responsibilities of those charged with governance include oversight of the design and effective operation of procedures and the process for reviewing the effectiveness of the entity’s control system. Consequently, the entity’s oversight committee should direct IT management to achieve measurable service and support value.

“View Part I of the What Every IT Manager Should Know About Service Delivery and Support series here“

What Every IT Manager Should Know About Service Delivery and Support – Part IX

Robert Davis — Fri, 01 Jun 2012 21:54:00 +0000

Human resources policies are definite courses or methods of action selected by management from alternatives, considering the environment, that guide as well as determine present and future employment decisions. For example, training policies that communicate prospective roles and responsibilities with prerequisite educational attainment illustrate expected performance and behavior levels.

Human resources practices relate to recruiting, orientating, training, evaluating, counseling, promoting, compensating, and remediating entity personnel. For example, a standard for recruiting the most qualified individual reflecting morally acceptable traits from a candidate pool conveys an entity’s commitment to competent and trustworthy personnel. Furthermore, promotions driven by objective periodic performance appraisals support the entity’s dedication to advancing qualified individuals to higher responsibility levels.

“View Part I of the What Every IT Manager Should Know About Service Delivery and Support series here“