IT Governance, Risk, and Compliance

Apr 15 2011   8:01PM GMT

Right-sizing IT Controls – Part III

Robert Davis Robert Davis Profile: Robert Davis

During IT governance framework construction; personnel, structures, processes, and risk management integration are foundational. Nevertheless, professionals generally agree defining IT roles and responsibilities should be the first step when developing IT governance. Towards this ‘end,’ roles represent persons that are accountable based on the organizational structure; while responsibilities indicate activities with associated methodologies or processes for achieving organizational objectives and goals.

At the IT departmental level, precise organizational unit responsibilities should be documented. Correspondingly, utilizing a bottom-up approach can assist in clearly defining roles and responsibilities for each IT unit as well as the IT department, and assure IT structure understanding. Through this definitional understanding, gaps and over extensions in the control perimeter can be determined as well as potential risks to ensure deployment of suitable IT controls.

View Part I of the Right-sizing IT Controls series here

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: