IT Governance, Risk, and Compliance

Mar 21 2013   1:02AM GMT

Risk Management: Is it just another set of business buzzwords? – Part VIII

Robert Davis Robert Davis Profile: Robert Davis

IT policies, directives, standards, procedures, and rules should be deployed based on assessed effectiveness and efficiency in addressing managements risk appetite. Deployed controlling and monitoring activities should reflect management’s strategy for ensuring an adequate IT control system. IT control policies and directives can be considered high-level governance documentation while standards, procedures, and rules can be considered detail-level governance documentation. Normally, oversight committees and executive management utilize high-level governance documents to provide general control direction. Whereby, lower-level management converts high-level governance documents into detail-level IT governance documents assisting in ensuring control objective achievement. Developing and implementing IT governance design effectiveness and efficiency can be a multidirectional, interactive, iterative, and adaptive process.


Davis, Robert E. (2011). Assuring IT Governance. Available from and

Davis, Robert E. (2006). IT Auditing: IT Governance. Mission Viejo: Pleier. CD-ROM.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: