Chapter 3. Information Technology Governance
The next domain of GRC that we look at is IT governance. The audit committee of Infission has been asked by their auditors what their IT governance processes are. They have asked us to work with the CIO to craft a response. First, we go through a bit of education but then we break IT governance down into the following sections:
- IT governance balanced scorecard: Recording and communicating the strategic objectives for Information Technology
- Portfolio planning: Ensuring work is authorized and valuable, and aligned with objectives for IT
- Configuration management: Ensuring that changes made to code or the settings for the applications are authorized and appropriate
- End user support: Ensuring requests from ...