This paper utilize and build on the
progress of IT Training and enable to understand the corporate-level aspects of
corporate governance, risk, compliance, and assurance that can be applied in
the company. Implementing Governance, Risk, and Compliance (GRC) in the IT
environment need an improved knowledge and skills based on the latest
developments and the best practices.
and Governance (1.3)
The use of IT is increasing rapidly
in most large companies, it is also done mostly in small and medium sized
companies and is the main of most major business operations. After that, there
is an increasing encouragement on corporate governance by regulators. Information
Technology is an integral part of the governance.
The design and spread of successful
information systems using IT is determining the success of a company. So it is
important to make sure that the controls needed are implemented from management
and regulatory perspective too, not only from the IT perspective. Because IT is
developing, there is an increasing in demand for pro-active goals assessments
of governance, risk, compliance, and controls of information systems.
IT Governance and
Governance of Enterprise IT (GEIT) (1.5)
The goal of IT Governance is to
determine and cause the desired behavior and outcomes to achieve the strategic
impact of IT. IT governance refers to systems in which company directors
evaluate, monitor and direct IT management to ensure IT effectiveness,
accountability and compliance of IT.
GEIT is a subdivision of corporate
governance and make easy performance of a framework of IS controls inside the
company as relevant and cover all key areas. There are many benefits of GEIT, for
example to make sure that the governance requirements for board members are
fulfilled, assure compliance with legal and regulatory requirements, etc.
Role of IT in
Companies use IT not only for data processing
but also for strategic and competitive advantages as well. IT transmission has move
forward from data processing to MIS to decision support systems to online
transaction/services. The level to which the dissemination of technology also
impacts on how internal control is applied in the company.
the perspective of business strategy, IT affects the way companies are
structured, operated and managed. Company can no longer develop business
strategies without IT strategies, it is the same for IT strategies too. The auditors
should have a good concept of management aspects as relevant to spread of IT
and IT strategy. IT organization need to set their tactics and strategies for
supporting the organization by confirm that everyday IT operations are submitted
without compromise and efficiently.