The ITSC performs a critical function in supporting the implementation of the corporate information technology strategic plan (ITSP). Further, the committee ensures that it minimizes the risks associated with implementing the IT strategies and receives a return on its investment.

Too often organizations do not monitor the activities and decisions of their IS department. Rather, they rely on the IS department to provide the IT solutions because executive management does not understand technology.

However, this attitude must change; otherwise, the organization may find that decisions made in isolation by the IS department may cause the organization to waste valuable resources (both human and financial) in implementing technologically superior solutions, and not business solutions. When this occurs, the organization receives a poor return on its investment in IT.

It is critical from the outset that the ITSC be empowered to monitor and control the IT investment of the organization.

ISACA has recognized the need for organizations to have an ITSC. The Control Objectives for Information and Related Technology (COBiT) PO4 — Define the Information Technology Organization and Relationships Control Objective states:

The organization's senior management should appoint a planning or steering committee to oversee the information services function and its activities. Committee membership should include representatives from senior management, user management, and the information services function. The committee should regularly meet and report to senior management.

However, IS auditors do not review this critical organizational control process. If this control were part of the system development life cycle, it would be reviewed. Because it is outside of the IT department and is seen as an extension of executive management, it is not reviewed. Because of the impact it may have on the success of the organizational investment in IT, it is essential that the IS auditor audits the role and the effectiveness of the ITSC of the organization.

Project Management Made Easy

Project Management Made Easy

What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.

Get My Free Ebook

Post a comment