Office of the Auditor General of Canada

Final Report of the Task Force on IT Governance

Richard BriseboisBeijing, China

Office of the Auditor General of Canada

Agenda

Background Project Objective Project team Project Schedule/History

IT Governance Key QuestionsOutcomesConclusion

Office of the Auditor General of Canada

Project Objective

The main objective of the project was to discuss the importance of IT Governance, identify risks and challenges being faced and propose new guidance and share best practices in this area

Office of the Auditor General of Canada

Project Team

Project leader: Richard Brisebois, Canada

Active Members:1. Claudia Dias, Brazil 2. Nagarajan Nagarajan & Ashutosh Sharma, India3. Dainius Jakimavicius & Irmantas Aleliunas, Lithuania 4. Thomas Wijsman, Netherlands5. Thor Kristian Svendsen & Erna Jørgensen Lea, Norway 6. Mr. Jamtsho, Bhutan7. Shaima Al Hinai, Oman 8. Alla Petrenko, Russian Federation 9. Steve Doughty/Angus Waugh, United Kingdom 10. Madhav Panwar, USA

Commentary Project Participants:1. Sr. Ryoichi Doi, Japan2. Bjørn Undall, Sweden

Office of the Auditor General of Canada

Project Schedule/History

May 2006: The IT Governance project was initiated at the INTOSAI WGITA meeting in Brazil.

Oct 2006: Scoping report completed. March 2007: WGITA IT Governance Performance Auditing

Seminar in Muscat, Oman. 2008: Launch of the IT Governance database in Japan 2008: Collection of various SAI’s work on IT Governance

(inserted to the IT Governance database) 2009: Collection of reference material on IT Governance

(inserted to the IT Governance database) 2008 & 2009: Interim Progress Reports April 2010: IT Governance Checklist April 2010: Final report of IT Governance task force

Office of the Auditor General of Canada

Office of the Auditor General of Canada

Office of the Auditor General of Canada

What is IT Governance?

“IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.”

IT Governance Institute

Office of the Auditor General of Canada

IT Governance Key Questions

1. Leadership and Organization - Do the IT organizational structure and human resources (personnel) management in place support the organization’s strategies and objectives?

2. IT strategy - Is there an IT strategy in place, including the IT direction, and the processes for the strategy’s development, approval, and implementation and maintenance that is aligned with the organization’s strategies and objectives?

3. Policies and standards - Are there IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring in place to support the IT strategy and comply with regulatory and legal requirements?

4. Quality Management System - Is there an IT quality management system in place to support the organization’s strategies and objectives?

5. IT controls - Are there sufficient IT management and monitoring of controls (e.g., continuous monitoring, QA) in place to support organization’s policies, standards and procedures?

Office of the Auditor General of Canada

IT Governance Key Questions

6. Investment planning - Are there IT resource investment, use and allocation practices, including prioritization criteria in place that are aligned with the organization’s strategies and objectives?

7. Contracting - Are there IT contracting strategies and policies, and contract management practices in place to support the organization’s strategies and objectives?

8. Risk management - Are there risk management practices in place to ensure that the organization’s IT-related risks are properly managed?

9. Monitoring and reporting - Are there monitoring and assurance practices in place to allow the board and executive management to receive sufficient and timely information about IT performance?

10. Business continuity planning - Is there a business continuity plan in place to support orderly recovery of essential business operations during the period of an IT disruption?

Office of the Auditor General of Canada

How to Use the Questions

Question: Do the IT organizational structure and human resources (personnel) management in place support the organization’s strategies and objectives? Audit objective: To determine whether IT organizational structure and human resources (personnel) management in place support the organization’s strategies and objectives. Criterion: We expect the organization to have in place adequate IT organizational structure and human resources (personnel) management to support the organization’s strategies and objectives.

Office of the Auditor General of Canada

Outcomes of the IT Governance Task Force

Publications Database of Reference Material for IT Governance http://www.intosaiitaudit.org/intosaiitgov/default.aspx?AspxAutoDetectCookieSupport=1

IT Governance Scoping, status and final reports Papers and presentations made at the 5th

performance audit seminar (Oman, 2007) Collection of various SAI’s work on IT

Governance Collection of Reference material on IT

Governance Identification of Framework and Standards

related to IT Governance

Office of the Auditor General of Canada

Sub Projects Cancelled

• Develop training material on IT Governance (cancelled)

• Adapt Private Sector IT Governance material for Public Sector use (cancelled)

Office of the Auditor General of Canada

Conclusion

Lets not re-invent the wheelThere are a lot of resources available on IT governanceMost of them are available in Database of Reference Material for IT Governance Lets continue to share best practices and facilitate exchange of information and experience

Office of the Auditor General of Canada

Questions/Thank You

Richard Brisebois CGA, CISAPrincipal, IT Audit Services

Office of the Auditor General of CanadaTel: (613)952-0213 ext. 2235

Fax: (613)947-9736

E-mail: Richard.Brisebois@oag-bvg.gc.ca240 Sparks Street

Ottawa, Ontario, CanadaK1A 0G6

www.oag-bvg.gc.ca