Thủ Thuật Hướng dẫn Which of the following IT governance and best practice improve strategic alignment? Chi Tiết
Bùi Công Khanh đang tìm kiếm từ khóa Which of the following IT governance and best practice improve strategic alignment? được Cập Nhật vào lúc : 2022-11-19 15:26:03 . Với phương châm chia sẻ Mẹo về trong nội dung bài viết một cách Chi Tiết 2022. Nếu sau khi tham khảo tài liệu vẫn ko hiểu thì hoàn toàn có thể lại Comment ở cuối bài để Ad lý giải và hướng dẫn lại nha.You are correct, the answer is A.
Nội dung chính Show- Why is IT governance important?What is corporate governance?IT governance frameworks, models and standardsISO 38500 – The international IT governance standardThe five domains of IT governanceOther IT governance frameworks and models to considerIT governance auditingHow to establish an IT governance frameworkWhat are the best practices for IT governance?Which of the following is the most important element for the successful implementation of IT governance?Which of the following should an IS auditor recommend to best enforce alignment of and IT project portfolio with strategic organizational priorities?WHAT IS IT Governance Isaca?
A. An assessment of how well an organization's application portfolio supports the organization's business objectives is a key component of the overall IT strategic planning process. This drives the demand side of IT planning and should convert into a set of strategic IT intentions. Further assessment can then be made of how well the overall IT organization, encompassing applications, infrastructure, services, management processes, etc., can support the business objectives. The purpose of an IT strategic plan is to set out how IT will be used to achieve or support an organization's business objectives.
B. Operational efficiency initiatives, including cost reduction of purchasing and maintenance activities of systems, belong to tactical planning, not strategic planning.
C. A list of approved suppliers of IT contract resources is a tactical rather than a strategic concern.
D. An IT strategic plan would not normally include detail of a specific technical architecture.
You answered B. The correct answer is C.
A. While the information security policy should be updated on a regular basis, the specific time period may vary based on the organization. Although reviewing policies annually is a good practice, the policy could be updated less frequently and still be relevant and effective. An outdated policy is still enforceable, whereas a policy without proper approval is not enforceable.
B. The lack of a revision history with respect to the IS policy document is an issue but not as significant as not having it approved by management. A new policy, for example, may not have been subject to any revisions yet.
C. The information security policy should have an owner who has management responsibility for the development, review, approval and evaluation of the security policy. The position of security administrator is typically a staff-level position (not management), and therefore would not have the authority to approve the policy. Without proper management approval, enforcing the policy may be problematic, leading to compliance or security issues.
D. Although a policy committee drawn from across the company is a best practice and may help write better policies, a good policy can be written by a single person, and the lack of a committee is not a problem by itself.
IT governance is an element of corporate governance, aimed improving the overall management of IT and deriving improved value from investment in information and technology.
IT governance frameworks enable organisations to manage their IT risks effectively and ensure that the activities associated with information and technology are aligned with their overall business objectives.
To understand how an organisation’s IT supports and enables the achievement of its strategies and objectives, read IT Governance – A Pocket Guide by Alan Calder.
Why is IT governance important?
IT governance enables an organisation to:
- Demonstrate measurable results against broader business strategies and goals.Meet relevant legal and regulatory obligations, such as those set out in the
GDPR (General Data Protection Regulation) or the Companies Act 2006.Assure stakeholders they can have confidence in your organisation's IT services.Facilitate an increase in the return on IT investment; andComply with certain corporate governance or public listing rules or requirements.
What is corporate governance?
Corporate governance is "a toolkit that enables management and the board to giảm giá more effectively with the challenges of running a company. Corporate governance ensures that businesses have appropriate decision-making processes and controls in place so that the interests of all stakeholders are balanced.”- ICSA, The Governance Institute.
A robust corporate governance framework can help you meet the requirements of laws and regulations such as the DPA (Data Protection Act) 2022 and the GDPR.
For instance, the GDPR requires data controllers and processors to demonstrate their compliance with its requirements through certain documentation, including relevant logs, policies and procedures.
Harnessing the elements of IT governance will help you create and maintain appropriate policies and procedures to help meet your data privacy requirements.
Learn more about meeting your GDPR compliance obligations
IT governance frameworks, models and standards
ISO 38500 – The international IT governance standard
ISO/IEC 38500:2015 is the international standard for corporate governance of IT.
It sets out principles, definitions and a high-level framework that organisations of all types and sizes can use to better align their use of IT with organisational decisions and meet their legal, regulatory and ethical obligations.
Buy a copy of ISO/IEC 38500:2015
As well as ISO 38500, there are numerous widely recognised, vendor-neutral frameworks that organisations can use to implement an IT governance programme.
Each has its own IT governance strengths – for instance, COBIT focuses more on process management and ITIL on service management – but you might benefit from an integrated approach, using parts of several frameworks to deliver the results you need.
Follow the links below to find out more about each framework.
COBIT
COBIT (Control Objectives for Information and Related Technology) is an internationally recognised IT governance control framework that helps organisations meet business challenges in regulatory compliance, risk management and aligning IT strategy with organisational goals.
COBIT 2022, the latest iteration of the framework, was released in November 2022. It builds on COBIT 5, introducing new concepts and addressing the latest developments affecting enterprise IT.
Learn more about COBIT
Browse COBIT products
The five domains of IT governance
The IT Governance Institute (a division of ISACA) breaks down IT governance into five domains:
Value deliveryStrategic alignmentPerformance managementResource managementRisk managementOther IT governance frameworks and models to consider
In addition to the frameworks listed above, there are several other models and frameworks you should consider for effective IT governance:
- King reports of corporate governance (versions I to IV).ISO/IEC
31000:2022 (risk management).ISO/IEC 27001:2013 (information security).Business continuity management and disaster recovery.Knowledge management, including intellectual capital.Programme
management and project governance, including PRINCE2® and PMBOK®.
IT governance auditing
As IT governance plays a crutial role in strategic performance, internal auditors are expected to include it in their audit plans.
Learn more about IT governance auditing
How to establish an IT governance framework
The challenge for many organisations is to establish a coordinated, integrated framework that draws on best-practice IT governance frameworks.
We offer a wide range of products and services, including books, toolkits and training courses, to support your organisation’s compliance with these frameworks. Browse our bestselling IT governance products and services below.
What are the best practices for IT governance?
6 information governance best practices. Form a committee of key stakeholders. ... . Define the business and compliance requirements. ... . Update policies for remote work. ... . Outline key governance plans in policies and standard operating procedures. ... . Define reports and alerts to monitor compliance. ... . Continuously monitor and review the plan..Which of the following is the most important element for the successful implementation of IT governance?
Which of the following is the MOST important element for the successful implementation of IT governance? When implementing an IT governance framework in an organization the MOST important objective is: IT alignment with the business.Which of the following should an IS auditor recommend to best enforce alignment of and IT project portfolio with strategic organizational priorities?
Which of the following should an IS auditor recommend to BEST enforce alignment of an IT project portfolio with strategic organizational priorities? Define a balanced scorecard for measuring performance.WHAT IS IT Governance Isaca?
IT governance empowers organizations and helps establish and monitor accountability for IT activities to ensure that IT-enabled investments support enterprise objectives. Tải thêm tài liệu liên quan đến nội dung bài viết Which of the following IT governance and best practice improve strategic alignment?