Guideline 2. ICT governance processes

Submitted by Anonymous (not verified) on Tue, 07/10/2018 - 09:46

The institution establishes ICT governance processes linked to its governance objectives, which include evaluating strategic options, giving direction to ICT and monitoring outcomes.

Governance processes ensure that stakeholder needs, conditions and options are evaluated in order to determine and agree upon balanced institutional objectives, set direction through prioritization and decision-making, and monitor performance and compliance against agreed objectives and direction.

Guideline code

ICT_00400

Mechanism

The management, with the assistance of the ICT unit, should define ICT governance processes in order to:

Analyse and articulate the requirements for the governance of ICT, and put in place and maintain effective enabling structures, principles, processes and practices, with clarity of responsibilities and authority to achieve the institution’s mission, goals and objectives;
Optimize the value provided to the institution’s mission from business processes, ICT services and ICT assets resulting from investments;
Ensure that the institution’s risk tolerance is understood, articulated and communicated, and that risk to the institution’s value related to the use of ICT is identified and managed, especially concerning the operation of high-impact social programmes;
Ensure that adequate and sufficient ICT-related resources (people, processes and technology) are available to support the institution’s objectives effectively at optimal costs;
Ensure the transparency of the performance and conformance measurement of ICT-related functions.

The board should establish or delegate to the management the establishment of ICT governance structures, processes and practices.

Parent

A. Governance and Management

Structure

The board should commission the management and the ICT unit to establish ICT governance processes.
A specialized organizational structure, reporting to or including the management, should be established to coordinate ICT governance processes. To establish accountability, the roles and responsibilities of units within that structure have to be well defined and documented.
The ICT governance processes should follow the institution’s ICT governance framework and be based on international standards and practices (e.g. ISO/IEC 38500 and COBIT®).

Tags