Final Report of the Task
Force on IT Governance
Richard Brisebois
Beijing, China
Office of the Auditor General of Canada
Agenda
Background
 Project Objective
 Project team
 Project Schedule/History
IT Governance Key Questions
Outcomes
Conclusion
Office of the Auditor General of Canada
Project Objective
The main objective of the project was
to discuss the importance of IT
Governance, identify risks and
challenges being faced and propose
new guidance and share best
practices in this area
Office of the Auditor General of Canada
Project Team
Project leader:

Richard Brisebois, Canada
Active Members:
1. Claudia Dias, Brazil
2. Nagarajan Nagarajan & Ashutosh Sharma, India
3. Dainius Jakimavicius & Irmantas Aleliunas, Lithuania
4. Thomas Wijsman, Netherlands
5. Thor Kristian Svendsen & Erna Jørgensen Lea, Norway
6. Mr. Jamtsho, Bhutan
7. Shaima Al Hinai, Oman
8. Alla Petrenko, Russian Federation
9. Steve Doughty/Angus Waugh, United Kingdom
10. Madhav Panwar, USA
Commentary Project Participants:
1. Sr. Ryoichi Doi, Japan
2. Bjørn Undall, Sweden
Office of the Auditor General of Canada
Project Schedule/History









May 2006: The IT Governance project was initiated at
the INTOSAI WGITA meeting in Brazil.
Oct 2006: Scoping report completed.
March 2007: WGITA IT Governance Performance
Auditing Seminar in Muscat, Oman.
2008: Launch of the IT Governance database in Japan
2008: Collection of various SAI’s work on IT Governance
(inserted to the IT Governance database)
2009: Collection of reference material on IT Governance
(inserted to the IT Governance database)
2008 & 2009: Interim Progress Reports
April 2010: IT Governance Checklist
April 2010: Final report of IT Governance task force
Office of the Auditor General of Canada
Office of the Auditor General of Canada
Office of the Auditor General of Canada
What is IT Governance?
“IT governance is the responsibility of the
board of directors and executive
management. It is an integral part of
enterprise governance and consists of the
leadership and organisational structures
and processes that ensure that the
organisation’s IT sustains and extends the
organisation’s strategies and objectives.”
IT Governance Institute
Office of the Auditor General of Canada
IT Governance
Key Questions
1.
2.
3.
4.
5.
Leadership and Organization - Do the IT organizational
structure and human resources (personnel) management in
place support the organization’s strategies and objectives?
IT strategy - Is there an IT strategy in place, including the IT
direction, and the processes for the strategy’s development,
approval, and implementation and maintenance that is aligned
with the organization’s strategies and objectives?
Policies and standards - Are there IT policies, standards, and
procedures, and the processes for their development, approval,
implementation, maintenance, and monitoring in place to
support the IT strategy and comply with regulatory and legal
requirements?
Quality Management System - Is there an IT quality
management system in place to support the organization’s
strategies and objectives?
IT controls - Are there sufficient IT management and
monitoring of controls (e.g., continuous monitoring, QA) in place
to support organization’s policies, standards and procedures?
Office of the Auditor General of Canada
IT Governance
Key Questions
6.
7.
8.
9.
10.
Investment planning - Are there IT resource investment, use
and allocation practices, including prioritization criteria in place
that are aligned with the organization’s strategies and
objectives?
Contracting - Are there IT contracting strategies and policies,
and contract management practices in place to support the
organization’s strategies and objectives?
Risk management - Are there risk management practices in
place to ensure that the organization’s IT-related risks are
properly managed?
Monitoring and reporting - Are there monitoring and
assurance practices in place to allow the board and executive
management to receive sufficient and timely information about
IT performance?
Business continuity planning - Is there a business continuity
plan in place to support orderly recovery of essential business
operations during the period of an IT disruption?
Office of the Auditor General of Canada
How to Use the Questions
Question: Do the IT organizational structure and
human resources (personnel) management in place
support the organization’s strategies and objectives?
Audit objective: To determine whether IT
organizational structure and human resources
(personnel) management in place support the
organization’s strategies and objectives.
Criterion: We expect the organization to have in
place adequate IT organizational structure and
human resources (personnel) management to
support the organization’s strategies and objectives.
Office of the Auditor General of Canada
Outcomes of the IT
Governance Task Force
Publications Database of Reference Material
for IT Governance
http://www.intosaiitaudit.org/intosaiitgov/default.aspx?AspxAutoDetectCookieSupport=1
 IT Governance Scoping, status and final reports
 Papers and presentations made at the 5th
performance audit seminar (Oman, 2007)
 Collection of various SAI’s work on IT
Governance
 Collection of Reference material on IT
Governance
 Identification of Framework and Standards
related to IT Governance
Office of the Auditor General of Canada
Sub Projects Cancelled
• Develop training material on IT
•
Governance (cancelled)
Adapt Private Sector IT
Governance material for Public
Sector use (cancelled)
Office of the Auditor General of Canada
Conclusion
Lets not re-invent the wheel
There are a lot of resources available
on IT governance
Most of them are available in
Database of Reference Material for IT
Governance
Lets continue to share best practices
and facilitate exchange of
information and experience
Office of the Auditor General of Canada
Questions/Thank You
Richard Brisebois CGA, CISA
Principal, IT Audit Services
Office of the Auditor General of Canada
Tel: (613)952-0213 ext. 2235
Fax: (613)947-9736
E-mail:
Richard.Brisebois@oag-bvg.gc.ca
240 Sparks Street
Ottawa, Ontario, Canada
K1A 0G6
www.oag-bvg.gc.ca
Office of the Auditor General of Canada