Full Text

"The board should make use of generally recognised risk management and internal control models and frameworks in order to maintain a sound system of risk management and internal control to provide reasonable assurance regarding the achievement of organisational objectives." - King Code

IT governance is an integral part of most enterprises, and consists of the leadership and organisational structures and processes that ensure that the organisation's IT sustains and extends its strategies and objectives. The Board is responsible for strategy. IT is an important enabler of strategy in most industries, as well as comprising a significant portion of capital expenditure. IT governance is the responsibility of the Board and executive management. Fundamentally, IT governance is concerned with the value IT delivers to business (both strategic and operational) and mitigating the risks.

Ismail Kajee, head of IT audit within Transnet shares some of his insights. Requirements for increased IT quality, decreased delivery time and continuously improving service levels are receiving higher emphasis within tighter cost constraints. Information and the technology that supports it represent many organisations' most valuable asset. Management is responsible for safeguarding all the assets of the enterprise. To discharge this responsibility, as well as to achieve its expectations, management must establish an adequate system of internal control. Such a system or framework must support the business processes. The COBIT framework was developed in response to the need for a system of internal control in IT.

The IT governance process starts with setting objectives for the enterprise's IT. From then on, a...