Information Systems Governance Report Analysis - [University Name]
VerifiedAdded on 2022/08/14
|14
|4267
|6
Report
AI Summary
This report provides a comprehensive analysis of Information Systems (IS) Governance, addressing key aspects such as IT alignment with business strategy, the effectiveness of existing IS governance policies, plans, projects, and priorities, and the critical link between IS governance and overall business strategy. The report begins by assessing the extent to which IS governance is aligned, inclusive, educated, engaged, connected, and informed within an organization. It then evaluates the effectiveness of existing IS governance policies, identifying areas for improvement. Furthermore, the report delves into the relationship between IS governance and business strategy, pinpointing any discrepancies and proposing solutions. The analysis encompasses a range of policies, including data protection, records management, document management, digital preservation, personal data breach, and privacy impact assessment policies. The report also explores IT project governance, its alignment with business objectives, and the importance of a well-defined IT governance framework. The author examines the role of project governance, project management principles, and the significance of IT alignment in achieving business goals. The report emphasizes the critical need for IT governance to align the business towards its aims and objectives.
Running head: IS Governance
Information System Governance Auditor
Name of the Student:
Name of the University:
Author Note:
Information System Governance Auditor
Name of the Student:
Name of the University:
Author Note:
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1IS GOVERNANCE
Response to Question 1:
The operational methods of a business are always guided by the strategy of the business.
In the same sense, IT strategy is used to guide the information technology, information
architecture and information system of a business. Moreover, these IT strategies or IT
governance is used to prioritize the IT requirements of a business and also guide the method to
deliver and process the IT services in a business. IT alignment is the degree of dependence of IT
strategies are dependent on the business strategy (Van Grembergen and De Haes 2018). IT
alignment also ensures that the person who is responsible to define the IT strategies can
understand all the strategies of the business and the person has the ability to translate the usages
of the IT resources, provision of IT and also endorsement of the IT project. Therefore, IT
alignment is categorized in two types based on the existing information system of the business,
they are the strategic alignment and operational alignment. The operational alignment is used to
guarantee that the business processes, IT methods and the business infrastructure jointly perform
to gain a particular business goal (Uhl and Gollenia 2016). The strategic alignment is also an
important factor for every business as this is useful to guarantee that the IT strategies correspond
to the business strategies so that the decisions of the business are consistent and are taken and
implemented effectively. Information technology provides competitive advantages to the
businesses. The introduction of IT and Information systems allow the officials to present
multiple business models to their customers (Noe et al. 2015). For instance, IT facilitates
multiple benefits for the physical stores like instant customer feedback and ranking them on the
basis of their requirements. IT has been a significant part for every business and thus proper IT
strategy should be used or implemented to meet the requirements of the customer. Some efficient
and trending information technologies for these businesses are the web 2.0, SaaS (Software–as–
Response to Question 1:
The operational methods of a business are always guided by the strategy of the business.
In the same sense, IT strategy is used to guide the information technology, information
architecture and information system of a business. Moreover, these IT strategies or IT
governance is used to prioritize the IT requirements of a business and also guide the method to
deliver and process the IT services in a business. IT alignment is the degree of dependence of IT
strategies are dependent on the business strategy (Van Grembergen and De Haes 2018). IT
alignment also ensures that the person who is responsible to define the IT strategies can
understand all the strategies of the business and the person has the ability to translate the usages
of the IT resources, provision of IT and also endorsement of the IT project. Therefore, IT
alignment is categorized in two types based on the existing information system of the business,
they are the strategic alignment and operational alignment. The operational alignment is used to
guarantee that the business processes, IT methods and the business infrastructure jointly perform
to gain a particular business goal (Uhl and Gollenia 2016). The strategic alignment is also an
important factor for every business as this is useful to guarantee that the IT strategies correspond
to the business strategies so that the decisions of the business are consistent and are taken and
implemented effectively. Information technology provides competitive advantages to the
businesses. The introduction of IT and Information systems allow the officials to present
multiple business models to their customers (Noe et al. 2015). For instance, IT facilitates
multiple benefits for the physical stores like instant customer feedback and ranking them on the
basis of their requirements. IT has been a significant part for every business and thus proper IT
strategy should be used or implemented to meet the requirements of the customer. Some efficient
and trending information technologies for these businesses are the web 2.0, SaaS (Software–as–
2IS GOVERNANCE
a–Service), CRM (Customer Relationship Management) and Enterprise Resource Planning
which allow them to drive their business operations seamlessly (Erasmus, Strydom and
Rudansky-Kloppers 2016. ).
The higher authorities should be capable to assess the effectiveness of the innovative
technologies in the market. They should also take the initiative in cooperating the ITs in their
business. The information strategy is generally derived from the strategies of the business. The
major element of information strategy is to determine the information assets (Barry 2017). These
assets are used to load, process and manage huge data from various domains like market data,
finance data, production data and logistics data. Business and market areas emerge with various
threats, risks and opportunities. Each business represents various features such as its own
processes, rules and policies (Mainela and Ulkuniemi 2013). These factors are considered in
together to effectively approach the IT alignment. The business processes are known in a better
way when they fit with the existing business culture and the business structure. Businesses
require to avoid creative destruction. The strategic approach is driven or implemented as top
down approach where the strategies made by the top management should be ensured that they
can easily fit to other levels of the business. The IT alignment can easily be facilitated and
inhabited by multiple factors and forces (Tallon, Ramirez and Short 2013). The middle
management converts these strategies in workable templates which are further implemented by
the operational management. The IT alignment is usually assisted by the common vision of the
strategy which is communicated among various business levels. At the same time, IT alignment
is formally inhabited by deficit emphasis and focus of the IT priorities. It is necessary to have
clear interfaces and structures for collaboration and communication among various business
units and the IT units. IT alignment can also be achieved by modelling and planning of the strict
a–Service), CRM (Customer Relationship Management) and Enterprise Resource Planning
which allow them to drive their business operations seamlessly (Erasmus, Strydom and
Rudansky-Kloppers 2016. ).
The higher authorities should be capable to assess the effectiveness of the innovative
technologies in the market. They should also take the initiative in cooperating the ITs in their
business. The information strategy is generally derived from the strategies of the business. The
major element of information strategy is to determine the information assets (Barry 2017). These
assets are used to load, process and manage huge data from various domains like market data,
finance data, production data and logistics data. Business and market areas emerge with various
threats, risks and opportunities. Each business represents various features such as its own
processes, rules and policies (Mainela and Ulkuniemi 2013). These factors are considered in
together to effectively approach the IT alignment. The business processes are known in a better
way when they fit with the existing business culture and the business structure. Businesses
require to avoid creative destruction. The strategic approach is driven or implemented as top
down approach where the strategies made by the top management should be ensured that they
can easily fit to other levels of the business. The IT alignment can easily be facilitated and
inhabited by multiple factors and forces (Tallon, Ramirez and Short 2013). The middle
management converts these strategies in workable templates which are further implemented by
the operational management. The IT alignment is usually assisted by the common vision of the
strategy which is communicated among various business levels. At the same time, IT alignment
is formally inhabited by deficit emphasis and focus of the IT priorities. It is necessary to have
clear interfaces and structures for collaboration and communication among various business
units and the IT units. IT alignment can also be achieved by modelling and planning of the strict
3IS GOVERNANCE
IT architecture in every level of the business (Wu, Straub and Liang 2015). An internally
consistent IT infrastructure endorses communication in every levels of the business. It is
important to know that a strategic, competitive IT vision needs a proper understanding that the
communication management, operations management and IT equipment work in parallel to
allow the business to achieve the business aims and objectives. The IT staffs are required to be
integrated for the IT alignment in a business. IT alignment is not easy to measure rather, it can be
evaluated using the objective scales. It is necessity for the IT strategy to consider flexibility,
performance, compliance, security and customer lock in (Chatterjee and Ravichandran 2013).
Therefore, it is cleared that IT governance should be in place remembering the fact to align the
business towards its aims and objectives.
Response to Question 2:
With the technological enhancement, information technology has become a significant
part of a business in the competitive market. There are various IT governance policies. They are:
Data Protection Policy: According to this policy, the business is solely responsible to
process private data of the stakeholders. This policy is applicable for every staffs of the
business. The businesses should ensure that the business data are processed lawfully,
transparently and fairly. The data should collected only for some specific purpose,
legitimate and explicit reasons. The business should be relevant, adequate and limited to
the business necessities ad the purpose of the data (Schnoll 2015). The information
systems are also required to be accurate and should also be updated in a regular phase.
Records Management and Retention Policy: According to this policy, the business
should establish principle to ensure that the organization implements effective record
management. This policy is applicable for every records that were created, maintained,
IT architecture in every level of the business (Wu, Straub and Liang 2015). An internally
consistent IT infrastructure endorses communication in every levels of the business. It is
important to know that a strategic, competitive IT vision needs a proper understanding that the
communication management, operations management and IT equipment work in parallel to
allow the business to achieve the business aims and objectives. The IT staffs are required to be
integrated for the IT alignment in a business. IT alignment is not easy to measure rather, it can be
evaluated using the objective scales. It is necessity for the IT strategy to consider flexibility,
performance, compliance, security and customer lock in (Chatterjee and Ravichandran 2013).
Therefore, it is cleared that IT governance should be in place remembering the fact to align the
business towards its aims and objectives.
Response to Question 2:
With the technological enhancement, information technology has become a significant
part of a business in the competitive market. There are various IT governance policies. They are:
Data Protection Policy: According to this policy, the business is solely responsible to
process private data of the stakeholders. This policy is applicable for every staffs of the
business. The businesses should ensure that the business data are processed lawfully,
transparently and fairly. The data should collected only for some specific purpose,
legitimate and explicit reasons. The business should be relevant, adequate and limited to
the business necessities ad the purpose of the data (Schnoll 2015). The information
systems are also required to be accurate and should also be updated in a regular phase.
Records Management and Retention Policy: According to this policy, the business
should establish principle to ensure that the organization implements effective record
management. This policy is applicable for every records that were created, maintained,
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4IS GOVERNANCE
held and received by the business to carry their corporate functions (Franks 2013). The
records are required to be handled in compliance with regulatory and legislative
requirements. The records should have relevant context, content as well as format. These
records are required to be useable, timely, well managed, reliable and authentic. Records
should be associated with the support, activity and function of the business for supporting
decision making processes. The records should be managed by various processes and
systems to ensure efficiency and consistency to every business departments. The records
should be stored as well as handled in an appropriate format for retaining the quality,
durability, reliability, relevance and accessibility. Confidentiality should be maintained
throughout the business such that the sensitive records are not visible or accessed by
unknown users. The records are required to disposed and retained with Records Retention
Schedule.
Records Retention Schedule: This policy guides the organization with some retention
periods to differentiate the types of records on the basis of regulatory and legislative
needs, existing practices and policies, operational needs and organizational standards.
Document Management Policy: The major aim of this policy is to ensure that the
organization captures and generated reliable and authentic records for demonstrating,
accounting the business activities and decisions (Penn and Pennix 2017). This policy also
facilitates for protecting and auditing the rights and legal factors of the organization. The
policy also conforms to statutory and legal requirements associated with the stored
records.
Digital Preservation Policy: This policy guides the organization to preserve the digital
records required for technical and retention purposes. The policy is applicable to every
held and received by the business to carry their corporate functions (Franks 2013). The
records are required to be handled in compliance with regulatory and legislative
requirements. The records should have relevant context, content as well as format. These
records are required to be useable, timely, well managed, reliable and authentic. Records
should be associated with the support, activity and function of the business for supporting
decision making processes. The records should be managed by various processes and
systems to ensure efficiency and consistency to every business departments. The records
should be stored as well as handled in an appropriate format for retaining the quality,
durability, reliability, relevance and accessibility. Confidentiality should be maintained
throughout the business such that the sensitive records are not visible or accessed by
unknown users. The records are required to disposed and retained with Records Retention
Schedule.
Records Retention Schedule: This policy guides the organization with some retention
periods to differentiate the types of records on the basis of regulatory and legislative
needs, existing practices and policies, operational needs and organizational standards.
Document Management Policy: The major aim of this policy is to ensure that the
organization captures and generated reliable and authentic records for demonstrating,
accounting the business activities and decisions (Penn and Pennix 2017). This policy also
facilitates for protecting and auditing the rights and legal factors of the organization. The
policy also conforms to statutory and legal requirements associated with the stored
records.
Digital Preservation Policy: This policy guides the organization to preserve the digital
records required for technical and retention purposes. The policy is applicable to every
5IS GOVERNANCE
staffs of the organization who handle the digital records (Kerzner 2017). This policy can
be used by the organization to define approach of the organization towards the
preservation of the electronic records. The policy is also concerned with the preservation
of access to the electronic records.
Personal Data Breach Policy: This policy aims in standardizing the responses of the
council regarding any data breach to guarantee that they are properly managed and
logged with the best law and practice such as the incidents are swiftly reported and are
appropriately determined (McDonald and Léveillé 2014). The incidents are also to be
dealt timely and the normal operations are to be restored. The incidents are also
documented as well as recorded for future purpose. Each and every incidents are to be
analyzed in an appropriate manner.
Privacy Impact Assessment Policy: The GDPR (General Data Protection Regulation)
needs the organization to conduct DPIAs (Data Protection Impact Assessment) for
assessing and addressing the risks of individuals. The policy formulates the
organizational approach to determine the requirement and implementing DPIAs. This
policy is also applicable to every staffs of the organization (David, Dube and Ngulube
2013). Each and every operations of the organizations are subjected to DPIA.
Information Strategy Principles: Information Governance requires few strategic
principles to govern the IT infrastructure in an appropriate manner. These principles are
transparency, discoverability, integrity, value, security, accessibility and others. As per
the policy, the organization uses the information for increasing the trust with the
employees and other stakeholders of the organization. The information are to be
effectively used for supporting the mission and vision of the organization (Oladapo
staffs of the organization who handle the digital records (Kerzner 2017). This policy can
be used by the organization to define approach of the organization towards the
preservation of the electronic records. The policy is also concerned with the preservation
of access to the electronic records.
Personal Data Breach Policy: This policy aims in standardizing the responses of the
council regarding any data breach to guarantee that they are properly managed and
logged with the best law and practice such as the incidents are swiftly reported and are
appropriately determined (McDonald and Léveillé 2014). The incidents are also to be
dealt timely and the normal operations are to be restored. The incidents are also
documented as well as recorded for future purpose. Each and every incidents are to be
analyzed in an appropriate manner.
Privacy Impact Assessment Policy: The GDPR (General Data Protection Regulation)
needs the organization to conduct DPIAs (Data Protection Impact Assessment) for
assessing and addressing the risks of individuals. The policy formulates the
organizational approach to determine the requirement and implementing DPIAs. This
policy is also applicable to every staffs of the organization (David, Dube and Ngulube
2013). Each and every operations of the organizations are subjected to DPIA.
Information Strategy Principles: Information Governance requires few strategic
principles to govern the IT infrastructure in an appropriate manner. These principles are
transparency, discoverability, integrity, value, security, accessibility and others. As per
the policy, the organization uses the information for increasing the trust with the
employees and other stakeholders of the organization. The information are to be
effectively used for supporting the mission and vision of the organization (Oladapo
6IS GOVERNANCE
2014). It is also to be ensured that information is of high consistent. Each and every
information are required to be prioritized highly to ensure continuous development of the
business.
Therefore, the discussed information policies are highly critical for every business and
these policies are to be followed strictly within the working environment such that the
business activities can be performed easily as well as they can meet each and every
requirements of their customers.
Response to Question 3:
IT governance should always align a business towards its goals and aims. Therefore, the
business strategy and the IT governance are related with each other. The IT governance is set
utilizing different structures, mechanisms and processes. These structures comprise of organized
devices and methods to enable and connect horizontal contacts among the IT management and
the business. Relational methods are critical for the IT governance layout to attain and sustain the
IT align the business towards a sustainable environment (Sachs 2015). It is to be ensured that the
applied mechanisms, structures and processes serves a particular solution to the business.
However, the division of the IT governance layout in small pieces does not solve the whole
problem in all cases. The IT governance has six motives in the context of the business strategy:
to align the business with the project and to ensure that the project has some business values, to
ensure that the business uses maximum number of resources to conduct the business operation,
to integrate cost handling method to safeguard the project running schedules, to preserve
organizational coherence and to manage the project risks to disallow them to affect any of the
business’s departments (Binder 2016). As the project are generally placed externally in an
organization, the project governance gives a structures approach to assist decision making
2014). It is also to be ensured that information is of high consistent. Each and every
information are required to be prioritized highly to ensure continuous development of the
business.
Therefore, the discussed information policies are highly critical for every business and
these policies are to be followed strictly within the working environment such that the
business activities can be performed easily as well as they can meet each and every
requirements of their customers.
Response to Question 3:
IT governance should always align a business towards its goals and aims. Therefore, the
business strategy and the IT governance are related with each other. The IT governance is set
utilizing different structures, mechanisms and processes. These structures comprise of organized
devices and methods to enable and connect horizontal contacts among the IT management and
the business. Relational methods are critical for the IT governance layout to attain and sustain the
IT align the business towards a sustainable environment (Sachs 2015). It is to be ensured that the
applied mechanisms, structures and processes serves a particular solution to the business.
However, the division of the IT governance layout in small pieces does not solve the whole
problem in all cases. The IT governance has six motives in the context of the business strategy:
to align the business with the project and to ensure that the project has some business values, to
ensure that the business uses maximum number of resources to conduct the business operation,
to integrate cost handling method to safeguard the project running schedules, to preserve
organizational coherence and to manage the project risks to disallow them to affect any of the
business’s departments (Binder 2016). As the project are generally placed externally in an
organization, the project governance gives a structures approach to assist decision making
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7IS GOVERNANCE
processes in the projects. The layouts are aligned, repeatable and robust to the entire governance
approach of the concerned business. The layouts are generally based on three principles of
project management (Carley and Christie 2017). Those three principles are: Centralized liability
for the project success, separation of decision making process and stakeholder management,
separation of operational governance and the project governance. As per these principles, the
project owner is solely responsible for every project operations and project activates. Moreover,
the project manager is responsible to take each and every decisions related to the project
(Weaver et al. 2013). The project sponsor plays an important role in a project but the sponsor is
permitted with few access and control of the project. Therefore, the project sponsor cannot
ensure for project success rather, it can be a major factor behind a successful project. These
principles also features that the project owner cannot be stakeholder and therefore, he or she
should not have operational stake in their concerned project. The operational stake cannot be
controlled by the project owner as decisions that are taken can skewed towards a specific need of
the stakeholders (Schwalbe 2015). Moreover, the project decisions are required to be quick as
well as flexible for the business. The project decisions are not assisted by hierarchical business
concerning to the regular activities of the business. The project management committee is solely
responsible to deliver the project in time. In the context of project governance, projects are
required to supervise in continuous way (Marchewka 2016). Every business is associated with
high level risks and these risks are to be managed by the operational governance with the help of
strategic IT governance. The risks are to be considered within the organization strategic plan and
the risk management layout and lastly, the projects are required to be evaluated on the basis of
projected business value and the provisional competitive advantage. The major role of project
board is not to overlook every project activities rather to overlook the project portfolio (Bloom et
processes in the projects. The layouts are aligned, repeatable and robust to the entire governance
approach of the concerned business. The layouts are generally based on three principles of
project management (Carley and Christie 2017). Those three principles are: Centralized liability
for the project success, separation of decision making process and stakeholder management,
separation of operational governance and the project governance. As per these principles, the
project owner is solely responsible for every project operations and project activates. Moreover,
the project manager is responsible to take each and every decisions related to the project
(Weaver et al. 2013). The project sponsor plays an important role in a project but the sponsor is
permitted with few access and control of the project. Therefore, the project sponsor cannot
ensure for project success rather, it can be a major factor behind a successful project. These
principles also features that the project owner cannot be stakeholder and therefore, he or she
should not have operational stake in their concerned project. The operational stake cannot be
controlled by the project owner as decisions that are taken can skewed towards a specific need of
the stakeholders (Schwalbe 2015). Moreover, the project decisions are required to be quick as
well as flexible for the business. The project decisions are not assisted by hierarchical business
concerning to the regular activities of the business. The project management committee is solely
responsible to deliver the project in time. In the context of project governance, projects are
required to supervise in continuous way (Marchewka 2016). Every business is associated with
high level risks and these risks are to be managed by the operational governance with the help of
strategic IT governance. The risks are to be considered within the organization strategic plan and
the risk management layout and lastly, the projects are required to be evaluated on the basis of
projected business value and the provisional competitive advantage. The major role of project
board is not to overlook every project activities rather to overlook the project portfolio (Bloom et
8IS GOVERNANCE
al. 2014). The project board requires centralized project accountability as well as to should
ensure that every projects are to be handled by the principles of the project governance.
Moreover, the project committee is formed according to the business strategy and the business
activities. The committee is also made depending on the requirements of the customers. The
committees are the permanent teams which are authorized by the business for conducting defined
activities. As the committees have huge lifetime, they are forced to be affected by the social
politics and decisions (García-Peñalvo and Conde 2014). IT governance in the business implies
the use of the project governance to help the business to achieve its goals and objectives by
identifying key projects for the business, appointing project owners, establishing the project
committee to engage the project stakeholders and customers. The capital expenditure committee
approves and allocates the expenditures which include resources and cost required for their
project. Therefore, the business strategies and the IS governance is highly dependent on each
other (Birt et al. 2020). Without proper IS governance a business cannot implement and prepare
proper business strategy. The project programs and their governance drive the business towards
its objectives and goals.
Response to Question 4:
Organizations always require information system to conduct their activities and process
their business data. In this technological environment, the information are highly vulnerable to
multiple threats and risks (Kliem and Ludin 2019). Therefore, the management of these systems
is a complex process. A traditional management process is not enough to handle such systems.
Therefore legal consideration, business obligations and regulatory compliance are required to
handle these systems. Information governance is combined with these regulatory methods to
allow the concerned business to develop the business in every dimensions. The key values of the
al. 2014). The project board requires centralized project accountability as well as to should
ensure that every projects are to be handled by the principles of the project governance.
Moreover, the project committee is formed according to the business strategy and the business
activities. The committee is also made depending on the requirements of the customers. The
committees are the permanent teams which are authorized by the business for conducting defined
activities. As the committees have huge lifetime, they are forced to be affected by the social
politics and decisions (García-Peñalvo and Conde 2014). IT governance in the business implies
the use of the project governance to help the business to achieve its goals and objectives by
identifying key projects for the business, appointing project owners, establishing the project
committee to engage the project stakeholders and customers. The capital expenditure committee
approves and allocates the expenditures which include resources and cost required for their
project. Therefore, the business strategies and the IS governance is highly dependent on each
other (Birt et al. 2020). Without proper IS governance a business cannot implement and prepare
proper business strategy. The project programs and their governance drive the business towards
its objectives and goals.
Response to Question 4:
Organizations always require information system to conduct their activities and process
their business data. In this technological environment, the information are highly vulnerable to
multiple threats and risks (Kliem and Ludin 2019). Therefore, the management of these systems
is a complex process. A traditional management process is not enough to handle such systems.
Therefore legal consideration, business obligations and regulatory compliance are required to
handle these systems. Information governance is combined with these regulatory methods to
allow the concerned business to develop the business in every dimensions. The key values of the
9IS GOVERNANCE
business are the business stakeholders and the clients (Rodney et al. 2015). Data associated with
them are highly vulnerable to the threats. Multiple organizations generate diversity in data that
are handled suing the platforms and policies. These can result in compliance problem which may
span numerous business and regulatory requirements for not mentioning the jurisdictions. IS
Governance is associated with multiple risks like financial, Success risk, people risk,
technological risk, information risk, political risk, systematic risk, Business risk, system security
risk, environmental risk and functional risk (Greiman 2013). Risk factors can comprise of
individual factors like project size, software used in the software and malicious employees. The
aim to describe the risk elements is to structure the risk by categories which can help the
organization to align their strategies with the strategic approach of IS Governance (Binder 2016).
Risk management is the practice of dealing with non-speculative threats (threats from which the
user can face only loss). These non-speculative risks can decrease the business value. Risk
management in the IS Governance comprises of few linked goals like elimination of the risks, to
decrease the acceptance level of the risks which are unable to be eliminated (Qazi et al. 2016).
The initial step in an appropriate risk analysis method is to identify the values or the assets of the
business. It is highly important for a business to determine its assets before conducting risk
management in there is Governance. The importance of those assets are also required to be
known such that they can be secured from the external threats. While securing the assets the
business also requires to look after every business threats and risks. The threats are then
prioritized on the basis of their effects and the threats are countered with multiple counter
measures such that they cannot affect the business and the working environment of the business.
Information technology is a trending factor in this modern world and thus, every information
systems used to store and process the data are required to be tightly sealed so that an attacker
business are the business stakeholders and the clients (Rodney et al. 2015). Data associated with
them are highly vulnerable to the threats. Multiple organizations generate diversity in data that
are handled suing the platforms and policies. These can result in compliance problem which may
span numerous business and regulatory requirements for not mentioning the jurisdictions. IS
Governance is associated with multiple risks like financial, Success risk, people risk,
technological risk, information risk, political risk, systematic risk, Business risk, system security
risk, environmental risk and functional risk (Greiman 2013). Risk factors can comprise of
individual factors like project size, software used in the software and malicious employees. The
aim to describe the risk elements is to structure the risk by categories which can help the
organization to align their strategies with the strategic approach of IS Governance (Binder 2016).
Risk management is the practice of dealing with non-speculative threats (threats from which the
user can face only loss). These non-speculative risks can decrease the business value. Risk
management in the IS Governance comprises of few linked goals like elimination of the risks, to
decrease the acceptance level of the risks which are unable to be eliminated (Qazi et al. 2016).
The initial step in an appropriate risk analysis method is to identify the values or the assets of the
business. It is highly important for a business to determine its assets before conducting risk
management in there is Governance. The importance of those assets are also required to be
known such that they can be secured from the external threats. While securing the assets the
business also requires to look after every business threats and risks. The threats are then
prioritized on the basis of their effects and the threats are countered with multiple counter
measures such that they cannot affect the business and the working environment of the business.
Information technology is a trending factor in this modern world and thus, every information
systems used to store and process the data are required to be tightly sealed so that an attacker
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10IS GOVERNANCE
cannot easily trigger his or her attack (Leach 2014). However, multiple organization do not have
the internal risk management method. In such business, an external expert is hired. In some cases
the organization has existing arrangements with suppliers to manage the risks in their project.
Security of these system can commensurate with the risks. The selection of security controls in a
cost – effective and appropriate manner is quite complex process. The selection of the security
controls hugely depends on the type of project and the stakeholders associated with the project
(Harris 2017). The business values are developed by these security controls. The conservation of
the business values is an important process for every business. The major function of the security
risk analysis is to put the process in an objective manner. The IT governance has six motives in
the context of the business strategy: to align the business with the project and to ensure that the
project has some business values, to ensure that the business uses maximum number of resources
to conduct the business operation, to integrate cost handling method to safeguard the project
running schedules, to preserve organizational coherence and to manage the project risks to
disallow them to affect any of the business’s departments. IT alignment is not easy to measure
rather, it can be evaluated using the objective scales (Heagney 2016). It is necessity for the IT
strategy to consider flexibility, performance, compliance, security and customer lock in. The
strategic approach is driven or implemented as top down approach where the strategies made by
the top management should be ensured that they can easily fit to other levels of the business.
cannot easily trigger his or her attack (Leach 2014). However, multiple organization do not have
the internal risk management method. In such business, an external expert is hired. In some cases
the organization has existing arrangements with suppliers to manage the risks in their project.
Security of these system can commensurate with the risks. The selection of security controls in a
cost – effective and appropriate manner is quite complex process. The selection of the security
controls hugely depends on the type of project and the stakeholders associated with the project
(Harris 2017). The business values are developed by these security controls. The conservation of
the business values is an important process for every business. The major function of the security
risk analysis is to put the process in an objective manner. The IT governance has six motives in
the context of the business strategy: to align the business with the project and to ensure that the
project has some business values, to ensure that the business uses maximum number of resources
to conduct the business operation, to integrate cost handling method to safeguard the project
running schedules, to preserve organizational coherence and to manage the project risks to
disallow them to affect any of the business’s departments. IT alignment is not easy to measure
rather, it can be evaluated using the objective scales (Heagney 2016). It is necessity for the IT
strategy to consider flexibility, performance, compliance, security and customer lock in. The
strategic approach is driven or implemented as top down approach where the strategies made by
the top management should be ensured that they can easily fit to other levels of the business.
11IS GOVERNANCE
References
Barry, W.S., 2017. Airline Management: Business Management in Transport 3. Routledge.
Binder, J., 2016. Global project management: communication, collaboration and management
across borders. Routledge.
Birt, J., Chalmers, K., Maloney, S., Brooks, A., Oliver, J. and Bond, D., 2020. Accounting:
Business reporting for decision making. John Wiley & Sons.
Bloom, N., Garicano, L., Sadun, R. and Van Reenen, J., 2014. The distinct effects of information
technology and communication technology on firm organization. Management Science, 60(12),
pp.2859-2885.
Carley, M. and Christie, I., 2017. Managing sustainable development. Routledge.
Chatterjee, D. and Ravichandran, T., 2013. Governance of interorganizational information
systems: a resource dependence perspective. Information Systems Research, 24(2), pp.261-278.
David, R., Dube, A. and Ngulube, P., 2013. A cost-benefit analysis of document management
strategies used at a financial institution in Zimbabwe: A case study. South African Journal of
Information Management, 15(2), pp.1-10.
Erasmus, B., Strydom, J.W. and Rudansky-Kloppers, S. eds., 2016. Introduction to business
management. Oxford University Press Southern Africa.
Franks, P.C., 2013. Records and information management. American Library Association.
García-Peñalvo, F.J. and Conde, M.Á., 2014. Using informal learning for business decision
making and knowledge management. Journal of Business Research, 67(5), pp.686-691.
References
Barry, W.S., 2017. Airline Management: Business Management in Transport 3. Routledge.
Binder, J., 2016. Global project management: communication, collaboration and management
across borders. Routledge.
Birt, J., Chalmers, K., Maloney, S., Brooks, A., Oliver, J. and Bond, D., 2020. Accounting:
Business reporting for decision making. John Wiley & Sons.
Bloom, N., Garicano, L., Sadun, R. and Van Reenen, J., 2014. The distinct effects of information
technology and communication technology on firm organization. Management Science, 60(12),
pp.2859-2885.
Carley, M. and Christie, I., 2017. Managing sustainable development. Routledge.
Chatterjee, D. and Ravichandran, T., 2013. Governance of interorganizational information
systems: a resource dependence perspective. Information Systems Research, 24(2), pp.261-278.
David, R., Dube, A. and Ngulube, P., 2013. A cost-benefit analysis of document management
strategies used at a financial institution in Zimbabwe: A case study. South African Journal of
Information Management, 15(2), pp.1-10.
Erasmus, B., Strydom, J.W. and Rudansky-Kloppers, S. eds., 2016. Introduction to business
management. Oxford University Press Southern Africa.
Franks, P.C., 2013. Records and information management. American Library Association.
García-Peñalvo, F.J. and Conde, M.Á., 2014. Using informal learning for business decision
making and knowledge management. Journal of Business Research, 67(5), pp.686-691.
12IS GOVERNANCE
Greiman, V.A., 2013. Megaproject management: Lessons on risk and project management from
the Big Dig. John Wiley & Sons.
Harris, E., 2017. Strategic project risk appraisal and management. Routledge.
Heagney, J., 2016. Fundamentals of project management. Amacom.
Kerzner, H., 2017. Project management: a systems approach to planning, scheduling, and
controlling. John Wiley & Sons.
Kliem, R.L. and Ludin, I.S., 2019. Reducing project risk. Routledge.
Leach, L.P., 2014. Critical chain project management. Artech House.
Mainela, T. and Ulkuniemi, P., 2013. Personal interaction and customer relationship
management in project business. Journal of Business & Industrial Marketing.
Marchewka, J.T., 2016. Information technology project management: Providing measurable
organizational value. John Wiley & Sons.
McDonald, J. and Léveillé, V., 2014. Whither the retention schedule in the era of big data and
open data?. Records Management Journal, 24(2), pp.99-121.
Noe, R.A., Hollenbeck, J.R., Gerhart, B. and Wright, P.M., 2015. Human resource
management. Gaining a Competitive.
Oladapo, V., 2014. The impact of talent management on retention. Journal of business studies
quarterly, 5(3), p.19.
Penn, I.A. and Pennix, G.B., 2017. Records management handbook. Routledge.
Greiman, V.A., 2013. Megaproject management: Lessons on risk and project management from
the Big Dig. John Wiley & Sons.
Harris, E., 2017. Strategic project risk appraisal and management. Routledge.
Heagney, J., 2016. Fundamentals of project management. Amacom.
Kerzner, H., 2017. Project management: a systems approach to planning, scheduling, and
controlling. John Wiley & Sons.
Kliem, R.L. and Ludin, I.S., 2019. Reducing project risk. Routledge.
Leach, L.P., 2014. Critical chain project management. Artech House.
Mainela, T. and Ulkuniemi, P., 2013. Personal interaction and customer relationship
management in project business. Journal of Business & Industrial Marketing.
Marchewka, J.T., 2016. Information technology project management: Providing measurable
organizational value. John Wiley & Sons.
McDonald, J. and Léveillé, V., 2014. Whither the retention schedule in the era of big data and
open data?. Records Management Journal, 24(2), pp.99-121.
Noe, R.A., Hollenbeck, J.R., Gerhart, B. and Wright, P.M., 2015. Human resource
management. Gaining a Competitive.
Oladapo, V., 2014. The impact of talent management on retention. Journal of business studies
quarterly, 5(3), p.19.
Penn, I.A. and Pennix, G.B., 2017. Records management handbook. Routledge.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
13IS GOVERNANCE
Qazi, A., Quigley, J., Dickson, A. and Kirytopoulos, K., 2016. Project Complexity and Risk
Management (ProCRiM): Towards modelling project complexity driven risk paths in
construction projects. International journal of project management, 34(7), pp.1183-1198.
Rodney, E., Ducq, Y., Breysse, D. and Ledoux, Y., 2015. An integrated management approach
of the project and project risks. IFAC-PapersOnLine, 48(3), pp.535-540.
Sachs, J.D., 2015. The age of sustainable development. Columbia University Press.
Schnoll, H.J., 2015. E-Government: Information, Technology, and Transformation: Information,
Technology, and Transformation. Routledge.
Schwalbe, K., 2015. Information technology project management. Cengage Learning.
Tallon, P.P., Ramirez, R.V. and Short, J.E., 2013. The information artifact in IT governance:
toward a theory of information governance. Journal of Management Information Systems, 30(3),
pp.141-178.
Uhl, A. and Gollenia, L.A. eds., 2016. A handbook of business transformation management
methodology. Routledge.
Van Grembergen, W. and De Haes, S., 2018. Introduction to the Minitrack on IT Governance
and its Mechanisms.
Weaver, P., Jansen, L., Van Grootveld, G., Van Spiegel, E. and Vergragt, P., 2017. Sustainable
technology development. Routledge.
Wu, S.P.J., Straub, D.W. and Liang, T.P., 2015. How information technology governance
mechanisms and strategic alignment influence organizational performance: Insights from a
matched survey of business and IT managers. Mis Quarterly, 39(2), pp.497-518.
Qazi, A., Quigley, J., Dickson, A. and Kirytopoulos, K., 2016. Project Complexity and Risk
Management (ProCRiM): Towards modelling project complexity driven risk paths in
construction projects. International journal of project management, 34(7), pp.1183-1198.
Rodney, E., Ducq, Y., Breysse, D. and Ledoux, Y., 2015. An integrated management approach
of the project and project risks. IFAC-PapersOnLine, 48(3), pp.535-540.
Sachs, J.D., 2015. The age of sustainable development. Columbia University Press.
Schnoll, H.J., 2015. E-Government: Information, Technology, and Transformation: Information,
Technology, and Transformation. Routledge.
Schwalbe, K., 2015. Information technology project management. Cengage Learning.
Tallon, P.P., Ramirez, R.V. and Short, J.E., 2013. The information artifact in IT governance:
toward a theory of information governance. Journal of Management Information Systems, 30(3),
pp.141-178.
Uhl, A. and Gollenia, L.A. eds., 2016. A handbook of business transformation management
methodology. Routledge.
Van Grembergen, W. and De Haes, S., 2018. Introduction to the Minitrack on IT Governance
and its Mechanisms.
Weaver, P., Jansen, L., Van Grootveld, G., Van Spiegel, E. and Vergragt, P., 2017. Sustainable
technology development. Routledge.
Wu, S.P.J., Straub, D.W. and Liang, T.P., 2015. How information technology governance
mechanisms and strategic alignment influence organizational performance: Insights from a
matched survey of business and IT managers. Mis Quarterly, 39(2), pp.497-518.
1 out of 14
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
© 2024 | Zucol Services PVT LTD | All rights reserved.