IT Audit

IT Audit
Table of Contents

Information technology governance

Critical success factors

In question 1, we will discuss some critical success factors that encourage the successful implementation of Information Technology (IT) governance. Most information technology companies or organizations approach information technology operations or service management from a tool perspective or initiative from the process. Companies often expect their employees to adapt or adopt tools or new processes for securing the companies buy-in. The companies who struggle with tool adoption & with process get proper buy-in implementation. Also, for companies who want to gain the most significant value, it is important to know the level of governance & type for specific initiatives & needs (Van Grembergen, W. ed., 2004.).

To increase the success of information technology operations following the key success factors should be considered:

Training, communication & education

To accelerate the tools & operations management processes also training should be comprehensive, planned, repeated & concise. To deliver your message, there is a need to use multiple platforms. For those who make early communication sense of urgency, this is a positive point. Employees in the company must know the value of proportion. For example, they know that what we are going to do & why it is happening. Also, employees have an idea that if the project fails, what they will do. The company employee should review the stakeholder analysis & also match their communication with the result they gained. The communication between employees & stakeholders should be personal. Considering company team educated is also a plus point for any organization. For example, you should demonstrate that how you will capture the incident information in the service desk pool:

· Efficient routing will help to support the team.

· This provides the foundation for the management capabilities problems also enables us to determine the root causes.

· Education helps to company in measuring & reporting for continuous improvement.

The organization should celebrate their wins & also provide a status update to the company throughout their start. There is a need for companies to know where they are standing & what will happen next in the organization. The company should celebrate their wins. This will increase the value of the company & the company strengthen support & maintain its momentum.

To increase the success of the organization, there is a need to establish a feedback loop. This will enable individuals to provide their leaders & team feedback. That is what is not working & what is working to establishing the buy-in. The company should keep in mind that you should respond & acknowledged the feedback you receive from the customers.  The company not having feedback will prove more damaging.

Governance structure

The governance structure helps organizations in the management structure & also in the organization leadership. Also, the governance structure allows companies to make the decision-making & also improves the organization service management. Many companies already have governance in place. For instance, common governance includes project portfolios & also managing projects. Moreover, some companies have limits in the form of size, for example (information technology labor effort, project cost, etc.) in their projects. Management services reference the whole strategy, whole service lifestyle, build & run, design, etc. You have to establish the governance structure which complements your framework that helps your future integration. You should ensure that the framework you choose is balanced & properly sized.

The other factors that should be considered for the success of information technology governance are exception guidelines, the decision-making process & disincentive programs, or incentive programs. To identify the decision level authority, the first two discusses above will help organizations. The company will enable the management of exceptions & identification by establishing exceptional guidelines. Conclusion: there is an excellent way to facilitate the process of decision-making & also a key decision helps to frame every decision with the paper decision. The paper decision helps present the topics to decision-makers in equipping them and in a consistent manner (Nauka, E.N. and Rusu, L., 2011.).


Figure 1: Information Technology Governance

Following are the key elements of the decision paper that we discuss here:

  • There is an author who drafts the paper of decision & also helps in presenting the topic for decision making.
  • There is an approval body that presents the decision making
  • Another key element of the decision paper is the description of the decision. The decision description helps in giving the title to a topic of decision
  • The recommendation is also a key element of decision-making. This is a description related to the author that what he is recommended.
  • Authors in the decision paper provide descriptions of alternatives & also provide a reason that why this alternative is not recommended for the company
  • Another key factor identify key assumptions for forming & evaluating the recommendation
  • The decision paper key element also provides a history that also contributed to the recommendation
  • The decision paper also helps in describing the recommended solutions that how they provide benefit & rationale
  • The impact of the decision paper is to identify the additional considerations which influence the decision-making.
  • The decision paper defined the next steps that whether there is a need for further action or denied (Nauka, E.N. and Rusu, L., 2011.).

Responsibilities & roles

By documenting, defining & assigning responsibilities & roles in the governance structure, there is a need for clear communication for each employee for each role. To become clear successful expectations are the first step & every business wants to become successful. While assigning the roles & responsibilities, you should ensure to establish the RACI chart. This chart is helpful mainly in classifying responsibilities & roles in the departmental processes, functional processes, and information technology processes. When you are developing the chart of the RACI, you should ensure both design & planning and a governance structure. Also, you should ensure that responsibilities & roles are properly assigned & defined (Peterson, R., 2004.).

Reporting & measurement

 To become your company successful, there is a need to recognize good reporting & measurement. This helps companies that what they should do for future & also helps to know where they have been. Following are the three points should organizations consider when to establish the reports or measurements:


Figure 2: Reporting and Measurement

  • It would help if you did not manage those things which are you think you can’t measure. Without objective measures that have been proven, it is challenging to gain the investments for the improvements. Moreover, well-defined reports & measures can help you motivate your employees to gain the goal and accelerate desired behaviors.
  • It would help if you kept in mind the end goal. Try to measure for improvement, not just for prove. There are two levels of the sound framework of information technology. The first is service measure & the second is process measure. Service measures help in the business as well as information technology in creating the business value. Process measure is used for the information technology to drive the improvements.
  • The organization should know what how success looks like. As you design & define your measures, you should review the measures (Nauka, E.N. and Rusu, L., 2011.).


This is the last critical success factor but not least, is used for the information technology operations on the company’s culture & vice versa as we know that each organization’s culture is different from others. Here we discuss this with an example the cultures which are more tenure create more challenges for the company. The cultures which have increased with the approach of entrepreneurs create less challenge for the organization. The companies should use the strengths of cultures that exist for program advantage. For example, companies should measure & document the things and highlight those opportunities that help in the improvement. In companies, there are some individuals available who feel a threat from the change. You should help them understand the when, who, what, why & how the change will occur. Those who did not want to change discuss with the leadership team to overcome this situation (Nauka, E.N. and Rusu, L., 2011.)

Information technology effectiveness using COBIT framework

Explain the COBIT framework structure

This is a framework of information technology management that is developed to help businesses in organizing, developing & also implement the strategies around governance & information management. The COBIT framework was released in 1996, & COBIT helps control the related technologies and control objectives for information. This was designed for the financial audit community to better the negative growth of information technology environments. In 1998, there was released COBIT framework version 2. That expanded the COBIT framework to apply in the auditing community. Then in 2000, there was launched of version 3 of the COBIT framework buy information technology management techniques as well as informative governance techniques. Then in 2004, the fourth version was released of the COBIT framework. According to version updates, more communication technology improved. COBIT framework version five was released in 2012. This version helps businesses in controlling the risks & also information governance. In 2018, the updated version of the COBIT framework was launched with the name COBIT 2019. The COBIT framework 2019 is designed to evolve with fluid updates & more frequent updates constantly. This version was also established to introduce more flexible governance strategies, changing technology, & collaboration (Haram, D., 2020).

What is COBIT 2019?

The updated version of the COBIT framework is named COBIT 2019. This updated version also updates modern enterprises by assessing the new technologies, new trends & security needs. This updated version helps to information technology management frameworks a great option. Some new terminologies & concepts have been introduced with this updated version. That includes 40 management & governance objectives to the program of governance.

The system of performance management allows higher flexibility when using the capability measurements & maturity. The overall aim of the COBIT 2019 framework is that this is designed to provide companies or businesses greater flexibility in the information technology governance strategy. Here we also discuss the difference between COBIT & other frameworks. The significant difference is that COBIT 2019 focuses on risk management, security, & also information governance. According to ISACA, COBIT 2019 is not used to manage technology, organize business processes, make information technology decisions, architecture, or determine the information technology strategy. This is just designed for the management & governance of enterprises around the organizations (Haram, D., 2020).

Goals of COBIT 2019

Following are the goals & objectives of COBIT 2019:

  • The first goal of COBIT 2019 is to design the factors & focus on the areas that help into know more clarity for governing the business needs
  • The second goal of COBIT 2019 is to create a better alignment with the standards, best practices & frameworks to the relevance of the framework.
  • The other goal of COBIT 2019 is to provide regular updates based on rolling
  • This is also an open-source model that helps for feedback to encourage the enhancements & faster updates
  • This is a tool that is better to measure the performance of information technology
  • Also, another goal of COBIT 2019 is to provide more support for the collaborative features decision making

This also focuses on describing & providing concepts of issues & topics that can be addressed governance objectives & management (Khther, R.A., and Othman, M., 2013.).

Components of COBIT 2019

Following are the components of COBIT 2019:

  • The first component of COBIT 2019 is the methodology & introduction. This component introduces the principles of COBIT also the overall framework structure.
  • The second component of COBIT 2019 is the management objectives as well as governance. This component includes the 40 management objectives of governance
  • The third component of COBIT 2019 is the decision guide. This component helps in developing the governance system for the companies
  • The last & fourth component of COBIT 2019 is the implementation guide. This component includes the best practices that how to integrate strategies & avoid the pitfalls (Sabatini, G., Setyohadi, D.B. and Purnomo, W.Y.S., 2017)

COBIT benefit & principles

The main benefit of COBIT 2019 is that this encourages feedback from the community of practitioners. The benefit of COBIT 2019 is that individuals can purchase the design guide, suggest an improvement, they can leave comments & also propose new ideas & new concepts. This is designed for providing businesses governance strategy. As well as COBIT 2019 allows companies to more comfortably best-fits in the governance strategy.

The COBIT 2019 also defines the components to sustain & build a system: procedures & policies, processes, information flows, organizational structure, infrastructure, behaviors, & cultures. Those clients who use multiple frameworks according to COBIT 2019 best suits. The framework of COBIT 2019 aligns the existing frameworks in the companies & also this helps to understand what framework will be better for the overall strategy. This is also helpful to companies & businesses to monitor the overall performance of frameworks, mostly in terms of information security, security compliance & risk management.

The benefit of COBIT 2019 is that this is designed to give more insight to senior management. And also into the technology aligns with the goals of the organization. Individuals can also directly map the business into certain aspects of control-driven information technology, framework, etc.

Following are some other benefits of COBIT 2019:

  • COBIT 2019 enhances the trust & value in companies’ information systems. This is the most vital function of the COBIT framework. This helps information technology investments by creating & managing a balance between the risk involved & the use of resources. A business can enhance by implementing the principles of COBIT 2019, models & its best practices. The businesses can maintain their information & compliance with the help of the COBIT framework. That increases the trust & value in the information technology resources & services.
  • COBIT enhances productivity & efficiency. This is based on the principles that help to improve the effectiveness & efficiency of information technology. As a result, the same techniques & tools can be applied to organizations & industries of all sizes for process deliveries improvement of systems. This helps companies to diversify & increase their operations.
  • COBIT 2019 provides a framework for information technology organization as well as governance. Information technology management is different from information technology governance. COBIT 2019 plays a vital role in the proper governance establishment all over the organizations. There is a specialist available who incorporates the incremental goals, clarifies the issues & also helps in prioritizing the goals. The companies should be aware of their environment & also focuses on information technology features. COBIT helps to minimize all the risks involved & the monitoring process.
  • COBIT 2019 helps organizations comply with industry standards. In the implementation of COBIT 2019, a company is to make sure that they should not abide by the industry’s standards but also allow industry both external & internal stakeholders to increase or improve their skills. If the skills of the employees improve, they will match with the industry qualification.
  • Another benefit of COBIT 2019 is the certification that makes information technology professionals stand out. The client’s certification is proofed with the help of the COBIT framework. They will be able to handle the critical roles, for example, information technology current performance, applying principles of COBIT & organization operation tools (Sabatini, G., Setyohadi, D.B. and Purnomo, W.Y.S., 2017).


Already, Z., Chang, V., Walters, R. and Wills, G., 2016. Critical success factors (CSFs) for information technology governance (ITG). International Journal of Information Management36(6), pp.907-916.

Haram, D., 2020. I.T. governance impact on financial reporting quality using COBIT framework. Global Journal of Computer Sciences: Theory and Research10(1), pp.1-10.

Khther, R.A. and Othman, M., 2013. Cobit framework as a guideline of effective governance in higher education: a review. International Journal of Information Technology Convergence and Services3(1), p.21

Nauka, E.N. and Rusu, L., 2011. The effect of critical success factors on I.T. governance performance. Industrial Management & data systems.

Peterson, R., 2004. Crafting information technology governance. Information systems management21(4), pp.7-22.

Peterson, R.R., 2004. Integration strategies and tactics for information technology governance. In Strategies for information technology governance (pp. 37-80). I Global.

Sabatini, G., Setyohadi, D.B. and Purnomo, W.Y.S., 2017, September. Information technology governance assessment in Universitas Atma Jaya Yogyakarta using Cobit 5 frameworks. In 2017 4th International Conference on Electrical Engineering, Computer Science and Informatics (EECSI) (pp. 1-5). IEEE.

Shivashankarappa, A.N., Small, L., Dharmalingam, R. and Anbazhagan, N., 2012, June. Implementing its governance using COBIT: A case study focusing on critical success factors. In World Congress on Internet Security (WorldCIS-2012) (pp. 144-149). IEEE.

Tuttle, B. and Vandervelde, S.D., 2007. An empirical examination of CobiT as an internal control framework for information technology. International Journal of Accounting information systems8(4), pp.240-263.

Van Grembergen, W. ed., 2004. Strategies for information technology governance. I Global.