IT Governance

Get Started. It's Free
or sign up with your email address
Rocket clouds
IT Governance by Mind Map: IT Governance

1. Definitions

1.1. Decision & Accountability Perspective

1.1.1. IT decision domains

1.1.2. IT governance archetypes

1.1.3. Implementation mechanisms

1.2. Current & Future use of IT Perspective

1.2.1. IT responsibilities

1.2.2. IT plan

1.2.3. IT in business processes & requirements

1.2.4. IT processes

1.2.5. IT compliance with rules & legislation

1.2.6. Use of human factors

1.3. Effective directing & controlling IT (ITGI) Perspective

1.3.1. Strategic alignment

1.3.2. Value delivery

1.3.3. Risk management

1.3.4. Resource management

1.3.5. Performance measurement

2. Models

2.1. ISO / IEC 27002:2005

2.2. ITIL

2.3. CMMI

2.4. PRINCE2

2.5. COBIT

2.5.1. Plan & Organize

2.5.2. Acquire & Implement

2.5.3. Deliver & Support

2.5.4. Monitor & Evaluate

3. Audits

3.1. Goal

3.1.1. proving an adequate and appropriate level of IT governance necessary for compliance, accordance and conformance purposes in a controllable and verifiable fashion

3.2. Objective

3.3. Scope

3.4. Control Framework

3.4.1. General (Organisation's norm / IT strategy)

3.4.2. Support & Maintenance (ITIL)

3.4.3. Security (ISO 27001 and professionals norms)

3.5. Report Structure (no standard)

4. Attestation

4.1. Business drivers: Assurance to

4.1.1. regulatory compliance

4.1.1.1. SOX

4.1.1.2. WBP (Privacy law)

4.1.1.3. Wft (Financial Supervision Act)

4.1.1.4. Basel II

4.1.1.5. Solvency II

4.1.2. organizational compliance

4.1.2.1. Corporate Governance codes

4.1.2.1.1. Tabaksblat code

4.1.3. commercial compliance

4.1.3.1. Commercial business arrangements (e.g. contracts and SLAs)

4.2. Main Components

4.2.1. Objective

4.2.1.1. fixed

4.2.1.2. specific

4.2.1.2.1. control objectives related to compliance, accordance and/or conformance

4.2.1.3. assessing design, existence and operating effectiveness of controls

4.2.2. Scope

4.2.3. Control Framework

4.2.3.1. COBIT

4.2.4. Report Structure

4.2.4.1. SAS 70 (Type I and Type II)

4.3. Arguments for justification

4.3.1. top executives focus on effective implementation

4.3.2. contribution to improved control awareness and quality within organisations

4.3.3. reflection of best practices

5. Market developments that have impact on attestation

5.1. ISO / IEC 38500: New worldwide IT governance standard

5.2. ISAE 3402: International assurance report standard