Table of Contents
Systems Governance Strategy
Governance of information technology system is about the development of processes, procedures and practice that ensure that the development and management of system complies with an organisations policy.
The question of how you might achieve an effective governance for live systems requires a comprehensive information system technology strategy with a firm commitment and backing of the most senior executive.
Key stages of Governance programme
- Designed into information technology system from day one.
- Monitor information technology system day by day.
- Respond immediately to threats to information technology system.
- Plan to learn & improve information technology system.
Categories of threat
Threats to information technology systems may classified.
- Intentional or accidental.
- Internal or external.
- People or systems.
Types of threat :
- Malpractice & Negligence - procedure evasion, asset loss, forgery, under reporting, cover up.
- Internal Fraud - misappropriation of resources & assets.
- External Fraud - hacking & DOS, unauthorised access to information or content assets, forgery & misrepresentation.
- Physical Damage - natural disasters, weather, vandalism & terrorism.
- System Failures & Disruption - utility loss, software failures, hardware failures, communications failures.
- Execution, Delivery, & Process Management - requirement errors, design errors, implementation errors, data entry errors, accounting errors, failed mandatory reporting.
What are the requirements of due diligence governance strategy
- Prevention - Reducing the exposure to threats, by design from day one.
- Detection - Awareness when threats materialise day by day.
- Response & Recovery - Immediate action to reduce impact and loss.
- Mitigation - Policy & Procedure improvement to reduce future risk.