IT Oversight

Who is responsible for IT oversight?  It is the responsibility of the Board of Directors. 

As part of the organization's overall governance, IT oversight consists of the structures and processes to ensure that IT sustains the organization's strategies and objectives.

In the past many organizations focussed on financial governance with the mandates of the Audit Committees expanding.  Today that practice of stewardship also extends to IT as boards begin to understand the depth and reliance on IT in their enterprise.

A board needs to approach IT governance in the same way it approaches every other aspect of its organization’s operation: with transparency and accountability.  Management needs to know its level of responsibility to the Board in delivering IT services and meeting established standards.

IT governance allows the Board to ensure the most effective use of resources to deliver IT benefits and manage risks.  The purpose of IT governance is to direct IT endeavours to fully integrate within the business.


If an organization depends on IT, what are the risks with respect to security, reliability and compliance?  Risk exists when delivering any IT-enabled project.  At a high level, if an IT system goes down, business continuity will be effected.  Because their data centres were destroyed, many companies did not survive man-made or natural disasters of 9/11 or Hurricane Katrina.  If a situation arose in which the organization's data centre was not available, what would the impact be?

Have risks been mitigated?