Development Plan for Internal IT Controls
Information Technology (IT) Governance
Monitor the internal control for IT related activities and identify improvement actions.
Objectives
- Continuously monitor, benchmark, and improve the IT control environment and control framework to meet organizational objectives.
- Monitor and evaluate the efficiency and effectiveness of internal IT managerial review controls.
- Evaluate the completeness and effectiveness of management’s control over IT processes, policies and contracts through a continuing program of self-assessment.
Challenges
- Lack of consensus on definitions
- Inability to measure governance capabilities in an objective manner
- No systematic way to compare IT governance maturity across peer companies
- Limited visibility into best practices to close governance performance gaps
Scope
- Implement an Internal IT Control Framework to continuously monitor, benchmark, and improve the IT control environment and control framework to meet organizational objectives.
- Implement Management Reviews to monitor and evaluate the efficiency and effectiveness of internal IT managerial review controls.
- Implement Control Self-assessments to evaluate the completeness and effectiveness of management’s control over IT processes, policies and contracts through a continuing program of self-assessment.
- Implement Self-assessment, measurement and diagnostic tools
Approach
- Shape the project management plan – plan and initiate the project
- Develop the internal control framework – develop the framework method
- Create the management review technique – build management review method
- Define the self-assessment method – define self-assessment process
- Build measurement and diagnostic tools – develop techniques, templates and guides
- Prepare training materials – create training materials
- Phased roll-out of the internal control framework – rollout framework in phases
Delierables
1. Project Management Work Products- Develop the Scope of Work for the internal IT controls project
- Create Business Requirements for the internal IT controls project
- Establish a Schedule for the internal IT controls project
- Build a Communications Plan for the internal IT controls project
2. IT Internal Controls: Process Framework
- Create a policy for ongoing internal IT controls
- Establish boundaries for internal IT controls
- Ensure internal IT controls are implemented
- Enable change management for internal IT controls
- Evaluate performance of the IT controls framework
3. IT Internal Controls: Management Reviews
- Develop internal controls that require managerial oversight
- Verify and ensure reviews are appropriately documented
- Create escalation processes for issues identified by managerial reviews
4. IT Internal Controls: Self-assessments
- Define a plan and scope for conducting self-assessments
- Create a communication Plan for results of self-assessments
- Determine the frequency of periodic self-assessments
- Develop and assign responsibility for self-assessments
- Provide independent reviews
- Compare results of self-assessments against good practices
- Summarize and report outcomes of self-assessments
5. IT Internal Controls: Measurement and diagnostic tools
- Build management awareness diagnostic tools
- Create Maturity measurement tool
- Develop control objective assessment forms
- Create the Risk factor diagnostic tool
- Build the control objective diagnostic tool
- Develop the Introductory presentation
- Create the Balance scorecard example
-
May 4, 2013
by Michael A. Kaplan, PMP