Development Plan for Internal IT Controls


Information Technology (IT) Governance


Monitor the internal control for IT related activities and identify improvement actions.

Objectives

  • Continuously monitor, benchmark, and improve the IT control environment and control framework to meet organizational objectives. 
  • Monitor and evaluate the efficiency and effectiveness of internal IT managerial review controls. 
  • Evaluate the completeness and effectiveness of management’s control over IT processes, policies and contracts through a continuing program of self-assessment. 

Challenges

  • Lack of consensus on definitions 
  • Inability to measure governance capabilities in an objective manner 
  • No systematic way to compare IT governance maturity across peer companies 
  • Limited visibility into best practices to close governance performance gaps 

Scope

  • Implement an Internal IT Control Framework to continuously monitor, benchmark, and improve the IT control environment and control framework to meet organizational objectives. 
  • Implement Management Reviews to monitor and evaluate the efficiency and effectiveness of internal IT managerial review controls. 
  • Implement Control Self-assessments to evaluate the completeness and effectiveness of management’s control over IT processes, policies and contracts through a continuing program of self-assessment. 
  • Implement Self-assessment, measurement and diagnostic tools 

Approach

  • Shape the project management plan – plan and initiate the project 
  • Develop the internal control framework – develop the framework method 
  • Create the management review technique – build management review method 
  • Define the self-assessment method – define self-assessment process 
  • Build measurement and diagnostic tools – develop techniques, templates and guides 
  • Prepare training materials – create training materials 
  • Phased roll-out of the internal control framework – rollout framework in phases 

Delierables

1. Project Management Work Products
  • Develop the Scope of Work for the internal IT controls project
  • Create Business Requirements for the internal IT controls project
  • Establish a Schedule for the internal IT controls project 
  • Build a Communications Plan for the internal IT controls project

2. IT Internal Controls: Process Framework
  • Create a policy for ongoing internal IT controls 
  • Establish boundaries for internal IT controls
  • Ensure internal IT controls are implemented 
  • Enable change management for internal IT controls 
  • Evaluate performance of the IT controls framework 

3. IT Internal Controls: Management Reviews
  • Develop internal controls that require managerial oversight 
  • Verify and ensure reviews are appropriately documented 
  • Create escalation processes for issues identified by managerial reviews 

4. IT Internal Controls: Self-assessments
  • Define a plan and scope for conducting self-assessments 
  • Create a communication Plan for results of self-assessments 
  • Determine the frequency of periodic self-assessments 
  • Develop and assign responsibility for self-assessments 
  • Provide independent reviews 
  • Compare results of self-assessments against good practices 
  • Summarize and report outcomes of self-assessments 

5. IT Internal Controls: Measurement and diagnostic tools
  • Build management awareness diagnostic tools
  • Create Maturity measurement tool 
  • Develop control objective assessment forms 
  • Create the Risk factor diagnostic tool
  • Build the control objective diagnostic tool
  • Develop the Introductory presentation 
  • Create the Balance scorecard example