Define, establish and align the IT governance framework with the overall enterprise governance and control environment. Base the framework on a suitable IT process and control model and provide for unambiguous accountability and practices to avoid a breakdown in internal control and oversight. Confirm that the IT governance framework ensures compliance with laws and regulations and is aligned with, and confirms delivery of, the enterprise’s strategies and objectives. Report IT governance status

and issues.

There are no PSGs published for this topic; however, the topic is under review for future PSGs

Enable board and executive understanding of strategic IT issues, such as the role of IT, technology insights and capabilities. Ensure that there is a shared understanding between the business and IT regarding the potential contribution of IT to the business strategy. Work with the board and the established governance bodies, such as an IT strategy committee, to provide strategic direction to management relative to IT, ensuring that the strategy and objectives are cascaded into business units and IT functions, and that confidence and trust are developed between the business and IT. Enable the alignment of IT to the business in strategy and operations, encouraging co-responsibility between the business and IT for making strategic decisions and obtaining benefits from IT-enabled investments.

There are no PSGs published for this topic; however, the topic is under review for future PSGs

Manage IT-enabled investment programs and other IT assets and services to ensure that they deliver the greatest possible value in supporting the enterprise’s strategy and objectives. Ensure that the expected business outcomes of IT-enabled investments and the full scope of effort required to achieve those outcomes are understood; that comprehensive and consistent business cases are created and approved by stakeholders; that assets and investments are managed throughout their economic life cycle; and that there is active management of the realization of benefits, such as contribution to new services, efficiency gains and improved responsiveness to customer demands. Enforce a disciplined approach to portfolio, program and project management, insisting that the business takes ownership of all IT-enabled investments and IT ensures optimization of the costs of delivering IT capabilities and services.

There are no PSGs published for this topic; however, the topic is under review for future PSGs

Oversee the investment, use and allocation of IT resources through regular assessments of IT initiatives and operations to ensure appropriate resourcing and alignment with current and future strategic objectives and business imperatives.

There are no PSGs published for this topic; however, the topic is under review for future PSGs

Work with the board to define the enterprise’s appetite for IT risk, and obtain reasonable assurance that IT risk management practices are appropriate to ensure that the actual IT risk does not exceed the board’s risk appetite. Embed risk management responsibilities into the organization, ensuring that the business and IT regularly assess and report IT-related risks and their impact and that the enterprise’s IT risk position is transparent to all stakeholders.

There are no PSGs published for this topic; however, the topic is under review for future PSGs

Confirm that agreed-upon IT objectives have been met or exceeded, or that progress toward IT goals meets expectations. Where agreed-upon objectives have been missed or progress is not as expected, review management’s remedial action. Report to the board relevant portfolios, program and IT performance, supported by reports to enable senior management to review the enterprise’s progress toward identified goals.

There are no PSGs published for this topic; however, the topic is under review for future PSGs

Obtain independent assurance (internal or external) about the conformance of IT with relevant laws and regulations; the organization’s policies, standards and procedures; generally accepted practices; and the effective and efficient performance of IT.

There are no PSGs published for this topic; however, the topic is under review for future PSGs