Recent corporate collapses, such as EBS International and Société Générale, have brought about renewed scrutiny into corporate governance mechanisms. Given the pervasiveness of Information Technology (IT) in many organizations, the examination of corporate governance mechanisms also includes IT governance mechanisms. IT governance is defined as “a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes”.
In light of increased public awareness, professional bodies such as the Information Systems Audit and Control Association (ISACA) have undertaken a number of steps to provide guidance in the implementation of effective IT governance. The approach taken by ISACA appears to be largely based upon two concepts. The first concept relates to increasing the awareness of issues and concepts relating to IT governance in the public domain. The second concept involves the provision of guidelines and the identification of best-practice IT governance mechanisms. Interestingly, the effectiveness of these best-practice mechanisms in improving IT governance is largely based upon conceptual arguments. As such, it becomes important to ascertain if these best-practice mechanisms do impact upon the level of IT governance.
As IT escalates in terms of importance and pervasiveness in the operations of firms, it is inexorably tied to specific mechanisms that are prescribed for good corporate governance, most notably, a sound system of internal controls. Accordingly, effective IT governance is a critical underpinning for a system of good corporate governance that minimizes agency losses for a firm.
Internet: http://onlinelibrary.wiley.com (adapted).
In spite of the pervasiveness of IT in many organizations, it is essential for enterprises to balance risks and detect fraud.