Organisations today are finding that, with the acceleration of technological developments, the “softwarisation” of products and production chains, and the digitisation of all organisational processes, the contribution of digital technology to the company’s value chain is increasing considerably. For Cigref’s member organisations, this phenomenon is characterised by an increase in their dependence on digital technology and a rise in the associated vulnerabilities and risks.
The last three years have seen a wealth of developments, some of which have had a structuring effect on the operational models of digital departments and on the governance of digital technology within companies. The growth, performance and resilience of organisations now depend on digital technologies.
We are seeing the spread of ‘agile’ approaches, the hybridisation of IT sourcing (cloud or in-house), the evolution of make-or-buy models, but also the development of new practices such as DevOps and, above all, a change in the roles and missions of digital departments.
It was against this backdrop that Cigref launched an update of the “IT Governance Audit Guide”. The result was a working group made up of members with a variety of professional backgrounds, whose task was to reconsider the 12 core vectors of the Audit Guide in the light of developments in the digital function since 2019.
The results of the group’s work are therefore presented in this note, which provides a summary of best practices to be shared, and which will offer good material for the next edition of the Guide, on which we will be working with our long-standing partners, ISACA-AFAI and IFACI.
Editorial by Djilali KIES, CIO at TDF, Working group leader