IT Governance : Audit guide for companies in the digital era

23 mai 2019 | Cigref in english

#GAGSI2019 – AFAI-ISACA, Cigref and IFACI presented the new edition of the IT Governance Audit Guide at a conference on March 25, 2019. It takes into account the evolution of IT governance in companies undergoing digital transformation. The guide is a practical tool for all the company’s IT stakeholders to assess IT governance and improve its performance.

With the integration of digital technologies in companies, organisations evolve and change both in their strategic and operational approaches. IT is at the core of the company’s business, and IT develops and accelerates digital technologies within the company. It supports the company’s activity; hence its effective functioning is vital. Faced with the changes to companies brought about by the digital transformation, IT governance is directly impacted and, as a consequence, evolves to adapt to the new operating methods and opportunities that technology provides.

Companies’ IT governance is a steering approach whose purpose is to provide an optimum contribution to value creation, align the digital strategy with the company’s strategy, optimise the use of resources and control risks according to the stakes. Our three associations published the Guide d’audit de la gouvernance des SI (The IT Governance Audit Guide) in 2011, but wanted to update it given the changes to companies and their IT. A shared study on the impacts of companies’ digital transformation has allowed us to update all the “vectors”. The recommendations in this guide are strategic and operational.

It is important to specify that, since this guide covers IT governance, it also covers all the company’s activities. Indeed, everyone within the company must control their IT in a transversal way to make digital technology a success in the company. The IT department is one of the key players in IT governance, but it is not the only one. Convergence, objectives among all departments and good teamwork are prerequisites to effective and appropriate management. Given the impacts listed, the steering committee has suggested a new set of twelve vectors. Some vectors in the 2011 edition have been merged and integrated, and two new vectors were added. The two additional topics play vital roles in the transformation: the culture of innovation and company data management. Creating dedicated vectors seemed obvious given their significance.

Once again, this new version of the IT Governance Audit Guide seeks to serve as a concrete tool for auditors, inspectors, IT professionals and, more widely, all employees in companies.

[Cigref report] Understanding quantum computing to prepare for the unexpected

Just a few years ago, quantum computing was a utopian dream. Today, however, it is beginning to take root in people's minds. It promises to replace the law of Gordon Moore, a cofounder of Intel who predicted that computing capacity would double every year...up to the...

[Cigref report] IT/OT convergence: A fruitful integration of information systems and operational systems

Convergence IT/OT - Corporations are undertaking wide-ranging projects to seize the growing opportunities data processing offers to optimise and add value to their businesses. It is in this context that the Cigref "IT-OT Convergence" working group led by Gilles...

Quantum Computing : comprendre l’informatique quantique pour se préparer à l’inattendu

L'informatique quantique impliquera d'ici 5 à 10 ans des changements importants nécessitant des organisations et de leurs dirigeants qu'ils comprennent dès aujourd’hui cette technologie. C’est pour démystifier le sujet et les aider à se préparer à l’inattendu du...

Gaia-X : lancement de l’initiative franco-allemande en faveur de l’émergence d’un marché européen du cloud de confiance

Le Cigref se félicite du lancement de la fondation Gaia-X et du puissant soutien que lui accordent les gouvernements français et allemands. La fondation Gaia-X se dote aujourd’hui d’une structure de gouvernance permettant d’assurer les objectifs définis dans le position paper du 18 février 2020. Les 22 membres fondateurs sont représentatifs des différentes parties prenantes du marché du cloud : académique, associatifs, fournisseurs et utilisateurs de solutions ou services numériques.