|Join authors Rodrigo de Grazia Bacha Estevam and Joao Souza Neto as they respond to ISACA member questions beginning 2 December 2014. Add your questions by responding to this post!|
You must be logged in and be a member of this group* to participate.
*After logging in click "Join this Community" to the right and then return to this page by clicking the back button. As a member of this topic you can now view this and other discussions from the topic homepage.
In October 2012, the Brazilian Court of Audit (TCU) conducted a survey involving 337 public institutions, and found that in most of the organizations, corporate governance did not include IT governance under its jurisdiction, granting a worrisome autonomy to the IT department.
To deal with this omission, a governance model has been proposed involving the integration of corporate governance with IT governance. The integrated model aims to ensure not only the optimization of internal controls to achieve compliance, transparency and accountability, but also the proper use of investments in IT aligned with corporate strategic objectives.
The integrated model is based on the relationship between King III and COBIT® 5. The explicit relationship between these governance models is based on the principles of the fifth element of King III, IT governance, and in four of the five processes of the Evaluate, Direct and Monitor (EDM) domain of COBIT 5, in which the board of directors is accountable, per the Responsible, Accountable, Consulted and Informed (RACI) matrices.
The implementation of the integrated model may be undertaken in four phases, which are ordered from strategy to IT operation, and are in line with the traditional logical sequencing of the implementation of a governance model.
Read the rest of the article here