ISACA Journal
Volume 1, 2,014 

Book Reviews 

IT Governance for CEOs and Members of the Board 

Bryn Phillips | Reviewed by Ibe Kalu Etea, CISA, CRISC, ACA, CFE, CRMA, ISO 9001:2008 QMS 

IT Governance for CEOs and Members of the BoardThe evolving dimensions of compliance matters, IT management performance, risk frameworks and corporate governance models have created a huge knowledge gap between IT-savvy executives and nontechnical corporate business leaders. Often the process of justifying IT investments by a chief information officer (CIO) or designate to his/her board tends to be an uphill task, even for such critical items as spending on business continuity and disaster recovery systems. This has necessitated requirements for even-toned publications that create an easy path for non-IT board and senior executives to quickly grasp the salient issues related to IT governance in an easy read.

IT Governance for CEOs and Members of the Board lays an interesting foundation that will appeal to all types of board directors, putting nascent IT governance requirements in focus with the right degrees of detail. Creating a balance between detail and depth, the author, Bryn Phillips, addresses governance, compliance and risk issues with relevant reference to risk frameworks such as COBIT, ITIL and King III.

Simplifying the broad concepts of governance at the board level, Phillips deciphers the synergies between IT governance terminology and board decision-making activities from the strategic to operational domains. This fine balance between strategy and implementation in a pragmatic style should endear this book to a diverse array of executives and professionals who should not have to undertake IT courses to get the crux of modern IT governance issues.

The book is written in a simple, narrative style, ensuring that readers’ interests are stimulated page after page. Further still, the book does not deviate from its primary focus: introducing the critical relevance and requirements of IT governance in modern business models. The fact that it is a basic reference book that is suitable for a nontechnical audience does not strip its value, as it applies current trends in IT governance to the boardroom, which is the source of IT investments. As a result, it is also a good reference for IT practitioners on how to present their viewpoint to less technology-focused senior stakeholders.

The book commences with an easy-to-understand definition of IT governance, summarizing some key frameworks in a fairly straightforward manner. Elements of IT governance are then explained, and the importance of sustainability and green IT as an emerging corporate social responsibility (CSR) initiative is explained in a practical, thought-provoking manner.

The rest of the book serves as a reminder of the connection between the US Sarbanes-Oxley Act, and other similar legislation worldwide, and IT governance, touching on the key sections of the framework and the application of IT technology from a controls and risk mitigation standpoint to Sarbanes-Oxley implementation.

The ordering of the book’s chapters takes a seminar-type approach in which the reading audience is keenly involved with end-of-chapter to-do actions for board members and decision makers and to-demand requirements for CIOs and other key stakeholders of an enterprise.

This involved, hands-on approach in communicating a rather technical subject to a diverse audience results in a simple and excellent reference for nontechnical corporate stakeholders and boards.

Editor’s Note

IT Governance for CEOs and Members of the Board is available from the ISACA Bookstore. For more information, visit www.isaca.org/bookstore, email bookstore@isaca.org or telephone +1.847.660.5650.

Reviewed by Ibe Kalu Etea, CISA, CRISC, ACA, CFE, CRMA, ISO 9001:2008 QMS, a corporate governance, internal controls, fraud and enterprise risk assurance professional. He also serves as a member on the advisory council of the Association of Certified Fraud Examiners (ACFE).

 

Add Comments

Recent Comments

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and from opinions endorsed by authors’ employers or the editors of the Journal. The ISACA Journal does not attest to the originality of authors’ content.