By Alan Calder
Reviewed by Dauda Sule, CISA
IT Governance: A Pocket Guide highlights important issues relating to corporate IT governance, showing how IT can help organizations achieve their goals and objectives.
The book is presented using nontechnical terminology that can be easily understood. As such, it will appeal to the management of organizations, IS managers, chief information officers (CIOs), chief information security officers (CISOs) and IS auditors as a guideline for establishing an organizational IT governance framework. Professionals and those seeking to become professionals in IT governance management, security and audit will also find the book useful as a reference guide because it outlines a framework for IT governance. That said, the book is largely directed toward top management tasked with instituting a proper framework for IT governance, as well as to anyone wanting to put an organization on track with regard to balancing IT and business goals.
The book is made up of seven chapters. The first chapter covers the importance of IT governance and defines the term. Chapter two highlights the drivers for IT governance, including competitive advantage, regulatory requirements, security, and strategic alignment between IT and business objectives and goals. Operational and strategic risk management is covered in chapter three, with reference to statistics from research on IT project failures by the Standish Group. Chapters four and six buttress the effects of inadequate IT governance and the benefits, respectively. The basis of and the recipe for a good and successful IT governance framework are presented in chapter five. The book concludes with the Calder-Moir IT governance framework in the final chapter, explaining how the framework can be used to organize IT governance issues for management and related parties. Additionally, related reference materials are listed in the appendix.
The book, being a pocket guide, is very brief and not exhaustive on the topic, which is appropriate as it is meant to be only an abbreviated presentation to top management to help them understand and appreciate the importance of IT governance. The book does this in an excellent way by presenting a business case for IT governance (on page 35), using the results of a survey that showed most organizations would pay an 11 percent premium for the stock of an organization that has good governance practices. Also, survey respondents indicated that organizations with above-average IT governance had profits 20 percent above those with poor IT governance, despite having the same strategy for business.
IT Governance: A Pocket Guide is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in this Journal, visit www.isaca.org/bookstore, e-mail [email protected] or telephone +1.847.660.5650.
Reviewed by Dauda Sule, CISA, the marketing manager of Audit Associates Ltd., a consultancy firm that specializes in designing and organizing training programs pertaining to auditing, fraud detection and prevention, information security and assurance, and anti-money laundering. Sule has five years of experience in the Nigerian banking industry and as a systems security and assurance supervisor at Gtech Computers.