IT Governance

Evaluate the effectiveness of the IT governance structure to determine whether IT decisions, directions and performance support the organization’s strategies and objectives.
Evaluate IT organizational structure and human resources (personnel) management to determine whether they support the organization’s strategies and objectives.
Evaluate the IT strategy, including the IT direction, and the processes for the strategy’s development, approval, implementation and maintenance for alignment with the organization’s strategies and objectives.
Evaluate the organization’s IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring, to determine whether they support the IT strategy and comply with regulatory and legal requirements.
Evaluate the adequacy of the quality management system to determine whether it supports the organization’s strategies and objectives in a cost-effective manner.
Roles and Responsibilities

Evaluate IT management and monitoring of controls (e.g., continuous monitoring, QA) for compliance with the organization’s policies, standards and procedures.
Evaluate IT resource investment, use and allocation practices, including prioritization criteria, for alignment with the organization’s strategies and objectives.
Evaluate IT contracting strategies and policies, and contract management practices to determine whether they support the organization’s strategies and objectives.
Evaluate risk management practices to determine whether the organization’s IT-related risks are properly managed.
Evaluate monitoring and assurance practices to determine whether the board and executive management receive sufficient and timely information about IT performance.
Evaluate the organization’s business continuity plan to determine the organization’s ability to continue essential business operations during the period of an IT disruption.