Building A 治理 System: A Review of Information Flow and Items Component

Ookeditse n Kamau
作者: Ookeditse n Kamau, MBA, CDPSE, CEH, CIA, CISA, CRMA, ISO 27001 Practitioner
发表日期: 2020年3月17日

COBIT 2019框架 defines seven components of a governance system that individually and collectively contribute to the good operations of the enterprise system over information and technology. 信息流就是其中之一.

信息流动 定义 as the movement of information between people and systems. COBIT focuses on information required for effective functioning of the governance of the enterprise. Understanding information flow is a critical component for the governance system to succeed. 的 lack of understanding of this component has led to many boards being deemed ineffective.

的 question is how to build information flow models that can support organizational structures overseeing information technology. 的re are internal and external committees assigned the responsibility over IT and such structures have different levels of authority. 因此, any model adopted should take into consideration the requirements of these committees and should ensure that adequate information sharing exists among these committees.

的 committees share information about the organization’s strategies, 风险, 挑战与成功. Information misalignment within these committees can result in delayed decision-making or lead to rushed decisions that may not have a positive impact in the management of the organization. 的 diagram  below depicts typical organizational structures that manage the governance of enterprise IT and the information flow between them.

图1

信息流动 from IT management to the board represents a bottom-up approach. What are the issues raised at the IT management level? 的 issues that are raised at IT steering committees and the information that is finally shared with the board relies heavily on the maturity level of an organization’s information flow level.

Different understanding exists at the IT management level and at the internal committee level. 的 degree to which information is distorted among these different committees also affects the final product shared with the board. 董事会下属的小组委员会,如审计, risk and technology committees need to have mechanisms that will ensure that there is adequate information sharing. Both management and the board need to ask relevant questions to guide them in gathering the right information upon which they can make reliable decisions. 的 board should be empowered to ask the right questions concerning information flow while management should be good stewards to communicate relevant, 准确易懂的信息.

What is key is to note that good information flow makes the board effective. 迪士尼的报告 董事会效能-继续旅程 suggested six questions be asked pertaining to information flow at the board level:

  1. How do you ensure that as a non-executive director you have all the information you need, presented in an appropriate manner to enable you to carry out your role?
  2. Does the board decide on the information it needs from management to make informed long-term decisions for the company?
  3. How have you influenced the content/length/structure of board papers over the past few years? 可以做些什么来进一步改善它们?
  4. Are your board information and agendas structured to reflect the interests and objectives of the board?
  5. How do you demonstrate the quality of board information and decision-making to shareholders?
  6. What information sources (outside of board papers) do you have access to and make use of to obtain a holistic view of the market and the industry? Does the company furnish you with these resources?

Although the above questions address board members, IT management and internal committees can use the answers to the questions to build information flow models that support effective governance systems within the organization. It is therefore essential that when reviewing components of a governance system using the COBIT framework, that the component of information flow and items be analyzed critically.