Coordinated Audit on Information Technologies Governance – Executive Summary
IT governance is the part of corporate governance that seeks to ensure that the use of IT adds value to the business with acceptable risk. To that end, IT governance seeks to avoid or mitigate deficiencies in the management of an institution, such as inadequate planning processes, the presence of IT projects without results and IT contracts that do not achieve their objectives, reflecting in loss of quality and efficiency.
The Coordinated Audit on IT Governance was carried out in the framework of the activities foreseen in strategic goal 3 (Knowledge Management) of OLACEFS' Strategic Plan 2011-2015. This audit was carried out with the participation of the SAIs of Bolivia, Brazil (Coordinator), Chile, Costa Rica, Peru, Ecuador, El Salvador, Guatemala, Honduras, Panama and Paraguay; and with financing from the IDB.
The objective of the audit was to assess the situation of information technology (IT) governance in the OLACEFS member countries, based on the audits carried out in representative institutions of various segments of the public administration of each participating country. The audit sought to obtain information that would allow the development of strategies to raise the level of maturity of IT governance and the dissemination of the knowledge and techniques used in the field work carried out.
As an audit criterion, in addition to the applicable legislation of each country, the controls provided for in the ISO/IEC 27002:2013 standard, a code of good practice for information security management; in the ISO/IEC 27005:2008 standard, which deals with information security risk management; in the ISO/IEC 38500:2008 standard and in the Cobit 5 of Isaca, which provide models of good practice for information technology governance, were adopted.
Source: https://www.olacefs.com/wp-content/uploads/2015/11/Executive-Summary-of-the-Coordinated-Audit-on-IT-Governance.pdf