Evaluating the Process for Strategy Development, Deployment, and Maintenance
| The IT department should have a clear process for developing IS strategy. This process should include the development, communication, and implementation of the strategy. If this process does not exist, the auditor will find indicators throughout the review of strategy, policy/procedures, and observations. The lack of an IS strategy or a strategy that is outdated or not communicated indicates that IT might not be aligned with the business strategy and that a change in business strategy might not be reflected in the IT department's policy. An IS auditor should recognize key development risk indicators, including these:
The IT strategy should align with the business strategy, ensure efficient use of IT resources, and serve as the basis for IT policy and procedures. Although the development of IT strategy is an IT function, it should include stakeholders in the organization, as well as senior management. The participation of stakeholders (such as senior managers of business functions) helps ensure that the strategy meets the goals of the organization and business functions, and helps keep the strategy aligned when the business strategy changes. When performing an audit of IS strategic planning, it is unlikely that the IS auditor would assess specific security procedures. During an IS strategy review, overall goals and business plans would be reviewed to determine whether the organization's plans are consistent with its goals. |
- ERP Systems Impact on Organizations
- Enterprise Application Integration: New Solutions for a Solved Problem or a Challenging Research Field?
- Context Management of ERP Processes in Virtual Communities
- Data Mining for Business Process Reengineering
- Healthcare Information: From Administrative to Practice Databases