Information systems assurance, security, and governance including auditing have become particularly important issues for public businesses large and small. Coupled with the increased visibility of security threats in the forms of hackers, viruses, and other malware, security and risk management have seen an increased attention from IT professionals. With the increased adoption of enterprise systems and above influences, industry is also focusing more on application control and identity management. The ITG Graduate Certificate program includes courses on concepts and practices in Business Governance Processes, Application Control, Security Identity Management, Risk Management, and IT Auditing, all in line with the framework for this specialization advanced by the Information Systems Assurance, Security and Control Association (ISACA), International Information Systems Security Certification Consortium (IISSCC), the Association for Computing Machinery (ACM), and the Association for Information Systems (AIS). Some specific goals of Information Technology Governance (ITG) may be listed as:
- Strategic alignment of Business and IT with emphasis on Business Governance
- Assurance that the investments in IT generate business value
- Mitigation of the risks associated with IT
- Conformance of the organization to Security, Privacy, Trade Practices, Intellectual Property Rights, Records Management, Legislation and Regulations (Laws of the Land) and alignment to Best Practices to streamline and reduce costs and improve revenues.
The objectives for learning and practical experience for the ITG Graduate Certificate may be stated as follows:
Responsibility: Individuals and groups within the organization understand and accept their responsibilities in respect of both supply of, and demand for IT. Those with responsibility for actions also have the authority to perform those actions.
Strategy: The organization’s business strategy takes into account the current and future capabilities of IT; the strategic plans for IT satisfy the current and ongoing needs of the organization’s business strategy.
Acquisition: IT acquisitions are made for valid reasons, on the basis of appropriate and ongoing analysis, with clear and transparent decision making. There is appropriate balance between benefits, opportunities, costs, and risks, in both the short term and the long term.
Performance: IT is fit for purpose in supporting the organization, providing the services, levels of service and service quality required to meet current and future business requirements.
Conformance: IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented and enforced.
Human Behavior: IT policies, practices and decisions demonstrate respect for Human Behavior, including the current and evolving needs of all the “people in the process.”