Who we are

Technology Governance Services provides business stakeholders with an independent professional opinion relating to the value that is received from Information Technology within their organisation, including whether IT related benefits, risks and resources are effectively and efficiently managed.

Mission

Our mission is to provide independent expert advice about the effectiveness of Technology Governance in your organisation and the value that you obtain from your investment in Technology.

Vision

For stakeholders to highly rate (at least 9 out of 10) the value they receive from their investment in Technology.

What is Technology Governance?

Technology Governance is about the accountability for (and obtaining value from) an organisations investment in IT. Business owners or boards (in the case of a company) are the stakeholders that are ultimately accountable for enterprise risks, which includes Technology risks. Like many risks within an organisation these stakeholders rely heavily on the systems and processes that management has in place to monitor risks, including being alerted in a timely manner if the controls that manage these risk are broken or not working as intended. In these cases the controls may not be mitigating the inherent risk level to a residual level acceptable to the risk appetite of the organisation.

What is Technology Risk?

Technology risk is described as:
When a THREAT (a potential for harm) encounters a VULNERABILITY (an exposure to or lack of defence against a threat), it results in a RISK (a harmful event).
How do we assess the effectiveness of your investment in Information Technology?
We do this by analysing systems and data, interviewing IT and business personnel, reviewing processes and assessing whether IT:

• Aligns with business requirements, enterprise strategies and outcomes
  
• Has monitoring systems in place to manage IT risks to a level acceptable to stakeholders
  
• Cost effectively documents and monitors key controls from a design and operating effectiveness perspective
  
• Reports to stakeholders on the status of the IT risk and control environment
  
• Escalates to stakeholders in a timely manner when critical risk thresholds are exceeded
  
• Maintains the appropriate level of security over IT and Information assets in accordance with the enterprise risk appetite
  
• Aligns with business obligations relating to legislative, regulatory and contractual compliance requirements
  
• Leverages key enablers, including: