Determine which component of IT Governance that each question will allow the auditor to evaluate.

$-$

Is there a CIO in place, and is he or she a member of the senior management team?

$-$

Are roles and responsibilities clearly defined and communicated, and are organization leaders empowered

and held accountable for results?

$-$

Does senior management have clearly defined and communicated roles and responsibilities for the IT

function with respect to the organizational achievement of strategic and tactical goals?

$-$

Does the organization recognize in its strategy that the IT function is a significant contributor in enabling

the achievement of goals, as well as supporting the organization on a day$-$to$-$day basis?

$-$

Does the strategic plan of the organization include how IT is required to support and enable value creation?

$-$

Is the IT organization structured effectively relative to the size and composition of the organization?

$-$

Do the board and senior management have a clear understanding of IT costs and how they contribute to

the achievement of organization strategic objectives?

$-$

Is CIO performance measured by financial and nonfinancial data?

$-$

How complex is the IT infrastructure and how many applications are in use?

$-$

Are there standard IT hardware, software, and service procurement policies, procedures, and controls in place?

A$.$

Service Delivery and Measurement

B$.$

Strategic and Operational Planning

C$.$

Executive Leadership and Support

D$.$

Organizations and Governance Structures

E$.$

IT Organization and Risk Management