- Align the goals of IT to the goals of the company, Both must be focused on and working for the common good of the company.
- Establish accountability, Accountability requires that individuals be held responsible for their actions. Accountability can be seen as a pyramid of responsibility that starts with the lowest level of employees and builds itself up to top management.
Alignment requires strategy, or the path that the company will use to move from overall policy and goals to delivery of product, accounting, and audit. Figure 2.1 depicts an example of this goal alignment.
Senior management’s role in this process comes at a strategic level, not a tactical one. Consider eBay as an example. Although eBay’s senior management is very concerned about merchandise being listed for the duration of an auction and about bidding and closing occurring seamlessly, they should have little concern about the operating system and platform. As long as the technology can meet the stated business goal, the choice of Windows, Linux, or UNIX should be left up to the IT department.
Senior management’s goal is to ensure that goals are aligned, IT is tasked with meeting those business needs, and the auditor is responsible for ensuring that controls are present and operating effectively.