In conjunction with the guidance contained in ISO/IEC 38500, ISO/IEC TR38502 ISO/IEC19011:2011: Guidelines for auditing management systems, there is a new technical report proposed on providing guidance on audits to assess whether an organization’s governance of IT is aligned with the principles for governance of IT in ISO/IEC 38500.
“The primary audience for the technical report is auditors undertaking audit assessment of an organization’s governance of IT. The outcomes of such assessments will inform members of governing bodies who are responsible for the governance of IT and are accountable for the effective, efficient and acceptable use of IT within the organization; and those responsible for defining and implementing the governance framework for IT.”
IT auditor has a responsibility to help the management board to oversees complex IT environment. A governance framework defines the organisation structure, role and responsibility and accountability is important.