1 Management Summary

IT Governance as the sum of all policies, the organisational structure and the enterprise process framework must ensure that IT is implemented adequately to achieve the corporate objective. Therefor IT Gvernance applies rules and controls to monitor and manage IT related risks. IT Governance and especially IT Risk Management are essential prerequisites for organisations to adhere to current security requirements.

Forward-thinking businesses go beyond setting operational objectives, traditionally defined in terms of revenue, market share or profit. They, rather, incorporate major goals required for maintaining the continued and sustainable existence of the organisation. Embedding “IT Compliance by design” into well-defined business processes is a long-term strategic advantage. This in turn leads to an improvement of security and governance, a strategic maintenance of business objectives and a consistent focus on the sustainability and resilience of IT and its implemented process landscape.

By defining data security, adherence to data protection regulations, maintenance of agile enterprise processes and the creation of an overall sustainable organization as enterprise goals, such additional aspects can be pursued and actively managed alongside all other relevant success factors. An important step for being ready for current internal and external requirements (from Data Protection legislation to cyber security and sector-specific regulatory and legal requirements) is to explicitly include adequate protection, maintenance, and governance of critical IT infrastructures into the set of chosen, approved and actively monitored corporate objectives.

Such a change of perspective is not only important for the day-to-day implementation of processes: additionally, it lays management attention on otherwise typically ignored technology and process aspects and might even help to understand and justify required budgets, as they are becoming enterprise critical.