37
put
in
place
the
IT organization
and
technology
infrastructure
that
enables
that
vision. These processes must identify and address external threats and internal and
external
IT requirements,
and
identify and
take
advantage
of
opportunities
for
strategic implementation of emerging information technology.
2. Acquire and Implement Domain
Processes within the Acquire and Implement domain are designed to identify,
develop or acquire, and implement IT solutions, and integrate them into the business
process.
Once
installed,
procedures
must
also be in place to maintain
and manage
changes to existing systems. Failure to successfully execute these processes can lead
to significant risks throughout the organization. For example, if we do not correctly
determine the requirements for a new information system and see that those
requirements
are
satisfied
by
the
new
system,
the
new
system
could
cause
us
to
violate accounting standards or perform calculations incorrectly that lead to
incorrect financial reporting. Or we may
not
complete
the
development
on
time,
putting us at a competitive disadvantage if our competition implements such a
system first and within budget. Finally, should we had to develop proper controls for
the
new
system,
we
could
experience
several risk,
including
erroneous
financial
reporting, fraud, and loss of resources.
3. Deliver and Support Domain
The Deliver and Support domain includes processes to deliver required IT services
efficiently and effectively; ensure security and
continuity of services; set up support
services, including training; and ensure integrity of application data. Management
wants to know that IT services are delivered in line with business priorities and in a
cost-effective manner. Application programs and data must be available as needed,
 |