Mitigating risk through effective information technology operations in local governments : towards a best practice

• Main Author: Kaselowski, Emile
• Format: Others
• Language: English
• Published: Nelson Mandela Metropolitan University 2008
• Subjects: Information technology > South Africa; Local government > South Africa > Data processing
• Online Access: http://hdl.handle.net/10948/776

Sound IT governance is becoming increasingly important for any public or private organisation. However, based on previous research, it can be argued that local municipalities in South Africa are seemingly struggling to implement sound IT governance practices. As a result, very few municipalities perform strategic IT planning and as many as 80percent of municipalities do not have a Master System Plan (MSP) in place, which is required by law. IT governance and corporate governance are lately viewed as one and no longer as two separate governance disciplines, because computer systems and electronic communication are more important now than ever for the survival of any organisation. Therefore, it is important for municipalities to streamline their efforts towards sound IT governance. There are limitations which are faced by municipalities that limit these efforts. Possibly the biggest contributing factor towards this current municipal IT governance predicament, among others, is the fact that there are very few, if any, guidelines and resources available to municipalities to aid them in implementing proper IT infrastructures, systems and governance procedures. To improve the current state of IT governance in municipalities, better guidelines and procedures are required. This dissertation presents an IT governance framework to meet this aforementioned requirement. It is tailored to the requirements of local municipalities and is based on the international best practice, the Control Objectives for Information and related Technologies (COBIT) and the ISO/IEC 17799 code of practice for information security management. This proposed framework takes into account the Municipal Systems Act (nr 32 of 2000), Municipal Structures Act (nr 117 of 1998) and annual municipal IT audit reports’ requirements. Research was conducted at a district and its underlying, local municipalities to determine the proper IT governance criteria for municipalities. Case studies were performed at the municipalities and consisted of performing literature studies on the available municipal legislation and annual, municipal IT audit reports, conducting COBIT gap analyses, an ISO 17799 analysis, conducting interviews and developing questionnaires and data capturing and presentation tools. The resultant, proposed IT governance framework, titled the IT strategic objective plan (IT-SOP), when implemented by a municipality, should provide a solid governance foundation on which to base its business processes on.