VLITP managers face unprecedented expectations for their governance. These expectations are driven by mandates and other demands from host organizations. This chapter is meant to help VLITP professionals around the world meet and exceed such expectations. It details relevant expertise, methodologies, and experience required by VLITP managers to go beyond compliance of regular IT governance issues to deliver objectives that drives business value across the host organization’s enterprise. Implementing a VLITP involves the management of a transitional period which requires a structured approach that will help the host organization evaluate its options for designing the organizational structure that facilitates continuous business improvement. Good IT governance in VLITP focuses on immediate priorities, including a periodic identification and learning lessons to determine both near-term and far reaching strategies for the VLITP. This involves good approach to different stands and compliance issues during the implementation of VLITP.
Internal controls serves to verify whether information needed to make critical decisions in the organization are accurate and reliable. An organization’s survival in a competitive economy greatly depends on the decisions made by management at all levels. These decisions are based on information they receive from various sources (i.e. financial reports). Organizations need to have the proper controls in place to facilitate their business processes functioning according to anticipation. Since most business processes are automated, also having automated controls systems has becomes inevitable. Thus, an IT control framework should be an effective tool for the identification and management of the necessary controls required in VLITPs.
Moreover, effective internal control can help the host organization to monitor business processes, assets and profitability. It can also deter negative behavior and reduce or prevent damage to the organization. Effective internal control can increase the credibility with shareholders and the public, especially that SOX Act has become the de-facto internal control requirement by US law and therefore cannot be absent in an organization, after numerous fraud and scandals in recent years.
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued its final report on internal control in 1992 based on a three-year study. The COSO report (available at www.coso.org) contains the most widely accepted definition on internal control. Its definitions of internal control includes a process effected by an entity’s board of directors, management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following three categories: