Audit in the Context of Corporate Governance

By June 7, 2019 No Comments

By Vitoria Silva *

 Corporate Governance

THE Corporate governance It is the system by which organizations are directed and controlled (BRAZILIAN ASSOCIATION OF TECHNICAL STANDARDS, 2009). It can also be seen as the set of practices adopted by an organization to optimize performance and protect stakeholders, such as shareholders, employees, suppliers, regulators, banks and creditors in general (DIAS, 2006).

The main objectives of Corporate Governance are:

  •  Ensure transparency regarding decision making;
  •  Ensure equal and fair treatment of all shareholders and other stakeholders in the organization;
  •  Ensuring accuracy, availability and punctuality in accountability;
  •  Ensure the corporate responsibility of the organization's leaders who must always act in the common interest of stakeholders, seeking to optimize business efficiency and consider all relevant aspects, including environmental, social, economic and legal issues.

Organizations that have Corporate governance They offer greater security especially to retail investors, as they reduce the risks of misappropriation, asset diversion, and decisions that address particular interests that disadvantage stakeholders who are not directly involved in running the business.

When the practices of Corporate governance are properly applied, the organization is expected to optimize its results, reducing risks and operating costs through proper management of resources, which consequently also promotes the company's valuation in the market.

IT Corporate Governance

According to anISO / IEC 38500 standard, “IT Corporate Governance aims to evaluate and direct the use of IT to support the organization and monitor its use to realize plans. Includes strategy and policies for using IT within the organization. ”(BRAZILIAN TECHNICAL STANDARD ASSOCIATION, 2009)

In practice, IT Corporate Governance aims to target IT to meet business objectives and ensure monitoring to verify IT compliance with the organization's strategic priorities.

ANDAmong the responsibilities of IT Corporate Governance are:

  1. Promote IT alignment with the business by defining rules for:
    •  Prioritization of projects and investments in technology;
    •  Establishment of service level agreements;
    • Procurement and contracting of goods and services;

2. Promote the implementation of infrastructure and contingency processes that ensure business continuity against disruptions and failures of information technology;

3. Promote, in accordance with the areas of internal control, compliance of IT processes and information systems with the laws and other regulations to which the organization is subject. For example, in the case of organizations that trade shares on the US stock market, it is necessary to comply with all Sarbanes-Oxley requirements.

As with Corporate Governance, the expectation of organizations with the implementation of IT Corporate Governance is to improve resource efficiency, and in this particular case, ensuring that the IT operation is responsible and consistent with business needs and strategies. 

Information Systems Audit

Information Systems Auditing is an audit modality that aims to evaluate the use and management of IT resources in an organization, covering the various operational and decision-making processes in which these resources are used (BRAZ; BRANCO, 2017).

In the context of IT Corporate Governance, Information Systems Auditing is the mechanism responsible for assessing whether the operational procedures performed are in accordance with the organization's guidelines, whether decision-making has followed the established rules and if the results of the area. IT organizations meet the organization's goals and expectations.


As you can see, auditing is an essential element for IT Corporate Governance to function properly, as it will ensure that IT is actually performing as expected.

* Vitoria Silva is a Consultant from Safeway Consulting


Regarding the [SAFEWAY]

SAFEWAY is an Information Security company, recognized by its customers for offering high value added solutions through Information Security projects that fully meet business needs. During these years of experience, we have proudly accumulated several successful projects that have earned us credibility and prominence in our clients, which constitute in large part the 100 largest companies in Brazil.

Today through more than 17 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best technology solutions, processes and people.

Let's make the world a safer place to live and do business!