TOWARDS AN OPTIMAL ARCHITECTURE FOR INFORMATION TECHNOLOGY GOVERNANCE IN PUERTO RICO

Abstract

Information technology (IT) controls have become very critical in today’s information systems infrastructure as it affects the operations of all businesses and government agencies. IT has taken the additional responsibilities for business support and report generation. Due to their strategic nature within companies, information technology projects and information management are now complex and have higher budgets, schedules and associated risks. Everyone is aware of the importance of information security management in the current web-based highly networked business environment. What is still unclear is to what level the compliance evaluation programs must be implemented in the company, or government agency to assure precision, quality, efficiency, and effectiveness of operations. This paper examines the reporting standards and controls in companies and government agencies in Puerto Rico, the impact of implementing such controls, measurement of their results, as well as their level of knowledge of the accuracy of the application controls that are implemented in their companies. The main objective of this study is to develop and propose a centralized governance and compliance standard for Information Technology Departments of both small agencies and government agencies in Puerto Rico, improving upon the current Law 151 and Office of Management and Budget Operational Guidelines established by Letter 77-05 dated December 8, 2004.