ABSTRACT
This chapter explains the need for healthcare system and hospital leaders to broaden their perspective of governance to include the effective management of information-related risks. It describes an information assurance process and proposes a method of implementation based on an informed directorate. The Institute of Internal Auditors (IIA) recognizes a broader view of governance in its statement on information assurance. Information governance addresses this need. It includes requirements for assurance. Information governance directs the oversight of risk management activities and the system of internal control intended to ensure the integrity and resiliency of mission-critical information and the supporting technologies and infrastructure. Information assurances, like other assurances of internal control, can typically originate from a number of sources. All feed-back mechanisms that provide assurances contribute to the overall picture on how well an organization is managing the delivery of its objectives and the risks that might jeopardize those objectives.
