Abstract:
This study examined the frameworks and practices for IT governance and compliance within
Management Information Systems (MIS) environments in Uasin Gishu County, employing a
mixed-methods approach. Quantitative surveys, utilizing Likert-scale questions, were distributed
to IT professionals and managers across diverse organizations, supplemented by qualitative semistructured interviews. The sample population of 75 ensured representation from various sectors
and maturity levels of IT governance frameworks. Data analysis involved statistical methods for
quantitative data and thematic analysis for qualitative insights. The findings indicated existing risk
management processes within MIS environments, albeit with areas for improvement such as
enhancing risk identification and mitigation, aligning with organizational objectives, and cultivating a risk-aware culture. Evaluation revealed varying levels of performance and efficiency in IT governance practices, suggesting opportunities for enhancing transparency, accountability, and stakeholder engagement. Recommendations included implementing thorough review processes for risk assessment documentation, enhancing the effectiveness of risk mitigation strategies, and improving the analysis of audit reports. The study underscored the importance of continuous evaluation and improvement in IT governance and compliance practices to align IT initiatives with organizational goals effectively.
