Chemnitz University of Technology Strategic IT Management PDF
Document Details
Chemnitz University of Technology
2024
Prof. Dr. Barbara Dinter
Tags
Summary
These lecture notes are from the Strategic IT Management course at Chemnitz University of Technology, covering IT Governance, particularly the COBIT framework and its application in the area of digital transformation. The document is from the winter semester 2024/25.
Full Transcript
Chemnitz University of Technology Department of Economics and Business Administration Chair of Business Information Systems – Business Process and Information Management...
Chemnitz University of Technology Department of Economics and Business Administration Chair of Business Information Systems – Business Process and Information Management Strategic IT Management 2. IT Governance and COBIT Winter Semester 2024/25 Prof. Dr. Barbara Dinter Web: http://www.tu-chemnitz.de/wirtschaft/wi1 Strategic IT Management ∙ Prof. Dr. Barbara Dinter © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I The right job for you: Part-time position at the Business Information Systems 1 Chair Tasks Skills Research Ability to work independently and in a Analysis of research data team Website maintenance Knowledge of web development Revision and support for teaching (HTML, PHP) is advantageous courses MS Office Language skills: German and English Link to position (German): https://www.tu-chemnitz.de/wirtschaft/wi1/stellenangebote/hiwi.html Strategic IT Management ∙ Prof. Dr. Barbara Dinter 2 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Literature ISO/IEC 38500:2015 (en) Information technology — Governance of IT for the organization (Link) Weill, Peter; Ross, Jeanne: IT Governance - How Top Performers Manage IT. Harvard Business School Press, Boston, 2004. (Link) COBIT 2019: Introduction & Methodology (Link) COBIT 2019: Governance & Management Objectives (Link) Secondary Literature Tiemeyer, Ernst: Enterpise IT-Governance - Unternehmensweite IT-Planung und zentrale IT-Steuerung in der Praxis. Carl Hanser Verlag, 2023 (Link) Yassine Maleh, Abdelkebir Sahid, Mustapha Belaissaoui: Strategic IT Governance and Performance Frameworks in Large Organizations, IGI Global, 2019 (Link) Strategic IT Management ∙ Prof. Dr. Barbara Dinter 3 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Today’s lecture: IT governance and COBIT IT governance Introduction Understanding according to Weill and Ross IT governance & digital transformation COBIT Overview Implementation Reading COBIT 2019 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 4 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Corporate governance Describes a system of rules, practices, and processes by which an organization is directed and controlled for balancing the interests of all stakeholders of the organization - in particular between the management and the shareholders - in order to gain a long-term added value Or: a system by which corporations are directed and controlled (ISO/IEC 38500:2015(en) Information technology — Governance of IT for the organization) Understanding of corporate governance is rather homogeneous and also written down in (international) standards Goals: Transparency of internal processes Enhancement of internal- and trans-organizational control mechanisms Better quality of business processes and financial reports Strategic IT Management ∙ Prof. Dr. Barbara Dinter 5 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I IT governance (1) IT governance is the IT related subset of corporate governance Belongs to the managerial tasks of the IT management and corporate management to ensure a corporate strategy compliant and effective control and use of IT The design of appropriate organizational structures and IT processes is supposed to support the economic usage of IT in consideration of potential risks IT governance specifies the scope of action through goals, processes and responsibilities, closely supervised by the executive and senior management Strategic IT Management ∙ Prof. Dr. Barbara Dinter 6 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I IT governance (2) Decision fields: Determining the role of the IT in the organization Alignment of business and IT strategy Requirements and risk management IT product and service portfolio Regulation of responsibilities and guidelines Development of IT enterprise architecture Controlling and auditing the performance of the IT Reference models and best practices standards (e.g. COBIT, see below) support the implementation Strategic IT Management ∙ Prof. Dr. Barbara Dinter 7 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I IT governance Understanding according to Weill and Ross (1) „Specifying the decision rights and accountability framework for encouraging desirable behaviors in the use of IT“ Therefore, IT governance is a system of decision rights and responsibilities, which determines who makes the fundamental decisions regarding IT, who participates in the decision making processes, and how the participating stakeholders will be held accountable for the completion of their roles It encompasses the aspects of organizational structures and processes, which are responsible for making and enforcing the fundamental IT decisions The aspect of the "desirable behavior" illustrates the relevance of business / IT alignment as a driver of IT governance Exhibits an IT governance understanding which is less focused on control - unlike COBIT (cf. below) control objectives and indicators are not part of the IT governance Source: Weill/Ross, 2004. Strategic IT Management ∙ Prof. Dr. Barbara Dinter 8 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I IT governance Understanding according to Weill and Ross (2) The decisions that have to be made in the context of IT governance, cover five aspects: 1. (Abstract) principles for the IT, that sketch in which way IT shall support the business and that define the fundamental rules for IT in the enterprise 2. Architecture decisions that describe guidelines for the logical and technical structure of the system architecture and the integration of the subsystems 3. Infrastructure decisions that define shared, central IT services 4. Business requirements that capture the requirements of the business units for IT applications 5. Investment decisions that define the scope, focus, and the prioritization rules for IT projects. Source: Weill/Ross, 2004. Strategic IT Management ∙ Prof. Dr. Barbara Dinter 9 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I IT governance and the challenge of the digital transformation Digital transformation: Leveraging of digital technologies (such as social media, mobile access, analytics or embedded devices) to enable key business improvements, like enhancing the customer experience, streamlining processes or creating new business models Typically involves a company-wide digital (transformation) strategy A new field of IT governance is emerging: digital transformation governance To navigate the digital transformation, align it with the corporate goals and assign responsibilities. Many new roles are established, responsible for different aspects of strategic or IT-related corporate change Central role for the digital transformation: Chief Digital Officer (CDO) Source: Singh, Anna; Hess, Thomas: How Chief Digital Officers Promote the Digital Transformation of their Companies. MIS Quarterly Executive, 16(1), p.1-17, 2017; Chanias, Simon; Myers, Michael D.; Hess, Thomas. Digital transformation strategy making in pre-digital organizations: The case of a financial services provider. Journal of Strategic Information Systems, p. 1–17, 2018 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 10 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Today’s lecture: IT governance and COBIT IT governance Introduction Understanding according to Weill and Ross IT governance & digital transformation COBIT Overview Implementation Reading COBIT 2019 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 11 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Overview COBIT 2019 (1) Motivation; Companies manage increasing amounts of data and processes Without proper governance, companies are more prone to errors COBIT used to stand for Control Objectives for Information and Related Technology Framework for directing and monitoring Information and Technology (I&T) Integrates multiple standards and frameworks General objective Creation of business value from I&T-enabled business investments, by implementing an I&T governance system Or: Satisfying stakeholder needs, by implementing an I&T governance system Strategic IT Management ∙ Prof. Dr. Barbara Dinter 12 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Overview COBIT 2019 (2) Main idea: tasks of IT management are COBIT 2019 Core structured via control objectives and processes Reference Model Governance & Management COBIT includes: Objectives Goals Cascade Governance and Management Objectives Tailoring to the Governance System Components Organization Stakeholders Information Criteria Output Tailored IT Governance System Strategic IT Management ∙ Prof. Dr. Barbara Dinter 13 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Goals cascading according to COBIT 2019 Stakeholder Drivers and Needs Balancing benefits, risk and resources to realize business value creation Stakeholder Drivers and 13 Enterprise Goals Needs Ex.: EG07 – Quality of management information Cascade to Enterprise Goals 13 Alignment Goals Ex.: AG10 – Quality of I&T management Alignment information Cascade to Goals Links Enterprise Goals and Governance and Management Objectives Governance 40 Governance and Management Objectives Cascade to and Management Objectives Ex.: ME01 – Managed performance and conformance monitoring Source: ISACA, COBIT 2019 Framework – Introduction and Methodology, p.28 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 14 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Governance and Management Objectives Evaluate, direct & monitor Governance (5 objectives) Domain Align, plan & Management organize Domain (14 objectives) Build, acquire & implement (11 objectives) Deliver, service & support (6 objectives) Monitor, evaluate & assess (4 objectives) Total number of objectives: 40 Source: ISACA, COBIT 2019 Framework – Introduction and Methodology, p.21 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 15 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I The Governance System Components (1) Governance Systems role is to satisfy governance and Processes management objectives Services, Organiza- Infrastructure tional and Example: Applications Structures MEA01 (Managed Performance and Conformance Monitoring) Governance requires: People, System Principles, 5 processes Skills and Policies, Competen- Procedures 11 organizational structures cies 2 policy recommendation 15 input information objects Culture, 1 cultural recommendation Ethics and Information Behaviour 3 skill recommendation 2 recommended applications Source: ISACA, COBIT 2019 Framework – Introduction and Methodology, p.22 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 16 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I The Governance System (2) (our interpretation) Principles, Culture, Ethics Policies, and Behaviour Procedures Organizational People, Skills Structures and Competencies M&G Objectives Processes Services, Infrastructure Information and Applications Strategic IT Management ∙ Prof. Dr. Barbara Dinter 17 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Stakeholders Figure 2.1 - COBIT Stakeholders Stakeholder Benefit of COBIT Internal Stakeholders Boards Provides insights on how to get value from the use of I&T and explains relevant board responsibilities Executive Management Provides guidance on how to organize and monitor performance of I&T across the enterprise Business Managers Helps to understand how to obtain the I&T solutions enterprises require and how best to exploit new technology for new strategic opportunities IT Managers Provides guidance on how best to build and structure the IT department, manage performance of IT, run an efficient and effective IT operation, control IT costs, align IT strategy to business priorities, etc. Assurance Providers Helps to manage dependency on external service providers, get assurance over IT, and ensure the existence of an effective and efficient system of internal controls Risk Management Helps to ensure the identification and management of all IT-related risk External Stakeholders Regulators Helps to ensure the enterprise is compliant with applicable rules and regulations and has the right governance system in place to manage and sustain compliance Business Partners Helps to ensure that a business partner's operations are secure, reliable and compliant with applicable rules and regulations IT Vendors Helps to ensure that an IT vendor's operations are secure, reliable and compliant with applicable rules and regulations Source: ISACA, COBIT 2019 Framework – Introduction and Methodology, p.15 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 18 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Information criteria To satisfy business objectives, information needs to conform to certain criteria, which COBIT refers to as quality criteria for information Information has to be Intrinsic Contextual Secure/Private/Accessible Source: ISACA, COBIT 2019 Framework – Introduction and Methodology, p.42 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 19 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Today’s lecture: IT governance and COBIT IT governance Introduction Understanding according to Weill and Ross IT governance & digital transformation COBIT Overview Implementation Reading COBIT 2019 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 20 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Components of COBIT 2019 Main books (1) COBIT 2019 – Introduction & Methodology (2) COBIT 2019 – Governance & Management Objectives (3) COBIT 2019 – Implementation Guide (4) COBIT 2019 – Design Guide (Exkurs) Focus Areas (1) COBIT for Small and Medium Enterprises Using COBIT 2019 (2) COBIT Focus Area: DevOps (3) COBIT Focus Area: Information and Technology Risk (4) COBIT Focus Area: Information Security Strategic IT Management ∙ Prof. Dr. Barbara Dinter 21 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Overview COBIT 2019 Source: ISACA. COBIT 2019 Framework – Governance and Management Objectives, p.10 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 22 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Governance system implementation (1) COBIT 2019 consists of 40 Governance and Management Objectives Each process always addresses one objective Hard to implement all objectives How do we choose the process to implement first? Defining focus areas – issues, domains or topics that the governance system should address SME Cybersecurity Digital transformation Cloud computing DevOps Focus areas are “virtually unlimited” Source: ISACA, COBIT 2019 Framework – Introduction and Methodology, p.22 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 23 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Governance System implementation (2) Design factors influence the design of an enterprise’s governance system More similar to enablers and limitations of the governance system than focus areas Design factors Enterprise: strategy, goals and size Risk: risk profiles, threat landscape Information & Technology: issues, roles, sourcing model, adoption strategy and implementation methods Compliance to regulation Source: ISACA, COBIT 2019 Framework – Introduction and Methodology, p.23 - 27 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 24 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Today’s lecture: IT governance and COBIT IT governance Introduction Understanding according to Weill and Ross IT governance & digital transformation COBIT Overview Implementation Reading COBIT 2019 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 25 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I The COBIT Core Model The COBIT Core Model consists of Governance and Management Objectives, that are viewed through and detailed with governance system components Governance System Components Display of: Governance and Management Objectives Governance Display of Applicable Enterprise and Alignment Goals System Goals Process Components Organizational Structure Components Information Flows and Item Components People, Skills and Competencies Components Governance Principles, Policies and Procedure Components System Culture Ethics and Behaviour Components Service, Infrastructure and Application Components Source: ISACA. COBIT 2019 Framework – Governance and Management Objectives, p.12 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 26 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Display of Governance and Management Objectives Includes a domain name, description and purpose of the governance or management objective The focus area refers to the COBIT publication (in this case the COBIT Core Model) Source: ISACA. COBIT 2019 Framework – Governance and Management Objectives, p.99 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 27 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Goals Cascade Describes the relation between governance and management objectives, alignment goals, and enterprise goals An overview of every relation is given in the appendix of the COBIT Core Model Source: ISACA. COBIT 2019 Framework – Governance and Management Objectives, p.99 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 28 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Processes (1) Each governance and management objective includes management practices Each management practice is described through: Example Metrics Activities in relation to the capabilities of the enterprise References to other process standards Source: ISACA. COBIT 2019 Framework – Governance and Management Objectives, p.100 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 29 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Processes (2) Each governance and management objective includes management practices Each management practice is described through: Example Metrics Activities in relation to the capabilities of the enterprise References to other process standards Source: ISACA. COBIT 2019 Framework – Governance and Management Objectives, p.101 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 30 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Organizational Structure Organizational structures are described through RACI Charts Details which organizational structure is either responsible, accountable, consulted or informed in each sub-activity (practice) of a process Source: ISACA. COBIT 2019 Framework – Governance and Management Objectives, p.102 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 31 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Information Flows and Items References outputs from other processes that are required to implement the process Does not reference every process that receives the output (a separate table is included, that details the references) Source: ISACA. COBIT 2019 Framework – Governance and Management Objectives, p.103 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 32 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I People, Skills and Competencies The people, skills and competencies governance component focuses on pinpointing the human resources and skill sets necessary to attain the governance and management objectives COBIT 2019 based this guidance on the Skills Framework for the Information Age (SFIA version 6) Source: ISACA. COBIT 2019 Framework – Governance and Management Objectives, p.104 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 33 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Principles, Policies and Procedures Offers instructions regarding principles, policies, and procedures that relevant to the governance or management objective Source: ISACA. COBIT 2019 Framework – Governance and Management Objectives, p.105 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 34 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Culture, Ethics and Behaviour The governance component on culture, ethics and behavior offers instructions on desired cultural elements within the organization that foster the achievement of a governance or management objective References to other standards and additional guidance are included Source: ISACA. COBIT 2019 Framework – Governance and Management Objectives, p.105 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 35 © TU Chemnitz Chemnitz University of Technology Chair of Business Information Systems I Services, Infrastructure and Applications The services, infrastructure and applications governance component provides information on third-party services, types of infrastructure and categories of applications that can be applied to support the achievement of a governance or management objective Guidance is predominantly generic Source: ISACA. COBIT 2019 Framework – Governance and Management Objectives, p.105 Strategic IT Management ∙ Prof. Dr. Barbara Dinter 36 © TU Chemnitz