IT Governance PDF

IT Governance Information Technology Infrastructure Aryo Pinandito, ST, M.MT, Ph.D. Learning Outcomes Explain why organizations need IT governance Understanding the function and key IT resources Understand the three pillars of IT governance: organization, process, and technology Knowing that COBIT is one of IT governance frameworks available today What is IT Governance? The responsibility of executives an the board of directors, and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategy and objectives. (ITGI, 2005) Specifying the decision rights and accountability framework to encourage desirable behavior in the use of IT. (Weill & Woodham, 2002) What is IT Governance? IT governance is the organizational capacity exercised by the board, executive management and IT management to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT. (Van Grembergen, 2000) IT governance “should be an integral part of enterprise governance.” IT governances focus on achieving the link between business and IT and the primary responsibility of the board. Who is Responsible for IT Governance? Information Technology (IT) Governance is the responsibility Executive Management and the board of directors (BOD) and is a strong representation of the “tone from the top”. Many BODs now have an “IT Committee” The New Infrastructure Local IT Local IT Local IT for Business for Business for Business IT Portfolio Firm Information Technology combined with the publicinfrastructure, this layer New Infrastructure (customer databases, e-mail) builds up the new infrastructure Public Infrastructure links the firm to external industry infrastructures, such as internet, EDI networks, etc. which enables the firm to communicate and do business with customers, suppliers, partners, etc. Why IT Governance? Information technology (IT) has become pervasive in current dynamic and often turbulent business environments. In the past, business executives could delegate, ignore, or avoid IT decisions, this is now impossible in most sectors and industries Why IT Governance? Entering the information age by the Internet and WWW; people are moving from industrial- based economy paradigm to knowledge- based economy by the acquisition of science and technology Organizations now depend on IT to manage, develop, communicate intangible assets, e.g., information and knowledge. Why IT Governance? Success can only be achieved when information and knowledge is secure, accurate, reliable, and timely, provided by the support of technology Organization dependency of IT is bringing along with risks Errors, omissions, abuse, cyber crime, fraud. IT play a role in developing organizational strategy Why IT Governance? IT becomes a success factor for organization differentiation and competitive advantage IT improves the quality and quantity of valuable goods and services IT departments are changing from service provider to strategic partner Expensive IT investments Information Technology as… IT as a service provider IT as a strategic partner IT is for efficiency IT is for business growth Budgets are driven by external Budgets are driven by business benchmarks strategy IT is separable from the IT is inseparable from the business business IT is seen as an expense to IT is seen as an investment to control manage IT managers are technical IT managers are business experts problem solvers Layers of IT Governance Responsibility Copyright © 2008, IGI Global Corporate and Key Asset Governance Key Assets Human: people, skills, career paths, training, reporting, mentoring, competencies, etc. Financial: cash, investments, liabilities, cash flow, receivables, etc. Physical: buildings, plants, equipment, maintenance, security, utilization, etc. Intellectual property: product, service, copy- righted, etc. Information and IT: digitized data, information, knowledge (customer, process performance, finance, information system), etc. Relationship: brand, reputation, etc. Why is IT Governance Required/Recommended? Without effective IT Governance, risk exists that existing IT assets and capabilities may not meet the organization’s strategic, operational, or financial objectives, or that additional IT investments will not achieve their intended incremental benefits to the organization. The Institute of Internal Auditors (IIA) standard states that an IT governance review needs to be part of Internal Audit planned activities. COBIT emphasize the importance of IT Governance Focus Areas of IT Governance IT Resource IT governance is Management IT Value concerned: IT’s delivery Delivery of value to the business and mitigation of IT risks. The first is driven by IT Stakeholder Risk strategic alignment of IT Strategic Value Alignment Drivers Management with the business. The second is driven by embedding accountability into the enterprise. Performance Measurement Both need to be measured adequately. IT Governance Capabilities Strategic alignment, monitoring the linkage of business and IT plans; defining, maintaining and confirming the IT value proposition; and aligning IT operations with enterprise operations. Risk management, having a clear understanding for risk, understanding compliance requirements, providing transparency about significant risks to the enterprise and embedding risk management responsibilities into the organization. IT Governance Capabilities Value delivery, executing the value proposition throughout the delivery cycle; making sure that IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT. Performance management, tracking and monitoring, resource usage, process performance and service delivery. IT Governance Capabilities Resource management, optimizing investment in, and the proper management of critical IT resources: applications, information, infrastructure and people. IT Governance vs Corporate Governance Corporate governance is the system by which organizations are directed and controlled. As IT governance becomes an integral part of corporate governance, it falls under the responsibility of the board of directors IT Governance vs IT Management IT Governance vs IT Management IT management is focused on the effective and efficient internal supply of IT services and products and the management of present IT operations. IT governance, in turn, is much broader and concentrates on performing and transforming IT to meet present and future demands of the business (internal focus) and business customers (external focus). Governance vs Management What are the benefits of IT Governance ? Alignment of business and IT strategies. Greater efficiencies, increased support and reduced costs when implementing change. Effective risk management and regulatory compliance. Effective and efficient use of IT resources for asset utilization, and business growth and flexibility. What are the benefits of IT Governance ? Improved culture in adherence to company policies and procedures. Improved communication of the role of IT in achieving business results and the capability to meet business needs. Improved IT performance measurement capabilities. IT Governance In Organization Business Strategy Owner: Senior supports Executives drives IT Delivery IT Strategy Owner: CIO Owner: CIO, Steering committee authorizes IT Governance directs Owner: Steering committee/Key Business Stakeholders Typical Activities Business Strategy Business direction setting Strategic planning Growth/acquisition/divestiture strategies Geographic planning IT Strategy 3-5 year planning IT direction Applications, data, infrastructure, security, delivery strategy Typical Activities IT Governance Budgeting and planning Technology spending authorization Initiative approval Enforcement of technology standards IT Delivery Technical support Hardware/network management Data management Delivery/program management Operations management Completeness Classification of ITG Standards Broader View of IT Governance Agency Culture People Values Beliefs Behavior Bodies: Processes Executive Leadership Team IT Steering Committees Tools: IT Strategy, IT Policies, Data Governance, IS Controls Organizational Plans Technology IT Balanced Scorecard Service Level Oversight IT Governance Assessment Approach 1. Identify Key Contacts 6. Provide 2. Conduct Recommendations Interviews 5. Evaluate 3. Facilitate Maturity Level Discussion 4. Obtain Evidence COBIT Framework COBIT framework COBIT is a framework for the governance and management of enterprise information and technology, aimed at the whole enterprise. All the technology and information processing the enterprise puts in place to achieve its goals, regardless of where this happens in the enterprise. The COBIT framework makes a clear distinction between governance and management COBIT framework Governance ensures that: Stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives. Direction is set through prioritization and decision making. Performance and compliance are monitored against agreed-on direction and objectives. COBIT framework Management plans, builds, runs and monitors activities, in alignment with the direction set by the governance body, to achieve the enterprise objectives. Management is the responsibility of the executive management, under the leadership of the chief executive officer (CEO) What COBIT Does? Defines the components to build and sustain a governance system: processes, organizational structures, policies and procedures, information flows, culture and behaviors, skills, and infrastructure. Defines the design factors that should be considered by the enterprise to build a best-fit governance system. Addresses governance issues by grouping relevant governance components into governance and management objectives that can be managed to the required capability levels. What COBIT Does Not? COBIT is not a full description of the whole IT environment of an enterprise. COBIT is not a framework to organize business processes. COBIT is not an IT technical framework to manage all technology. COBIT does not make or prescribe any IT- related decisions. It does not decide what the best IT strategy is, what the best architecture is, or how much IT can or should cost. What COBIT Does Not? Rather, COBIT defines all the components that describe which decisions should be taken, and how and by whom they should be taken. COBIT Six Principles for a Governance System COBIT Six Principles for a Governance System Satisfy stakeholder needs and to generate value from the use of IT. Value reflects a balance among benefits, risk and resources, and enterprises need an actionable strategy and governance system to realize this value. Built from a number of components that can be of different types and that work together in a holistic way. COBIT Six Principles for a Governance System Dynamic, each time one or more of the design factors are changed (e.g., a change in strategy or technology), the impact of these changes on the (Enterprise Governance of IT) EGIT system must be considered. A dynamic view of EGIT will lead toward a viable and future-proof EGIT system. Clearly distinguish between governance and management activities and structures COBIT Six Principles for a Governance System Tailored to the enterprise’s needs, using a set of design factors as parameters to customize and prioritize the governance system components. Cover the enterprise end to end, focusing not only on the IT function but on all technology and information processing the enterprise puts in place to achieve its goals, regardless where the processing is located in the enterprise. COBIT Three Principles for a Governance Framework Three Principles for a Governance Framework Should be based on a conceptual model, identifying the key components and relationships among components, to maximize consistency and allow automation. Should be open and flexible. It should allow the addition of new content and the ability to address new issues in the most flexible way, while maintaining integrity and consistency. Should align to relevant major related standards, frameworks and regulations. Governance and Management Objectives The governance and management objectives in COBIT are grouped into five domains. The domains have names with verbs that express the key purpose and areas of activity of the objective contained in them. COBIT Domain Governance Objective Evaluate, Direct and Monitor (EDM) Management Objective Align, Plan and Organize (APO) Build, Acquire and Implement (BAI) Deliver, Service and Support (DSS) Monitor, Evaluate and Assess (MEA) COBIT Core Model Questions?

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue