Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
An IT Governance
JourneyApril 2018
Disclaimer: opinion being those of presenter(s) and not necessarily State Farm
Agenda
• Opportunities
• Getting Ready
• COBIT 5
• Application
• Benefits
• IT Governance Pattern
• Governance Considerations
• Where Are We Now
• ISACA Engagement
• Summary
• Questions
Opportunities
Challenges where consistent governance helps:
• Lacking a consistent governance structure to enable IT to achieve its goals
• Confusion of our workforce due to unclear direction on what is truly required
• Desire for alignment with industry best practices in governance of Enterprise IT
• Regulator engagements
Getting Ready
Assessment & Implementation Actions
• Assessment of environment for IT Capabilities. Formal
governance structure available?
• Reach out to other organizations to gather experiences.
• Leverage industry frameworks when possible such as
COBIT5.
• Design and Develop IT Governance Framework based
on industry framework. We will be discussing use of
COBIT5 (specifically EDM01).
• Proof Of Concepts to help refine approach.
• Ensure executive support of your framework
What Is COBIT5?
• A framework for the management
and governance of Enterprise IT.
• A “framework of frameworks”
leveraging content from other
sources such as ITIL, ISO, TOGAF
& PMBOK
• COBIT5 covers “end-to-end”
IT through 37 enabling
processes
Multiple Frameworks
Unified Framework
COBIT5 Process Reference Model
EDM01 – Governance Framework
“Analyze and articulate the requirements for the
governance of enterprise IT, and put in place and maintain
effective enabling structures, principles, processes and
practices, with clarity of responsibilities and authority to
achieve the enterprise’s mission, goals and objectives.”
*COBIT5 Enabling Processes, © 2012 ISACA. All Rights Reserved.
Application of EDM01 at State Farm
Leveraging EDM01, our IT Governance Framework…
• Enables governance within our Enterprise Technology
Department through a consistent framework of processes,
tools and decision rights, while establishing the rigor
needed to support the goals and objectives of the IT
Organization.
Benefits of Standardized Governance
• Reduces redundancy
• High-level accountability for the amount of governance
• Clarifies documentation
• Simplifies delivery and operations
Improved Efficiency
• Supports desired behaviors
Enhanced Quality
• Demonstrates adherence and compliance
Improved Confidence
Pattern for IT Governance
Governance Considerations
• Focus on development of a policy architecture that leverages
an industry framework such as COBIT5 and meets the needs
of your organization
• Final determination of what to govern will be based on
several factors, including risk mitigation and business value
and should ultimately be approved at the Executive level.
• Autonomy should exist for activities not selected for
governance. Allow teams to manage within their boundaries
of responsibility.
IT Governance
Key Risk Focus
Policy Architecture
Continued OCM
Where are we now?
• IT Governance Policy & Standards
Published
• Initial governance implementations
focused on key risk areas
• Policy Architecture developed and in
process of implementation
• Tooling / repository configuration
• Continued organizational change
management and enhancements in
partnership with ISACA
Configuration
ISACA Engagement
• We have been engaged with ISACA as a thought
partner in this governance journey.
• ISACA Consultant engagement through Mark
Thompson & Peter Tessin.
• Provided insight into governance in other IT
organizations.
• Direct feedback on our governance model,
recommendations for moving forward, additional
resources, use of their COBIT5 tools, etc
Summary
• IT Governance is a journey and not a destination
• Uniform and effective governance is possible through
COBIT5
• Focus should be on enabling the business to achieve
its goals through effective governance of IT
• Organizational Change Management is key
Questions