Embed Size (px)
DESCRIPTION
Citation preview
1
IT Governance and IT Standards
Presenter: John Bentley
2
IT Governance• A structure of relationships and processes to direct and control the
enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes
– www.austin.cc.tx.us/audit/Glossary/LetterI.htm • “Specifying the decision rights and accountability framework to encourage
desirable behaviour in the use of IT”– Source: Weill, P. & Ross, J. W., 2004, "IT Governance: How Top Performers
Manage IT Decision Rights for Superior Results", Harvard Business School Press, Boston.
• “IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.”
– Source: IT Governance Institute 2003, "Board Briefing on IT Governance, 2nd Edition". Retrieved January 18, 2006 from http://www.isaca.org/Content/ContentGroups/ITGI3/Resources1/Board_Briefing_on_IT_Governance/26904_Board_Briefing_final.pdf
3
IT Governance Focus Areas
• Strategic alignment
• Value delivery
• Resource management
• Risk Management
• Performance measurement
Source: COBIT 4.0, IT Governance Institute, p.6
4
Frameworks & Standards
• Capability Maturity Measurement I (CMMI) • Control Objectives for IT (CobiT)• COSO • ISO 17799 • IT Infrastructure Library (ITIL) – ISO20000• National Institute of Standards & Technology (NIST) • Standard of Good Practice (SoGP)• Prince2 • ISO9000x• Application Services Library (ASL)
Source: https://www.bit-map.com/inno/text.php/request/links
5
Management Methodologies
• Six Sigma• Balanced Scorecard• ITServiceCMM• Business Service Management …
• 250+ Management methods, models and theories see:– http://www.valuebasedmanagement.net/
6
IT Governance – COSO & COBIT
• COSO– The Committee of Sponsoring Organisations of the
Treadway Commission's Internal Control - Integrated Framework (COSO)
– Risk management framework
• COBIT– Control Objectives for Information and related
Technology – Now 3rd Edition– identifies 34 information technology (IT) processes, – a high-level approach to control over the 34 processes
7
COBIT
• COBIT – Control Objectives for Information and related Technology
• International open standard of good practices for IT governance, security, and control
• Produces a verifiable audit of IT processes across the enterprise that can be used both internally and by external audtiors.
• COBIT provides a means of achieving IT governance• COBIT features 34 high-level control objectives and 318
detailed control objectives that keep IT's operations in line with the business goals of maximizing security and profitability and minimizing risks
Source: Amis, R, (2006), Introducing COBIT, IT Manager's Journal, Marchhttp://management.itmanagersjournal.com/print.pl?sid=06/03/13/1845239
8
Benefits of the COBIT Framework
• Time and Money– accumulated experience of hundreds of IT professionals,
auditors, and business managers, and available at no cost– saves the investment of developing these practices
independently
• Complies with international standards and Sarbanes-Oxley
• Public availability– ability to share the control guidances and auditing process
information available in the COBIT framework and the experience of using them in your own configurations with other organizations, in users' groups, in professional journals, or in books or via the Internet.
Source: Amis, R, (2006), Introducing COBIT, IT Manager's Journal, Marchhttp://management.itmanagersjournal.com/print.pl?sid=06/03/13/1845239
9http://www.isaca.org/Content/ContentGroups/Member_Content/Journal1/20044/IT_Governance_Hands-on_Using_C_small_OBI_small_T_to_Implement_IT_Governance.htm
10
11
12
13
14
Sources
• IT Governance Institute– http://www.itgi.org/
• ITSM Portal– http://en.itsmportal.net/
• OGC – Office for Government Computing– http://www.ogc.gov.uk/index.asp?id=2261
• COBIT is available for download at ISACA.org
