Post on 17-Nov-2014
description
S T A R TS T A R T
IT GOVERNANCE& MANAGEMENT
TOOLS & TECHNIQUES FOR
RICHARD WILLIS
BACKGROUNDINFORMATION
I T G OV E R N A N C E & M A N AG E M E N T
• Examples of well-known IT failures– Virgin Blue– National Australia Bank– Commonwealth Bank of Australia
• Necessity for a comprehensive IT governance model
• Common frameworks and standards for IT operations– ITIL– COBIT– ISO/IEC 38500:2008– ISO/IEC 27001– CMMI– Balanced Scorecard– Six Sigma
BACKGROUNDINFORMATION
CORPORATEGOVERNANCE
I T G OV E R N A N C E & M A N AG E M E N T
CORPORATEGOVERNANCE
• UTS Centre for Corporate Governance:“Corporate governance is the system by which business corporations are directed and controlled.”
• Corporate management vs. governance
Adapted from Tricker (2009)
INFORMATIONTECHNOLOGYGOVERNANCE
I T G OV E R N A N C E & M A N AG E M E N T
INFORMATION TECHNOLOGYGOVERNANCE
• IT Governance Institute definition:“IT Governance is the responsibility of the Board of Directors and the Executive Management”
• Key IT Governance Functions– IT governance is about “who is entitled to make major decisions”– IT governance is about “who has input”– IT governance is about: “who is accountable for implementing those
decisions”– IT governance is different from IT management
I T G OV E R N A N C E & M A N AG E M E N T
INFORMATION TECHNOLOGYGOVERNANCE
I T G OV E R N A N C E & M A N AG E M E N T
INFORMATION TECHNOLOGYGOVERNANCE
Source: Henderson and Venkatraman (1993)
IT GOVERNANCEVS.
IT MANAGEMENT
I T G OV E R N A N C E & M A N AG E M E N T
IT GOVERNANCE VS.IT MANAGEMENT
• IT governance– Primarily concerned with facilitating (strategic) decision making– Organisation specific and cannot be delegated to the market
• IT service management– More focused on the operational excellence of the IT function – Focused on the effective and efficient internal supply of IT services and
products– Focused on the management of present IT operations– Elements can be commissioned to an external provider
I T G OV E R N A N C E & M A N AG E M E N T
IT GOVERNANCE VS.IT MANAGEMENT
BusinessOrientation
Time Orientation
External
Internal
Present Future
IT Management
IT Governance
IT GOVERNANCE &
CORPORATE GOVERNANCE
I T G OV E R N A N C E & M A N AG E M E N T
IT GOVERNANCE &CORPORATE GOVERNANCE
• IT departments as strategic partners:– No longer just an expense– A tool for increasing business
• IT departments…– First emerged in 1993– Deal primarily with the relationship between strategic objectives and IT
management
I T G OV E R N A N C E & M A N AG E M E N T
IT GOVERNANCE &CORPORATE GOVERNANCE
Corporate/Business Unit Governance
Director Protection
Board EvaluationDirector RemunerationDirector Development
Director Selection & Induction
Strategy CEOMonitoringRisk ManagementCompliancePolicy FrameworkNetworkingStakeholder CommunicationDecision Making
Board Structure
Role of the BoardRole of Individual Directors
Role of the Chair
Role of the Company Secretary
Role of the CEO
Board Meetings
Board Meeting AgendaBoard Papers
Board Minutes
The Board CalendarCommittees
DefiningGovernance Roles
EffectiveGovernance
Improving BoardProcesses
Key BoardFunctions
®
Human Resource Governance
Roles Functions
• Board• Directors• CEO• CFO• CHRO• Project Manager• HR Staff
• Strategy• Risk
Management and Compliance
• Value Delivery• Monitoring and
Reporting• Stakeholder
Communication• Decision Making
OperationsGovernance
Roles Functions
• Board• Directors• CEO• CFO• COO• Project Manager• Operations Staff
• Strategy• Risk
Management and Compliance
• Value Delivery• Monitoring and
Reporting• Stakeholder
Communication• Decision Making
IT Governance
Roles Functions
• Board• Directors• CEO• CFO• CIO• Project Manager• IT Staff
• Strategy• Risk
Management and Compliance
• Value Delivery• Monitoring and
Reporting• Stakeholder
Communication• Decision Making
Financial Governance
Roles Functions
• Board• Directors• CEO• CFO• Project Manager• Finance Staff
• Strategy• Risk
Management and Compliance
• Value Delivery• Monitoring and
Reporting• Stakeholder
Communication• Decision Making
1
Source: Effective Governance Pty Ltd (2010)
WHY ADOPT ITGOVERNANCE?
I T G OV E R N A N C E & M A N AG E M E N T
WHY ADOPT ITGOVERNANCE?
• IT Governance increases profit margins, raises market capitalisation, enhances shareholder returns.– Companies with above average IT Governance are 20% more profitable– Investors pay 14%-22% more for well-run, well-governed– Top-rated Corporate Governance companies return more than triple to
investors
• Problems with IT Governance– Often confused with good management practices and IT control frameworks– More important to be focused on value and performance than on risk and
compliance
I T G OV E R N A N C E & M A N AG E M E N T
WHY ADOPT ITGOVERNANCE
• Tools to guide the governance of IT functions– ISO/IEC 38500:2008– COBIT– ITIL– ISO/IEC 27001– CMMI– TickIT– Balanced Scorecard– Six Sigma– TOGAF
COBITCONTROL OBJECTIVES FOR INFORMATION
AND RELATED TECHNOLOGIES
I T G OV E R N A N C E & M A N AG E M E N T
COBITC O N T R O L O B J E C T I V E S F O R I N F O R M A T I O N A N D R E L A T E D T E C H N O L O G I E S
• A set of best practices (framework) for IT management
• Created in 1996 by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI)
• Provides a high-level, comprehensive IT governance and control framework
• COBIT consists of three main parts: – Control framework– Management guideline – Implementation toolset
• COBIT awareness exceeds 50%; adoption and use is around 30%
ISO/IEC 38500:2008
CORPORATE GOVERNANCE OF INFORMATION TECHNOLOGY
I T G OV E R N A N C E & M A N AG E M E N T
ISO/IEC 38500:2008 C O R P O R A T E G O V E R N A N C E O F I N F O R M A T I O N T E C H N O L O G Y
• The ISO/IEC 38500:2008 standard provides a framework, vocabulary and six principles for good ICT governance – Responsibility - establish clearly understood responsibilities for ICT
management
– Strategy - plan ICT to best support the organisation’s strategy;
– Acquisition - acquire ICT for valid reasons
– Performance - ensure that ICT performs well, whenever required
– Conformance - ensure ICT conforms with legislation and policies
– Human behaviour - ensure ICT respects human factors
I T G OV E R N A N C E & M A N AG E M E N T
ISO/IEC 38500:2008 C O R P O R A T E G O V E R N A N C E O F I N F O R M A T I O N T E C H N O L O G Y
• Directors should govern IT through three main tasks– Evaluate the current and future use of IT;– Direct preparation and implementation of plans and policies – Monitor conformance to policies, and performance against the plans
I T G OV E R N A N C E & M A N AG E M E N T
ISO/IEC 38500:2008 C O R P O R A T E G O V E R N A N C E O F I N F O R M A T I O N T E C H N O L O G Y
Model for Corporate Governance of IT
Six Sigma can be applied
ISO/IEC 38500:2008
ITILINFORMATION TECHNOLOGY
INFRASTRUCTURELIBRARY
I T G OV E R N A N C E & M A N AG E M E N T
ITILI N F O R M A T I O N T E C H N O L O G Y I N F R A S T R U C T U R E L I B R A R Y
• A public framework that describes Best Practice in IT service management
• Most widely accepted approach to IT service management in the world
• Key improvement to ITIL V3: Addition of the Continual Service Improvement (CSI) Process
I T G OV E R N A N C E & M A N AG E M E N T
ITILI N F O R M A T I O N T E C H N O L O G Y I N F R A S T R U C T U R E L I B R A R Y
• The 5 processes– Continual Service Improvement (CSI)– Service Strategy– Service Design– Service Transition– Service Operation
• Continual Service Improvement (CSI): 3 key processes for effective implementation of continual improvement– The 7-Step Improvement Process– Service Measurement– Service Reporting
I T G OV E R N A N C E & M A N AG E M E N T
ITILI N F O R M A T I O N T E C H N O L O G Y I N F R A S T R U C T U R E L I B R A R Y
• The 7 Steps– Step 1 - Define what you should measure – Step 2 - Define what you can measure – Step 3 - Gather the data – Step 4 - Process the data – Step 5 - Analyse the data– Step 6 - Present and use the Information– Step 7- Implement corrective action
IT GOVERNANCEMATURITY
I T G OV E R N A N C E & M A N AG E M E N T
IT GOVERNANCEMATURITY
• With formal processes and structures – such as an IT strategy and steering groups – the organisation can better: – align IT strategy with the business strategy
– transform high level strategic goals into actual IT projects
– establish procedures for prioritising IT projects that are understood and supported by all senior managers
I T G OV E R N A N C E & M A N AG E M E N T
IT GOVERNANCEMATURITY
IT Governance Maturity LevelsSource: Control Objectives for Information and related Technology (COBIT)
GOVERNANCE &MANAGEMENT TOOLS
I T G OV E R N A N C E & M A N AG E M E N T
GOVERNANCE &MANAGEMENT TOOLS
• Many tools can be used separately and together
• Some tools are more suited to governance, some more to management
• Requirement is to develop a framework that integrates both IT governance and management into the wider business
CONCLUSIONS
I T G OV E R N A N C E & M A N AG E M E N T
CONCLUSIONS
• IT is now a regular agenda item for corporate boards
• IT governance is a component of corporate governance
• Major difference between IT management and governance:– IT management is internally and present time focused,
– IT governance is externally focused and future orientated
I T G OV E R N A N C E & M A N AG E M E N T
CONCLUSIONS
• Implications: IT is no longer just a tool, it is an organisation’s life blood
• Limitations: BSC tends to be broad brush tool for strategy, whereas a surgical tool is needed for IT governance
• Future directions– Develop an IT Governance Maturity Model (ITMM) based on the
standard 5 steps of CMMI– ITMM would allow the classification of the management tools to
determine its position on the life cycle of IT governance– Evaluate ITMM across various industry types, sizes and locations to
allow organisations to determine their relative maturity when benchmarked against similar entities
S T A R TE N D O F S H O W