IT governance by Erik Guldentops

eg_19092012 page 1 of 27

Erik

Guldentops IT Governance Briefing

IT Governance “How to deal with IT Value and IT Risk”

19-21 September Ghent Belgium

Erik Guldentops Lecturer Antwerp Management School

eg_19092012 page 2 of 27

Erik


Risk and Value

Enterprise Governance of IT

Five domains but really only two subjects

Strategic alignment Defining with the businsess how to achieve value while mitigating risk

Performance Mngnt Measuring how desired value is achieved and risk contained

Resource Mngnt Acquiring and maintaining all that is necessary to achieve value and contain risk

eg_19092012 page 3 of 27

Erik


eg_&9092012 pg 4 of 27

Erik


Translate strategy into action • Increase automation (make the business

effective) • Decrease cost (make the enterprise efficient) • Manage risks (security, reliability & compliance)

Set Objectives • IT is aligned with the business • IT enables the business and maximises benefits • IT resources are used responsibly • IT-related risks are managed appropriately

Translate direction into

strategy

Measure and report

performance

Provide direction

Evaluate performance

IT GOVERNANCE

IT MANAGEMENT

IT Governance vs. IT Management

eg_&9092012 pg 5 of 27

Erik


Enterprise Governance of IT

Board

Executive

Line Management

eg_&9092012 pg 6 of 27

Erik


Are the engines of IT Governance

Portfolio

• Programmes

• Services

• Resources

What are we doing about it?

Business Cases

Where do we want to be?

Objectives

Strategy

•Delivery Performance

•Service Quality

•Resource Utilisation

•Benefits Realisation

•Risk Reduction

Scorecards

How do we know we are

progressing?

Implementing Enterprise

Governance of IT

eg_&9092012 pg 7 of 27

Erik


Responsibility & Accountability

Goals Activities

Outputs

Performance

WHAT

HOW

?

?

Metrics

Metrics

Inputs


Governance of IT

needs a process structure

eg_&9092012 pg 8 of 27

Erik


BUSINESS OBJECTIVES AND

GOVERNANCE OBJECTIVES

Efficiency

Applications

Information

Infrastructure

People

DELIVER

AND

SUPPORT

MONITOR

AND

EVALUATE

ACQUIRE

AND

IMPLEMENT

INFORMATION

IT

RESOURCES

Effectiveness

Confidentiality

Integrity

Availability

Compliance

DS1 Define and manage service levels.

DS2 Manage third-party services.

DS3 Manage performance and

capacity.

DS4 Ensure continuous service.

DS5 Ensure systems security.

DS6 Identify and allocate costs.

DS7 Educate and train users.

DS8 Manage the service desk and

incidents.

DS9 Manage the configuration.

DS10 Manage problems.

DS11 Manage data.

DS12 Manage the physical environment.

DS13 Manage operations.

ME1 Monitor and evaluate IT

performance.

ME2 Monitor and evaluate internal

control.

ME3 Ensure compliance with external

requirements.

ME4 Provide IT governance.

PO1 Define a strategic IT plan.

PO2 Define the information

architecture.

PO3 Determine technological direction.

PO4 Define the IT processes,

organization, and relationships.

PO5 Manage the IT investment.

PO6 Communicate management aims

and direction.

PO7 Manage IT human resources.

PO8 Manage quality.

PO9 Assess and manage IT risks.

PO10 Manage projects.

AI1 Identify automated solutions.

AI2 Acquire and maintain application

software.

AI3 Acquire and maintain technology

infrastructure.

AI4 Enable operation and use.

AI5 Procure IT resources.

AI6 Manage changes.

AI7 Install and accredit solutions and

change.

PLAN

AND

ORGANIZE

Reliability

COBIT

Implementing Enterprise Governance of IT

eg_&9092012 pg 9 of 27

Erik


www.isaca.org


Governance of IT

eg_19092012 page 10 of 27

Erik


CobiT can be overwhelming

eg_19092012 page 11 of 27

Erik


CobiT can be overwhelming

eg_&9092012 pg 12 of 27

Erik


CobiT QuickStart for Small and Medium Sized Enterprised

One objective Four practices Three critical success factors Two metrics A simple progress measure

eg_&9092012 pg 13 of 27

Erik


Suitability Assessment

Span of control Communications path IT Sophistication IT Strategic Importance IT Expenditure Segregation

Sanity Check

Risk Liabilities

Compliance Past Problems Future Needs

Required Expertise

CobiT QuickStart

Applicable to whom?

eg_&9092012 pg 14 of 27

Erik


IT Governance Service Delivery Information Security

CIO

CISO What did 70 CIO’s say about IT Frameworks ?

CobiT ITIL ISO27001 CIONet Survey, Sep 2011

eg_&9092012 pg 15 of 27

Erik


Why implement an IT Governance Framework?

CIONet Survey, Sep 2011

eg_&9092012 pg 16 of 27

Erik


EF

FIC

IEN

CY

Improved enterprise processes

Extended staff capabilities

EFFE

CTI

VEN

ESS

Better service delivery

Faster solution delivery

Increased innovation

RIS

K

Reduced risk expected

actual

What were the expected and actual benefits?


eg_&9092012 pg 17 of 27

Erik


How did they measure benefits?


eg_&9092012 pg 18 of 27

Erik


•Define a strategic IT plan

•Manage the IT investment

•Communicate management aims and direction

•Assess and manage IT risks

• Identify automated solutions

•Acquire & maintain applications and infrastructure

• Portfolio and investment management

•Align the IT strategy to the business strategy

• Provide service offerings and service levels in line with business reqrmnts

•Acquire, develop and maintain IT skills that respond to the IT strategy

• Ensure that IT demonstrates continuous improvement and readiness for future change

•Cost optimisation of service delivery and business processes

•Obtain reliable and useful information for strategic decision-making

• Improve and maintain business process functionality and operational productivity

• Enable and manage business change

IT

P

RO

CES

S

IT

GO

AL

BU

SIN

ES

S

GO

AL

Relationship IT Governance Practices and Benefits

IT Governance Institue, Sep 2008

Clustered Correlations

eg_&9092012 pg 19 of 27

Erik


• Common language and common framework • Higher maturity • Better organisation • More useful management information • “IT really works”

• Complexity • Less results than expected • High learning curve managers • Bogged down in details/paperwork • High level of senior management support required

IT Governance Implementation: Lessons Learned


eg_&9092012 pg 20 of 27

Erik


IT Governance Implementation: Lessons Learned

Adoption of frameworks is not a simple nor self-contained project

with measured costs. It is a gradual shift and inter-relates with many

other initiatives.

eg_&9092012 pg 21 of 27

Erik


Some notes on Risk and Value


eg_&9092012 pg 22 of 27

Erik


Some notes on Risk and Value

For both riskand value, accept uncertainty and deal with it!

eg_&9092012 pg 23 of 27

Erik


IT Value Research

eg_&9092012 pg 24 of 27

Erik


IT Value Research

eg_&9092012 pg 25 of 27

Erik


www.isaca.org

eg_&9092012 pg 26 of 27

Erik


+8% +20%1

+2% 0

Man

ag

em

en

t P

racti

ces S

co

re

+

- Intensity of IT deployment +

75th percentile and above




In October 2006 Mc Kinsey and the London School of Economics measured the increase in productivity from investments in IT

versus investments in management practices in 100 enterprises.

So what is the ROI on IT Governance Practices?

eg_19092012 page 27 of 27

Erik


IT Governance “How to deal with IT Value and IT Risk”

19-21 September Ghent Belgium

Erik Guldentops Lecturer Antwerp Management School

IT governance by Erik Guldentops

Business

Transcript of IT governance by Erik Guldentops