IT governance by Erik Guldentops
-
Upload
confenis-2012 -
Category
Business
-
view
1.320 -
download
2
description
Transcript of IT governance by Erik Guldentops
eg_19092012 page 1 of 27
Erik
Guldentops IT Governance Briefing
IT Governance “How to deal with IT Value and IT Risk”
19-21 September Ghent Belgium
Erik Guldentops Lecturer Antwerp Management School
eg_19092012 page 2 of 27
Erik
Guldentops IT Governance Briefing
Risk and Value
Enterprise Governance of IT
Five domains but really only two subjects
Strategic alignment Defining with the businsess how to achieve value while mitigating risk
Performance Mngnt Measuring how desired value is achieved and risk contained
Resource Mngnt Acquiring and maintaining all that is necessary to achieve value and contain risk
eg_19092012 page 3 of 27
Erik
Guldentops IT Governance Briefing
eg_&9092012 pg 4 of 27
Erik
Guldentops IT Governance Briefing
Translate strategy into action • Increase automation (make the business
effective) • Decrease cost (make the enterprise efficient) • Manage risks (security, reliability & compliance)
Set Objectives • IT is aligned with the business • IT enables the business and maximises benefits • IT resources are used responsibly • IT-related risks are managed appropriately
Translate direction into
strategy
Measure and report
performance
Provide direction
Evaluate performance
IT GOVERNANCE
IT MANAGEMENT
IT Governance vs. IT Management
eg_&9092012 pg 5 of 27
Erik
Guldentops IT Governance Briefing
Enterprise Governance of IT
Board
Executive
Line Management
eg_&9092012 pg 6 of 27
Erik
Guldentops IT Governance Briefing
Are the engines of IT Governance
Portfolio
• Programmes
• Services
• Resources
What are we doing about it?
Business Cases
Where do we want to be?
Objectives
Strategy
•Delivery Performance
•Service Quality
•Resource Utilisation
•Benefits Realisation
•Risk Reduction
Scorecards
How do we know we are
progressing?
Implementing Enterprise
Governance of IT
eg_&9092012 pg 7 of 27
Erik
Guldentops IT Governance Briefing
Responsibility & Accountability
Goals Activities
Outputs
Performance
WHAT
HOW
?
?
Metrics
Metrics
Inputs
Implementing Enterprise
Governance of IT
needs a process structure
eg_&9092012 pg 8 of 27
Erik
Guldentops IT Governance Briefing
BUSINESS OBJECTIVES AND
GOVERNANCE OBJECTIVES
Efficiency
Applications
Information
Infrastructure
People
DELIVER
AND
SUPPORT
MONITOR
AND
EVALUATE
ACQUIRE
AND
IMPLEMENT
INFORMATION
IT
RESOURCES
Effectiveness
Confidentiality
Integrity
Availability
Compliance
DS1 Define and manage service levels.
DS2 Manage third-party services.
DS3 Manage performance and
capacity.
DS4 Ensure continuous service.
DS5 Ensure systems security.
DS6 Identify and allocate costs.
DS7 Educate and train users.
DS8 Manage the service desk and
incidents.
DS9 Manage the configuration.
DS10 Manage problems.
DS11 Manage data.
DS12 Manage the physical environment.
DS13 Manage operations.
ME1 Monitor and evaluate IT
performance.
ME2 Monitor and evaluate internal
control.
ME3 Ensure compliance with external
requirements.
ME4 Provide IT governance.
PO1 Define a strategic IT plan.
PO2 Define the information
architecture.
PO3 Determine technological direction.
PO4 Define the IT processes,
organization, and relationships.
PO5 Manage the IT investment.
PO6 Communicate management aims
and direction.
PO7 Manage IT human resources.
PO8 Manage quality.
PO9 Assess and manage IT risks.
PO10 Manage projects.
AI1 Identify automated solutions.
AI2 Acquire and maintain application
software.
AI3 Acquire and maintain technology
infrastructure.
AI4 Enable operation and use.
AI5 Procure IT resources.
AI6 Manage changes.
AI7 Install and accredit solutions and
change.
PLAN
AND
ORGANIZE
Reliability
COBIT
Implementing Enterprise Governance of IT
eg_&9092012 pg 9 of 27
Erik
Guldentops IT Governance Briefing
www.isaca.org
Implementing Enterprise
Governance of IT
eg_19092012 page 10 of 27
Erik
Guldentops IT Governance Briefing
CobiT can be overwhelming
eg_19092012 page 11 of 27
Erik
Guldentops IT Governance Briefing
CobiT can be overwhelming
eg_&9092012 pg 12 of 27
Erik
Guldentops IT Governance Briefing
CobiT QuickStart for Small and Medium Sized Enterprised
One objective Four practices Three critical success factors Two metrics A simple progress measure
eg_&9092012 pg 13 of 27
Erik
Guldentops IT Governance Briefing
Suitability Assessment
Span of control Communications path IT Sophistication IT Strategic Importance IT Expenditure Segregation
Sanity Check
Risk Liabilities
Compliance Past Problems Future Needs
Required Expertise
CobiT QuickStart
Applicable to whom?
eg_&9092012 pg 14 of 27
Erik
Guldentops IT Governance Briefing
IT Governance Service Delivery Information Security
CIO
CISO What did 70 CIO’s say about IT Frameworks ?
CobiT ITIL ISO27001 CIONet Survey, Sep 2011
eg_&9092012 pg 15 of 27
Erik
Guldentops IT Governance Briefing
Why implement an IT Governance Framework?
CIONet Survey, Sep 2011
eg_&9092012 pg 16 of 27
Erik
Guldentops IT Governance Briefing
EF
FIC
IEN
CY
Improved enterprise processes
Extended staff capabilities
EFFE
CTI
VEN
ESS
Better service delivery
Faster solution delivery
Increased innovation
RIS
K
Reduced risk expected
actual
What were the expected and actual benefits?
CIONet Survey, Sep 2011
eg_&9092012 pg 17 of 27
Erik
Guldentops IT Governance Briefing
How did they measure benefits?
CIONet Survey, Sep 2011
eg_&9092012 pg 18 of 27
Erik
Guldentops IT Governance Briefing
•Define a strategic IT plan
•Manage the IT investment
•Communicate management aims and direction
•Assess and manage IT risks
• Identify automated solutions
•Acquire & maintain applications and infrastructure
• Portfolio and investment management
•Align the IT strategy to the business strategy
• Provide service offerings and service levels in line with business reqrmnts
•Acquire, develop and maintain IT skills that respond to the IT strategy
• Ensure that IT demonstrates continuous improvement and readiness for future change
•Cost optimisation of service delivery and business processes
•Obtain reliable and useful information for strategic decision-making
• Improve and maintain business process functionality and operational productivity
• Enable and manage business change
IT
P
RO
CES
S
IT
GO
AL
BU
SIN
ES
S
GO
AL
Relationship IT Governance Practices and Benefits
IT Governance Institue, Sep 2008
Clustered Correlations
eg_&9092012 pg 19 of 27
Erik
Guldentops IT Governance Briefing
• Common language and common framework • Higher maturity • Better organisation • More useful management information • “IT really works”
• Complexity • Less results than expected • High learning curve managers • Bogged down in details/paperwork • High level of senior management support required
IT Governance Implementation: Lessons Learned
CIONet Survey, Sep 2011
eg_&9092012 pg 20 of 27
Erik
Guldentops IT Governance Briefing
IT Governance Implementation: Lessons Learned
Adoption of frameworks is not a simple nor self-contained project
with measured costs. It is a gradual shift and inter-relates with many
other initiatives.
eg_&9092012 pg 21 of 27
Erik
Guldentops IT Governance Briefing
Some notes on Risk and Value
CIONet Survey, Sep 2012
eg_&9092012 pg 22 of 27
Erik
Guldentops IT Governance Briefing
Some notes on Risk and Value
For both riskand value, accept uncertainty and deal with it!
eg_&9092012 pg 23 of 27
Erik
Guldentops IT Governance Briefing
IT Value Research
eg_&9092012 pg 24 of 27
Erik
Guldentops IT Governance Briefing
IT Value Research
eg_&9092012 pg 25 of 27
Erik
Guldentops IT Governance Briefing
www.isaca.org
eg_&9092012 pg 26 of 27
Erik
Guldentops IT Governance Briefing
+8% +20%1
+2% 0
Man
ag
em
en
t P
racti
ces S
co
re
+
- Intensity of IT deployment +
75th percentile and above
25th percentile and above
75th percentile and above
25th percentile and above
In October 2006 Mc Kinsey and the London School of Economics measured the increase in productivity from investments in IT
versus investments in management practices in 100 enterprises.
So what is the ROI on IT Governance Practices?
eg_19092012 page 27 of 27
Erik
Guldentops IT Governance Briefing
IT Governance “How to deal with IT Value and IT Risk”
19-21 September Ghent Belgium
Erik Guldentops Lecturer Antwerp Management School