What is IT Governance? Corporate governance –Processes, customs, rules, procedures, policies, and...

What is IT Governance?

• Corporate governance – Processes, customs, rules, procedures, policies, and

traditions – Determine how to direct and control management

activities

• People involved in corporate governance – Board of directors, CEO, senior executives, and

shareholders

• Interest in corporate governance has grown due to recent accounting scandals

Information Technology for Managers 1

What is IT Governance? (continued)

• IT governance – Decision-making process – Involves investments in IT– Includes defining:

• Decision-making process itself

• Who makes the decisions

• Who is held accountable for results

• How the results of decisions are communicated, measured, and monitored



• Primary goals of effective IT governance– Ensuring that an organization achieves good value

from its investments in IT – Mitigating IT-related risks


Ensuring that an Organization Achieves Good Value from its

Investments in IT• Many parts of the organization could not operate

without IT

• Governance must be applied to the management of IT– Effective IT strategic planning process ensures close

alignment between business and IT goals – Apply good project management principles

Guide to Microsoft Virtual PC 2005 and Virtual Server 2007 5

Mitigating IT-Related Risks

• Use good internal controls and management accountability

• Internal control – Provide reasonable assurance for:

• Effectiveness and efficiency of operations

• Reliability of financial reporting

• Compliance with applicable laws and regulations

• Improper conduct of senior managers and failure to hold managers accountable can circumvent internal controls


Mitigating IT-Related Risks (continued)

• Rules and regulations – Hold senior management accountable for the

integrity of financial data and internal controls

• Accounting, consulting, and software firms can provide products and services

• Five key activities needed for effective IT governance


Why Managers Must Understand IT Governance

• Universal goal for businesses– Leveraging IT to transform an enterprise and create

value-added services, increased revenue, and decreased expenses

• IT-related initiatives are seldom simple and straightforward

• Good IT governance– IT organization is better aligned and integrated with

the business– Risks and costs are reduced– IT helps the company gain a business advantage


IT Governance Frameworks

• IT Infrastructure Library (ITIL) – Provides best practices and criteria for effective IT

services

• Control OBjectives for Information and Related Technology (COBIT)– COBIT provides guidelines for more than 30

processes that span a wide range of IT-related activities

• Frameworks are complementary, not competing


IT Infrastructure Library (ITIL)

• Set of guidelines initially formulated by the UK government – Widely used today throughout Europe and the

United States

• Standardize, integrate, and manage IT service delivery

• Consists of five distinct volumes


IT Infrastructure Library (ITIL) (continued)

• Addresses – Strategy and value planning– Roles and responsibilities of key players– Planning and implementing service strategies– Business planning and IT strategy linkage– Risks and critical success factors for implementing

ITIL


Control OBjectives for Information and Related Technology (COBIT)

• Set of guidelines

• Goal – Align IT resources and processes with business

objectives, quality standards, monetary controls, and security needs

• Issued by the IT Governance Institute– www.isaca.org/cobit.htm

• Provides guidance for more than 30 IT-related processes grouped into four major categories



(continued)• Each of the processes is described in terms of:

– The process inputs– The process description– The process outputs– The goals and metrics– The RACI chart– The maturity model



(continued)



(continued)• “Maturity level” of management processes

– Scale of 0 to 5

• Use the scale for each process to evaluate a number of items

• Use this information to choose:– Which processes have priority for improvement

– Which can be addressed later


Using PDCA and an IT Governance Framework

• Plan-Do-Check-Act (PDCA) model

• Tried and proven method

• Can be applied to a specific targeted process

• Each step in the model has specific objectives


A Manager Takes Charge: Audatex Uses PDCA and ITIL to Improve Its

Service Offerings• Operates as a service provider for body shops and

insurance companies– Offers an integrated suite of software to support auto

insurance collision repair shops

• Firm must invest heavily in product development, new technology, and improved products and services

• Ross McEleny, IT services director at Audatex– Formed a process improvement team– Established a continuous improvement loop


Business Continuity Planning

• Disaster – Unplanned interruption of normal business

operations for an unacceptable period of time

• Can result in many negative consequences

• Key planning assumptions – Must be built into an organization’s business

continuity plan


Business Continuity Planning (continued)



• Business continuity plan – People and procedures required to ensure

resumption of an organization’s essential, time-sensitive processes with minimal interruption

• Due diligence – Effort made by an ordinarily prudent or reasonable

party to avoid harm to another party– Failure to make this effort may be considered

negligence

• Scope of a full business continuity plan



• Disaster recovery plan – Subset of the business continuity plan– Focuses on keeping components of the IT

infrastructure functioning during a disaster or recovering them quickly afterward


Process for Developing a Business Continuity Plan

• Identifying vital records and data– Determine where and how they are being stored and

backed up– Must assess the adequacy of the current data

storage plan– Offsite backup recommended

• Conducting a business impact analysis– Recovery time objective

• Time within which a business function must be recovered


Defining Resources and Actions Required to Recover

• AAA priority business functions– Document all the resources needed to recover the

business function within the recovery time objective– Identify the sequences of steps that must occur to

recover from a disaster– Specific features to consider for inclusion in the

recovery of a AAA priority business function

• When all the preceding tasks have been completed for the AAA priority business functions:– Repeat the process for all the AAA priority business

functions, then for all AA priority, etc.Information Technology for Managers 32

Defining Emergency Procedures

• Emergency procedures define the steps to be taken during a disaster and immediately following

• Planning and practice of such procedures – Minimize loss of life and injuries as well – Reduce the impact on the business and its

operations

• Develop in conjunction with professional first responders

• Computer, data, and equipment backup processes should be triggered automatically


Identifying and Training Business Continuity Teams

• Business continuity teams – Control group– Emergency response team

• Includes members of the fire department, police department, and other first responders

– Business recovery team

• Members of these teams should be carefully selected– Wise to cross-train people


Training Employees

• Employees should be trained to recognize and respond to various types of disaster warnings

• Good practice to identify “floor wardens”

• Most organizations conduct one or two disaster drills per year


Practicing and Updating the Plan

• Test business continuity plan – Ensure that it is effective and that people can execute

it

• Employees are expected to exercise the business continuity plan and restore operations within the desired recovery time

• Capture problems or issues not addressed by the plan – Revise it to incorporate solutions

• Plan must be continually updated to account for changes


Summary

• IT governance – Decision-making process that involves investments

in IT– Responsibility of executive management– Five central themes of IT governance

• Use frameworks as a basis to develop their own governance model

• Each organization must perform an objective assessment of its unique risks and develop a comprehensive plan


What is IT Governance? Corporate governance –Processes, customs, rules, procedures, policies, and...

Documents

Transcript of What is IT Governance? Corporate governance –Processes, customs, rules, procedures, policies, and...