SlideShare una empresa de Scribd logo

Understanding IT Governance and Risk Management

Descargar como PPT, PDF
jiricejka
jiricejka

Describes IT Governance Holistic Framework for establishing transparent relation between Business and IT environment. Describes Governance services and Risk Management Methods

EmpresarialesEconomía y finanzas
1 de 40
Understanding about IT Governance and Risk Management Jiri Cejka, Senior Manager, dipl.El.-Ing, CISA jiri.cejka@is-governance.com
Outline 1. IT Governance Market Issues Business Management and dependence on IT Technology IT Governance Situation; 2. Holistic Framework for IT Governance Approach; Scope Objectives – IT Processes: Alignment Business and IT – IT Risks: Value/Cost Relationship and Risk measurement – Operational Excellence Client Benefits 3. Benefits of IT Governance framework 4. IT Governance Services & Methodologies Risk Management Services Jiri J. Cejka Methodologies and Tools 2
1. IT Governance Market Issues Jiri J. Cejka 3
Business Management and dependence on IT Technology Today’s management: More dependent on IT technology to run its business to achieve competitive advantage The IT responsibility of corporate executive is growing: to ensure that systems and processes are properly controlled required level of governance is in place Businesses are continuously looking towards lower costs and value-for-money – from all aspects of business IT is becoming a significant expenditure – second after staff costs. Jiri J. Cejka 4
Example: What management need to know before investing into SW development Are funds available? Will the investment save us money? What is project payback period and ROI? Is this ROI higher then those who propose the alternative uses for money? What are the implications to business? (business processes, tax) Can SW be depreciated? If so can be used declining balance or straight depreciation schedules? How can the development engineer answer these questions? Solution by using the method to measure to produce numbers in terms of: productivity improvement cost reduction/avoidance quality improvements, and/or time-to-market reduction strategies Jiri J. Cejka 5
Situation The requirement coming from businesses: IT processes must be appropriately controlled Management is under pressure from regulators and the capital markets: Competitive advantage is gained from IT investment As a result companies seek incremental advantages from use of cutting edge technology: By turning to the third party providers By implementing optimising programs Jiri J. Cejka 6
Issues to be solved The reliance IT raises number of issues: How can management effectively manage its organisation? How can management understand the control structure? How can the external auditor gain sufficient audit evidence? “How could Business understand the impact of IT?” Jiri J. Cejka 7
2. IT Governance Holistic Framework Jiri J. Cejka 8
Outline Approach Value of IT to Business - Examples, View What do we need Framework IT Governance - Objectives Objective 1: Business - IT Alignment; IT Processes Analysis Objective 2: Value /Cost Relationship; Risks Measures Objective 3: Operational excellence Implementation of Infrastructure, Outsourcing Condition of success Benefits Communication channels Summary of benefits Jiri J. Cejka 9
Value of IT to Business: Examples To measure value of IT is not a new idea - Examples: 1. What Added Value is your IT giving? – – 1. IT involvement in the business imperatives Vision of IT that could be shared by business and IT leaders More money wasted in IT that created? – 1. IT System will pay off only if design and management are based upon culture and politics that are intended to support Focus on strategic instinct of Business Mgrs? – Evaluating IT based on ability to improve operations? Right ideas but: business does not derive benefits it needs from spending on IT required level of business-IT alignment and integration not good enough. As a result the Business leaders still have difficulties: lack of understanding of how IT could contribute to business difficult to reconcile IT costs with the value received. Jiri J. Cejka 10
Value of IT to Business: View 1 Since decades business-IT alignment has been emphasized - with focus on management of IT projects however they represent normally 25-30% of IT Budget only To manage IT properly Value/Cost relationship need to be focused on other IT components that project development: operation of business applications support service - marketing, sales, utility application Example: operational and support services are production phase of IT project project not ready with acceptance tests but following maintenance, operation support are included: project costs less relevant Framework with value metrics to organize project, operation and support phase: integrated Project portfolio with development and production activities accounting perspective: capital vs. operating expense Jiri J. Cejka 11
Value of IT to Business - View 2 Business value of new functionality delivered by IT project created by both development nor production shared and consistent approach to manage value/costs Project management: post-implementation phase to be extended continuing relevance/value to business efficient and reliable operation is part of project Benefit of this holistic approach: limited focus on project as an “investment” is stopped: – – management has continuous cost/value overview – Jiri J. Cejka success/failure of project measured with operational work the monitoring results are applicable to future projects 12
What do we need? Challenge of governing enterprise’s IT is recognized since years, however the results do not give the required level of alignment and integration. An approach is needed that is inclusive – with a scope reflecting range of activities and responsibilities of IT – and specific. Holistic Framework addressing three Primary Objectives: 1. 2. Relates costs of IT with the value brought to business 3. Jiri J. Cejka Fosters strategic and tactical alignment of IT with Business Support drive toward operational excellence 13
Objective 1: How to align IT Business? Goal: “Identify the strategic important elements of business value to which IT can significantly contribute:” Two classical views of IT for businesses, i.e. providing of information vs. supporting information services has changed – Examples: Implementing new sales strategy, planning responsive technology push of internet Information is now an integral part of the business: – Role of IT expands: alignment even more important for business Step 1. Identify main value-adding activities and linked strategies Identify the opportunities to use information services to support business strategy Add new activities as a part of IT portfolio - basis for alignment Metrics for business value have to be identified and implemented by both business and IT Jiri J. Cejka 14
Objective 1: How to align ITBusiness? Step 2. Ensure involvement of senior management: strategic planning Ongoing dialogue necessary Full understanding of planned use and impact of IT technology Formal decision making - critical decision fully committed Step 3. Organize the environment to optimise IT Processes Implement process to perform planning by both IT and business mgr – Business leader develop IT fluency – IT leaders business fluency Implement process of managing execution – – Management commitments, contracts, project teams, deliverables – Jiri J. Cejka division in phases, definition of decisions stages develop of process to maintain and tune the strategy 15
Objective 2: How to manage ValueCost Relationship and IT portfolio? Goal: “How to institutionalise the developed way of alignment Business - IT?” Focus on active management of IT portfolio Initial development of IT portfolio needs adaptations with changed needs, opportunities and priorities Step 1. Find way how to characterize the IT portfolio for management Collection of techniques that provide understanding – Risk-Business Transformation - Volume of value measurement – Interpretation allows Management to make decisions – further views: Net present Value Result balanced portfolio aligned with Strategy Jiri J. Cejka 16
Objective 2: How to manage ValueCost Relationship and IT portfolio? Step 2. Clarify process for managing the IT portfolio Annual review, reviews depending on changes Checkpoints, balance resources Step 3. Make sure that decisions are based on organisation’s needs Example: Resources allocated on relative strategic value of competing projects is better than even allocation across all units using different tools to describe projects and analysing both – risk profiles – potential business value Result: – Jiri J. Cejka Business-visible impact of alternative decisions 17
Objective 3: Service management and Operational Excellence Goal: “By selection of right metrics that drive the performance provide better understanding for management” Step 1. Identify Elements of Business value Step 2. Transform the Qualitative measures into Quantitative by setting thresholds or targets Step 3. Use metrics that are tied closely with business performance predefined set of “interesting metrics” is not the right way. Example 1: Install program where chosen measure is “higher yield” Metric is ratio of products with higher quality: target financial benefit Jiri J. Cejka 18
Objective 3: Service management and Operational Excellence Example 2: Improve customer focus with installed support sales system Metric is ratio assessment of customer satisfaction Example 3: Implementation of Cost / Performance with preventive measurement system Several metrics needed (depreciation, maintenance cots, lease) If scope of system changes slowly (list of equipment) - total costs fine If changes are rapid: volume adjustment and unit cost are relevant Jiri J. Cejka 19
Objective 3: Service management and Operational Excellence Required Implication for the organization: Define formal organization structure responsible for service – Assigning product / service management – Positive effect: tightly focused responsibility and accountability Operation for business users requires both business and technical expertise: – business and technical aspects correct evaluated – ensure accuracy, completeness, consistency Ideal Goal: “Creating product-management organization including both skills” Jiri J. Cejka 20
Objective 3: Operational Excellence Goal : “Achieve the measurable efficiency, productivity and reliability of services in terms of business value” Step 1. Divide the overall budget for IT operations and support into a set of defined products/services Step 2. All costs to be mapped into valuable business services Step 3. Measure the productivity in terms of total organization business orientation: Classic technical orientation: costs of mainframe, desktop, split into parts that are difficult to follow by senior management New approach: Costs directly oriented with business results: cost per transaction, cost of SCM, personal action. Benefits Result: Only a few metrics are used, however they are compelling for senior management: 1-2 value metrics, 1 cost metric and 1-2 service metrics Jiri J. Cejka 21
Implication for Outsourcing Benchmarking measurement of IT services with external providers measurement of costs, volumes and quality of services Further factors - dependency, hidden costs, flexibility Two frequent factors for outsourcing: The internal IT organization has failed to achieve cost/value relationship required by management Expectation that outsourcer performs task better However two risks are frequent the data to support these decision are missing the approach to evaluate the outsourcer is not existing Holistic approach developed can help to Develop appropriate metrics to support necessary analysis The same tool to be used to measure internal and external service Management of outsourcing relationship and contracts Business view: combination of costs, service level and quality Jiri J. Cejka 22
Implementing the IT Governance Framework Two aspects for successful implementation of IT Governance framework: 1. Behavioural and procedural aspect Disciplines involved in managing programs/projects must be accepted New practises of management ad reporting must be adopted – Approach: starting with visible project – Training new methods 2. Automation of data collection Relying upon ad hoc methods is time and resources consuming Automating allows more time to analyse and to communicate Jiri J. Cejka 23
3. Benefits IT Governance Benefits of IT Governance framework Jiri J. Cejka 24
Benefit 1: Communication between Business and IT groups Senior Business management Business improvement that results from their knowledge participation in IT decision making Mid-level Business manager position not sure that IT function will justify given resources 1. Win: IT governance management framework and tool to communicate with senior management 2. Win: to help communicate with IT management to ensure that business services they are responsible will meet commitments Senior IT manager 1. Win: Communicate with senior business managers 2. Win: Communication with IT staff Clear focus on important strategic and operational issues Project and Product Service managers - proposed framework helps to explain the IT issue in business terms develop realistic “service contracts” Jiri J. Cejka 25
Benefit 2: Communication between Business and IT groups Senior IT Management Senior Business Management Middle IT Management IT Projects, Products & Services Middle level Business Management Jiri J. Cejka 26
Summary of Benefits of IT Governance framework in place Benefits extend business and IT functions Facilitating communication about how IT contributes to the business across levels and functions improves coordination and cooperationManagers learns more about effort that they affect Communication to leaders clear Result Synergy will increase Duplication of effort reduced Effectiveness of project delivery grows Jiri J. Cejka 27
4. IT Governance and Risk Management Services, Methodologies Services Methodologies and Tools Jiri J. Cejka 28
IT Governance Environment Value for money: is management getting value for money from their IT spend / IT skills? is IT addressing the business strategy?; IT accountability; KPIs in the business; managing constant change in IT; and project directors increasingly being major budget holders. Internal audit: Internal IT audit skills outsourcing of internal audit Technology: imaging, data capture and electronic document management; use of the internet; and knowledge management. Corporate Governance: Governance of controls and risk self assessment Initiatives on control and risk self assessment. Jiri J. Cejka 29
Governance Services Either in terms of the target of the review/advice, or the readership of the report Outsourcing: continued outsourcing of IT (service level agreements); outsourcing security administration; third party reviews. Regulation: Regulatory authority reviews; privacy/data protection laws; Software licensing laws; Ethical IT; and health, safety and environment issues. Transactions: Transaction Services, Corporate Finance; Increased focus on IT security in commercial sector - new security techniques. Jiri J. Cejka 30
Governance Methods and Tools Process Assessment and Improvement Tools Business Management Process BMP Strategic Analysis, Performance Analysis Process Performance Improvement (BPI) – Balance Score Card (BSC) – Active Based Costing (ABM) Risk Management Tools Environment: – IT Risk Management Benchmarking (ITRMB) Project: – – Jiri J. Cejka Project Risk Assessment: Project management Methodology (PMM) Project management Control Method: Rational Unified Process (RUP) 31
Business Management Process BMP BMP is about assessing the risk our clients face. Business risks are diverse and constantly changing: as the business world becomes more and more reliant on technology, technology risks become critical to manage there are many points within the BMP audit in which the technology component of business risk are addressed Equations: Business risk = Audit risk Technology Risk = Audit risk Jiri J. Cejka BMP‘s added value: by assessing of client risk in all its forms and delivering more valuable business solutions to meet the client's diverse needs. 32
Strategic Analysis Strategic Analysis is the framework to process the fundamental business risks associated with the client's strategy and their ability to execute that strategy Review Background Information Jiri J. Cejka Understand Bus. Objectives Strategy & Technology Use 33 Identify Significant Strategic Risks Review Findings and Conclusions Document Findings and Conclusions in Workpapers
Business Performance Analysis BPA Focused area: risk assessment and process analysis, utilising information on key performance indicators. Strategic and Process analysis, Testing control. Approach involves identifying and gaining an understanding of the client's key processes for identifying business risks, understanding how the client mitigates risk. Assist in BPA for Key Processes that are Technically Dependent Jiri J. Cejka Perform BPA For Key Processes that are Highly Techn. Dependent 34 Review Findings and Conclusions Document Findings and Conclusions in Workpapers
Business Performance Improvement BPI New Performance Measurement Design Details Design High Level Design Design Solution Details Conceptual Solution IT Assessment Focus Focus Build New Org. Structure Build and Test Performance Performance Management Management Deploy Implement Program Program Management Management Enhance Envision Enhance Envision Awaken Certification Strategic Plan Jiri J. Cejka 35
BPI: Visualization of Perspective using Balanced Score Card (BSC) How should we appear to our customers? Financial Perspective • Critical SuccessFactors • Performance Indicators • Targets Customer Perspective Vision and Strategy • Critical SuccessFactors • Performance Indicators • Targets How do we appear to our shareholders? What financial outcomes do we need to generate? Organizational Learning Perspective • Critical SuccessFactors • Performance Indicators • Targets Process/Product Perspective What business processes must we excel at to satisfy our customers and owners? Are these processes effective (i.e. adding value for customers)? Are they efficient? Jiri J. Cejka • Critical SuccessFactors • Performance Indicators • Targets 36 Are we able to sustain innovation, change and improvement? How will we maintain our ability to meet customer expectations?
BPI Approach: Process Improving “Best-in-class” product delivery times 9 7 1 6 9 Define 2 5 2 3 4 Develop 3 8 7 8 Produce 8 5 2 4 Market 9 1 2 2 Service 8 Identify focused areas Consistently competitive pricing 2 Weighted average Highly accurate customer orders 2 Critical Success Factors Rapid development and launch of new products 9 Process Impact Analysis Long-term customer loyalty and satisfaction 2 3 9 6 Account Critical Success Factors Business Processes Total Elapsed Time Customer Process Workflow Visualization of bottlenecks This Segment Elapsed Time Opportunities Estimating of Risks and Costs Benefits of Priority Opportunities Risks or constraints Benefits This Segment Elapsed Time Costs • Eliminates cost of cutting a • Comp-Sys can be used for cheque. Savings of $1/claim change at no cost; Time / ($110,000 a month) Resources required to revise • Increased customer satisfaction forms Risks/Constraints • Need to create a link to Banks; Banks require leadtime (3 and 15 days) to clear payments • Implement a Document Imaging Systemscanning and processing to allow of forms, receipts and related documentation. • Reduced time delays • ~ $1,000,000 ; • Reduced errors and inaccurate Resources required to handle payments to customers the large volume of documents • Reduced learning curve for new staff The new system must process over • Reduced hand-offs 30,000 documents/year. • Enable Assembly Clerks to sort and classify claim forms associated with implementing Jiri J. Cejka • Establish an Electronic Funds Transfer (EFT) system in order to eliminate the need to generate cheques. This Segment Elapsed Time 37 • Reduced bottlenecks • Greatly increased productivity • Requires retraining of staff • May require additional resources • Create an electronic catalogue of existing reports. (Comp-Sys could be used to enable this change). • Improved quality of reports • Improved customer service • The cost of enabling this change with Comp-Sys is $200,000. • Requires method for updating the catalogue; Use of different platforms makes access for all difficult • Process ID cards in Sales Offices (may require additional printers) • Reduced delays to process and print cards • Cost of forty new printers for ID cards at a cost of $2,000 each, plus installation/tests (~$10,000). • Requires additional time to install printers in offices
Risk Assessment Methods Risk Assessment considers management's perceptions, assumptions, and judgments about business risks and controls. It delivers audit evidence through substantive audit procedures. IT Risk Management Benchmarking (ITRMB) Project Management Methodology (PMM) Project Risk Assessment Project management and control: Rational Unified Process (RUP) Jiri J. Cejka 38
IT Risk Management Benchmark ITRMB Scope: provide an objective means of reviewing the risks in relation to use of IT, and ensure that they are being controlled provide a means of benchmarking organisation’s key IT Risks and Controls against other organisations; review organisations' IT Controls against the BS7799. Benefits: Substantiate issues reported to management Allow management to benchmark corporate performance in the fields of IT risk and IT controls. Provide a high level assurance to management of their compliance with the British Standard on IS Management; Allow management to benchmark internally. i.e. between different operations. Jiri J. Cejka 39
Project Risk Assessment Scope of Process: involves the identification, analysis, management and monitoring of risk Approach after identification of potential risks: determine the relative exposure in terms of time and cost, to reduce the level of risk to an acceptable level. identify both preventive actions and contingency actions (to mitigate the impact of the risk if it materializes) Benefits of Risk Management Process : Is proactive, focusing on prevention rather than cure Includes periodic risk assessments throughout the work lifecycle Jiri J. Cejka 40

Recomendados

IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance FrameworkSherri Booher
 
IT Governance
IT GovernanceIT Governance
IT GovernanceCarlos Chalico
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made EasyJerry Bishop
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500Ramiro Cid
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course PreviewInvensis Learning
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019Gregor Polančič
 
It governance
It governanceIt governance
It governanceLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 

Recomendados

IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance FrameworkSherri Booher
 
IT Governance
IT GovernanceIT Governance
IT GovernanceCarlos Chalico
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made EasyJerry Bishop
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500Ramiro Cid
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course PreviewInvensis Learning
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019Gregor Polančič
 
It governance
It governanceIt governance
It governanceLusungu Mkandawire CISA,CISM,CGEIT,CPF,PRINCE2
 
Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111Patrick Soenen
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdfmohammed539963
 
It governance
It governanceIt governance
It governanceMahetab Khan
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016Hafiz Sheikh Adnan Ahmed
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACAMDFazlaRabbiAbir
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveSayyed Zakir Ali Rizwe
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementChristian F. Nissen
 
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
 
Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseDesmond Devendran
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
IT Governance Presentation
IT Governance PresentationIT Governance Presentation
IT Governance Presentationjmcarden
 
CobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsCobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsMichael Sim
 
Cobit
CobitCobit
Cobitifourkhushbooshah
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
 
Cobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalCobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalEmilio Gratton
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001Burcu Pelin TELLİ
 
IT Strategy Framework
IT Strategy FrameworkIT Strategy Framework
IT Strategy FrameworkVishal Sharma
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?Eryk Budi Pratama
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCPECB
 
Finance and Technology for More Effective Systems
Finance and Technology for More Effective SystemsFinance and Technology for More Effective Systems
Finance and Technology for More Effective Systemsicgfmconference
 
Chap11 Developing Business It Strategies[1]
Chap11 Developing Business It Strategies[1]Chap11 Developing Business It Strategies[1]
Chap11 Developing Business It Strategies[1]sihamy
 

Más contenido relacionado

La actualidad más candente

Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111Patrick Soenen
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdfmohammed539963
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACAMDFazlaRabbiAbir
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementChristian F. Nissen
 
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5Eryk Budi Pratama
 
Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseDesmond Devendran
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
IT Governance Presentation
IT Governance PresentationIT Governance Presentation
IT Governance Presentationjmcarden
 
CobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsCobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsMichael Sim
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
 
Cobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalCobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalEmilio Gratton
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
IT Strategy Framework
IT Strategy FrameworkIT Strategy Framework
IT Strategy FrameworkVishal Sharma
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?Eryk Budi Pratama
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCPECB
 

La actualidad más candente (20)

Qap cobit2019-20181111
Qap cobit2019-20181111Qap cobit2019-20181111
Qap cobit2019-20181111
 
cobit 2019 presentation.pdf
cobit 2019 presentation.pdfcobit 2019 presentation.pdf
cobit 2019 presentation.pdf
 
It governance
It governanceIt governance
It governance
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
 
Cobit 2019 framework by ISACA
Cobit 2019 framework by ISACACobit 2019 framework by ISACA
Cobit 2019 framework by ISACA
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
 
IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5IT Governance - Capability Assessment using COBIT 5
IT Governance - Capability Assessment using COBIT 5
 
Chap2 2007 Cisa Review Course
Chap2 2007 Cisa Review CourseChap2 2007 Cisa Review Course
Chap2 2007 Cisa Review Course
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
IT Governance Presentation
IT Governance PresentationIT Governance Presentation
IT Governance Presentation
 
CobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced ScorecardsCobiT, Val IT & Balanced Scorecards
CobiT, Val IT & Balanced Scorecards
 
Cobit
CobitCobit
Cobit
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
 
Cobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposalCobit5 owerwiev and implementation proposal
Cobit5 owerwiev and implementation proposal
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
 
IT Strategy Framework
IT Strategy FrameworkIT Strategy Framework
IT Strategy Framework
 
IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?IT Governance - Governing IT: Do or Die?
IT Governance - Governing IT: Do or Die?
 
ISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRCISO/IEC 27001 as a Starting Point for GRC
ISO/IEC 27001 as a Starting Point for GRC
 

Similar a Understanding IT Governance and Risk Management

Finance and Technology for More Effective Systems
Finance and Technology for More Effective SystemsFinance and Technology for More Effective Systems
Finance and Technology for More Effective Systemsicgfmconference
 
Chap11 Developing Business It Strategies[1]
Chap11 Developing Business It Strategies[1]Chap11 Developing Business It Strategies[1]
Chap11 Developing Business It Strategies[1]sihamy
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
17 Must-Do's to Create a Product-Centric IT Organization
17 Must-Do's to Create a Product-Centric IT Organization17 Must-Do's to Create a Product-Centric IT Organization
17 Must-Do's to Create a Product-Centric IT OrganizationCognizant
 
Mergers & Acquisitions - Addressing The Critical IT Issues
Mergers & Acquisitions - Addressing The Critical IT IssuesMergers & Acquisitions - Addressing The Critical IT Issues
Mergers & Acquisitions - Addressing The Critical IT Issuescurtherge
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsGoutama Bachtiar
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceKuda Musundire CA (Z), RPA
 
Executive Overview of IT Strategy and Capability Maturity Framework
Executive Overview of IT Strategy and Capability Maturity FrameworkExecutive Overview of IT Strategy and Capability Maturity Framework
Executive Overview of IT Strategy and Capability Maturity FrameworkVishal Sharma
 
Technology Cost Management 4D Framework: A Smarter Way to Manage IT Costs
Technology Cost Management 4D Framework: A Smarter Way to Manage IT CostsTechnology Cost Management 4D Framework: A Smarter Way to Manage IT Costs
Technology Cost Management 4D Framework: A Smarter Way to Manage IT CostsCognizant
 
Ivi external briefing_pack_v.aim
Ivi external briefing_pack_v.aimIvi external briefing_pack_v.aim
Ivi external briefing_pack_v.aimAIMIreland
 
Maximizing Business Value Through Effective IT Governance
Maximizing Business Value Through Effective IT GovernanceMaximizing Business Value Through Effective IT Governance
Maximizing Business Value Through Effective IT GovernanceCognizant
 
Ea As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo ApproachEa As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo ApproachMaganathin Veeraragaloo
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxbartholomeocoombs
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxketurahhazelhurst
 
Deficiency in it controls 2017
Deficiency in it controls 2017Deficiency in it controls 2017
Deficiency in it controls 2017John Gardner, CMC
 
Toward an organizational E-readiness Model
Toward an organizational E-readiness ModelToward an organizational E-readiness Model
Toward an organizational E-readiness Modelaqel aqel
 

Similar a Understanding IT Governance and Risk Management (20)

Finance and Technology for More Effective Systems
Finance and Technology for More Effective SystemsFinance and Technology for More Effective Systems
Finance and Technology for More Effective Systems
 
Chap11 Developing Business It Strategies[1]
Chap11 Developing Business It Strategies[1]Chap11 Developing Business It Strategies[1]
Chap11 Developing Business It Strategies[1]
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
ICAB - ITA Chapter 1 class 3 - IT Strategy
ICAB - ITA Chapter 1 class 3 - IT StrategyICAB - ITA Chapter 1 class 3 - IT Strategy
ICAB - ITA Chapter 1 class 3 - IT Strategy
 
17 Must-Do's to Create a Product-Centric IT Organization
17 Must-Do's to Create a Product-Centric IT Organization17 Must-Do's to Create a Product-Centric IT Organization
17 Must-Do's to Create a Product-Centric IT Organization
 
Mergers & Acquisitions - Addressing The Critical IT Issues
Mergers & Acquisitions - Addressing The Critical IT IssuesMergers & Acquisitions - Addressing The Critical IT Issues
Mergers & Acquisitions - Addressing The Critical IT Issues
 
Understanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor RelationshipsUnderstanding IT Strategy, Sourcing and Vendor Relationships
Understanding IT Strategy, Sourcing and Vendor Relationships
 
Executive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and GovernanceExecutive's Handbook on IT Strategy and Governance
Executive's Handbook on IT Strategy and Governance
 
Executive Overview of IT Strategy and Capability Maturity Framework
Executive Overview of IT Strategy and Capability Maturity FrameworkExecutive Overview of IT Strategy and Capability Maturity Framework
Executive Overview of IT Strategy and Capability Maturity Framework
 
Technology Cost Management 4D Framework: A Smarter Way to Manage IT Costs
Technology Cost Management 4D Framework: A Smarter Way to Manage IT CostsTechnology Cost Management 4D Framework: A Smarter Way to Manage IT Costs
Technology Cost Management 4D Framework: A Smarter Way to Manage IT Costs
 
Ch02
Ch02Ch02
Ch02
 
Business values
Business valuesBusiness values
Business values
 
Ivi external briefing_pack_v.aim
Ivi external briefing_pack_v.aimIvi external briefing_pack_v.aim
Ivi external briefing_pack_v.aim
 
Maximizing Business Value Through Effective IT Governance
Maximizing Business Value Through Effective IT GovernanceMaximizing Business Value Through Effective IT Governance
Maximizing Business Value Through Effective IT Governance
 
Ea As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo ApproachEa As A Strategy M Veeraragaloo Approach
Ea As A Strategy M Veeraragaloo Approach
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
 
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docxCHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
CHAPTER 10INFORMATION GOVERNANCEInformation Governance a.docx
 
Deficiency in it controls 2017
Deficiency in it controls 2017Deficiency in it controls 2017
Deficiency in it controls 2017
 
Toward an organizational E-readiness Model
Toward an organizational E-readiness ModelToward an organizational E-readiness Model
Toward an organizational E-readiness Model
 

Último

Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Peter Ward
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingrajputmeenakshi733
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...SOFTTECHHUB
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMVoces Mineras
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfJamesConcepcion7
 
Introducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsIntroducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsKnowledgeSeed
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFChandresh Chudasama
 
Data Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and TemplatesData Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and TemplatesAurelien Domont, MBA
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfDanny Diep To
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdfChris Skinner
 
WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfJamesConcepcion7
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Americas Got Grants
 
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Aggregage
 
Environmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw CompressorsEnvironmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw Compressorselgieurope
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamArik Fletcher
 

Último (20)

Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...Fordham -How effective decision-making is within the IT department - Analysis...
Fordham -How effective decision-making is within the IT department - Analysis...
 
digital marketing , introduction of digital marketing
digital marketing , introduction of digital marketingdigital marketing , introduction of digital marketing
digital marketing , introduction of digital marketing
 
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
How To Simplify Your Scheduling with AI Calendarfly The Hassle-Free Online Bo...
 
Memorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQMMemorándum de Entendimiento (MoU) entre Codelco y SQM
Memorándum de Entendimiento (MoU) entre Codelco y SQM
 
WSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdfWSMM Technology February.March Newsletter_vF.pdf
WSMM Technology February.March Newsletter_vF.pdf
 
Introducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applicationsIntroducing the Analogic framework for business planning applications
Introducing the Analogic framework for business planning applications
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Guide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDFGuide Complete Set of Residential Architectural Drawings PDF
Guide Complete Set of Residential Architectural Drawings PDF
 
Data Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and TemplatesData Analytics Strategy Toolkit and Templates
Data Analytics Strategy Toolkit and Templates
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors Data
 
20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf20200128 Ethical by Design - Whitepaper.pdf
20200128 Ethical by Design - Whitepaper.pdf
 
WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdf
 
Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...Church Building Grants To Assist With New Construction, Additions, And Restor...
Church Building Grants To Assist With New Construction, Additions, And Restor...
 
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
Strategic Project Finance Essentials: A Project Manager’s Guide to Financial ...
 
Environmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw CompressorsEnvironmental Impact Of Rotary Screw Compressors
Environmental Impact Of Rotary Screw Compressors
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management Team
 

Understanding IT Governance and Risk Management

  • 1. Understanding about IT Governance and Risk Management Jiri Cejka, Senior Manager, dipl.El.-Ing, CISA jiri.cejka@is-governance.com
  • 2. Outline 1. IT Governance Market Issues Business Management and dependence on IT Technology IT Governance Situation; 2. Holistic Framework for IT Governance Approach; Scope Objectives – IT Processes: Alignment Business and IT – IT Risks: Value/Cost Relationship and Risk measurement – Operational Excellence Client Benefits 3. Benefits of IT Governance framework 4. IT Governance Services & Methodologies Risk Management Services Jiri J. Cejka Methodologies and Tools 2
  • 3. 1. IT Governance Market Issues Jiri J. Cejka 3
  • 4. Business Management and dependence on IT Technology Today’s management: More dependent on IT technology to run its business to achieve competitive advantage The IT responsibility of corporate executive is growing: to ensure that systems and processes are properly controlled required level of governance is in place Businesses are continuously looking towards lower costs and value-for-money – from all aspects of business IT is becoming a significant expenditure – second after staff costs. Jiri J. Cejka 4
  • 5. Example: What management need to know before investing into SW development Are funds available? Will the investment save us money? What is project payback period and ROI? Is this ROI higher then those who propose the alternative uses for money? What are the implications to business? (business processes, tax) Can SW be depreciated? If so can be used declining balance or straight depreciation schedules? How can the development engineer answer these questions? Solution by using the method to measure to produce numbers in terms of: productivity improvement cost reduction/avoidance quality improvements, and/or time-to-market reduction strategies Jiri J. Cejka 5
  • 6. Situation The requirement coming from businesses: IT processes must be appropriately controlled Management is under pressure from regulators and the capital markets: Competitive advantage is gained from IT investment As a result companies seek incremental advantages from use of cutting edge technology: By turning to the third party providers By implementing optimising programs Jiri J. Cejka 6
  • 7. Issues to be solved The reliance IT raises number of issues: How can management effectively manage its organisation? How can management understand the control structure? How can the external auditor gain sufficient audit evidence? “How could Business understand the impact of IT?” Jiri J. Cejka 7
  • 8. 2. IT Governance Holistic Framework Jiri J. Cejka 8
  • 9. Outline Approach Value of IT to Business - Examples, View What do we need Framework IT Governance - Objectives Objective 1: Business - IT Alignment; IT Processes Analysis Objective 2: Value /Cost Relationship; Risks Measures Objective 3: Operational excellence Implementation of Infrastructure, Outsourcing Condition of success Benefits Communication channels Summary of benefits Jiri J. Cejka 9
  • 10. Value of IT to Business: Examples To measure value of IT is not a new idea - Examples: 1. What Added Value is your IT giving? – – 1. IT involvement in the business imperatives Vision of IT that could be shared by business and IT leaders More money wasted in IT that created? – 1. IT System will pay off only if design and management are based upon culture and politics that are intended to support Focus on strategic instinct of Business Mgrs? – Evaluating IT based on ability to improve operations? Right ideas but: business does not derive benefits it needs from spending on IT required level of business-IT alignment and integration not good enough. As a result the Business leaders still have difficulties: lack of understanding of how IT could contribute to business difficult to reconcile IT costs with the value received. Jiri J. Cejka 10
  • 11. Value of IT to Business: View 1 Since decades business-IT alignment has been emphasized - with focus on management of IT projects however they represent normally 25-30% of IT Budget only To manage IT properly Value/Cost relationship need to be focused on other IT components that project development: operation of business applications support service - marketing, sales, utility application Example: operational and support services are production phase of IT project project not ready with acceptance tests but following maintenance, operation support are included: project costs less relevant Framework with value metrics to organize project, operation and support phase: integrated Project portfolio with development and production activities accounting perspective: capital vs. operating expense Jiri J. Cejka 11
  • 12. Value of IT to Business - View 2 Business value of new functionality delivered by IT project created by both development nor production shared and consistent approach to manage value/costs Project management: post-implementation phase to be extended continuing relevance/value to business efficient and reliable operation is part of project Benefit of this holistic approach: limited focus on project as an “investment” is stopped: – – management has continuous cost/value overview – Jiri J. Cejka success/failure of project measured with operational work the monitoring results are applicable to future projects 12
  • 13. What do we need? Challenge of governing enterprise’s IT is recognized since years, however the results do not give the required level of alignment and integration. An approach is needed that is inclusive – with a scope reflecting range of activities and responsibilities of IT – and specific. Holistic Framework addressing three Primary Objectives: 1. 2. Relates costs of IT with the value brought to business 3. Jiri J. Cejka Fosters strategic and tactical alignment of IT with Business Support drive toward operational excellence 13
  • 14. Objective 1: How to align IT Business? Goal: “Identify the strategic important elements of business value to which IT can significantly contribute:” Two classical views of IT for businesses, i.e. providing of information vs. supporting information services has changed – Examples: Implementing new sales strategy, planning responsive technology push of internet Information is now an integral part of the business: – Role of IT expands: alignment even more important for business Step 1. Identify main value-adding activities and linked strategies Identify the opportunities to use information services to support business strategy Add new activities as a part of IT portfolio - basis for alignment Metrics for business value have to be identified and implemented by both business and IT Jiri J. Cejka 14
  • 15. Objective 1: How to align ITBusiness? Step 2. Ensure involvement of senior management: strategic planning Ongoing dialogue necessary Full understanding of planned use and impact of IT technology Formal decision making - critical decision fully committed Step 3. Organize the environment to optimise IT Processes Implement process to perform planning by both IT and business mgr – Business leader develop IT fluency – IT leaders business fluency Implement process of managing execution – – Management commitments, contracts, project teams, deliverables – Jiri J. Cejka division in phases, definition of decisions stages develop of process to maintain and tune the strategy 15
  • 16. Objective 2: How to manage ValueCost Relationship and IT portfolio? Goal: “How to institutionalise the developed way of alignment Business - IT?” Focus on active management of IT portfolio Initial development of IT portfolio needs adaptations with changed needs, opportunities and priorities Step 1. Find way how to characterize the IT portfolio for management Collection of techniques that provide understanding – Risk-Business Transformation - Volume of value measurement – Interpretation allows Management to make decisions – further views: Net present Value Result balanced portfolio aligned with Strategy Jiri J. Cejka 16
  • 17. Objective 2: How to manage ValueCost Relationship and IT portfolio? Step 2. Clarify process for managing the IT portfolio Annual review, reviews depending on changes Checkpoints, balance resources Step 3. Make sure that decisions are based on organisation’s needs Example: Resources allocated on relative strategic value of competing projects is better than even allocation across all units using different tools to describe projects and analysing both – risk profiles – potential business value Result: – Jiri J. Cejka Business-visible impact of alternative decisions 17
  • 18. Objective 3: Service management and Operational Excellence Goal: “By selection of right metrics that drive the performance provide better understanding for management” Step 1. Identify Elements of Business value Step 2. Transform the Qualitative measures into Quantitative by setting thresholds or targets Step 3. Use metrics that are tied closely with business performance predefined set of “interesting metrics” is not the right way. Example 1: Install program where chosen measure is “higher yield” Metric is ratio of products with higher quality: target financial benefit Jiri J. Cejka 18
  • 19. Objective 3: Service management and Operational Excellence Example 2: Improve customer focus with installed support sales system Metric is ratio assessment of customer satisfaction Example 3: Implementation of Cost / Performance with preventive measurement system Several metrics needed (depreciation, maintenance cots, lease) If scope of system changes slowly (list of equipment) - total costs fine If changes are rapid: volume adjustment and unit cost are relevant Jiri J. Cejka 19
  • 20. Objective 3: Service management and Operational Excellence Required Implication for the organization: Define formal organization structure responsible for service – Assigning product / service management – Positive effect: tightly focused responsibility and accountability Operation for business users requires both business and technical expertise: – business and technical aspects correct evaluated – ensure accuracy, completeness, consistency Ideal Goal: “Creating product-management organization including both skills” Jiri J. Cejka 20
  • 21. Objective 3: Operational Excellence Goal : “Achieve the measurable efficiency, productivity and reliability of services in terms of business value” Step 1. Divide the overall budget for IT operations and support into a set of defined products/services Step 2. All costs to be mapped into valuable business services Step 3. Measure the productivity in terms of total organization business orientation: Classic technical orientation: costs of mainframe, desktop, split into parts that are difficult to follow by senior management New approach: Costs directly oriented with business results: cost per transaction, cost of SCM, personal action. Benefits Result: Only a few metrics are used, however they are compelling for senior management: 1-2 value metrics, 1 cost metric and 1-2 service metrics Jiri J. Cejka 21
  • 22. Implication for Outsourcing Benchmarking measurement of IT services with external providers measurement of costs, volumes and quality of services Further factors - dependency, hidden costs, flexibility Two frequent factors for outsourcing: The internal IT organization has failed to achieve cost/value relationship required by management Expectation that outsourcer performs task better However two risks are frequent the data to support these decision are missing the approach to evaluate the outsourcer is not existing Holistic approach developed can help to Develop appropriate metrics to support necessary analysis The same tool to be used to measure internal and external service Management of outsourcing relationship and contracts Business view: combination of costs, service level and quality Jiri J. Cejka 22
  • 23. Implementing the IT Governance Framework Two aspects for successful implementation of IT Governance framework: 1. Behavioural and procedural aspect Disciplines involved in managing programs/projects must be accepted New practises of management ad reporting must be adopted – Approach: starting with visible project – Training new methods 2. Automation of data collection Relying upon ad hoc methods is time and resources consuming Automating allows more time to analyse and to communicate Jiri J. Cejka 23
  • 24. 3. Benefits IT Governance Benefits of IT Governance framework Jiri J. Cejka 24
  • 25. Benefit 1: Communication between Business and IT groups Senior Business management Business improvement that results from their knowledge participation in IT decision making Mid-level Business manager position not sure that IT function will justify given resources 1. Win: IT governance management framework and tool to communicate with senior management 2. Win: to help communicate with IT management to ensure that business services they are responsible will meet commitments Senior IT manager 1. Win: Communicate with senior business managers 2. Win: Communication with IT staff Clear focus on important strategic and operational issues Project and Product Service managers - proposed framework helps to explain the IT issue in business terms develop realistic “service contracts” Jiri J. Cejka 25
  • 26. Benefit 2: Communication between Business and IT groups Senior IT Management Senior Business Management Middle IT Management IT Projects, Products & Services Middle level Business Management Jiri J. Cejka 26
  • 27. Summary of Benefits of IT Governance framework in place Benefits extend business and IT functions Facilitating communication about how IT contributes to the business across levels and functions improves coordination and cooperationManagers learns more about effort that they affect Communication to leaders clear Result Synergy will increase Duplication of effort reduced Effectiveness of project delivery grows Jiri J. Cejka 27
  • 28. 4. IT Governance and Risk Management Services, Methodologies Services Methodologies and Tools Jiri J. Cejka 28
  • 29. IT Governance Environment Value for money: is management getting value for money from their IT spend / IT skills? is IT addressing the business strategy?; IT accountability; KPIs in the business; managing constant change in IT; and project directors increasingly being major budget holders. Internal audit: Internal IT audit skills outsourcing of internal audit Technology: imaging, data capture and electronic document management; use of the internet; and knowledge management. Corporate Governance: Governance of controls and risk self assessment Initiatives on control and risk self assessment. Jiri J. Cejka 29
  • 30. Governance Services Either in terms of the target of the review/advice, or the readership of the report Outsourcing: continued outsourcing of IT (service level agreements); outsourcing security administration; third party reviews. Regulation: Regulatory authority reviews; privacy/data protection laws; Software licensing laws; Ethical IT; and health, safety and environment issues. Transactions: Transaction Services, Corporate Finance; Increased focus on IT security in commercial sector - new security techniques. Jiri J. Cejka 30
  • 31. Governance Methods and Tools Process Assessment and Improvement Tools Business Management Process BMP Strategic Analysis, Performance Analysis Process Performance Improvement (BPI) – Balance Score Card (BSC) – Active Based Costing (ABM) Risk Management Tools Environment: – IT Risk Management Benchmarking (ITRMB) Project: – – Jiri J. Cejka Project Risk Assessment: Project management Methodology (PMM) Project management Control Method: Rational Unified Process (RUP) 31
  • 32. Business Management Process BMP BMP is about assessing the risk our clients face. Business risks are diverse and constantly changing: as the business world becomes more and more reliant on technology, technology risks become critical to manage there are many points within the BMP audit in which the technology component of business risk are addressed Equations: Business risk = Audit risk Technology Risk = Audit risk Jiri J. Cejka BMP‘s added value: by assessing of client risk in all its forms and delivering more valuable business solutions to meet the client's diverse needs. 32
  • 33. Strategic Analysis Strategic Analysis is the framework to process the fundamental business risks associated with the client's strategy and their ability to execute that strategy Review Background Information Jiri J. Cejka Understand Bus. Objectives Strategy & Technology Use 33 Identify Significant Strategic Risks Review Findings and Conclusions Document Findings and Conclusions in Workpapers
  • 34. Business Performance Analysis BPA Focused area: risk assessment and process analysis, utilising information on key performance indicators. Strategic and Process analysis, Testing control. Approach involves identifying and gaining an understanding of the client's key processes for identifying business risks, understanding how the client mitigates risk. Assist in BPA for Key Processes that are Technically Dependent Jiri J. Cejka Perform BPA For Key Processes that are Highly Techn. Dependent 34 Review Findings and Conclusions Document Findings and Conclusions in Workpapers
  • 35. Business Performance Improvement BPI New Performance Measurement Design Details Design High Level Design Design Solution Details Conceptual Solution IT Assessment Focus Focus Build New Org. Structure Build and Test Performance Performance Management Management Deploy Implement Program Program Management Management Enhance Envision Enhance Envision Awaken Certification Strategic Plan Jiri J. Cejka 35
  • 36. BPI: Visualization of Perspective using Balanced Score Card (BSC) How should we appear to our customers? Financial Perspective • Critical SuccessFactors • Performance Indicators • Targets Customer Perspective Vision and Strategy • Critical SuccessFactors • Performance Indicators • Targets How do we appear to our shareholders? What financial outcomes do we need to generate? Organizational Learning Perspective • Critical SuccessFactors • Performance Indicators • Targets Process/Product Perspective What business processes must we excel at to satisfy our customers and owners? Are these processes effective (i.e. adding value for customers)? Are they efficient? Jiri J. Cejka • Critical SuccessFactors • Performance Indicators • Targets 36 Are we able to sustain innovation, change and improvement? How will we maintain our ability to meet customer expectations?
  • 37. BPI Approach: Process Improving “Best-in-class” product delivery times 9 7 1 6 9 Define 2 5 2 3 4 Develop 3 8 7 8 Produce 8 5 2 4 Market 9 1 2 2 Service 8 Identify focused areas Consistently competitive pricing 2 Weighted average Highly accurate customer orders 2 Critical Success Factors Rapid development and launch of new products 9 Process Impact Analysis Long-term customer loyalty and satisfaction 2 3 9 6 Account Critical Success Factors Business Processes Total Elapsed Time Customer Process Workflow Visualization of bottlenecks This Segment Elapsed Time Opportunities Estimating of Risks and Costs Benefits of Priority Opportunities Risks or constraints Benefits This Segment Elapsed Time Costs • Eliminates cost of cutting a • Comp-Sys can be used for cheque. Savings of $1/claim change at no cost; Time / ($110,000 a month) Resources required to revise • Increased customer satisfaction forms Risks/Constraints • Need to create a link to Banks; Banks require leadtime (3 and 15 days) to clear payments • Implement a Document Imaging Systemscanning and processing to allow of forms, receipts and related documentation. • Reduced time delays • ~ $1,000,000 ; • Reduced errors and inaccurate Resources required to handle payments to customers the large volume of documents • Reduced learning curve for new staff The new system must process over • Reduced hand-offs 30,000 documents/year. • Enable Assembly Clerks to sort and classify claim forms associated with implementing Jiri J. Cejka • Establish an Electronic Funds Transfer (EFT) system in order to eliminate the need to generate cheques. This Segment Elapsed Time 37 • Reduced bottlenecks • Greatly increased productivity • Requires retraining of staff • May require additional resources • Create an electronic catalogue of existing reports. (Comp-Sys could be used to enable this change). • Improved quality of reports • Improved customer service • The cost of enabling this change with Comp-Sys is $200,000. • Requires method for updating the catalogue; Use of different platforms makes access for all difficult • Process ID cards in Sales Offices (may require additional printers) • Reduced delays to process and print cards • Cost of forty new printers for ID cards at a cost of $2,000 each, plus installation/tests (~$10,000). • Requires additional time to install printers in offices
  • 38. Risk Assessment Methods Risk Assessment considers management's perceptions, assumptions, and judgments about business risks and controls. It delivers audit evidence through substantive audit procedures. IT Risk Management Benchmarking (ITRMB) Project Management Methodology (PMM) Project Risk Assessment Project management and control: Rational Unified Process (RUP) Jiri J. Cejka 38
  • 39. IT Risk Management Benchmark ITRMB Scope: provide an objective means of reviewing the risks in relation to use of IT, and ensure that they are being controlled provide a means of benchmarking organisation’s key IT Risks and Controls against other organisations; review organisations' IT Controls against the BS7799. Benefits: Substantiate issues reported to management Allow management to benchmark corporate performance in the fields of IT risk and IT controls. Provide a high level assurance to management of their compliance with the British Standard on IS Management; Allow management to benchmark internally. i.e. between different operations. Jiri J. Cejka 39
  • 40. Project Risk Assessment Scope of Process: involves the identification, analysis, management and monitoring of risk Approach after identification of potential risks: determine the relative exposure in terms of time and cost, to reduce the level of risk to an acceptable level. identify both preventive actions and contingency actions (to mitigate the impact of the risk if it materializes) Benefits of Risk Management Process : Is proactive, focusing on prevention rather than cure Includes periodic risk assessments throughout the work lifecycle Jiri J. Cejka 40

Notas del editor

  1. Achieving broad-based operational excellence means going beyond individual operational services (such as running financial systems, supply chain systems, personnel systems) to all the services provided by the information technology infrastructure. Two points are important: the overall budget for IT operations and support must be divided into a set of defined products and services, so that all IT costs can be mapped to valuable business services; and all the services must achieve the desired level of efficiency, productivity, and reliability. In the portfolio view, the productivity of the total organization is the sum of the parts, so examining the parts from the perspective of the business could indicate where to focus for future improvement. In a traditional budget presentation, IT costs might be divided into such categories as mainframe operations, server operations, desktop services, data communications, voice communications, and so on, with each area claiming some productivity improvements that prove difficult for senior management to follow and accept. If, however, the categories are businessoriented products and services (described in section 4.3), then productivity could be related directly to business results. The most useful examples would be trends in the cost per financial transaction, cost per personnel action, cost of supply-chain management, and so on. The value side of the equation would show metrics of the time to do the monthly close, the ratio of internal promotions to external hires, the incidence of outages in the supply chain, and so on. The result of this approach would be only a few metrics but these would be compelling for senior management. Connected to business activities that senior management understand, they would follow a pattern: for each activity there would be one or two value metrics, a cost metric, and one or two service metrics. These could all easily be grouped into a management dashboard, so to speak, which might indeed guide the organization toward operational excellence, as illustrated in Figure 2. The dashboard is only the instrument panel; the management tool is an overall production system portfolio that represents the ongoing linkage of IT systems to the business.