Download   Report
  1. No category

Making sense of IT – Governance the implications of King III

Making sense of IT
Governance –
the implications of King III
Presenter: Marlene Badenhorst (ACIS)
Content
• Research objective and research question
• Definitions of IT governance
• Literature review of selected Codes, Frameworks,
Standards and Best Practices
• Assessment of the current industry application of
governance concepts
• A generic governance framework for IT governance and
the governance of outsourcing
• Conclusion
Research objective & research
question
Research Objective:
• Literature review; IT governance efficiency
survey to assess:
– Does known reference models, frameworks and
standards address governance requirements of ICT
outsourcing companies?
– Current status of IT governance practices.
Research Question:
• Can a generic governance framework be
formulated to address these requirements?
What is ‘IT Governance’?
It is ...
the responsibility of the board and executive
It consists of...
The leadership, organisational structures & processes...
to ensure that the enterprise’s IT...
sustain and extend organisational strategies & objectives.
Source: ITGI
Enterprise governance drives IT governance
Enterprise governance is
about:
• Conformance
• Adhering to legislation, internal
policies, audit requirements, etc.
Performance
• Performance
• Improving profitability, efficiency,
effectiveness, growth, etc.
Conformance
Enterprise governance and IT governance require a
balance between conformance and performance goals
directed by the board.
Source: ITGI
What is the ‘governance of outsourcing’?
The responsibilities, roles, objectives, interfaces & controls
required...
to anticipate change and ...
manage the introduction, maintenance, performance, costs
and control of third-party provided services.
Source: ITGI
Literature review of
selected codes,
frameworks, standards
and best practices
King III requirements – the link between
IT governance practices and law
• Directors’ duty of care: ensure prudent and reasonable
steps taken re IT governance.
• Corporate governance practices, codes and guidelines
lift the bar of what are regarded as appropriate
standards of conduct.
• Failure to meet a recognised standard of governance,
albeit not legislated, may render a board or individual
director liable at law.
King III requirements: IT governance
• IT governance...
– is the responsibility of the board;
– should be an integral part of enterprise governance structures;
– should be owned by the board.
• The board must set the management direction. Required
to...
– assume more significant role in terms of IT governance, and
– insist on establishment of an IT governance management
framework:
• To be based on a common approach, eg. COBIT.
King III requirements: IT Governance
focus areas
IT governance should focus on four key areas:
• strategic alignment with business;
• value delivery;
• risk management; and
• resource management.
King III requirements: IT Governance
focus areas
IT governance should focus on four key areas:
COBIT focus
areas
• strategic alignment with business;
• value delivery;
• risk management; and
• resource management.
www.itgi.org
www.itgi.org
RESOURCE
MANAGEMENT
Source: ITGI
Context: Best Practices
Corporate
Governance
King Reports
Non-IT related
governance elements
IT related
governance elements
CobiT
ITIL
ISO 27002
Governance of outsourcing
ISO 38500 management
framework
IT Governance
Val IT
Source: Own source
Context: COBIT and VAL IT
COBIT VAL IT
The strategic question
The value question.
Are we
doing the
right
things?
Are we
getting
the
benefits?
Are we
doing
them the
right way?
Are we
getting
them done
well?
The architecture question
The delivery question
Source: Thorpe,
cited by ITGI
Industry application of
governance concepts
Status: IT Governance Best Practise
Implementation
Alignment
between IT
strategy and
overall strategy
16%
IT resource
management
12%
18%
IT Value Delivery
9%
9%
IT Risk
Management
9%
9%
10%
10%
Actual IT
performance
measurement
Active
management
of IT ROI
7%
8%
51%
21%
12%
20%
21%
16%
14%
13%
50%
61%
66%
66%
72%
0%
Source: ITGI/Lighthouse survey 2005
100%
Have implemented
Implementing now
Considering implementation
Not considering implementation
Generic governance
framework for IT
and outsourcing
Generic governance model
Service Provider IT Governance Framework
Enterprise
Governance
of IT
VAL IT
Outsource Client IT Governance Framework
VAL IT
Compliance
requirements
COBIT
Practitioner
processes
Compliance
requirements
COBIT
Practitioner
processes
IT
Governance
Outsource
Client
Interface
Service
Provider
Interface
Source: own source
Generic process model
Service Provider
Manage
enterprise
Develop
Strategic
enterprise management of
strategy product portfolio
Outsource Client (Buyer)
Manage
enterprise
Strategic
management
of capacity
Develop
Strategic
enterprise management of
strategy product portfolio
Support
processes
Support
processes
Client
Interface
Outsource Client 1
Outsource Client 2
Outsource Client 3
Outsource Client (n)
Strategic
management
of capacity
Service Provider
Interface
Service Provider 1
Service Provider 2
Service Provider 3
Service Provider (n)
Source: own source
IT governance interrelationships
(service provider perspective)
IT Strategy
Committee
CompenFinance
sation
Committee
Committee
Business
Audit
Strategy
Committee
Committee
Board of
Directors
CEO
CFO
Compliance,
Audit, Risk &
Security(CARS)
IT Steering
Committee
Sales &
Marketing
IT Architecture
Review Board
Technology
Council
Account
Management
.
.
Source: ITGI,
own source
Business
Executives
.
.
Process
Oversight
Committee
.
‘IT’
CIO
.
HR
Programme
Management
Office (PGMO)
IT governance interrelationships
(service provider perspective)
IT Strategy
Committee
CompenFinance
sation
Committee
Committee
Business
Audit
Strategy
Committee
Committee
Board of
Directors
CEO
CFO
Compliance,
Audit, Risk &
Security(CARS)
Value
Management
Office (VMO)
IT Steering
Committee
Sales &
Marketing
IT Architecture
Review Board
Technology
Council
Account
Management
.
.
Source: ITGI,
own source
Investment &
Services Board
(ISB)
Business
Executives
.
.
Process
Oversight
Committee
.
‘IT’
CIO
.
HR
Programme
Management
Office (PGMO)
Conclusion
• Best practices not widely adopted
• Significant room for improvement in most
companies’ IT governance domain
• Governance best practices address outsourcing
governance only to limited extent
• A focussed effort is required by SA companies to
ensure compliance to the King III principles for good
IT governance
• The generic framework that has been formulated
addresses the need for an integrated approach to IT
governance
Backup slides
COBIT & Other IT Management Frameworks
Organisations will consider and use a variety of IT models, standards and
best practices. These must be understood in order to consider how they
can be used together, with COBIT acting as the consolidator (‘umbrella’).
COSO
ISO 27002
WHAT
COBIT
ISO 9000
ITIL
HOW
SCOPE OF COVERAGE
Source: ITGI
Where Does COBIT Fit?
Drivers
Enterprise Governance
PERFORMANCE:
Business Goals
CONFORMANCE
Basel II, SarbanesOxley Act, etc.
Balanced
Scorecard
COSO
COBIT
IT Governance
Best Practice Standards
ISO
9001:2000
ISO
27002
ISO
20000
Processes and Procedures
QA
Procedures
Security
Principles
ITIL
Source: ITGI
COBIT Framework
BUSINESS OBJECTIVES AND
GOVERNANCE OBJECTIVES
C
ME1
ME2
ME3
ME4
Monitor and evaluate IT
performance.
Monitor and evaluate
internal control.
Ensure compliance with
external requirements.
Provide IT governance.
O B I
T
FRAMEWORK
Efficiency
Effectiveness
Compliance
MONITOR
AND
EVALUATE
DS1
DS2
DS3
DS4
DS5
DS6
DS7
DS8
DS9
DS10
DS11
DS12
DS13
Define and manage service
levels.
Manage third-party services.
Manage performance and
capacity.
Ensure continuous service.
Ensure systems security.
Identify and allocate costs.
Educate and train users.
Manage service desk and
incidents.
Manage the configuration.
Manage problems.
Manage data.
Manage the physical
environment.
Manage operations.
PO1
PO2
INFORMATION
Integrity
Availability
Confidentiality
Reliability
DELIVER
AND
SUPPORT
IT
RESOURCES
Applications
Information
Infrastructure
People
PLAN
AND
ORGANISE
Define a strategic IT plan.
Define the information
architecture.
PO3 Determine technological
direction.
PO4 Define the IT processes,
organisation and
relationships.
PO5 Manage the IT investment.
PO6 Communicate management
aims and direction.
PO7 Manage IT human resources.
PO8 Manage quality.
PO9 Assess and manage IT risks.
PO10 Manage projects.
AI1
AI2
ACQUIRE
AND
IMPLEMENT
AI3
AI4
AI5
AI6
AI7
Identify automated solutions.
Acquire and maintain
application software.
Acquire and maintain
technology infrastructure.
Enable operation and use.
Procure IT resources.
Manage changes.
Install and accredit solutions
and changes.
Source: ITGI
Interrelationship of the COBIT Components
Business Goals
information
requirements
IT Goals
IT Processes
derived
from
Control Outcome
Tests
Key Activities
Control
Objectives
based
on
Responsibility &
Accountability
Chart
Performance
Indicators
Outcome Measures
Maturity Models
Control
Design Tests
Control Practices
Source: ITGI
Dimensions of Maturity
HOW
(capability)
5
4
3
2
IT
Mission
and
Goals
1
Risk and
Compliance
0
100%
HOW
MUCH
(coverage)
Return on
Investment and
Cost-efficiency
WHAT
(control)
Primary Drivers
Source: ITGI
VAL IT domains & processes
Value
Governance (VG)
Portfolio
Management (PM)
Develop and initiate the
initial programme
business case
Investment
Management (IM)
Source: ITGI
Establish informed and
committed leadership
Define and implement
processes
Define portfolio
characteristics
Align & integrate value
management with
enterprise financial
planning
Establish effective
governance monitoring
Continuously improve
value management
practices
Establish strategic
direction and target
investment mix
Determine the
availability and sources
of funds
Manage the availability
of human resources
Evaluate and select
programmes to fund
Monitor and report on
investment portfolio
performance
Optimise investment
portfolio performance
Understand the
candidate programme &
implementation options
Develop the
programme plan
Develop full life-cycle
costs and benefits
Develop the detailed
candidate programme
business case
Launch and manage the
programme
Update operational IT
portfolios
Update the business
case
Monitor and report on
the programme
Retire the programme
Road map to IT governance
Identify Needs
Raise awareness &
obtain management
commitment
Define scope
Define risks
Define resources
and deliverables
Plan programme
Envision solution
Assess actual
performance
Define target for
improvement
Analyse gaps and
identify
improvements
Plan solution
Define projects
Define
improvement plan
Implement solution
Implement the
improvements
Monitor
implementation
performance
Review
programme
effectiveness
Operationalise solution
Build
sustainability
Identify new
governance
requirements
Source: ITGI
On Chinese Non-Interventionism” “

On Chinese Non-Interventionism” “

How to get control of IT Projects and Systems?

How to get control of IT Projects and Systems?

UNITED NATIONS NATIONS UNIES TJO Grade Level

UNITED NATIONS NATIONS UNIES TJO Grade Level

Why Sodali?

Why Sodali?

McCurdy Charter School Governance Board Meeting

McCurdy Charter School Governance Board Meeting

COBIT 5 EDM01: Establishing an IT Governance Framework

COBIT 5 EDM01: Establishing an IT Governance Framework

18 and 19 December, 2014 International Conference On

18 and 19 December, 2014 International Conference On

What
is
social
innovation?
And
 why
is
it
politically
relevant?

 Frank
Moulaert
and
Jean
Hillier
 KATARSIS
coordinators


What
is
social
innovation?
And
 why
is
it
politically
relevant?

 Frank
Moulaert
and
Jean
Hillier
 KATARSIS
coordinators


The Power of Data for Improved Natural Resource Governance

The Power of Data for Improved Natural Resource Governance

12 Corporate Governance, Business Ethics, and Strategic Leadership

12 Corporate Governance, Business Ethics, and Strategic Leadership

abcdocz.com

© Copyright 2024