Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT governance: What library boards need to know now

Published byAshley McNeil Modified over 10 years ago

Similar presentations

Presentation on theme: "IT governance: What library boards need to know now"— Presentation transcript:

1 IT governance: What library boards need to know now
Karen Dubeau Board Member, Newmarket Public Library Board

2 AGENDA What is IT Governance? Why is it Important for Libraries?
How Does it Apply to Board Responsibilities Strategic Planning Financial/Legal issues Risk Management Advocacy Staff Retention and Recruitment What You Can Do Now Key Resources Questions and Answers

3 What Is IT Governance? IT GOVERNANACE
IT Governance is "a framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensure that the organization’s IT supports and enables the achievement of its strategies and objectives." IT Governance Institute If Information Technology is a part of your business, governance now extends to and includes information and the IT infrastructure that supports your business. If Information Technology is a part of your business, governance now extends to and includes information and the IT infrastructure that supports your business. Shareholder expectations of boards, and of the individual directors on boards, are clear: The board of directors will actually direct the management of the company, including strategic and IT business plans and fundamental structural changes; The board will see to the hiring of competent and honest business and IT managers; IT Strategic Alignment, IT Value Delivery, IT Resource Management, IT Risk Management, and IT Performance Management. The board will understand the business of the firm and develop and monitor a business and IT strategy; The board will monitor the managers as they carry out the strategy and the operations of the company; When making a business decision, the board will develop a thorough understanding of the transaction and act in good faith, on an informed basis, and with a rational business purpose; The board will operate with basic honesty, care, and loyalty; and The board will take good-faith steps to make sure the company complies with the law. IT governance is about the stewardship of IT resources on behalf of the stakeholders who expect a return from their investment. The directors responsible for this stewardship will look to the management to implement the necessary systems and IT controls.

4 The overall objective of IT governance is to:
What Is IT Governance? IT GOVERNANACE The overall objective of IT governance is to: understand the issues and the strategic importance of IT, so that the organization can sustain its operations and implement the strategies required to extend its activities into the future. IT governance aims at ensuring that expectations for IT are met and IT risks are mitigated. If Information Technology is a part of your business, governance now extends to and includes information and the IT infrastructure that supports your business. Shareholder expectations of boards, and of the individual directors on boards, are clear: The board of directors will actually direct the management of the company, including strategic and IT business plans and fundamental structural changes; The board will see to the hiring of competent and honest business and IT managers; IT Strategic Alignment, IT Value Delivery, IT Resource Management, IT Risk Management, and IT Performance Management. The board will understand the business of the firm and develop and monitor a business and IT strategy; The board will monitor the managers as they carry out the strategy and the operations of the company; When making a business decision, the board will develop a thorough understanding of the transaction and act in good faith, on an informed basis, and with a rational business purpose; The board will operate with basic honesty, care, and loyalty; and The board will take good-faith steps to make sure the company complies with the law. IT governance is about the stewardship of IT resources on behalf of the stakeholders who expect a return from their investment. The directors responsible for this stewardship will look to the management to implement the necessary systems and IT controls.

5 Why Is It Important? IT GOVERNANACE “IT Governance is the term used to describe how those persons entrusted with governance of an entity will consider IT in their supervision, monitoring, control and direction of the entity. How IT is applied within the entity will have an immense impact on whether the entity will attain its vision, mission, or strategic goals.” Robert S. Roussey, CPA, Professor, University of Southern California

6 Components of IT Governance
IT GOVERNANACE Strategic Alignment Value Delivery Resource Management Risk Management Performance Measurement

7 IMPORTANCE TO LIBRARIES
Strategic Planning IMPORTANCE TO LIBRARIES The right IT investments can save costs, improve productivity, provide robust services How IT can support the organizations achieving its goals - understanding the costs and benefits Setting guidelines for management Assessing capability to take advantage of IT Assessing skills sets required to realize objectives Framework for budget planning and capital investments

8 IMPORTANCE TO LIBRARIES
Relevance of IT Governance to Libraries IMPORTANCE TO LIBRARIES Impacts all areas of Library operations and service delivery Increasingly critical regarding deployment of WiFi and RFID services Tremendous opportunity for Libraries, but: Impacts: Strategic Planning Financial Planning Brings legal and regulatory issues Introduces risk and requires risk management Advocacy components pertinent to Libraries

9 Board Responsibilities
STRATEGIC PLANNING Board needs to extend governance to IT and provide the leadership, organizational structures and processes that ensure the enterprise’s IT sustains and extends the strategies and objectives. Align IT strategy with business strategy Cascade IT strategy and goals down into the organization Ensure that an IT governance framework be developed Measuring IT performance Reliance on cost-effective, secure, smoothly operating , uninterrupted technology systems (defensive IT) How much we rely on technology for competitive edge to provide new value-added services or products, and high responsiveness to customers (offensive IT)

10 Governance Issues FINANCIAL
Scale of Investment will grow Increasing focus on using technology for: - reducing costs, expanding services, reaching new audiences - upgrading IT infrastructure (communications, servers, applications, and related skills) Will become one of the largest capital expenditures and running operational costs (second only to staffing) Directors are responsible for overseeing assets of the organization and for financial planning, therefore, they need to know about the IT costs and potentially the biggest investments

11 Board Responsibilities
LEGAL ISSUES FIPPA, MFIPPA Ensuring compliance with relevant statutes Protection and privacy of patron information - especially on integrated or distributed networks - issue when services are hosted remotely - RFID carries potential for patron privacy to be compromised Licensing Agreements Digital Rights and Digital Rights Management

12 Board Responsibilities
RISK MANAGEMENT Duty of Care - to clients, to funders - to asset management Network Security Issues - effective security is a “spectrum” from desktops to firewalss - public access to Internet and WiFi – need to be able to identify breaches and have policies in place for account suspension Protection Failure Response Protocols - public relations component - failure to respond effectively could significantly impact future services and potential funding Business Continuity/Service Interruptions Reliance on cost-effective, secure, smoothly operating , uninterrupted technology systems (defensive IT) How much we rely on technology for competitive edge to provide new value-added services or products, and high responsiveness to customers (offensive IT)

13 Board Responsibilities
ADVOCACY Bridging the digital divide – appropriate resources provided to the community Promoting information literacy Ensuring equitable access Mitigating increased costs for all types of content (CRTC ) Discussion of Net Neutrality and current CRTC positions Downstream effects on Libraries Emerging Issue of Green IT Reliance on cost-effective, secure, smoothly operating , uninterrupted technology systems (defensive IT) How much we rely on technology for competitive edge to provide new value-added services or products, and high responsiveness to customers (offensive IT)

14 Green IT FINANCIAL ISSUES
An increasingly relevant subject requiring consideration within the sphere of IT Governance is the issue of Green IT. In the same way that IT Governance is a critical component within the Corporate Governance of an organisation, Green IT has become an essential aspect within the decision making, framework building, and business processes, of IT Governance. Find further information on Green IT here and a selection of cutting edge texts, support manuals, and standards on both Green IT and the Environmental Management Standard ISO

15 Next Steps: WHAT YOU CAN DO NOW
Understand emergence of CIO function in private sector Find out more about issues of concern - Learn You don’t have to be able to program or trouble shoot your PC, but it does help to have a high level understanding of technology Ask pertinent questions Consider implementing security audit processes Review existing policies – update where necessary, create where not present Bring in Expertise – 2 methods

16 Regulatory Frameworks
FINANCIAL ISSUES ISO/IEC 38500 The world's formal international IT Governance Standard, IS/IEC 38500, was published in June the standard is a key resource for IT governance professionals everywhere in the world. ITIL®, CobiT® and ISO17799 ITIL®, or IT Infrastructure Library®, was developed by the UK's Office of Government Commerce as a library of best practice processes for IT service management. Widely adopted around the world, CobiT®, or Control Objectives for Information and related Technology, was developed by America's IT Governance Institute. CobiT is increasingly accepted as good practice for control over information, IT and related risks. ISO17799, now renumbered as ISO27002 and supported by ISO 27001, (both issued by the International Standards Organization in Geneva), is the global best practice standard for information security management in organizations. Joint Framework ISO (ISO27002), ITIL and CobiT are all, potentially, part of any best-practice approach to regulatory and corporate governance compliance. The challenge, for many organizations, is to establish a co-ordinated, integrated framework that draws on all three of these standards. The recently released Joint Framework, put together by the ITGI (owners of CobiT) and the OGC (owners of ITIL) is a significant step in the right direction. Here is a webinar that describes how to leverage this best-practice framework to simplify your regulatory compliance.

17 Resources

18 RESOURCES Organizations: IT Governance Institute: http://www.itgi.org
it Governance Company: Information Systems Audit and Control Association (ISACA):

19 Questions and answers

Download ppt "IT governance: What library boards need to know now"

Similar presentations

IT Governance & Quality Management

IT Governance & Quality Management
Organizational Governance

Organizational Governance
Community engagement Implementing NICE guidance 2008 NICE public health guidance 9.

Community engagement Implementing NICE guidance 2008 NICE public health guidance 9.
Options appraisal, the business case & procurement

Options appraisal, the business case & procurement
THE ROLE OF CSDs DURING ENVIRONMENTAL CRISIS OR OPERATIONAL DISRUPTION THE ROLE OF CSDs DURING ENVIRONMENTAL CRISIS OR OPERATIONAL DISRUPTION A PRESENTATION.

THE ROLE OF CSDs DURING ENVIRONMENTAL CRISIS OR OPERATIONAL DISRUPTION THE ROLE OF CSDs DURING ENVIRONMENTAL CRISIS OR OPERATIONAL DISRUPTION A PRESENTATION.
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Chapter 12 Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser.

Chapter 12 Health Care Information Systems: A Practical Approach for Health Care Management 2nd Edition Wager ~ Lee ~ Glaser.
Child Safeguarding Standards

Child Safeguarding Standards
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Best practice partnership models

Best practice partnership models
Risk and Resilience Delivered by Alba www.albanetwork.co.uk.

Risk and Resilience Delivered by Alba
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
CSR Project, 3 cr. Corporate Responsibility, C-module (15 cr.) or free-choise studies Introduction to Corporate responsibility, 1,5-3 cr. (depending on.

CSR Project, 3 cr. Corporate Responsibility, C-module (15 cr.) or free-choise studies Introduction to Corporate responsibility, 1,5-3 cr. (depending on.
GOOD GOVERNANCE PRINCIPLES AND GUIDANCE for Not-for-Profit Organisations Promoting good governance and supporting directors and boards of not-for-profit.

GOOD GOVERNANCE PRINCIPLES AND GUIDANCE for Not-for-Profit Organisations Promoting good governance and supporting directors and boards of not-for-profit.
Privileged and Confidential Strategic Approach to Asset Management Presented to October 2004 2004 Urban Water Council Regional Seminar.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.

Similar presentations

Ads by Google