Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation Corporate Governance of Information Technology Mark Toomey.

Similar presentations


Presentation on theme: "©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation Corporate Governance of Information Technology Mark Toomey."— Presentation transcript:

1 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation Corporate Governance of Information Technology Mark Toomey Managing Director Infonomics Pty Ltd Chair, Standards Australia Committee IT-030 Member, ISO/IEC JTC-1 SC-7 WG1A Page 1 0:00

2 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation This PowerPoint slideshow is provided ACS members attending the Education Across the Nation series on Governance of IT, during The slideshow is provided for the personal use of ACS members during and after the lecture, for the purpose of their own self- development, and for the purpose of facilitating conversations with their colleagues, including top level management and directors. Permission is hereby given for participants in the Education Across the Nation series on Governance of IT to copy this material for these purposes only. The Education Across the Nation series on Governance of IT does not necessarily equip its participants with the in-depth knowledge required to enable the participants to act as instructors for classroom delivery of the material. Page 2 Use of this slideshow and copies thereof for the purpose of group knowledge transfer is restricted to personnel expressly approved by Infonomics and is subject to payment of a license fee. This material was prepared to provide general guidance and stimulate debate. It should not be construed as providing professional advice and services for any particular or specific situation. As such, it should not be used as a substitute for consultation with expert advisers. Before making any decision or taking any action you should consult with Infonomics Pty Ltd or other competent professionals. 0:00

3 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology ISO 38500: First Glance Australian guidance leads the world… Page 3 0:02

4 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology ISO 3500: First Glance A Model, and Six Principles Responsibility; Strategy; Acquisition; Performance; Conformance; Human Behaviour. Page 4 Business Pressures Corporate Governance Corporate Management Evaluate Plans, Policies Performance Conformance Direct Monitor Proposals IT Projects IT Operations Business Needs 0:04

5 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation Why do we need a standard? Page 5 0:04

6 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Why do we need a standard? IT keeps going wrong: Page 6 July 2006 October 2005 June 2004July :06

7 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Why do we need a standard? The names and stories keep rolling on… Page British Sky Broadcasting sued EDS for £709Million, following failure of its Customer Relationship Management (CRM) initiative. BSkyB claims it has lost significant anticipated benefits British Gas sued Accenture for £182Million. A failed billing system project resulted loss of a million customers and required 2,500 additional staff for two years. IT crash hits Virgin Blue: April 17, 2008 Cancelled Late St George admits to security flaw. March 25, :08

8 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Why do we need a standard? Investigations reveal the true cause of problems! In the case of the ICS, there does not appear to have been an effective structure or process to direct and control the project, nor to make suitable risk decisions. To fulfil this task, Customs has had at least 10 bodies responsible for different aspects of the management and governance of the ICS, including the interactions with industry… These bodies overlap in their responsibilities and accountabilities, and overall the program has no single business owner and accountabilities for its delivery are unclear. Source: The Australian IT (online) and Booz Allan Hamilton Report Review of the Integrated Cargo System We have been unable to locate a clear and quantified set of outcomes and benefits expected from the introduction of the ICS Some changes have been the cause of severe disruptions and reduced process efficiency. Change Governance Problem on a Massive Scale. Page 8 0:10

9 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Why do we need a standard? The problem is not in the process! Page 9 The Gimli Glider. See 0:12

10 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Why do we need a standard? The Cost of IT Failures In Australia alone: –Failed Projects: $1.5b + per annum* –Foregone Benefits: $20b per annum* –Operational Losses: $Incalculable –Reputation damage: $Incalculable. But isnt this the tip of the iceberg? –Competitors respond –Predators descend –Regulators investigate –Lawyers litigate Todays IT failure can have a serious impact on the bottom line, and in the boardroom. Page 10 * Dr R C Young: What is the ROI for Project Governance? Macquarie University, November % – 3% GDP! 0:14

11 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology But weve already done IT Governance! Effort within IT has not solved the problem! Investment ensures that IT is doing its job competently –Rigour –Process –Control –Reporting But its not just in IT that problems develop: –Use of IT in achieving business goals involves business change Process People Structure Context –And necessarily requires that business leaders engage fully: Being responsible Setting direction Planning and implementing Polishing INSIDE the Kettle improves supply… … but does not fully address the problem of use! ITILPrince2CoBIT CMMIPMBOK TOGAF Governance of IT has to deal with how organisations USE IT as well as with how IT departments operate. Delivery Use Many issues arise here – outside ITs sphere of control. Page 11 Etc. 0:16

12 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology The pressure for Board Oversight: KPMG Global IT Project Management Survey (Sep 05) Traditional measures of success (time and budget) are being superseded: –Achieving benefits – keeping commitments – is now the key determinant of project success. Since 2003, performance of projects has improved marginally: –Failure rates are still appalling; –Many organisations do not focus on realising or measuring benefits. The key element (that makes some organisations more successful) appears to be an appropriate governance framework – to complement planning and prioritisation of activities and to help ensure execution controls are in place until benefits are realised. The board must put in place, through management, a rigorous oversight framework to monitor achievement of budgets, the meeting of timelines and to help ensure that the agreed benefits are realised. To achieve this, the board must receive the right information at the right time. Page 12 Those responsible at the top of the organisation must govern… 0:17

13 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation Understanding Corporate Governance of IT: Four key concepts Corporate Governance Business Systems and Change The Business Cycle: Demand and Supply The System for Governing IT Page 13 0:18

14 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Corporate Governance: The System by which entities are directed and controlled. (Cadbury) Corporate Governance: The System by which entities are directed and controlled. (Cadbury) Corporate Governance: Fundamentals… Page 14 Adapted from Corporate Governance – A Working Definition, Teresa Barger, Director IFC/World Bank Corporate Governance Department Governance Protect owners interests Governance Protect owners interests Management Develop business capabilities Run business operations Management Develop business capabilities Run business operations Ownership Appoint the Directors Ownership Appoint the Directors Establish Strategy Establish Strategy Direct Monitor Definition from Report of the Committee on the Financial Aspects of Corporate Governance (Chair: Sir Adrian Cadbury), London, :20

15 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Governance Protect owners interests Governance Protect owners interests Management Develop business capabilities Run business operations Management Develop business capabilities Run business operations Ownership Appoint the Directors Ownership Appoint the Directors Establish Strategy Establish Strategy Direct Monitor Corporate Governance: Fundamentals… Seamless participation in all 3 levels Micro Business Owner/Directors SME Business Low discretion management Share- holders Large Business Elected directors High discretion management Govt Agency Electors Government or Board High discretion management Page 15 0:21

16 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Corporate Governance: The Information (IT) domain. Page 16 Governance Domains and Systems Corporate Governance visibility and control Management Responsibility Information (IT) assets Financial assets Relationship assets Human assets IP assets Physical assets Business Pressures Corporate Governance Corporate Management Evaluat e Plans, Policies Performance Conformance Direct Monitor Proposals IT Projects IT Operations Business Needs 0:23

17 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Governance Domains and Systems Corporate Governance visibility and control Management Responsibility Information (IT) assets Financial assets Relationship assets Human assets IP assets Physical assets Corporate Governance of IT. Page 17 Business Pressures Corporate Governance Corporate Management Evaluat e Plans, Policies Performance Conformance Direct Monitor Proposals IT Projects IT Operations Business Needs Business Pressures Corporate Governance Corporate Management Evaluate Plans, Policies Performance Conformance Direct Monitor Proposals IT Projects IT Operations Business Needs Corporate Governance of IT: The System by which the current and future use of IT is directed and controlled. 0:24

18 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Business Systems and Change Page 18 ProcessStructure People Technology The Business System The Business Context Operating context of the organisation –External –Internal. Four key elements of operating organisations –People – who participate in business events –Process – what business events take place –Structure – where business events happen –Technology – enabling and recording events IT intrinsic to day to day operations –Business process specific - Transactions, Customers, Etc –Generic - , Telephony, Information This model is a variant on H.J. Leavitts Model of organisational change, published in :25

19 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Operating context of the organisation –External –Internal. Four key elements of operating organisations –People – who participate in business events –Process – what business events take place –Structure – where business events happen –Technology – enabling and recording events IT intrinsic to day to day operations –Business process specific - Transactions, Customers, Etc –Generic - , Telephony, Information When IT fails, whole organisations and extended organisations stop –Citylink Melbourne, Tuesday 20 Sept 2006 ProcessStructure People Technology The Business System The Business Context Business Systems and Change Page 19 The Business System Technology People Structure Process This model is a variant on H.J. Leavitts Model of organisational change, published in :26

20 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Business Systems and Change IT is now a fundamental enabler of change and is leading to new business models and new business practices –Eg e-Government Implementing IT enabled change involves attention to every facet of business models and practices –Internal and external factors Page 20 Governing IT Enabled Change involves much more than governing technology activities. ProcessStructure People Technology The Business System The Business Context ProcessStructure People Technology The Business System The Business Context The Business System Technology People Structure Process Traditional IT Change Project Change Program Business System Process Technology Structure People Business Context Process Technology Structure People Changed Process Changed Structure Changed People Changed Technology Changed Business System Changed Business Context 0:28

21 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Current Use: Run the Business Future Use: Build the Business Future Use: Plan the Business The Business Cycle: Demand and Supply Page 21 Plan Build Run 0:29

22 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology The System of Management Current Use: Run the Business Future Use: Build the Business Future Use: Plan the Business The Business Cycle: Demand and Supply Page 22 Strategic Business Future Demand Supply Effective IT enabled change Ongoing business operations Demand Supply Reliable IT Service ITIL, ISO 20000, ISO 27000, CoBiT etc Business Domain: How IT is used to enable and operate the business IT Domain: How IT is managed and delivered. ValIT 0:30

23 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology The System for Governing IT: An integrated system o verseen by the Board Page 23 The System of Management Strategic Business Future Demand Supply Effective IT enabled change Ongoing business operations Demand Supply Reliable IT Service ITIL, ISO 20000, ISO 27000, CoBiT etc Business Domain: How IT is used to enable and operate the business IT Domain: How IT is managed and delivered. ValIT The System of Management Ongoing business operations Strategic Business Future Supply Reliable IT Service Effective IT enabled change Business Domain: How IT is used to enable and operate the business IT Domain: How IT is managed and delivered. ITIL, ISO 20000, ISO 27000, CoBiT etc Demand ValIT 0:31

24 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology The System of Management Ongoing business operations Strategic Business Future Supply Reliable IT Service Effective IT enabled change Business Domain: How IT is used to enable and operate the business IT Domain: How IT is managed and delivered. ITIL, ISO 20000, ISO 27000, CoBiT etc Demand ValIT Corporate Governance Oversight ISO Rules, Direction, Behaviour Performance, Conformance The System for Governing IT: An integrated system o verseen by the Board Page 24 Management Responsibility Board oversight The System of Governance 0:32

25 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Plan Build Run Vision Strategy Plans Initiatives Operation The System of Governance Inside the System Page 25 Strategy Portfolio Program Project Operation Enterprise Architecture Asset Information Security Adapted from a model developed by John Thorp, author of The Information Paradox. Plan Build Run 0:34

26 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology The System of Governance The System Perspective Page 26 Adapted from a model developed by John Thorp, author of The Information Paradox. 0:36

27 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation ISO/IEC Core Elements Page 27 0:37

28 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Proposals: plans and suggestions –Vision –Strategy –Detailed plans –Initiatives –Projects (and changes thereto) –BAU Operations (the oft-forgotten default) Current and future use of IT Supply Governance Page 28 Evaluate Business Pressures Corporate Governance Corporate Management Evaluate Plans, Policies Performance Conformance Direct Monitor Proposals IT Projects IT Operations Business Needs 0:39

29 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Policy to guide management decisions. Strategy to establish focus and direction. Progressive allocation of resources. Clear delegation of authority. Appropriate incentives and rewards. Page 29 Direct Business Pressures Corporate Governance Corporate Management Evaluate Plans, Policies Performance Conformance Direct Monitor Proposals IT Projects IT Operations Business Needs 0:41

30 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Achieving intended results –And taking action if they are at risk Assuring conformance –External and internal Making adjustments for reality Ensuring that management is doing its job properly. Ensuring that the governance system is effective. Page 30 Monitor Business Pressures Corporate Governance Corporate Management Evaluate Plans, Policies Performance Conformance Direct Monitor Proposals IT Projects IT Operations Business Needs 0:43

31 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Responsibility Strategy Acquisition Performance Conformance Human Behaviour Page 31 Six principles for good governance of IT Business Pressures Corporate Governance Corporate Management Evaluate Plans, Policies Performance Conformance Direct Monitor Proposals IT Projects IT Operations Business Needs 0:45

32 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation Using ISO Page 32 0:45

33 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Using ISO Guide for assessment and improvement Page 33 What does each cell mean? How do you perform? What should you seek to improve? What consequences of improvement should you seek? 0:47

34 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Using ISO Benchmarking and comparing performance Page 34 Human Communities: Who are they? How do they behave? What do they need? What motivates them? Principles Responsibility Strategy Acquisition Performance Conformance Human Behaviour RMIT and Infonomics research Published in Achieving Business Sustainability (Infonomics), andInformation Technology Entrepreneurship and Innovation, edited by Fang Zhao, published by IGI Global, :48

35 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Using ISO Learning through evaluating patterns Page 35 I know nothing about the IT in my organisation… IT not adequately integrated in corporate strategic thinking? Focusing on today - Insufficient attention given to the future? RMIT and Infonomics research :49

36 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Page 36 A Typical Assessment Result Poor performance in critical areas. Responsibility: there is neither clear nor appropriate allocation of responsibility for IT. Strategy: there is no effective planning for IT in the context of business strategy and direction. Acquisition: decisions to invest in new IT capability are not made in an appropriate framework. Performance: demand for IT service are unlikely to be met. Conformance: the rules for IT are inadequate. Human Behaviour: human issues are given scant attention in IT planning and delivery. Acquire 3 Human Factors 3 Perform 2.9 Conform 2.9 Responsibility 2.7 Planning :50

37 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Using ISO Closing the gaps in contemporary techniques Page 37 ProcessStructure People Technology Control and Direct use of IT. Control & Direct the Business CobiT ITIL Prince2 PMBOK Gateway ValIT 0:52

38 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Using ISO Developing Policy for control of IT Page 38 Usage policies Rules for how people use the business systems and technology resources Board role: part of user community. Strategic Policies Your posture relative to Principles Board role: consultation and approval Your ISO Framework Operating policies Specify how projects and operations are conducted Board role: awareness 0:53

39 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Responsibility The Crucial Strategic Policy How is responsibility allocated for: –Allocating responsibility? –Developing business strategy and planning business use of (demand for) IT? –Developing strategies for supply and delivery of IT capability and service? –Making decisions to invest in IT? –Determining targets and measuring business and IT performance? –Ensuring that IT investment initiatives achieve agreed, appropriate success criteria? –Ensuring that business demand for operational supply of IT service is satisfied efficiently and effectively? –Understanding conformance requirements, establishing effective conformance rules, and assuring conformance? –Understanding and ensuring respect for human behaviours? What are the responsibilities of each individual in respect of IT demand and supply? Page 39 0:54

40 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Using the Standard Fundamental Rules Change Management Rule 0– Engage the right sponsor and involve the right people. Change Management Rule 1– Communicate, Communicate, Communicate. Change Management Rule 2– Measure, adjust, measure. Change Management Rule 3– Start with the fundamentals. Change Management Rule 4– Small steps, with clear objectives. Change Management Rule 5– Keep communicating; keep measuring; keep improving. Page 40 0:55

41 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation Self Assessment When and how Branch feedback Information Age Article Page 41 0:57

42 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation Additional Material Page 42 0:59

43 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation Questions Page 43 0:60

44 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation What do you have to lose? Seize the opportunity! ISO/IEC Thank you. Page 44 0:70

45 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation Additional Material Page 45

46 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Who is responsible for what when it comes to current and future use of IT? Does everybody understand their responsibility? Do those with responsibility deliver? If IT is responsible for supply, who is responsible for demand? And who is responsible for results? Page 46 Responsibility

47 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Planning IT use (demand and supply) to best serve the organisation. Who should determine the organisations strategy for USE of IT? How are business strategy and IT strategy related? How is strategy enacted? Includes key planning disciplines –Portfolio –Project –Architecture Page 47 Strategy (Planning)

48 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Decisions to invest in IT Decisions to continue existing IT initiatives Decisions to continue using operational IT Decisions on sourcing of IT capabilities Decisions on selection of technologies Page 48 Acquisition

49 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Current performance –Operational objectives –Investment objectives Future performance –Running the business –Delivering capability –Stable base for change –Implementing change Wide scope –Systems and infrastructure –People –Management systems Page 49 Performance

50 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Understanding the rules Formulating the rules Communicating the rules Enforcing the rules Identifying and sanctioning non-conformance Page 50 Conformance

51 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Response to change Response to pressure Professional pride Fear of discovery and consequences Dedication and commitment Partial disclosure Good news Page 51 Human Behaviour

52 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation Key messages in the standard Directors should govern the use of Information Technology; Governance and Management are separate concepts; The standard is applicable to every organisation; The people who should most use the standard are the managers; Good governance of IT is a desirable attribute for stakeholders; Behaviour is key; Implementation is the responsibility of each organisation. Page 52

53 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Delegate their responsibility as appropriate. Define intended use of IT in business strategy. Establish policy to guide management decisions. Monitor conformance and performance of strategy and policy. Enforce discipline of control and supervision. Obtain independent advice as and when necessary. Page 53 Directors should govern the use of Information Technology.

54 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Management is what managers do. Governance is oversight of management. Much of what is called IT Governance is actually IT Management. Giving IT Management a new name does not make it more effective. Page 54 Governance and Management are separate concepts.

55 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Private and public (government) Small, medium and large Listed and unlisted For-profit and Not-for-profit Scalable – no prescription of process or structure Every organisation needs to determine how to adopt. Page 55 The standard is applicable to every organisation.

56 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Managers advise and support directors. Managers provide information to directors and implement the direction given by directors. Managers are the originators of most board decisions including strategy and systems of control. Managers act on behalf of directors to perform some governance tasks under the boards delegated authority. Page 56 The people who should most use the standard are the managers.

57 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Better strategic use of IT -> better corporate performance Fewer failures of projects -> better return on investment Higher reliability in operations -> premium for perceived quality Page 57 Good governance of IT is a desirable attribute for stakeholders.

58 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Behaviour of the organisation Behaviour of its managers Doing the right things in respect of decisions about current and future use of IT Business stepping up to its role in controlling demand IT limiting itself to the role of supply Business leaders taking true accountability for business outcomes. Page 58 Behaviour is key.

59 ©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology No specific implementation requirements -> no straight-jackets. Governance is a system – people, process, structure and technology. Many frameworks are available – choose whats best for you. Build on what you have – assess and improve – dont just start from scratch. Implementation is the responsibility of each organisation. Page 59


Download ppt "©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology Education Across the Nation Corporate Governance of Information Technology Mark Toomey."

Similar presentations


Ads by Google