Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Here and Now of Higher Ed IT Governance, Risk, and Compliance Efforts Jacqueline Bichsel, PhD Senior Research Analyst EDUCAUSE AIRI, May 8, 2014.

Published byHoratio Wilkins Modified over 8 years ago

Similar presentations

Presentation on theme: "The Here and Now of Higher Ed IT Governance, Risk, and Compliance Efforts Jacqueline Bichsel, PhD Senior Research Analyst EDUCAUSE AIRI, May 8, 2014."— Presentation transcript:

1 The Here and Now of Higher Ed IT Governance, Risk, and Compliance Efforts Jacqueline Bichsel, PhD Senior Research Analyst EDUCAUSE AIRI, May 8, 2014

2

3 EDUCAUSE Center for Analysis and Research (ECAR) IT GRC Survey 246 member institutions

4 The Current Landscape

5 Risk Management

6

7 Most allow the risk management lead a moderate to broad scope of authority.

8 Compliance

9

10 Compliance lead allowed a very broad scope of authority.

11 Governance

12 Scope of the IT Governance Body

13

14 The IT Risk Environment

15 Balance between risk control and functionality/openness.

16 Specific Risks

17 81% of institutions do not include IT risk in their institution’s strategic plan

18 Units Managing IT Risk

19 Frameworks Used in IT Risk Management 2 out of 3 institutions use at least one framework

20 The IT Compliance Environment

21 IT Compliance Issues

22

23 The IT Governance Environment

24 Those with an ITGB are more likely to:  Involve other departments in decision-making  Influence leadership  Formulate binding policy  Guide IT risk management  Have a clear IT vision, mission, or strategy

25 Frameworks Used in IT Governance 1 out of 3 institutions uses at least one framework

26 Maturity in Risk Management

27 ECAR Maturity Indices  Provide starting point for institutions to assess strengths and weaknesses  Allow comparisons across the institution to benchmark progress across time or departments  Allow comparisons inter-institutionally to provide peer comparisons

28 Risk Management Maturity

29 Communication/End-User Management  Communication about IT risk throughout the organization  Management of end-user activities

30 Acceptance  lack of resistance of faculty, staff, and administration to risk management efforts

31 Risk Assessment/Management  Identifying, tracking, prioritizing, and reporting risks  Implementing policies and controls  Involvement of leadership

32 Investment  adequate investment in risk management staff and services

33 More mature institutions…  Have a formal risk management program (enterprise or IT)  Allow the risk management lead a broad scope of authority  Use a framework (any framework) for RM  Are more effective in addressing specific IT risks

34 More mature institutions ALSO…  Invest more in IT compliance  Are better at reviewing and updating IT compliance practices  Have less difficulty addressing compliance rules and laws  Have better support from leadership and faculty in IT governance issues  Have better IT governance in every respect

35 Thank you, AIRI! Jacqueline Bichsel For more information on EDUCAUSE: http://www.educause.edu/ For more information on ECAR: http://www.educause.edu/ecar

Download ppt "The Here and Now of Higher Ed IT Governance, Risk, and Compliance Efforts Jacqueline Bichsel, PhD Senior Research Analyst EDUCAUSE AIRI, May 8, 2014."

Similar presentations

The PRR: Linking Assessment, Planning & Budgeting PRR Workshop – April 4, 2013 Barbara Samuel Loftus, Ph.D. Misericordia University.

The PRR: Linking Assessment, Planning & Budgeting PRR Workshop – April 4, 2013 Barbara Samuel Loftus, Ph.D. Misericordia University.
. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Strategic Planning An Overview. General Definition The process of strategic planning involves deciding where you want to go, how you want to be positioned,

Strategic Planning An Overview. General Definition The process of strategic planning involves deciding where you want to go, how you want to be positioned,
Steve Meier. What is Strategic Planning Determines Where an organization is going over the next year or more, How it's going to get there How it'll know.

Steve Meier. What is Strategic Planning Determines Where an organization is going over the next year or more, How it's going to get there How it'll know.
April 6, 2011 DRAFT Educator Evaluation Project. Teacher Education and Licensure DRAFT The ultimate goal of all educator evaluation should be… TO IMPROVE.

April 6, 2011 DRAFT Educator Evaluation Project. Teacher Education and Licensure DRAFT The ultimate goal of all educator evaluation should be… TO IMPROVE.
DOT Office of Inspector General Audit of DOT’s Office of the Secretary’s Acquisition Function Federal Audit Executive Council Procurement Training Conference.

DOT Office of Inspector General Audit of DOT’s Office of the Secretary’s Acquisition Function Federal Audit Executive Council Procurement Training Conference.
A Commitment to Excellence: SUNY Cortland 2010-2020 Update on Strategic Planning.

A Commitment to Excellence: SUNY Cortland Update on Strategic Planning.
Facilities Management 2013 Manager Enrichment Program U.Va.’s Strategic Planning Initiatives Colette Sheehy Vice President for Management and Budget December.

Facilities Management 2013 Manager Enrichment Program U.Va.’s Strategic Planning Initiatives Colette Sheehy Vice President for Management and Budget December.
May 16, 2014 Analytics Short Discussion. ECAR Analytics Maturity Index Source: ECAR Analytics Maturity Index, 2012.

May 16, 2014 Analytics Short Discussion. ECAR Analytics Maturity Index Source: ECAR Analytics Maturity Index, 2012.
Community Health Assessments: Requirements and Models April 25, 2013 Gianfranco Pezzino Senior Fellow Kansas Health Institute.

Community Health Assessments: Requirements and Models April 25, 2013 Gianfranco Pezzino Senior Fellow Kansas Health Institute.
SEM Planning Model.

SEM Planning Model.
1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.

1 LBNL Enterprise Computing (EC) January 2003 LBNL Enterprise Computing.
1 Structural Supports Susan Besio, Ph.D. Director of Planning Vermont Agency of Human Services.

1 Structural Supports Susan Besio, Ph.D. Director of Planning Vermont Agency of Human Services.
The 5 Characteristics Successful Nonprofits Have in Common

The 5 Characteristics Successful Nonprofits Have in Common
American University of Beirut1 AMERICAN UNIVERSITY OF BEIRUT Role of Quality in Strategic Planning.

American University of Beirut1 AMERICAN UNIVERSITY OF BEIRUT Role of Quality in Strategic Planning.
Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.

Higher Education Cybersecurity Strategy, Programs, and Initiatives Rodney Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE.
BUSINESS & HUMAN RIGHTS UniCredit on its sustainability path: understanding and managing the financial sector’s responsibilities in terms of human rights”

BUSINESS & HUMAN RIGHTS UniCredit on its sustainability path: understanding and managing the financial sector’s responsibilities in terms of human rights”
UGA’S STRATEGIC PLANNING DASHBOARD Allan Aycock Director for Assessment and Accreditation Shweta Doshi Business Intelligence Application Analyst 1.

UGA’S STRATEGIC PLANNING DASHBOARD Allan Aycock Director for Assessment and Accreditation Shweta Doshi Business Intelligence Application Analyst 1.
Enterprise Risk Management (ERM) Minnesota Department of Transportation Enterprise Risk Management (ERM) Minnesota Department of Transportation TRB International.

Enterprise Risk Management (ERM) Minnesota Department of Transportation Enterprise Risk Management (ERM) Minnesota Department of Transportation TRB International.

Similar presentations

Ads by Google