Presentation is loading. Please wait.

Presentation is loading. Please wait.

What is IT Governance? Corporate governance

Published byJunior Shelton Modified over 8 years ago

Similar presentations

Presentation on theme: "What is IT Governance? Corporate governance"— Presentation transcript:

1 What is IT Governance? Corporate governance
Processes, customs, rules, procedures, policies, and traditions Determine how to direct and control management activities People involved in corporate governance Board of directors, CEO, senior executives, and shareholders Interest in corporate governance has grown due to recent accounting scandals Information Technology for Managers

2 What is IT Governance? (continued)
Decision-making process Involves investments in IT Includes defining: Decision-making process itself Who makes the decisions Who is held accountable for results How the results of decisions are communicated, measured, and monitored Information Technology for Managers

3 What is IT Governance? (continued)
Primary goals of effective IT governance Ensuring that an organization achieves good value from its investments in IT Mitigating IT-related risks Information Technology for Managers

4 What is IT Governance? (continued)
Information Technology for Managers

5 Ensuring that an Organization Achieves Good Value from its Investments in IT
Many parts of the organization could not operate without IT Governance must be applied to the management of IT Effective IT strategic planning process ensures close alignment between business and IT goals Apply good project management principles Guide to Microsoft Virtual PC 2005 and Virtual Server 2007

6 Mitigating IT-Related Risks
Use good internal controls and management accountability Internal control Provide reasonable assurance for: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations Improper conduct of senior managers and failure to hold managers accountable can circumvent internal controls Information Technology for Managers

7 Mitigating IT-Related Risks (continued)
Rules and regulations Hold senior management accountable for the integrity of financial data and internal controls Accounting, consulting, and software firms can provide products and services Five key activities needed for effective IT governance Information Technology for Managers

8 Information Technology for Managers

9 Why Managers Must Understand IT Governance
Universal goal for businesses Leveraging IT to transform an enterprise and create value-added services, increased revenue, and decreased expenses IT-related initiatives are seldom simple and straightforward Good IT governance IT organization is better aligned and integrated with the business Risks and costs are reduced IT helps the company gain a business advantage Information Technology for Managers

10 IT Governance Frameworks
IT Infrastructure Library (ITIL) Provides best practices and criteria for effective IT services Control OBjectives for Information and Related Technology (COBIT) COBIT provides guidelines for more than 30 processes that span a wide range of IT-related activities Frameworks are complementary, not competing Information Technology for Managers

11 IT Infrastructure Library (ITIL)
Set of guidelines initially formulated by the UK government Widely used today throughout Europe and the United States Standardize, integrate, and manage IT service delivery Consists of five distinct volumes Information Technology for Managers

12 IT Infrastructure Library (ITIL) (continued)
Addresses Strategy and value planning Roles and responsibilities of key players Planning and implementing service strategies Business planning and IT strategy linkage Risks and critical success factors for implementing ITIL Information Technology for Managers

13 Control OBjectives for Information and Related Technology (COBIT)
Set of guidelines Goal Align IT resources and processes with business objectives, quality standards, monetary controls, and security needs Issued by the IT Governance Institute Provides guidance for more than 30 IT-related processes grouped into four major categories Information Technology for Managers

14 Information Technology for Managers

15 Information Technology for Managers

16 Information Technology for Managers

17 Control OBjectives for Information and Related Technology (COBIT) (continued)
Each of the processes is described in terms of: The process inputs The process description The process outputs The goals and metrics The RACI chart The maturity model Information Technology for Managers

18 Control OBjectives for Information and Related Technology (COBIT) (continued)
Information Technology for Managers

19 Control OBjectives for Information and Related Technology (COBIT) (continued)
“Maturity level” of management processes Scale of 0 to 5 Use the scale for each process to evaluate a number of items Use this information to choose: Which processes have priority for improvement Which can be addressed later Information Technology for Managers

20 Using PDCA and an IT Governance Framework
Plan-Do-Check-Act (PDCA) model Tried and proven method Can be applied to a specific targeted process Each step in the model has specific objectives Information Technology for Managers

21 Information Technology for Managers

22 Information Technology for Managers

23 A Manager Takes Charge: Audatex Uses PDCA and ITIL to Improve Its Service Offerings
Operates as a service provider for body shops and insurance companies Offers an integrated suite of software to support auto insurance collision repair shops Firm must invest heavily in product development, new technology, and improved products and services Ross McEleny, IT services director at Audatex Formed a process improvement team Established a continuous improvement loop Information Technology for Managers

24 Business Continuity Planning
Disaster Unplanned interruption of normal business operations for an unacceptable period of time Can result in many negative consequences Key planning assumptions Must be built into an organization’s business continuity plan Information Technology for Managers

25 Business Continuity Planning (continued)
Information Technology for Managers

26 Information Technology for Managers

27 Business Continuity Planning (continued)
People and procedures required to ensure resumption of an organization’s essential, time-sensitive processes with minimal interruption Due diligence Effort made by an ordinarily prudent or reasonable party to avoid harm to another party Failure to make this effort may be considered negligence Scope of a full business continuity plan Information Technology for Managers

28 Business Continuity Planning (continued)
Disaster recovery plan Subset of the business continuity plan Focuses on keeping components of the IT infrastructure functioning during a disaster or recovering them quickly afterward Information Technology for Managers

29 Information Technology for Managers

30 Process for Developing a Business Continuity Plan
Identifying vital records and data Determine where and how they are being stored and backed up Must assess the adequacy of the current data storage plan Offsite backup recommended Conducting a business impact analysis Recovery time objective Time within which a business function must be recovered Information Technology for Managers

31 Information Technology for Managers

32 Defining Resources and Actions Required to Recover
AAA priority business functions Document all the resources needed to recover the business function within the recovery time objective Identify the sequences of steps that must occur to recover from a disaster Specific features to consider for inclusion in the recovery of a AAA priority business function When all the preceding tasks have been completed for the AAA priority business functions: Repeat the process for all the AAA priority business functions, then for all AA priority, etc. Information Technology for Managers

33 Defining Emergency Procedures
Emergency procedures define the steps to be taken during a disaster and immediately following Planning and practice of such procedures Minimize loss of life and injuries as well Reduce the impact on the business and its operations Develop in conjunction with professional first responders Computer, data, and equipment backup processes should be triggered automatically Information Technology for Managers

34 Identifying and Training Business Continuity Teams
Control group Emergency response team Includes members of the fire department, police department, and other first responders Business recovery team Members of these teams should be carefully selected Wise to cross-train people Information Technology for Managers

35 Training Employees Employees should be trained to recognize and respond to various types of disaster warnings Good practice to identify “floor wardens” Most organizations conduct one or two disaster drills per year Information Technology for Managers

36 Practicing and Updating the Plan
Test business continuity plan Ensure that it is effective and that people can execute it Employees are expected to exercise the business continuity plan and restore operations within the desired recovery time Capture problems or issues not addressed by the plan Revise it to incorporate solutions Plan must be continually updated to account for changes Information Technology for Managers

37 Information Technology for Managers

38 Summary IT governance Decision-making process that involves investments in IT Responsibility of executive management Five central themes of IT governance Use frameworks as a basis to develop their own governance model Each organization must perform an objective assessment of its unique risks and develop a comprehensive plan Information Technology for Managers

Download ppt "What is IT Governance? Corporate governance"

Similar presentations

IT Governance & Quality Management

IT Governance & Quality Management
Museum Presentation Intermuseum Conservation Association.

Museum Presentation Intermuseum Conservation Association.
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Environmental Management System (EMS)

Environmental Management System (EMS)
IT Governance Infocom India Presentation December 6, 2006.

IT Governance Infocom India Presentation December 6, 2006.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
1 Continuity Planning for transportation agencies.

1 Continuity Planning for transportation agencies.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Business Crisis and Continuity Management (BCCM) Class Session 3 3 - 1.

Business Crisis and Continuity Management (BCCM) Class Session
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.

Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.

COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.

Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.
Introduction to Systems Analysis and Design

Introduction to Systems Analysis and Design
Purpose of the Standards

Purpose of the Standards
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.

1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
0 070620 Change Advisory Board COIN v1.ppt Change Advisory Board ITIL COIN June 20, 2007.

Change Advisory Board COIN v1.ppt Change Advisory Board ITIL COIN June 20, 2007.

Similar presentations

Ads by Google