IT GOVERNANCE GSI 615 Carmen R. Cintrón Ferrer ©
IT Governance Wrap-up Carmen R. Cintrón Ferrer, , Reserved Rights
IT Governance - ¿Mi problema?Mi problema Carmen R. Cintrón Ferrer, , Reserved Rights Basic IT Governance (Video)Video IT Governance Models: Weill & Ross Model (Video)Video ITGi - ISACA ITIL (Simplified) (Simple Explanation)SimplifiedSimple Explanation COSO (Templates)Templates Business IT Alignment (Video) (6-Reasons it may be impossible to do)Video6-Reasons it may be impossible to do
IT Governance – ISACA/ITGi ISACA/ITGI - Cobit ® IT Governance Model Carmen R. Cintrón Ferrer, , Reserved Rights
IT Governance Components IT Value Delivery Risk Management Performance Management IT Strategic Alignment Stakeholder Value Drivers ISACA/ITGI - Cobit ® IT Governance Model Carmen R. Cintrón Ferrer, , Reserved Rights
IT Business Alignment – Principles The Technology Garden, Collins et als. Carmen R. Cintrón Ferrer, , Reserved Rights Get the Basics Right – Sound IT Delivery and Trust Create a common Language – Build a Business Model & Avoid “Technobabble” Establish a peer relationship – engage IT in business & drive the business through change and transformation Coordinate goals and objectives Manage IT as business driven portfolio Foster relationships with key suppliers
Carmen R. Cintrón Ferrer, , Reserved Rights Gain Trust from the Business Understand and Reflect the Business Engage the Business Drive the Business IT Business Alignment – Goals The Technology Garden, Collins et als.
Carmen R. Cintrón Ferrer, , Reserved Rights IT Business Alignment – Achieving Aligment The Technology Garden, Collins et als. Vision/MissionBusiness Model Business/IT Model Business Strategy Division Strategies IT Capability Investments IT Supported Changes IT Services Expectations
Carmen R. Cintrón Ferrer, , Reserved Rights Is IT management doing the right things? Are they doing them the right way? Are they being done well? Are we getting benefits? Has IT become a business enabler? I s the IT infrastructure secure/reliable? IT Governance issues
IT Expectations vs. Reality Carmen R. Cintrón Ferrer, , Reserved Rights Expectations: Exploit IT for Business value Fast development with quality and security IT investment provides ROI – does mores with less Increase efficiency and productivity with value and effectiveness Reality: Failure to bring innovation Unmet deadlines and/or higher costs Inadequate technology or fast obsolence Poor support to Business and/or damaged reputation, losses Negative impact on effectiveness and upon competitive position
How to assure and measure IT Value Carmen R. Cintrón Ferrer, , Reserved Rights Adopt an IT Governance Framework: Structures that contribute to strategy implementation Control measures for IT investment, opportunity, benefits and risks Sustains current operation and builds for the future Align IT with business goals: Stakeholder value drivers Value delivery Risk Management – embed responsibilities within the organization to achieve risk transparency Measure Results: Focus on core IT Competencies IT Processes Performance measurement (Balanced Business Scorecard)
IT governance model IT Principles High level statements about how IT is used in the business (against which all IT initiatives should be judged – does initiative A support the articulated principles?) IT Architecture Organizing logic for data, applications and infrastructure captured in a set of policies and relationships, and technical choices to achieve desired business and technical standardization and integration (deviations from standards should be fully justified and implications fully understood). IT Infrastructure Decisions Centrally coordinated, shared IT services that provide the foundation for the enterprises IT capability (promoting reuse of components) Business Application Needs Specifying the business need for purchased or internally developed IT applications (adhering to IT architecture where appropriate) IT Investment & Prioritization Decisions about how much and where to invest in IT, including project approvals and justification techniques (ensuring that all projects that have a technology implication are fully considered, and to ensure that the portfolio is appropriately balanced [applications, technology, large - small, low -high risk]) © MIT Sloan School Centre for Information Systems Research Carmen R. Cintrón Ferrer, , Reserved Rights
Department and IT Alignment Carmen R. Cintrón Ferrer, , Reserved Rights IT – Business Team
IT Architecture Carmen R. Cintrón Ferrer, , Reserved Rights Infrastructure Integration Technologies Customer Interfaces Web & Customer Management Business Intelligence & Dashboards Applications Network & Devices Security Enterprise Resources Planning Customer Services Platforms
IT Performance Alignment Carmen R. Cintrón Ferrer, , Reserved Rights Business Strategy Alignment Activities IT Operations IT Strategy Business Operations
IT Resources Management Carmen R. Cintrón Ferrer, , Reserved Rights Balance the cost of Infrastructure with the quality of service required for successful value delivery Optimizing Knowledge and Infrastructure: Staffing, Skills, Training – IT Personnel Assets – Reuse/Buy/Make: Enterprise Resources Planning (ERP) Provider/Vendor /Partner Management IT Project Management
IT Controls Carmen R. Cintrón Ferrer, , Reserved Rights Internal Controls: Control objectives and activities to comply with Laws, Regulations and Internal Policies Controls Automation is when internal controls are automated (are integral part of systems) Compliance Testing: Procedures (manual or automated) used to verify and/or demonstrate that controls and activities are operating as intended Compliance automation: Automated measures of internal controls effectiveness Automatic Reporting External Controls integration Remediation planning
IT Value Delivery Carmen R. Cintrón Ferrer, , Reserved Rights
Risk Allocation: Contracts Service Level Agreements Cloud and Hosting Risk Mitigation - security & control practices Risk Transfer - insurance & liability Risk Assurance - audit & certification Risk Acceptance: Formal Transparent IT Risk Management
IT Metrics Carmen R. Cintrón Ferrer, , Reserved Rights Financial PerformanceProject Performance Operational Performance User Satisfaction Strategic Links
IT Governance Carmen R. Cintrón Ferrer, , Reserved Rights
IT Governance Scenario A national retail bank in India, with hundreds of subsidiaries and branches, decided to automate its operations and move its services online. Since most of its services are common across all its branches, the bank decided to implement a Service Oriented Architecture (SOA) to increase the interoperability. It was decided that the corporate IT group would be in charge of execution of the complete project, including the implementation of SOA and definition of its services. Needless to say, the project started with much optimism and excitement. However six months into the project, it ran into roadblocks. Cracks started to become visible. There were frequent disagreements among the various business units on who is responsible for defining and administering the SOA services. Who is responsible for the overall governance of the project? Some groups have also questioned corporate IT’s shortsightedness of not carefully considering the complexity of integrating existing applications built across diverse platforms and technologies. The need for a clear IT strategy and technology roadmap was clearly felt. A year later, the project was scrapped. It became impossible to execute the project without a well-defined IT Roadmap, Enterprise Architecture and IT Governance mechanisms. What went wrong? A national retail bank in India, with hundreds of subsidiaries and branches, decided to automate its operations and move its services online. Since most of its services are common across all its branches, the bank decided to implement a Service Oriented Architecture (SOA) to increase the interoperability. It was decided that the corporate IT group would be in charge of execution of the complete project, including the implementation of SOA and definition of its services. Needless to say, the project started with much optimism and excitement. However six months into the project, it ran into roadblocks. Cracks started to become visible. There were frequent disagreements among the various business units on who is responsible for defining and administering the SOA services. Who is responsible for the overall governance of the project? Some groups have also questioned corporate IT’s shortsightedness of not carefully considering the complexity of integrating existing applications built across diverse platforms and technologies. The need for a clear IT strategy and technology roadmap was clearly felt. A year later, the project was scrapped. It became impossible to execute the project without a well-defined IT Roadmap, Enterprise Architecture and IT Governance mechanisms. What went wrong? Pritam Dey, using Technology Transformation Effectively to Improve Business – IT Alignment, 2009
IT Governance Scenario IT Roadmap A technology roadmap was not clearly defined. How would the existing applications be integrated/upgraded? How would the bank stay attuned with constantly evolving technology? Service Oriented Architecture (SOA) Was the decision to implement SOA carefully considered by taking into account the interoperability and a need for a federation of resources? Was an SOA Governance Structure created to resolve trust issues across teams? How would the SOA security issues be handled? IT Governance Was a clearly defined Governance structure established to ensure that the organization’s IT sustains the organization’s strategies and objectives? Did the board understand the overall architecture of its company’s IT applications portfolio? IT - Business Alignment Did the organization take a broader view of the business strategies and objectives and realize how IT is going to sustain and extend them ? Was there a sincere effort to increase the value of IT projects and reduce the gap between IT and business? Pritam Dey, using Technology Transformation Effectively to Improve Business – IT Alignment, 2009 Carmen R. Cintrón Ferrer, , Reserved Rights