Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT GOVERNANCE December 1, 2017.

Published byJack Neal Modified over 5 years ago

Similar presentations

Presentation on theme: "IT GOVERNANCE December 1, 2017."— Presentation transcript:

1 IT GOVERNANCE December 1, 2017

2 IT Governance What is IT Governance ?
IT governance provides the framework to ensure that IT investments and processes can support the organization’s overall business needs. Who is responsible for IT Governance? Information Technology (IT) Governance is the responsibility Executive Management and the board of directors (BOD) and is a strong representation of the “tone from the top”. Many BODs now have an “IT Committee” Why is IT Governance Required/Recommended? Without effective IT Governance, risk exists that existing IT assets and capabilities may not meet the organization’s strategic, operational, or financial objectives, or that additional IT investments will not achieve their intended incremental benefits to the organization. The Institute of Internal Auditors (IIA) standard states that an IT governance review needs to be part of Internal Audit planned activities. COBIT emphasize the importance of IT Governance

3 Typical IT Governance Areas
The following five IT governance capabilities are typically included: IT Governance capability Definition Strategic Alignment Monitoring the linkage of business and IT plans; defining, maintaining and confirming the IT value proposition; and aligning IT operations with enterprise operations. Risk Management Having a clear understanding of the appetite for risk, understanding compliance requirements, providing transparency about significant risks to the enterprise and embedding risk management responsibilities into the organization. Value Delivery / “Project Governance” Executing the value proposition throughout the delivery cycle; making sure that IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT. Performance Management / “Ongoing IT Operations” Tracking and monitoring, resource usage, process performance and service delivery. Resource Management Optimizing investment in, and the proper management of, critical IT resources: applications, information, infrastructure and people.

4 What are the benefits of IT Governance ?
Alignment of business and IT strategies. Greater efficiencies, increased support and reduced costs when implementing change. Effective risk management and regulatory compliance. Effective and efficient use of IT resources for asset utilization, and business growth and flexibility. Improved culture in adherence to company policies and procedures. Improved communication of the role of IT in achieving business results and the capability to meet business needs. Improved IT performance measurement capabilities.

5 Where does IT Governance fit in an Organization ?

6 IT Governance Assessment Approach
1. Identify Key Contacts 2. Conduct Interviews 3. Facilitate Discussion and Understanding 4. Obtain Evidence 5. Evaluate Maturity Level 6. Provide Recommendations and Track Remediation Identify key contacts within the Organization’s business organization. Conduct interviews with each contact on an individual basis. Allow for free-form discussion to understand the areas of greatest concern in IT. Obtained and review supporting documentation and evidence. Information obtained is assessed to evaluate the maturity level of each of the IT governance capabilities which are defined in the IT Governance Maturity Model* (GMM). Provide recommendations and track remediation.

7 Obtain the Evidence General and #1 – Strategic Alignment
IT Governance Framework 1 Existing Governance Framework/Structure (including details around various committees, Governing Principles etc.) 2 Latest IT Steering Committee meeting material, IT PMO meeting material (if any) 3 IT Org Structure 4 IT Roles, Responsibilities & Accountability document (if applicable) Strategic Alignment 5 Overall Organization mission, vision details as well as IT mission, vision details. 6 IT Strategy document 7 IT short term and long term plan (3-5 years)

8 Obtain the Evidence #2 – Risk Management
8 Evidence of risk assessments performed by management, existence of risk assessment framework. (IT risk management processes to identify, analyze, mitigate, manage, monitor, and communicate IT risk) 9 Documented control objectives and activities relating to IT Risk Management 10 Documented Enterprise Risk Management (ERM) Framework, process and initiatives (if any) and alignment with IT risk management. 11 Third Party/Vendor risk management policies and procedures 12 Documented details around risk appetite and approved risk tolerance levels. (if applicable) 13 IT risk management policies, procedures and standard. 14 Any IT Internal Audit reports in the past 24 months

9 Managing Ongoing IT Operations
Obtain the Evidence #3 – Project Governance and #4 – Managing IT Operations Managing Ongoing IT Operations 15 Performance metrics for services, projects, processes, and systems 16 Sample reports of IT’s performance against defined metrics to key stakeholders and executive management Project Governance 17 Process for the evaluation of investment and services portfolios 18 Established criteria for project prioritization 19 Details around investment types and requirement for stage-gate reviews. 20 Process for establishing ROI (return on investment)

10 Obtain the Evidence #5 – Resource Optimization
21 Process to identify, acquire and maintain IT resources and capabilities (i.e., information, services, infrastructure and applications, and people) 22 Details around enterprise architecture (diagram, principles, approach etc.) 23 Roles and responsibilities around resource management. 24 Resource gap analysis process 25 Policies to guide IT resource sourcing strategies that include service level agreements (SLAs) and changes to sourcing strategies. 26 Policies and processes for the assessment, training and development of staff to address enterprise requirements and personal/professional growth.

11 Conduct Interviews–(Large Insurance Company in Midwest)
1 CIO 2 IT: VP Shared Services, VP Infrastructure, VP Information Security, VP PMO and Application Development 3 CEO (not typical) 4 COO 5 CFO 6 CRO 7 Business Unit Leaders – Region 1, Region 2, Region 3, Region 4, Region 5 (only interviewed 2 of 5) 8 Audit Committee Chairman 9 Board of Director Members – IT (2 members)

12 Typical Questions The following are some of the questions we will be discussing during our interviews. Not all questions may be asked during each interview (of course additional questions may be asked to address follow-up points or questions raised). Strategic Alignment Do you believe IT is appropriately supporting the business – both from a tactical perspective and from a strategic perspective? What processes exist for defining and updating the IT strategic plan? What improvements could be made by the business and IT to improve this strategic coordination (if any)? Project Governance What formal investment criteria are defined to ensure that IT investments align with business requirements? Are IT enabled investments monitored by governance committees such as an IT steering committee? Do you believe that IT is delivering the value for the cost incurred (both capital and operational costs)?

13 Typical Questions Managing IT operations
What outcomes and performance measures are established? Are they supported by metrics and targets for IT? Which personnel or committees are responsible for setting performance measures for IT? Are service level agreements with end-user established and monitored – includes service providers? Have there been specific issues or concerns which you believe IT should address to improve its overall performance? Resource Management What processes are implemented to ensure IT resource management, which includes, people, hardware, and software, is aligned with business objectives? What demand and capacity planning processes are implemented for IT? Do you believe IT is spending the appropriate money in supporting the business? Are there specific areas you believe could be addressed? Risk Management What key IT controls/risk management processes do you believe could be improved – e.g., security or system development? Does the company spend the appropriate time and money monitoring IT controls? Does management appropriately prioritize IT finding for remediation? Does the company spend the appropriate time and money remediating IT controls.

14 IT Governance Maturity Level Assessment Example Deliverable (NICE…
IT Governance Maturity Level Assessment Example Deliverable (NICE…. But…..)

15 Recommendations Strategic Alignment Priority Risk Management
Continue with the roll-out of the Corporate-wide IT governance plan Risk Management Internal Audit is not performing IT internal audits in an effective or efficient management IT does not have a well defined process for rolling out an effective IT risk management program Project Governance Evaluate and remediate IT Change Management, System Development and Project Management processes, key areas include: Consistent software testing and QA processes Standardized Project Management processes Implement “Project Governance” process as part of overall IT Governance Additional approvals for Capital / Operational project spends should be approved by the IT Steering Committee Project Go/No Go criteria should be defined and implemented throughout a project lifecycle Managing IT Operations Evaluate and optimize IT request processes Resource Management Evaluate and optimize current IT organizational structure: Do we have right resources in the right place to support the business? Legend: High Priority Medium Priority Low Priority

16 TOP 10 IT COST SAVING OPPORTUNITIES
December 1, 2017

17 Cost Optimization Framework: People, Process and Technology
Deloitte uses this framework to examine its clients’ IT functions and parse the broader IT activities into manageable business activities for cost optimization Deloitte’s 13-Discipline IT Framework Potential Opportunities Business & IT Strategy Alignment Aligns IT strategy with business strategy and manages demand to maximize the value of the IT portfolio Reduce spend by requiring demand to be aligned and return value. Setting the Direction IT Operating Structure, Governance, & Compliance Defines the structure and governance to deliver the strategy and maintain compliance with internal policies and requirements Optimize functions, rigorous demand management, strong policy presence, customer aligned delivery Innovation & Architecture Defines the business and IT architectures to drive innovation of business models, processes and required IT systems Funding parity, external cost recovery, financial controls Talent & Organization Management Secures the right talent, effectively organized, to execute the IT function and deliver on commitments De-layer/span of control, productivity alignment with benchmarks, resource and talent management Managing IT Resources & Assets IT Performance & Financial Management Enables strategic and operational decisions based on understanding the economic and performance implications Imbedded budgets, service line cost responsibilities, support of alternate sourcing IT Risk & Security Delivers secure, reliable IT systems and manages IT risks Cost avoidance, objective risk assessments, consolidate functions and toolsets Project Management Executes projects on time, within budget, and with quality Eliminate over-runs, risk identification and remediation, no surprises Business Relationship Management Builds partnerships with business stakeholders Optimize functions, rigorous demand management, customer aligned delivery model Solution Delivery Cost avoidance, consolidate functions, service and productivity models Develops technology-enabled business capabilities Operations & Delivery of IT Services Application Services Effective and efficient operations and management of applications throughout the service lifecycle Application rationalization, acquisition through demand management, managed services, discretionary FTEs Infrastructure Services Effective and efficient operations and management of the IT infrastructure throughout the service lifecycle Productivity alignment with benchmarks, rationalization of tools, managed services Service Management Delivers efficient, reliable, and secure IT services Service Improvement Sourcing & Vendor Management Leverages third parties to execute the strategy and operations Contract consolidation, alternate sourcing, contract renegotiation

18 Cost Optimization: Top 10
Top 10 Cost Savers 1 Cloud/Shadow IT 2 3 4 5 6 7 8 9 10

19 Cost Optimization: Top 10
Top 10 Cost Savers 1 Cloud/Shadow IT 2 Zero based budgeting 3 4 5 6 7 8 9 10

20 Cost Optimization: Top 10
Top 10 Cost Savers 1 Cloud/Shadow IT 2 Zero based budgeting 3 Application rationalization 4 5 6 7 8 9 10

21 Cost Optimization: Top 10
Top 10 Cost Savers 1 Cloud/Shadow IT 2 Zero based budgeting 3 Application rationalization 4 Organizational / Infrastructure alignment and optimization 5 6 7 8 9 10

22 Cost Optimization: Top 10
Top 10 Cost Savers 1 Cloud/Shadow IT 2 Zero based budgeting 3 Application rationalization 4 Organizational / Infrastructure alignment and optimization 5 SDLC and change management - streamline 6 7 8 9 10

23 Cost Optimization: Top 10
Top 10 Cost Savers 1 Cloud/Shadow IT 2 Zero based budgeting 3 Application rationalization 4 Organizational / Infrastructure alignment and optimization 5 SDLC and change management - streamline 6 Managed services (e.g., ERP, DR, help desk) – typical 30-40% cost reduction 7 8 9 10

24 Cost Optimization: Top 10
Top 10 Cost Savers 1 Cloud/Shadow IT 2 Zero based budgeting 3 Application rationalization 4 Organizational / Infrastructure alignment and optimization 5 SDLC and change management - streamline 6 Managed services (e.g., ERP, DR, help desk) – typical 30-40% cost reduction 7 Contract rationalization (strategic sourcing) – one client saved $20M on Telecom alone! 8 9 10

25 Cost Optimization: Top 10
Top 10 Cost Savers 1 Cloud/Shadow IT 2 Zero based budgeting 3 Application rationalization 4 Organizational / Infrastructure alignment and optimization 5 SDLC and change management - streamline 6 Managed services (e.g., ERP, DR, help desk) – typical 30-40% cost reduction 7 Contract rationalization (strategic sourcing) – one client saved $20M on Telecom alone! 8 Software license / asset management 9 10

26 Cost Optimization: Top 10
Top 10 Cost Savers 1 Cloud/Shadow IT 2 Zero based budgeting 3 Application rationalization 4 Organizational / Infrastructure alignment and optimization 5 SDLC and change management - streamline 6 Managed services (e.g., ERP, DR, help desk) – typical 30-40% cost reduction 7 Contract rationalization (strategic sourcing) – one client saved $20M on Telecom alone! 8 Software license / asset management 9 System decommissioning 10

27 Cost Optimization: Top 10
Top 10 Cost Savers 1 Cloud/Shadow IT 2 Zero based budgeting 3 Application rationalization 4 Organizational / Infrastructure alignment and optimization 5 SDLC and change management - streamline 6 Managed services (e.g., ERP, DR, help desk) – typical 30-40% cost reduction 7 Contract rationalization (strategic sourcing) – one client saved $20M on Telecom alone! 8 Software license / asset management 9 System decommissioning 10 Strong IT Governance!

28

Download ppt "IT GOVERNANCE December 1, 2017."

Similar presentations

. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
A presentation for CIOs. What are the biggest challenges that face a modern CIO? (Lets list them…)

A presentation for CIOs. What are the biggest challenges that face a modern CIO? (Lets list them…)
Program Management Office (PMO) Design

Program Management Office (PMO) Design
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Introduction to Enterprise Risk Management (ERM)

Introduction to Enterprise Risk Management (ERM)
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Program Management Overview (An Introduction)

Program Management Overview (An Introduction)
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
ISS IT Assessment Framework

ISS IT Assessment Framework
IT Governance and Management

IT Governance and Management
Managing the Information Technology Resource Jerry N. Luftman

Managing the Information Technology Resource Jerry N. Luftman
By Saurabh Sardesai www.starvaluemodel.com October 2014.

By Saurabh Sardesai October 2014.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
How can projects be controlled?

How can projects be controlled?
Privileged and Confidential Strategic Approach to Asset Management Presented to October 2004 2004 Urban Water Council Regional Seminar.

Privileged and Confidential Strategic Approach to Asset Management Presented to October Urban Water Council Regional Seminar.
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing
The Evergreen, Background, Methodology and IT Service Management Model

The Evergreen, Background, Methodology and IT Service Management Model
IT Process Organization (Provided by Booz-Allen & Hamilton)

IT Process Organization (Provided by Booz-Allen & Hamilton)
Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.

Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.
Continual Service Improvement Process

Continual Service Improvement Process

Similar presentations

Ads by Google