Title: Round Table Discussion 3 Principles of IT Governance
1Round Table Discussion 3 Principles of IT
Governance IT Governance from the Worlds
Perspective
By Dr. Wachara Chantatub Faculty of Commerce and
Accountancy Chulalongkorn University Email
wachara_at_acc.chula.ac.th
2IT Governance from the Worlds Perspective
- Executive Summary
- Critical Issues of IT Management
- 4 Ps
- IT Management and Governance Frameworks
- IT Government
- The IT Governance Institute
- IT Governance Global Status Report 2006 (the
Work) - Conclusion
3Executive Summary
- Over the years, IT has become the backbone of
businesses to the point where it would be
impossible for many to function (let alone
succeed) without it. As a result of its
increasing role in the enterprise, the IT
function is changing, morphing from a technology
provider into a strategic partner. - IT Governance is a structure of relationships and
processes to direct and control the enterprise in
order to achieve the enterprises goals by adding
value while balancing risk versus return over IT
and its processes. - This topic will present researches, findings,
lessons learnt, and opinions on IT Governance
from the worlds experts.
4Critical Issues of IT Management
- Considering all the issues of IT management, we
have identified the following as critical issues - Environment
- Today IT manager must manage a decentralized,
end-user-focused environment. - Role
- The current IT manager, instead of serving as the
technical custodian of computer hardware
entities, now functions more like an agent
between IT resources and end-users. - Expanding Focus
- The IT manager must understand the global issues
of the business and its customers, as well as
have a comprehensive knowledge of global IT
management. IT has expanded on an international
level and, as such, the present focus is now on
matters that are more global in nature. The
influx of technology into nearly every country
has opened a cross-cultural window into other
nations that, to this point, was unavailable.
5- Integration
- In a given organization, the IT department is no
longer strictly a separate function, rather, it
is an integrated function of all departments. - Increased Risks
- IT managers must be knowledgeable enough to
effectively deal with greatly increased security
risks brought about by the integration of
technology. - Inadequate Preparation
- Business schools continue to graduate students
lacking basic knowledge in IT management. -
- Adapted from Curriculum Model 2000 of the
Information Resource Management Association and
the Data Administration Managers Association
64 Ps
- IT management is all about the efficient and
effective use of the four Ps - People
- Processes
- Products (tools and technology)
- Partners (suppliers, vendors, and outsourcing
organizations).
7IT Management and Governance Frameworks
- COBIT (Control Objectives for Information and
Related Technology) - ITIL (IT Infrastructure Library)
- CMMI (Capability Maturity Model Integration)
- BS 15000
- MOF (Microsoft Operations Framework)
- and more
8- COBIT (Control Objective for Information and
Related Technology) - Issued by the IT Governance Institute (ITGI),
COBIT is an industry accepted standard for IT
security and control practices that provides a
reference framework for management, users and
security practitioners. - ITIL (IT Infrastructure Library)
- ITIL is one of the most widely accepted
management frameworks in the IT world and
describes an integrated set of process-oriented
best practices for managing IT services.
9- CMMI
- Capability Maturity Model Integration (CMMI) is
a process improvement approach that provides
organizations with the essential elements of
effective processes. It can be used to guide
process improvement across a project, a division,
or an entire organization. CMMI helps integrate
traditionally separate organizational functions,
set process improvement goals and priorities,
provide guidance for quality processes, and
provide a point of reference for appraising
current processes.
10- BS15000
- This is the first formal standard for IT Service
Management, developed by the British Standards
Institute (BSI Code of Practice for IT Service
Management). It is viewed across the industry as
a crucial step in turning best practices into
reality. - MOF (Microsoft Operations Framework)
- MOF is a collection of best practices,
principles, and models. It provides comprehensive
technical guidance for achieving mission-critical
production system reliability, availability,
supportability, and manageability for solutions
and services built on Microsoft products and
technologies. This guidance is presented in the
form of white papers, service management guides,
assessment tools, operations kits, best
practices, case studies, and support tools that
address the people, process, and technologies for
effectively managing production systems within
todays complex distributed IT environment.
11Evolution of IT Management Frameworks
12IT Governance
- IT Governance Process
- IT Governance Areas
Source www.itgi.org
13IT Governance Process
Source www.itgi.org
14IT Governance Areas
- Strategic alignment
- with focus on aligning with the business and
collaborative solutions - Value delivery
- concentrating on optimising expenses and proving
the value of IT - Risk management
- addressing the safeguarding of IT assets,
disaster recovery and continuity of operations - Resource management
- optimising knowledge and IT infrastructure
- Performance measurement
- tracking project delivery and monitoring IT
services
Source www.itgi.org
15The IT Governance Institute
- The IT Governance Institute (ITGI) (www.itgi.org)
was established in 1998 in recognition of the
increasing criticality of information technology
to enterprise success. In many organizations,
success depends on the ability of IT to enable
achievement of business goals. In such an
environment, governance over IT is as critical a
board and management discipline as corporate
governance or enterprise governance. Effective IT
governance helps ensure that IT supports business
goals, maximizes business investment in IT, and
appropriately manages IT-related risks and
opportunities. - ITGI is a research think tank that exists to be
the leading reference on IT-enabled business
systems governance for the global business
community. ITGI aims to benefit enterprises by
assisting enterprise leaders in their
responsibility to make IT successful in
supporting the enterprise's mission and goals. By
conducting original research on IT governance and
related topics, ITGI helps enterprise leaders
understand and have the tools to ensure effective
governance over IT within their enterprise.
16IT Governance Global Status Report 2006 (the
Work)
- In 2005, PwC was commissioned by ITGI to conduct
the second global survey on IT governance. The
survey was conducted from July 2005 until October
2005 and this report highlights the most
significant find - The purpose of the survey was to reach members of
the C-suite to determine their sense of priority
and actions already taken relative to IT
governance and their need for tools and services
to help assure effective IT governance.
17Key Findings of the 2006 Survey
- 1. IT is more critical to business than ever.
- 2. General managers feel more positive toward IT
than IT managers do. - 3. Significant differences amongst industry
sectors exist. - 4. IT staffing is the most important IT-related
problem. - 5. IT security is not the most important
IT-related problem. - 6. IT outsourcing is out.
- 7. Awareness of ISACA and ITGI has increased.
- 8. Awareness of COBIT has increased.
- 9. Sarbanes-Oxley has not created the
anticipated effect. - 10. IT governance (and COBIT) is not as easily
implemented as originally estimated. - 11. COBIT is being used by about 10 percent of
the IT population.
18- 1. IT is more critical to business than ever.
- For 87 percent of the participants, IT is quite
to very important to the delivery of the
corporate strategy and vision. - For 63 percent of the respondents, IT is
regularly or always on the boards agenda.
Question Thinking about your overall corporate
strategy or vision, how important do you consider
IT to be to the delivery of this strategy or
vision?
19Question How frequently is IT included on your
organisations board agenda?
202. General managers feel more positive toward IT
than IT managers do. Compared to IT managers,
general managers attach even more criticality and
importance to IT. In addition, they are generally
more satisfied with IT and with its strategic
alignment with the business.
Question Thinking about your overall corporate
strategy or vision, how important do you consider
IT to be to the delivery of this strategy or
vision?
213. Significant differences amongst industry
sectors exist. IT/telecom and financial services
appear to be better performers when it comes to
IT governance, while the retail and manufacturing
industries are lesser performers. These outcomes
are in line with the degree of strategic
importance of IT in these industry sectors.
Question Thinking about your overall corporate
strategy or vision, how important do you consider
IT to be to the delivery of this strategy or
vision?
224. IT staffing is the most important IT-related
problem. When taking into account all aspects of
a problem, such as frequency of occurrence,
severity of the problem and future evolution, IT
staffing appears to be the most important problem
in IT.
Question Compound problem index?
235. IT security is not the most important
IT-related problem. When taking all dimensions of
the problem into account, security (and
compliance) is ranked last of eight IT problem
categories.
Question Compound problem index?
246. IT outsourcing is out. IT outsourcing is no
longer seen as the most effective measure to
resolve IT problems. As business and IT have
become increasingly aware of the fact that IT
problems cannot be outsourced, they have tended
to bring control of problematic systems back
in-house.
Question How effective could the following high
level measures be for resolving your IT-related
problems?
257. Awareness of ISACA and ITGI has
increased. Awareness amongst the general IT
population of the ISACA and ITGI brands has
almost tripled compared to the 2003 survey.
Question What organisations are you aware of
that provide or implement solutions to IT
governance problems?
268. Awareness of COBIT has increased. Awareness in
the general population of the existence of COBIT
has increased by 50 percent since 2003, from 18
percent to 27 percent. In addition, one out of
six respondents who know COBIT claims to know the
contents to a great extent.
Question Are you personally aware of the
existence of COBIT ?
27Question If you are personally aware of the
existence of COBIT, are you personally aware of
the contents of COBIT?
Question If you are personally aware of the
existence and the contents of COBIT, to what
extent are you aware of its contents?
289. Sarbanes-Oxley has not created the anticipated
effect. A lower than expected numberonly 38
percentof the COBIT users indicated that
Sarbanes-Oxley legislation or other new
accounting-related legislation or regulation was
the reason to introduce COBIT in their
organisation. (The survey did not distinguish
between old and new COBIT users, which could
explain the result.)
Question Was the Sarbanes-Oxley legislation, or
any other new accounting-related legislation or
regulation, a reason to introduce COBIT in your
organisation?
2910. IT governance (and COBIT) is not as easily
implemented as originally estimated. A number of
results lead to the conclusion that implementing
IT governance is not as straightforward as
perhaps once thought. The same conclusion can be
made regarding COBIT implementation. Putting
things in perspective, however, these results
confirm that Good IT governance practices are
not built overnight they require time and
continued commitment. Implementing COBIT is
not a matter of taking it out of the box and
implementing it as written. Instead, it is a
process of selecting the most appropriate
elements, tailoring them as needed and applying
them to the specific needs of the organisation.
30Question How easy or difficult has it been for
you to implement the COBIT framework or part of
the COBIT framework?
3111. COBIT is being used by about 10 percent of
the IT population. The current acceptance rate of
COBITi.e., the percentage of the general IT
population using one or more parts of COBITis
now 10 percent (at least). Given the relatively
large number of respondents indicating that they
use an internally developed IT governance
solution, it is probable that there are a number
of hidden COBIT users who have implemented
portions of it in their own enterprise-specific
solution.
32Question What solutions/frameworks do you use or
are you considering using?
33Conclusion
- IT has become the backbone of enterprises.
- Enterprise needs IT management and governance
framework(s) to direct and control the enterprise
in order to achieve the enterprises goals by
adding value while balancing risk versus return
over IT and its processes. - IT Governance Global Status Report 2006 (the
Work) highlights the most significant findings
of awareness, perceptions and applications of IT
governance and IT governance frameworks.
343rd CIO Security Conference and Showcase
2006Proactive Preparation and Collaboration for
Thailand ICT Vision
Se
Platinum Sponsor
Gold Sponsor
Exhibitor
Strategic Alliances