Agenda

1
Agenda

• Is IT Governance the next Big Thing?.
• Is it the new consultant-led must have?
• How many Board Directors know anything about IT?
• How can IT innovate and also conform to
  standards?
• Who is liable for breaches of the new privacy
  regulations?

2
What is governance?

• Governance is about control, accountability,
  responsibility, and authority.
• It is about rules and regulations, about who sets
  the rules and how compliance is monitored
• There are several forms of governance

3
Forms of governance

• Board members must ensure compliance with certain
  rules and regulations
• Ethical governance defines the beliefs, values
  and morals, which in turn determine the culture
  of an organisation and define what is/is not
  acceptable behaviour

4
Whats information governance?

• It is the rules and regulations that ensure that
  all information available in an organisation is
  being used effectively and in compliance with
  both legal and ethical governance
• Paul Strassman calls it information politics

5
Whats IT governance?

• This is the rules and regulations that ensure
  that resources are not being wasted or
  inappropriate investments being made.
• A structure of relationships and processes to
  direct and control the enterprise in order to
  achieve the enterprises goals by adding value
  while balancing risk versus return over IT and
  its processes.
• IT Governance Institute

6
IT Governance

• IT governance is the term used to describe how
  those persons entrusted with governance of an
  entity will consider IT in their supervision,
  monitoring, control and direction of the entity.
  How IT is applied within the entity will have an
  immense impact on whether the entity will attain
  its vision, mission or strategic goals.
• Robert Roussey, CPA, Uni of Southern California

7
IT Governance

• Provides the structure that links IT processes,
  IT resources, and information to enterprise
  strategies and objectives
• Integrates optimal ways of planning and
  organising, acquiring and implementing,
  delivering and supporting, and monitoring IT
  performance

8
IT Governance

• Enables the enterprise to take full advantage of
  its information, thereby maximising benefits,
  capitalising on opportunities and gaining
  competitive advantage.
• IT Governance Institute

9
How is this done?

• Through the use of a framework based on Maturity
  models, Critical Success Factors, Key Goal
  Indicators, Key Performance Indicators.
• With 34 high-level control objectives
• And 318 detailed control objectives
• We will return to these later

10
Information Governance
11
Whose job is information governance?

• First, the CEO must be sure to regard IT as a
  strategic resource to help the business get more
  out of its people. Second, the CEO must learn
  enough about technology to be able to ask good,
  hard questions of the CIO and be able to tell
  whether good answers are coming back. Third, the
  CEO needs to bring the CIO into managements
  deliberations and strategising. Its impossible
  to align IT strategy with business strategy if
  the CIO is out of the business loop.
• Bill Gates, Business_at_thespeedoflight

12
One CEOs view

• The board of directors of my company is well
  aware its role is to oversee the companys
  organisational strategies, structures, systems,
  staff and standards. However, as President of
  the company, it is my responsibility to ensure
  that they extend that oversight to the companys
  IT as well. In todays economy, and with our
  reliance on IT for competitive advantage, we
  simply cannot afford to apply to our IT anything
  less than the level of commitment we apply to
  overall governance
• Michael Cangemi, President and CEO, Etienne
  Aigner Group Inc

13
Is it like stewardship?

• Stewardship is extending to IT as boards question
  the depth of their enterprises reliance on IT.
• IT is an integral part of the business
• IT governance is an integral part of corporate
  governance.

14
Why the interest in IT?

• IT is strategic
• IT is critical
• There is an expectation/reality mismatch
• IT is a big investment
• IT is high risk

15
Discussion

• So, is information governance the CEOs job?
• How many CEOs have the right skills for it?
• If not, who do they turn to?

16
What about Board Directors?

• Governance is derived from the Latin word to
  steer.
• Prevent a ship from straying into dangerous
  waters
• But also to guide it to its chosen destination
• Conformance plus performance
• Ivor Francis

17
What affects performance?

• 11 of the 31 functions of directing were
  identified as having played the largest part in
  accounting for performance.
• They include
• Foster directors understanding of the companys
  business, the processes by which it creates
  value, and key measures of performance and
  potential

18
Performance affecting functions

• Assure the functions
• Manage information systems and services
• Manage research and innovations in technology and
  operations
• Manage the development of new products and
  services
• Manage supplier relations
• Ivor Francis

19
But are they doing this?

• Are directors sufficiently knowledgeable,
  skilled, and motivated to ensure the prosperity
  and independence of the company and to contribute
  to the welfare of the nation?
• How many have any real idea of the value of
  information they already have?
• How many have any real idea of the potential for
  improvement?
• On what basis should we expect then to know?

20
Directors

• Are responsible for running the company, and
  accountable for its performance.
• If they delegate some powers to managers, those
  managers are accountable to those who employ
  them, but ultimately the directors are
  accountable for the performance of the company.
• Are Directors accountable to the stakeholders, or
  just to the shareholders?

21
Directors deliverables

• Growth of assets
• Strong and healthy organisation
• Profitability
• Value to consumers and public
• Quality products and services
• Innovative products and services

22
Whats changed?

• IT used to be used for efficiency
• Then for effectiveness
• Then for process transformation
• And for competitiveness, especially with
  e-Business
• Did they care about computers as adding machines?
• Should they care about IT now?

23
Whats changed?

• ITs enabling capacity for new business models
  and changing business practices
• ITs increasing cost and informations increasing
  value
• The risks of doing business in an interconnected
  digital world and the dependence on entities
  beyond the direct control of the enterprise
• .more.

24
Whats changed?

• ITs impact on business continuity due to
  increasing reliance on information and IT in all
  aspects of the enterprise
• ITs ability to build and maintain knowledge
  essential to sustain and grow the business
• The failures of IT, increasingly impacting
  reputation and enterprise value
• From Board Briefing on IT Governance.
• www.itgovernance.org

25
Is IT governance harder?

• Due to the complexity and specialisation, this
  governance layer must rely heavily on the lower
  layers in the enterprise to provide the
  information needed in its decision-making and
  evaluation activities good practices in IT
  governance need to be applied throughout the
  enterprise.

26
IT Governance Activities

• Become informed of role and impact of It on the
  enterprise
• Set direction and expected return
• Determine required capabilities and investments
• Assign responsibilities
• Sustain current activities
• Make transformation happen
• Define constraints within which to operate
• Acquire and mobilise resources
• Manage risk
• Obtain assurance

27
The IT dilemma

• What happens to innovation?
• Innovative thinking is not so much a logical
  thought process as a receptiveness to those
  serendipitous ideas and opportunities that are
  encountered and a determination to convert them
  into new capabilities.
• Ivor Francis

28
Values as the driver

• Does it start with the values of the
  organisation?
• Do things have to be in the strategic plan?
• What happens to the IT strategy when the business
  strategy changes?
• Buckmans Code of Ethics
• Alignment is still an issue

29
Alignment issues

• Emphasise communication
• Make symbolic gestures, e.g. CEO uses electronic
  communication
• CIO must report to the CEO
• Establish an alignment process
• Have cross fertilisation between business and IT
• Allow room for mistakes but learn from them
• Dont spend too much time on planning
• The alignment process is ongoing
• CIO magazine, Feb 2001, used as a reading in the
  ACS subject Management and Strategy for IS.

30
Expectations and reality

• What we expect
• Quality IT solutions on time and on budget
• Exploit IT for business value
• Leverage IT for increased efficiency and
  productivity while managing IT risks

• What we get
• Business losses, weaker competitive positions
• Missed deadlines, higher costs, lower quality
• Process degradation
• Benefits not delivered

31
Some of the processes

• Lets look at the IT Governance Maturity model
  paper handout
• Lets look at the 34 processes paper handout
• Lets look at the IT Governance checklist and the
  Board action Plan paper handout
• Details for processes at www.itgovernance.org

32
Dealing with privacy

• A man without privacy is a man without dignity
  the fear that Big Brother is watching and
  listening threatens the freedom of the individual
  no less than the prison bars
• Professor Zelman Cowen, 1969 The Private Man,
  ABC Boyer Lectures

33
Not everyone agrees

• Privacy is dead get over it
• Scott McNealy, Sun
• Who agrees with him?
• Bruce Schneier (cryptographer)
• If McDonalds offered a free Big Mac in exchange
  for a DNA sample
• Thered be lines around the block

34
How concerned are we?

• ³90 of respondents view each of the following as
  privacy invasive
• 95 business with which you have no dealings
  obtains your details
• 90 monitoring of Internet usage without the
  individuals consent
• 94 using personal details for a purpose
  other than intended
• 93 asking for details irrelevant to the
  transaction

35
Privacy and Business

• 95 considered customer privacy to be very
  important or important
• 80 dependent on ability to protect customer
  information
• 19 commenced preparation for the legislation

36
What is Personal Information ?

• information or an opinionabout an individual
  whose identity is apparent, or can reasonably be
  ascertained, from the information or opinion
• Privacy Act 1988

37
New regulations

• New privacy rights for consumers will change
  business practices forever
• Australias Federal Privacy Commissioner

38
Privacy regulations

• Business with turnover gt 3 million
• Can only use info for the purpose given for
  collecting it
• Info must be stored securely
• Individuals must have access to whatever info is
  held about them, including raw facts and opinions
  used in the decision-making process

39
Privacy regulations

• 86 of businesses fear a privacy breach will
  affect share price
• One organisation found personal information in
  the most surprising places during a privacy audit

40
What will it cost?

• Privacy upgrade will cost tens of millions of
  dollars
• We called four tenders from four different kinds
  of consultants because the expertise required for
  this isnt just straight legal or systems
  expertise, its project management as well
• Jane Nash, ANZ Bank,
• Head of Govt and Regulatory Affairs

41
Not to mention marketing

• Aust Direct Marketing Assoc requires members to
  have a CPO
• CPO needs to really understand the business
  issues, risk management issues and branch and
  shareholder issues. Systems is an important
  component of it, but its also a marketing issue.

42
Lets answer the questions

• Is IT Governance the next Big Thing?.
• Is it the new consultant-led must have?
• How many Board Directors know anything about IT?
• How can IT innovate and also conform to
  standards?
• Who is liable for breaches of the new privacy
  regulations?

43
Well be back

• Please fill in your review forms
• There are 4 sessions planned for 2002
• First one will be an indepth analysis of the new
  privacy regulations
• IT Governance slides are available on the ACS web
  site (??? Check closer to event)
• Thanks for your time and attention
• Seasons greetings to you and your families