IT governance: What library boards need to know now

1
IT governance What library boards need to know
now

• Karen Dubeau
• Board Member, Newmarket Public Library Board
• kwdubeau_at_yahoo.com

2
AGENDA

• What is IT Governance?
• Why is it Important for Libraries?
• How Does it Apply to Board Responsibilities
• Strategic Planning
• Financial/Legal issues
• Risk Management
• Advocacy
• Staff Retention and Recruitment
• What You Can Do Now
• Key Resources
• Questions and Answers

3
IT GOVERNANACE

• What Is IT Governance?

•  
• IT Governance is "a framework for the leadership,
  organizational structures and business processes,
  standards and compliance to these standards,
  which ensure that the organizations IT supports
  and enables the achievement of its strategies and
  objectives."  IT Governance Institute
• If Information Technology is a part of your
  business, governance now extends to and includes
  information and the IT infrastructure that
  supports your business.

4
IT GOVERNANACE

• What Is IT Governance?

• The overall objective of IT governance is to
• understand the issues and the strategic
  importance of IT, so that the organization can
  sustain its operations and implement the
  strategies required to extend its activities into
  the future.
• IT governance aims at ensuring that expectations
  for IT are met and IT risks are mitigated.

5
IT GOVERNANACE

• Why Is It Important?

• IT Governance is the term used to describe how
  those persons entrusted with governance of an
  entity will consider IT in their supervision,
  monitoring, control and direction of the entity.
  How IT is applied within the entity will have an
  immense impact on whether the entity will attain
  its vision, mission, or strategic goals.
• Robert S. Roussey, CPA, Professor, University of
  Southern California

6
IT GOVERNANACE

• Components of IT Governance

• Strategic Alignment
• Value Delivery
• Resource Management
• Risk Management
• Performance Measurement

7
IMPORTANCE TO LIBRARIES

• Strategic Planning

• The right IT investments can save costs, improve
  productivity, provide robust services
• How IT can support the organizations achieving
  its goals - understanding the costs and benefits
• Setting guidelines for management
• Assessing capability to take advantage of IT
• Assessing skills sets required to realize
  objectives
• Framework for budget planning and capital
  investments

8
IMPORTANCE TO LIBRARIES

• Relevance of IT Governance to Libraries

• Impacts all areas of Library operations and
  service delivery
• Increasingly critical regarding deployment of
  WiFi and RFID services
• Tremendous opportunity for Libraries, but
• Impacts Strategic Planning
• Financial Planning
• Brings legal and regulatory issues
• Introduces risk and requires risk management
• Advocacy components pertinent to Libraries

9
STRATEGIC PLANNING

• Board Responsibilities

• Board needs to extend governance to IT and
  provide the leadership, organizational structures
  and processes that ensure the enterprises IT
  sustains and extends the strategies and
  objectives.
• Align IT strategy with business strategy
• Cascade IT strategy and goals down into the
  organization
• Ensure that an IT governance framework be
  developed
• Measuring IT performance

10
FINANCIAL

• Governance Issues

• Scale of Investment will grow
• Increasing focus on using technology for
• - reducing costs, expanding services, reaching
  new audiences
• - upgrading IT infrastructure (communications,
  servers, applications, and related skills)
• Will become one of the largest capital
  expenditures and running operational costs
  (second only to staffing)
• Directors are responsible for overseeing assets
  of the organization and for financial planning,
  therefore, they need to know about the
• IT costs and potentially the biggest investments

11
LEGAL ISSUES

• Board Responsibilities

• FIPPA, MFIPPA
• Ensuring compliance with relevant statutes
• Protection and privacy of patron information
• - especially on integrated or distributed
  networks
• - issue when services are hosted remotely
• - RFID carries potential for patron privacy to
  be compromised
• Licensing Agreements
• Digital Rights and Digital Rights Management

12
RISK MANAGEMENT

• Board Responsibilities

• Duty of Care
• - to clients, to funders
• - to asset management
• Network Security Issues
• - effective security is a spectrum from
  desktops to firewalss
• - public access to Internet and WiFi need to
  be able to identify breaches and have policies
  in place for account suspension
• Protection Failure Response Protocols
• - public relations component
• - failure to respond effectively could
  significantly impact future services and
  potential funding
• Business Continuity/Service Interruptions

13
ADVOCACY

• Board Responsibilities

• Bridging the digital divide appropriate
  resources provided to the community
• Promoting information literacy
• Ensuring equitable access
• Mitigating increased costs for all types of
  content (CRTC )
• Discussion of Net Neutrality and current CRTC
  positions
• Downstream effects on Libraries
• Emerging Issue of Green IT

14
FINANCIAL ISSUES

• Green IT

• An increasingly relevant subject requiring
  consideration within the sphere of IT Governance
  is the issue of Green IT. In the same way that IT
  Governance is a critical component within the
  Corporate Governance of an organisation, Green IT
  has become an essential aspect within the
  decision making, framework building, and business
  processes, of IT Governance.
• Find further information on Green IT here and a
  selection of cutting edge texts, support manuals,
  and standards on both Green IT and the
  Environmental Management Standard ISO 14000.

15
WHAT YOU CAN DO NOW

• Next Steps

• Understand emergence of CIO function in private
  sector
• Find out more about issues of concern - Learn
• You dont have to be able to program or trouble
  shoot your PC, but it does help to have a high
  level understanding of technology
• Ask pertinent questions
• Consider implementing security audit processes
• Review existing policies update where
  necessary, create where not present
• Bring in Expertise 2 methods

16
FINANCIAL ISSUES

• Regulatory Frameworks

• ISO/IEC 38500
• The world's formal international IT Governance
  Standard, IS/IEC 38500, was published in June
  2008. the standard is a key resource for IT
  governance professionals everywhere in the world.
• ITIL, CobiT and ISO17799
• ITIL, or IT Infrastructure Library, was
  developed by the UK's Office of Government
  Commerce as a library of best practice processes
  for IT service management. Widely adopted around
  the world,
• CobiT, or Control Objectives for Information and
  related Technology, was developed by America's IT
  Governance Institute. CobiT is increasingly
  accepted as good practice for control over
  information, IT and related risks.
• ISO17799, now renumbered as ISO27002 and
  supported by ISO 27001, (both issued by the
  International Standards Organization in Geneva),
  is the global best practice standard for
  information security management in organizations.
• Joint Framework
• ISO 17799 (ISO27002), ITIL and CobiT are all,
  potentially, part of any best-practice approach
  to regulatory and corporate governance
  compliance. The challenge, for many
  organizations, is to establish a co-ordinated,
  integrated framework that draws on all three of
  these standards. The recently released Joint
  Framework, put together by the ITGI (owners of
  CobiT) and the OGC (owners of ITIL) is a
  significant step in the right direction. Here is
  a webinar that describes how to leverage this
  best-practice framework to simplify your
  regulatory compliance.

17
Resources
18
RESOURCES
Organizations IT Governance Institute
http//www.itgi.org it Governance Company
http//www.itgovernance.co.uk Information
Systems Audit and Control Association (ISACA)
http//www.isaca.org
19
Questions and answers