An IT Governance

JourneyApril 2018

Disclaimer: opinion being those of presenter(s) and not necessarily State Farm

Agenda

• Opportunities

• Getting Ready

• COBIT 5

• Application

• Benefits

• IT Governance Pattern

• Governance Considerations

• Where Are We Now

• ISACA Engagement

• Summary

• Questions

Opportunities

Challenges where consistent governance helps:

• Lacking a consistent governance structure to enable IT to achieve its goals

• Confusion of our workforce due to unclear direction on what is truly required

• Desire for alignment with industry best practices in governance of Enterprise IT

• Regulator engagements

Getting Ready

Assessment & Implementation Actions

• Assessment of environment for IT Capabilities. Formal

governance structure available?

• Reach out to other organizations to gather experiences.

• Leverage industry frameworks when possible such as

COBIT5.

• Design and Develop IT Governance Framework based

on industry framework. We will be discussing use of

COBIT5 (specifically EDM01).

• Proof Of Concepts to help refine approach.

• Ensure executive support of your framework

What Is COBIT5?

• A framework for the management

and governance of Enterprise IT.

• A “framework of frameworks”

leveraging content from other

sources such as ITIL, ISO, TOGAF

& PMBOK

• COBIT5 covers “end-to-end”

IT through 37 enabling

processes

Multiple Frameworks

Unified Framework

COBIT5 Process Reference Model

EDM01 – Governance Framework

“Analyze and articulate the requirements for the

governance of enterprise IT, and put in place and maintain

effective enabling structures, principles, processes and

practices, with clarity of responsibilities and authority to

achieve the enterprise’s mission, goals and objectives.”

*COBIT5 Enabling Processes, © 2012 ISACA. All Rights Reserved.

Application of EDM01 at State Farm

Leveraging EDM01, our IT Governance Framework…

• Enables governance within our Enterprise Technology

Department through a consistent framework of processes,

tools and decision rights, while establishing the rigor

needed to support the goals and objectives of the IT

Organization.

Benefits of Standardized Governance

• Reduces redundancy

• High-level accountability for the amount of governance

• Clarifies documentation

• Simplifies delivery and operations

Improved Efficiency

• Supports desired behaviors

Enhanced Quality

• Demonstrates adherence and compliance

Improved Confidence

Pattern for IT Governance

Governance Considerations

• Focus on development of a policy architecture that leverages

an industry framework such as COBIT5 and meets the needs

of your organization

• Final determination of what to govern will be based on

several factors, including risk mitigation and business value

and should ultimately be approved at the Executive level.

• Autonomy should exist for activities not selected for

governance. Allow teams to manage within their boundaries

of responsibility.

IT Governance

Key Risk Focus

Policy Architecture

Continued OCM

Where are we now?

• IT Governance Policy & Standards

Published

• Initial governance implementations

focused on key risk areas

• Policy Architecture developed and in

process of implementation

• Tooling / repository configuration

• Continued organizational change

management and enhancements in

partnership with ISACA

Configuration

ISACA Engagement

• We have been engaged with ISACA as a thought

partner in this governance journey.

• ISACA Consultant engagement through Mark

Thompson & Peter Tessin.

• Provided insight into governance in other IT

organizations.

• Direct feedback on our governance model,

recommendations for moving forward, additional

resources, use of their COBIT5 tools, etc

Summary

• IT Governance is a journey and not a destination

• Uniform and effective governance is possible through

COBIT5

• Focus should be on enabling the business to achieve

its goals through effective governance of IT

• Organizational Change Management is key

Questions