Management Information Systems

Corporate governance of IT

Group members

• Salman Mahboob

• M. Osman Hasan

Contents

• Corporate governance• Introduction • Background• Difference between IT governance and IT management• IT governance constraints• Principles of IT governance• Frameworks• ISO• CMM• COBIT• Recommendations

Corporate governance

Corporate governance is the set of processes, customs, policies, laws, management practices and institutions affecting the way an entity is controlled and managed.

Corporate governance of IT

IT Governance is actually a part of the overall Corporate Governance Strategy of an organization

Its implementation of processes, structures and relational mechanisms in the organization that enable both business and IT people to execute their responsibilities in support of business/IT alignment and the creation of business value from IT-enabled business investments.

Introduction

• It highlights the importance of value creation and accountability for the use of information and related technology and establishes the responsibility of the governing body, rather than the chief information officer or business management.

Primary goals of Corporate governance IT

Assure that the use of information and technology generate business

value

Oversee management's performance

Mitigate the risks associated with using information and technology

Background

• Information technology governance first emerged in 1993 as a derivative of corporate governance and deals primarily with the connection between an organization's strategic objectives, business goals and IT management within an organization.

Difference between IT governance and IT management

• IT management is focused on the effective and efficient internal supply of IT services and products and the management of present IT operations

• Corporate Governance of IT concentrates on performing and transforming IT to meet present and future demands of the business (internal focus) and business customers (external focus)

IT governance constraints

• Senior Management Not Engaging

• Poor Strategic Alignment

• Lack Of Project Ownership

• Poor Risk Management

• Ineffective Resource Management

INEFFECTIVE IT GOVERNANCE

• Senior management senses low value from investments made in IT

• The IT decision-making mechanisms are slow or contradictory

• Some outsourcing decisions result simply from frustration with IT.

• The inability to explain how IT is governed in an organization – especially senior management’s ability to explain it.

• IT is often a barrier to implementing new strategies. Instead of being a strategic enabler, it limits the ability to respond to new opportunities.

Frameworks

• ISO

• COBIT

• CMM

ISO

• is an international standard for Corporate governance of information technology published jointly by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC).

ISO MODEL

IT Governance Implementation

Effective governance includes

• Decision-making structures

• Alignment processes

• Communication approaches

Principles for Good Corporate Governance of IT

• Responsibility

• Strategy

• Acquisition

• Performance

• Conformance

• Human Behavior

CMM

• Capability Maturity Model (CMM) broadly refers to a process improvement approach that is based on a process model. The Capability Maturity Model (CMM) is a way to develop and refine an organization's processes.

Structure

• Maturity Levels

• Key Process Areas

• Goals

• Common Features

• Key Practices

Levels

• Initial

• Repeatable

• Defined

• Managed

• Optimizing

COBIT

• Control Objectives for Information and Related Technology is a framework created by ISACA for information technology (IT) management and IT governance. It is a supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks

COBIT components

• Framework: Organize IT governance objectives and good practices by IT domains and processes, and links them to business requirements

• Process descriptions: A reference process model and common language for everyone in an organization. The processes map to responsibility areas of plan, build, run and monitor.

• Control objectives: Provide a complete set of high-level requirements to be considered by management for effective control of each IT process.

• Management guidelines: Help assign responsibility, agree on objectives, measure performance, and illustrate interrelationship with other processes

• Maturity models: Assess maturity and capability per process and helps to address gaps.

Use Of COBIT In International Firms

•Thank you