IT Governance

IT governance

Bruno [email protected]

m

08/04/2023 Bruno Claudepierre 2

Course goals

• Understand core concepts of IT governance

• Situate IT governance within an organization

• Identify the interface between IT governance and EA

• Develop academic culture


Course content

• What is IT governance?– Corporate governance & subsystems– IT governance goals– Frameworks

• Academic & research challenges– IT governance and IS engineering


Course scheduling

• Thursday 23rd February– Morning: Course introduction &

academic presentation– Afternoon: project session

• Friday 26th February– Morning: project session– Afternoon : presentation session


IT GOVERNANCEHistorical background and concepts


Historic

• Corporate Governance– 1992 – Report of the Commitee on the Financial Aspects

of Corporate Governance – Cadbury commission (UK)– 1994 – Guidlines of improved Corporate Governance

(Canada)– 1994 – Principles of Corporate Governance (USA)– 1995 – Vienot report on Corporate Governance (France)– 2001 – Nouvelle loi de Réguation Financière (France)– 2002 – Sarbanes-Oxley Act, SOX (USA)– 2003 – Loi de Sécurité Financière (France)– 2004 – Principles of Corporate Governance (OECD)


Acts, laws & compliance

• Act– A bill which has passed through the various

legislative steps required for it and which has become law.

• Law– "A rule of conduct prescribed by the supreme

power in a state, commanding what is right and prohibiting what is wrong." W. Blackstone

• Compliance– The state of being in accordance with the relevant

state authorities and their requirements (i.e. the law).


Acts, laws & compliance

• SOX requirements– Sec. 103. Auditing, quality control, and

independence standards and rules.– Sec. 302. Corporate responsibility for

financial reports.• CEO & Officers make a review and sign the

financial report.

– Sec. 404. Management assessment of internal controls.

– Sec. 906. Corporate responsibility for financial reports.


Informatics & companies

• IT Business Foundation principles

Information Technology

Finance

Activity

Competence

Knowledge Ressources

Processes

Products and services

Sup

port

Valu

ecr

eati

on


Concept

• Definition (Managerial discipline)– Information Technology Governance (IT

Governance) is a subset discipline of Corporate Governance focused on information technology (IT) systems and their performance and risk management.

Corporate governance

IT governance

Social governance

Financial governance


Concept• Other definitions

– “the organisational capacity exercised by the Board, Executive Management and IT management to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT” (Van Grembergen, 2002)

– “IT governance is the responsibility of the Board of Directors and Executive Management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategy and objectives” (ITGI)

– "Specifying the decision rights and accountability framework to encourage desirable behaviour in the use of IT.“ (Weill and Ross, 2004)

– “Activity that aims at regulating and optimizing the IS management of an organization. It is generally performed under the responsibility of the Chief Information Officer.” (Claudepierre, 2009)


ConceptOrganizationExternal context

Law&

Act

COSO

COBIT

-SOX-LSF

-Risk management

-Control

Corporate Governance

IT governance

Management

CIO

-Rules

Risk

Control

-Compliance

-Goals -Reporting

08/04/2023 13

From IT governance to IS

Bruno Claudepierre

Tactical/Operational levelStrategic level

Alignment

Management

Ressources

Risk

Performance

Control

Value

Maturity

Support

Network

Systems

Infrastructure

Service

Project

Security

IT department

chief

Other department

chiefs

Needs

Services

IT Governanc

e

CIO

Information

Goals


Zachman Framework

21e.g. DATA

ENTERPRISE ARCHITECTURE - A FRAMEWORK

Builder

SCOPE(CONTEXTUAL)

MODEL(CONCEPTUAL)

ENTERPRISE

Designer

SYSTEMMODEL(LOGICAL)

TECHNOLOGYMODEL(PHYSICAL)

DETAILEDREPRESEN- TATIONS(OUT-OF- CONTEXT)

Sub-Contractor

FUNCTIONINGENTERPRISE

DATA FUNCTION NETWORK

e.g. Data Definition

Ent = FieldReln = Address

e.g. Physical Data Model

Ent = Segment/Table/etc.Reln = Pointer/Key/etc.

e.g. Logical Data Model

Ent = Data EntityReln = Data Relationship

e.g. Semantic Model

Ent = Business EntityReln = Business Relationship

List of Things Importantto the Business

ENTITY = Class ofBusiness Thing

List of Processes theBusiness Performs

Function = Class ofBusiness Process

e.g. Application Architecture

I/O = User ViewsProc .= Application Function

e.g. System Design

I/O = Data Elements/SetsProc.= Computer Function

e.g. Program

I/O = Control BlockProc.= Language Stmt

e.g. FUNCTION

e.g. Business Process Model

Proc. = Business ProcessI/O = Business Resources

List of Locations in which the Business Operates

Node = Major BusinessLocation

e.g. Business Logistics System

Node = Business LocationLink = Business Linkage

e.g. Distributed System

Node = I/S Function(Processor, Storage, etc)Link = Line Characteristics

e.g. Technology Architecture

Node = Hardware/SystemSoftware

Link = Line Specifications

e.g. Network Architecture

Node = AddressesLink = Protocols

e.g. NETWORK

Architecture

Planner

Owner

ENTERPRISEMODEL

(CONCEPTUAL)

Designer

SYSTEMMODEL

(LOGICAL)

TECHNOLOGYMODEL

(PHYSICAL)

DETAILEDREPRESEN-

TATIONS (OUT-OF

CONTEXT)

Contractor

FUNCTIONING

MOTIVATIONPEOPLE

e.g. Rule Specification

End = Sub-condition

Means = Step

e.g. Rule Design

End = ConditionMeans = Action

e.g., Business Rule Model

End = Structural AssertionMeans =Action Assertion

End = Business ObjectiveMeans = Business Strategy

List of Business Goals/Strat

Ends/Means=Major Bus. Goal/Critical Success Factor

List of Events Significant

Time = Major Business Event

e.g. Processing Structure

Cycle = Processing CycleTime = System Event

e.g. Control Structure

Cycle = Component CycleTime = Execute

e.g. Timing Definition

Cycle = Machine CycleTime = Interrupt

e.g. SCHEDULE

e.g. Master Schedule

Time = Business EventCycle = Business Cycle

List of Organizations

People = Major Organizations

e.g. Work Flow Model

People = Organization UnitWork = Work Product

e.g. Human Interface

People = RoleWork = Deliverable

e.g. Presentation Architecture

People = UserWork = Screen Format

e.g. Security Architecture

People = IdentityWork = Job

e.g. ORGANIZATION

Planner

to the BusinessImportant to the Business

What How Where Who When Why

John A. Zachman, Zachman International (810) 231-0531

SCOPE(CONTEXTUAL)

Architecture

e.g. STRATEGYENTERPRISE

e.g. Business Plan

TM


STRATEGIC GOALS FOR IT GOVERNANCE


Strategic alignment

• Strategic Alignment is related to the concept of strategic fit, introduced by Michael Porter (1980).

• Kaplan and Norton (2006) define strategic fit as internal consistency of the activities that implement the differentiating components of a strategy. Strategic fit exists when the network of internal performance drivers is consistent and aligned with the firm's desired customer and financial outcomes


Porter’s value chain

Business activities

Support activities

Source : http://www.learnmarketing.net/valuechain.htm

http://www.learnmarketing.net/valuechain.htm


Porter’s value chain

• Inbound logistics : Refers to goods being obtained from the organizations suppliers.

• Operations : The raw materials and goods obtained are manufactured into the final product (Added value).

• Outbound logistics : Once the products have been manufactured they are ready to be distributed.

• Marketing and Sales: Marketing must make sure that the product is targeted towards the correct customer group.

• Services: After the product/service has been sold what support services does the organization have to offer?

Production(Added value)

Distribution & services

Suppliers Customers


Porter’s value chain• Procurement: This department is responsible for sourcing raw materials

for the best price and best quality.• Technology development: The use of technology to obtain a competitive

advantage within the organization. Technology can be used in production to reduce cost thus add value, or in R&D to develop new products, or via the use of the Internet so customers have access to online facilities.

• Human resource management: The organization will have to recruit, train and develop the correct people (knowledge & competences) for the organization.

• Firm infrastructure: Every organizations needs to ensure that their finances, legal structure and management structure works efficiently and helps drive the organization forward.

Production(Added value)

Distribution & services

Suppliers Customers

IT IT IT IT IT


Balanced scorecard• Monitoring organization performance against strategic goals• Lack of traditional financial approach :

– "The balanced scorecard retains traditional financial measures. But financial measures tell the story of past events, an adequate story for industrial age companies for which investments in long-term capabilities and customer relationships were not critical for success. These financial measures are inadequate, however, for guiding and evaluating the journey that information age companies must make to create future value through investment in customers, suppliers, employees, processes, technology, and innovation.“ (Kaplan & Norton)

• BSC proposes 4 analysis axes– Customer: What are the customer needs?– Financial: How to satisfy shareholders appétit?– Key process: What are the processes essential for value creation?– Learning & growth: Knowledge & evolving capacity of the

organization (human centric aspect)


Balanced scorecard


Business alignment

• Business/IT alignment is a desired state in which a business organization is able to use information technology (IT) effectively to achieve business objectives - typically improved financial performance or marketplace competitiveness. Some definitions focus more on outcomes (the ability of IT to produce business value) than means (the harmony between IT and business decision-makers within the organizations)

Product Process

People LocationData Software

Interface DeliveryBusiness & activities

IT domainAlignmentLink

Fit


Strategic & Business alignment

Strategy (BSC)

Value Chain

IT

Reporting

Business process

Support

Information system

IT steerage


Responsability & decision owner• “IT governance is not about what specific

decisions are made. That is management. Rather, governance is about systematically determining who makes each type of decision (a decision right), who has input to a decision (an input right) and how these people (or groups) are held accountable for their role. Good IT governance draws on corporate governance principles to manage and use IT to achieve corporate performance goals.” Peter Weill (MIT)

• Necessity to structure the decision-making system with:– Decision role– Responsibility– Organizational rules


Responsability & decision owner

• IT governance council– Responsible for compliance with laws and regulations (SOX, LSF…)– Define IT strategic goals with respect to corporate strategic goals

and technological risk limitation– Responsible for IT accountability and report to shareholders– Name the members of the IT governance committee– Audit decision

• IT governance committee– Manage & conduct audit– Report to the IT governance council– Control and manage assets– Manage alignment and maturity– Coordinate workgroups– Evaluate conformity and compliance process– Priorize projects (PPM)



• IT accountability– Refers to the ability of IT governance

council in ensuring IT controls and reporting results to investors and shareholders.

ShareholdersStock

exchange

IT governance council

IT governance comitee

HIC Audit SIC Audit

needs

goals results

reporting

Accountance



Project Portfolio Management (PPM)- A project is allocated to a portfolio (a set of projects)- A project can be in the following states:

- Designed, in progress, completed, canceled- How much ressources allocate to a project?- KPI and KGI help decision makers in allocating ressources

and priorizing projects within a portfolio

- Control process over the projects

Plan

Do

Check

Act

Deming’s wheel of improvment


Ressource management

• Ensure the execution of IT activities by creating, maintaining, allocating or dismiss IT ressources

• Ressource typology– Information– Hardware, or IT infrastructure. Refer to

technological support: servers, network, firewall, reverse proxy, DMZ…

– Software, or IT architecture. Refer to applicative components: business software, ERP, Intranet, Website…

– People


Information

• Information Quality (IQ)– Intrinsic IQ:

• Accuracy, the closeness to the true value seen as the degree of agreement of readings or of calculated values.

• Objectivity, Believability or credibility, • Reputation or Integrity

– Contextual IQ: • Relevancy or information retrieval• Timeliness refers to information that is current at the time of

publication • Completeness or knowledgeable granularity

– Representational IQ: • Interpretability, Ease of understanding, Concise representation,

Consistent representation

– Accessibility IQ: • Accessibility ability to access information and services• Access security

08/04/2023 30

Hardware & Software

• EA and resource management

Bruno Claudepierre

Transitional Process

Standards

Drivers

BusinessArchitecture

DataArchitecture

ApplicationsArchitecture

TechnologyArchitecture

BusinessArchitecture

DataArchitecture

ApplicationsArchitecture

TechnologyArchitecture

StrategicDirection

As-Is To - Be

Contextual

Conceptual

Logical

Physical

As Built

Functioning

Why

Why

Who

Who

When

When

Where

Where

What

What

How

How

Models

Adapted from “Federal Enterprise ArchitectureFramework”


People

• IT persons– Developers, managers, architect– Knowledge and competences– Intern vs extern– Security access (logicaly and physicaly)

• Workgroup structure


Manage the Risk

• ISO standard ISO 31000:2009 provides guidelines for risk management implementation.

• The US Sarbanes Oxley Act mandated the adoption of : – an appropriate system of internal control

and, – requires directors to monitor and report

operational risk


Manage the Risk

• Derivation of risk based on goals analysis

• Evaluate the risk by enacting control process

• Decide (or choose) the adequat action to perform

Goals

Identify risk

Evaluate risk

Decide

Actions


Source of Risk

• Human– Error, Internal fraud and Criminal activity

(terrorism, hacking…)

• Technology – Software infrastructure component– Hardware infrastructure component– Informational agent

• Business– Production, Process structures & Information

• Natural– Disaster: flood, lightning, heat & frost…

Identify risk


Impact of risky events

• IT infrastructure and network security– rising from concerns about hackers, terrorists, cyber-criminals,

insiders, outsiders, viruses, and so on

• Data integrity, confidentiality and privacy– rising from regulatory and market pressure around protecting

personal (e.g. data protection legislation), and corporate data (e.g. fair disclosure regulations), as well as financial and operational data (e.g. Sarbanes Oxley)

• Business continuity– rising from concerns about the capability to continue in

business after a natural or man-made disaster

• IT management– rising from concerns about project failure, poor IT operational

performance, inadequate IT infrastructure, etc


Risk classification matrix

• Risk evaluation over a 1 to 100 scale• 3 or 5 degree of impact (e.g. with 3 degree)

– Low: 0 to 10 points– Medium: 11 to 50 points– High: 51 to 100 points

Probability Impact

Low risk (10) Medium risk(50) High risk (100)

Low (0.1) 0.1 x 10 = 1 0.1 x 50 = 5 0.1 x 100 = 10

Medium (0.5) 0.5 x 10 = 5 0.5 x 50 = 25 0.5 x 100 = 50

High (1.0) 1.0 x 10 = 10

1.0 x 50 = 50 1.0 x 100 = 100

Evaluate risk

08/04/2023 37

Risk limitation• Avoidance

– Avoid the possibility of risky event– Software configuration

• Protection– Anticipate risky event– E.g. antivirus, firwall, DMZ

• Risk traitment– In case of risky event occurrence– Risk management planning : include documentation, knowledge, risk

evaluation and control.– Emmergency plan, Crisis plan and restoration

• Risk transfert– Risk management is transfered to a competent person– Intern transfert (e.g. CSO)– Extern transfert

Bruno Claudepierre

Actions


Performance management

• What is IT Performance management?– refers to the monitoring and measurement of

relevant metrics to assess the performance of IT resources

• Management level– Monitoring of project portfolio– Expenditure of capital and human resources in IT

projects

• Operational level– Monitoring of IT components (servers, databases,

software, services)– Monitoring of processes (BAM) using SLA indicators

08/04/2023 39

Performance Management

Bruno Claudepierre

Database

Web sites

ERP CRM Others

META DATA

Extract Transform and Load

Analysis

Performance impact

Decision

DATA

MIN

ING


Evaluation & control

Audit goals

Evaluation process

Conclusions

Recommendations

Support

Network

Systems

Infrastructure

Service

Project

Security

Audit methodology

Audit process is customized for each IT component to control

IT governance

comitee

ROI

SLA



Value - TCO

• Total Cost of Ownership (TCO)– “A financial estimate. Its purpose is to help

consumers and enterprise managers determine direct and indirect costs of a product or system. It is a management accounting concept that can be used in full cost accounting or even Ecological economics where it includes social costs” – Wikipedia

– IT costs :• Harware & Software• Operational expenses• Longterm expenses


Value - TCOHardware and Software

• Network• Server• Workstation• Installation and integration• Purchasing research• Warranties and licenses• License tracking - compliance• Other migration expenses• Risks: susceptibility to

vulnerabilities, availability of upgrades, patches and future licensing policies, etc.

Operation expenses• Infrastructure (floor space)• Electricity• Testing costs• Downtime, outage and failure• Diminished performance• Security• Backup and recovery process• Technology training• Audit (internal and external)• Insurance• IT related personnel• Corporate Level Management

timeLong term expenses

• Replacement• Future upgrade or scalability

expenses• Decommissioning


Value - TBO

• Total Benefit of Ownership– The TBO tries to summarize positive

effects on acquisition of new IT components.

TCO / TBOIndicator

TCO TBO

Direct cost Indirect cost Direct benefitIndirect benefit


Value - TRO

• Total Risk of Ownership

– Indicator of risk value: take into account direct risks like cost, data integrity and indirect risk business impact over production…


Value - GITV

• Global IT Value (GITV)

GITV = (TBO-TCO) / TROWith stabilized TBO and TCO:

TRO GITV


IT GOVERNANCE FRAMEWORKS


ERM Framework

• Enterprise Risk Management Framework• Historic

– 1992: Internal Control – integrated FW (COSO1)– 2004: Enterprise Risk Management – integrated FW

(COSO2)

• Framework goals– Risk control objective– Compliance with regulation– Accountability

• Structure– 3 strategic goals– 8 risk management domains– N organizational processes


COBIT• Control Objectives for I & T• Historic

– 1967: ISACA– 1994: COBIT V1– 1998: COBIT V2– 2001: COBIT V3– 2003: IT Control Objectives for SOX– 2005: COBIT V5

• Framework goals– IT Ressources evaluation– Control and audit

• Structure– 34 IT processes & 34 high control objectives– 318 control objectives– Maturity model (CMMi based evaluation scale)


ITIL

• IT Infrastructure Library• Historic

– 80’: Best practices edited by the Central Computer & Telecommunication Agency under the command of the british government.

• Framework goals– Improve quality and efficacy in service delivery

• Structure– Method for IT service management– 6 books: Service delivery, Service support, Business

perspective, Application management, ICT infrastructure management, Planning to implement service management.


Overview

Alignment

Management

Ressources

Risk

Performance

Control

Value

Maturity

COBIT

ITIL

COSO

Indirect impact

Understanding framework and

select the appropriate one


ACADEMIC & RESEARCH TOPICS

08/04/2023 53

Research questions and goals

• What are the impacts of IT governance over engineering mechanisms?

• Problems:– IT governance (management domain) is

not formalize for engineering purposes– Engineering Methodologies does not

anticipate their interface with control processes

Bruno Claudepierre

As-is model

To-be model

Old reality

New reality

Change process model

Change process

Change definition

Legacy integration

Reverse analysis

Change implementatio

n

Control system

Control variables

Action variables

IT governance

loop

Act CheckAbstract Do

Engineering IS

08/04/2023 55

IT Governance

• Definition (Claudepierre et al., 2009)– An activity that aims at regulating and

optimizing the IS management of an organization.

Str. IS

Tactical IS

Operationnal IS

(i) Strategic planning

(ii) Tactical (control framework)

(iii) Measures

(Wirtz, 2008) Value creation shareholders/ stakeholders(Luftman et al., 2004), (Corteau et al., 2001) Strategic alignment(Weill, 2004), (De Haes, 2005) Decision making structure and processes

(AFAI, 2002) COBIT(Simonsson, 2008) ITOMAT(Saidani et al., 2007), (Bessai et al., 2008) process (re)engineering

(Ben Zaïda et al., 2007) Indicators(Kaplan et al., 1996) Balanced Score Card

Bruno Claudepierre

08/04/2023 56

Requirement modeling

Intentional process

Goals structureGoals usage

GRAIL/KAOS

I*

MAP

Bruno Claudepierre

08/04/2023 57

IS Engineering

Start

Stop

I1

I2

I3

As-is System

To-be System

As-is Model To-be Model

Abstraction

Propagation

Implementation

Legacy

• IS evolution (Jackson, 1996) Requirements integration

Bruno Claudepierre

08/04/2023 58

Research question

• Current state– IT governance requirements are not

specified in order to ensure their integration to an IS engineering process.

• how to formalize IT governance requirements to provide additional inputs to information system (re)engineering processes?

• Hypothesis– The literature contains the description of

the requirementsBruno Claudepierre

08/04/2023 59

Modeling requirements

• Usage of the MAP meta-model

Start

Stop

I1

I2

S1 S2

S1

S3S3

S4Intention

Start : Intention Stop : Intention

MAP

Section

Strategy

+Source

0..*+Target

0..*1..*

Use Use

1..*

+Refines

0..*

0..1

Bruno Claudepierre


Method supports

• Usage of MAP model for methodological guidlines

• Ability to support method processes for IT governance

08/04/2023 61

?


• Identification process for MAP components

Start

Stop

I1

I2

S1 S2

S1

S3S3

S4

Bruno Claudepierre

08/04/2023 62

Modeling requirementsName: C3 - Alignment model

Type: Descriptive

Start

Align IT and business process

S1 : by modeling

« (Align) verb( IT and BP)object by (modeling the relationship between requirements and IT and BP components)way »

Component

+Name+Type

Section

Bruno Claudepierre

08/04/2023 63


• Construction process overview

MAP meta-model

ITGIM

Instanciation

Universe of

Discourse

Goal taxonomy

MAP component generation

Bruno Claudepierre

08/04/2023 64

Model Risk

• Context of Decision making: evolving and risky environment

• Various way to manage risk :– to limit the occurrence of the event by using a

prevention strategy;– to accept the risk and to put it under control;– to categorically refuse it and to cancel projects

which can potentially generate this risk.

• Known Frameworks : European project CORAS, ISO 27001

Model risk

Bruno Claudepierre

08/04/2023 65

Align IT an business process

• Managing project in a risky context• Engineering an information system which is

coherent with business strategies and goals– Coevolution (Etien, 2005) : modeling the

linkage between the business and IS layers– (Thevenet, 2008) : modeling the linkage

between strategic goals and business/IS components

• Evaluation frameworks:– COSO– COBIT


Bruno Claudepierre

08/04/2023 66

Comply with laws

• Limitation of financial risks– Enron/WorldCom scandals

• Sarbanes-Oxley act of 2002– SOX – S302: CEO must personally verify

the balance sheet and income statement of the organization by signing it.

• Knowing and reviewing relevant lawsMake IT

compliant

Bruno Claudepierre

08/04/2023 67

Generate value

• We identified two types of value: – The external value for which the purpose of the

organization is to fulfill the expectations of investors and shareholders;

– The internal value or partnership value for which the purpose of the organization is to develop synergies and improve internal performance of the organization

• Competitive advantage of complying with law• Strategic alignment as internal value support

Generate value

Bruno Claudepierre

08/04/2023 68

ITGIM overview

Start

Model risk


S1 : by defining risk

S2 : by project planning

S1 : by modeling

Make IT compliant

Generate value

Stop

S3 : by evaluation

S4 : by reviewing relevant laws

S5 : by law application S6 : by competitive

advantage

S7 : by IT service proposal

S8 : by failure

S9 : by non-profit consideration

S10 : by completenessS11 : by

application of controls

Bruno Claudepierre


PROJECT


Project

• Organized by teams of 2-3 students :– Select an article– Read and summarized it (#1 page A4)– Presentation (session of 20’) with

questions time on Friday afternoon– Email Slides and summary

• [email protected]

• Keep in touch !!


References• F. Georgel, IT Governance Management Stratégique d’un système

d’information, DUNOD (2009). ISBN: 978-2-10-05274-4• Y. Caseau, Urbanisation et BPM Le point de vue d’un DSI, DUNOD (2005).

ISBN: 2-10-048724-8• Henderson, J. and Venkatraman, N. (1992) Strategic alignment: A model for

organisational transformation through information technology. In T. A. Kochan, T. A. and Useem, M. (Eds.), Transforming Organisations, Oxford University Press, Oxford and New York.

• B. Claudepierre, and S. Nurcan, "ITGIM: An intention-driven approach for analyzing the IT Governance requirements", Requirements, Intentions and Goals in Conceptual Modeling (RIGiM), Gramado, Brazil, November 2009.

• B. Claudepierre, and S. Nurcan, "Constats et fondements pour des méthodes d'ingénierie de SI dirigées par les exigences de gouvernance", Revue des Sciences et Technologies de l'Information (RSTI), Editions Lavoisier, O. Pastor, A. Flory, M. Collard, Paris, France, 14:4, pp. 9 - 32, 2009.

• Weill P., Ross J., IT Governance: How Top Performers Manage IT for Superior Results, Harvard Business School Press, 2004, ISBN 1-59139-253-5


References• A. Deyrieux, Le système d’information nouvel outil de stratégie –

Direction d’entreprise et DSI, MAXIMA, Paris 2004, ISBN: 2-84-001-357-6

• COSO Website: www.coso.org• COBIT Website: www.isaca.org• ITIL Website: www.ogc.gov.uk

http://www.coso.org/

http://www.isaca.org/

http://www.ogc.gov.uk/

Date post:	22-Nov-2014
Category:	Documents
Upload:	lookmansanni
View:	96 times
Download:	0 times

IT Governance

Documents