30
Making sense of IT Governance – the implications of King III Presenter: Marlene Badenhorst (ACIS)
2. Content
3. Research objective & research question
4. What is IT Governance?
Source: ITGI 5.
Enterprise governance and IT governance require a balance between conformance and performance goals directed by the board. Source: ITGI Performance Conformance 6. What is the governance of outsourcing?
Source: ITGI 7. Literature review of selected codes, frameworks, standards and best practices 8. King III requirements the link between IT governance practices and law
9. King III requirements: IT governance
10. King III requirements: IT Governance focus areas
11. King III requirements: IT Governance focus areas
Source: ITGI COBIT focus areasPERFORMANCE MEASUREMENT RESOURCE MANAGEMENT RISK MANAGEMENT VALUE DELIVERY STRATEGIC ALIGNMENT www.itgi.org www.itgi.org 12. Context: Best Practices Source: Own source 13. Context: COBIT and VAL IT Source: Thorpe, cited by ITGI VAL IT COBIT The strategic question The value question.The architecture questionThe delivery questionAre we getting the benefits? Are we getting them done well? Are we doing the right things? Are we doing them the right way? 14. Industry application of governance concepts 15. Status: IT Governance Best Practise Implementation Source: ITGI/Lighthouse survey 200572% 13% 8% 7% 66% 14% 10% 10% 66% 16% 9% 9% 61% 21% 9% 9% 50% 20% 12% 18% 51% 21% 12% 16% Active management ofIT ROI Actual IT performance measurement IT Risk Management IT Value Delivery IT resource management Alignment between IT strategy and overall strategy 0% 100% Have implemented Implementing now Considering implementation Not considering implementation 16. Generic governance framework for ITand outsourcing 17. Generic governance model Source: own source Outsource ClientIT Governance Framework Service Provider IT Governance Framework VAL IT COBIT OutsourceClient Interface VAL IT COBIT ServiceProvider InterfaceEnterprise Governance of IT IT Governance Practitioner processes Practitioner processes Compliance require-ments Compliance require-ments 18. Generic process model Support processes Source: own source Service Provider InterfaceDevelop enterprise strategy Strategicmanagement of product portfolio Strategicmanagementof capacity Manageenterprise Outsource Client (Buyer) Develop enterprise strategy Strategicmanagement of product portfolio Strategicmanagementof capacity Manageenterprise Support processes Service Provider Client Interface Outsource Client (n) Outsource Client 3 Outsource Client 2 Outsource Client 1 Service Provider (n) Service Provider 3 Service Provider 2 Service Provider 1 19. IT Strategy Committee Technology Council Audit Committee Sales & Marketing Compen-sation Committee Business Strategy Committee Finance Committee Board ofDirectors CEO Business Executives Programme Management Office (PGMO)CFO HR Compliance, Audit, Risk & Security(CARS) CIO IT Architecture Review Board Process Oversight Committee . . Account Management IT . . . . IT Steering Committee IT governance interrelationships(service provider perspective) Source: ITGI, own source 20. IT Strategy Committee Technology Council Audit Committee Sales & Marketing Compen-sation Committee Business Strategy Committee Finance Committee Board ofDirectors CEO Business Executives Investment &Services Board (ISB) Value Management Office(VMO) Programme Management Office (PGMO)CFO HR Compliance, Audit, Risk & Security(CARS) CIO IT Architecture Review Board Process Oversight Committee . . Account Management IT . . . . IT Steering Committee IT governance interrelationships(service provider perspective) Source: ITGI, own source 21. Conclusion
22. 23. Backup slides 24. Organisations will consider and use a variety of IT models, standards and best practices. These must be understood in order to consider how they can be used together, with C OBI T acting as the consolidator (umbrella). ISO 9000 ISO 27002 ITIL COSO WHAT HOW
SCOPE OF COVERAGE COBIT Source: ITGI 25. PERFORMANCE:Business Goals CONFORMANCE Basel II, Sarbanes- Oxley Act, etc. Enterprise Governance IT Governance ISO9001:2000 ISO27002 ISO20000 Best Practice Standards QA Procedures Processes and Procedures DriversC OBI T COSO SecurityPrinciples ITILBalancedScorecard
Source: ITGI 26. BUSINESS OBJECTIVES AND GOVERNANCE OBJECTIVES Efficiency Applications Information Infrastructure People DELIVERAND SUPPORT MONITOR AND EVALUATE ACQUIRE AND IMPLEMENT INFORMATION IT RESOURCES COBIT F R A M E W O R K Effectiveness Confidentiality Integrity Availability Compliance DS1Define and manage service levels. DS2Manage third-party services. DS3Manage performance and capacity. DS4Ensure continuous service. DS5Ensure systems security. DS6Identify and allocate costs. DS7Educate and train users. DS8Manage service desk and incidents. DS9Manage the configuration. DS10Manage problems. DS11Manage data. DS12Manage the physical environment. DS13Manage operations. ME1Monitor and evaluate IT performance. ME2Monitor and evaluate internal control. ME3Ensure compliance with external requirements. ME4Provide IT governance. PO1Define a strategic IT plan. PO2Define the information architecture. PO3Determine technological direction. PO4Define the IT processes, organisation and relationships. PO5Manage the IT investment. PO6Communicate management aims and direction. PO7Manage IT human resources. PO8Manage quality. PO9Assess and manage IT risks. PO10Manage projects. AI1Identify automated solutions. AI2Acquire and maintain application software. AI3Acquire and maintain technology infrastructure. AI4Enable operation and use. AI5Procure IT resources. AI6Manage changes. AI7Install and accredit solutions and changes. PLAN AND ORGANISE Reliability COBIT Framework Source: ITGI 27.
Source: ITGI Responsibility & Accountability ChartPerformance Indicators Key Activities Control Practices ControlDesign Tests Maturity Models Outcome Measures Control Outcome Tests Control Objectives IT Processes IT Goals Business Goals performed by requirements information broken down into for performance for outcome for maturity audited with implementedwith basedon derivedfrom measured by audited with controlled by 28. Dimensions of Maturity Source: ITGI 100 % 0 1 2 3 4 5 HOW (capability) HOW MUCH (coverage) WHAT (control) IT Mission and Goals Return on Investment and Cost-efficiency Risk and Compliance Primary Drivers 29. VAL IT domains & processes Source: ITGI Develop and initiate theinitial programme business case Understand the candidate programme & implementation options Develop full life-cycle costs and benefits Develop theprogramme plan Develop the detailed candidate programme business case Update operational IT portfolios Launch and manage the programme Update the business case Retire the programme Monitor and report on the programme InvestmentManagement (IM) Establish strategic direction and target investment mix Manage the availability of human resources Determine the availability and sources of funds Evaluate and select programmes to fund Optimise investment portfolio performance Monitor and report on investment portfolio performance PortfolioManagement (PM) Establish informed and committed leadership Define portfolio characteristics Define and implement processes Align & integrate value management with enterprise financial planning Continuously improve value managementpractices Establish effective governance monitoring ValueGovernance (VG) 30. Road map to IT governance Source: ITGI Raise awareness & obtain management commitment Identify Needs Define scope Define risks Define resources and deliverables Plan programme Envision solution Assess actual performance Define target for improvement Analyse gaps and identify improvements Plan solution Define projects Define improvement plan Implement solution Implement the improvements Monitor implementation performance Review programme effectiveness Operationalise solution Build sustainability Identify new governance requirements
