Review of IT Governance
Review of IT Governance Review of IT Governance
Dr.Ir. Yeffry Handoko Putra, M.TContent
Research objective and research question Definitions of IT governance Literature review of selected Codes, Frameworks, Standards and Best Practices Standards and Best Practices Assessment of the current industry application of governance concepts A generic governance framework for IT
governance and the governance of outsourcing
ConclusionMagister of Information System
Research objective & research question Research Objective: Literature review; IT governance efficiency survey to assess:
Does known reference models, frameworks and Does known reference models, frameworks and standards address governance requirements of ICT outsourcing companies? Current status of IT governance practices.
Research Question: Can a generic governance framework be formulated to address these requirements?
Magister of Information System
What is ‘IT Governance’? It is ... the responsibility of the board and executive It consists of...
The leadership, organisational structures &
The leadership, organisational structures & processes... to ensure that the enterprise’s IT... sustain and extend organisational strategies & objectives.
Magister of Information System
! "
# #
$ !$ # !
Magister of Information System
What is the ‘governance of
outsourcing’?
The responsibilities, roles, objectives, interfaces & controls required...to anticipate change and ...
manage the introduction, maintenance, performance, costs and control of third-party provided services.
Magister of Information System to anticipate change and ..
LITERATURE REVIEW OF SELECTED CODES, SELECTED CODES, FRAMEWORKS, STANDARDS AND BEST PRACTICES
Magister of Information System
King III requirements – the link between IT governance practices and law
Directors’ duty of care: ensure prudent and reasonable steps taken re IT governance.
Corporate governance practices, codes and guidelines lift the bar of what are regarded as appropriate standards of bar of what are regarded as appropriate standards of conduct. Failure to meet a recognised standard of governance, albeit not legislated, may render a board or individual director liable at law.
Magister of Information System
King III requirements: IT governance
IT governance... is the responsibility of the board; should be an integral part of enterprise governance structures; should be owned by the board.The board must set the management direction. Required to... The board must set the management direction. Required to...
assume more significant role in terms of IT governance, and
insist on establishment of an IT governance management framework:To be based on a common approach, eg. COBIT.
Magister of Information System
Company requirements: IT Governance focus
areas
IT governance should focus on five key areas: strategic alignment with business; value delivery; risk management; and risk management; and resource management. Performance Management
Magister of Information System
Company requirements: IT Governance focus
areas
IT governance should focus on five key areas: %& strategic alignment with business; value delivery; risk management; and risk management; and resource management.
Performance Management $$$! ! ' %('
) * ) *
Magister of Information System
Context: COBIT and VAL IT
Are we Are we doing the getting the right benefits? things?
Are we Are we doing them getting the right them done way? well?
Magister of Information System
Context: Best Practices
- # '
' ! "
) ' ' , % -.//- &
( % $ #
Magister of Information System
%$
INDUSTRY APPLICATION OF
GOVERNANCE CONCEPTSMagister of Information System
Status: IT Governance Best Practise Implementation 61% 21% 9% 9%
50% 20% 12% 18%
51% 21% 12% 16%
' 1 2 # $ #
#
- ''*
Magister of Information System
3, # -//4 72% 13% 8%
7% 66% 14% 10% 10% 66% 16% 9% 9%
'% ' 1 )
'*
5 $ * GENERIC GOVERNANCE FRAMEWORK FOR IT AND OUTSOURCING AND OUTSOURCING
Magister of Information System
Generic governance model
, ( ) #, ( )
- Compliance require-ments Compliance require-ments
VAL IT COBIT
VAL IT COBIT
Magister of Information System
# Practitioner processes Practitioner processes Generic process model #
. /
Manage Manage enterprise enterprise
Develop Strategic Strategic Develop Strategic Strategic enterprise management of management enterprise management of management strategy product portfolio of capacity strategy product portfolio of capacity
Support Support processes processes
#
- #
# $ # $
. / # . / Magister of Information System IT governance interrelationships (service provider perspective)
IT Strategy Committee
Office (PGMO) HR CIO
$
Committee
! !
! !
‘IT’
Management
! ! Account
Process Oversight Committee
IT Architecture Review Board
Programme Management
Audit Committee
Business Executives
Technology Council Sales & Marketing
IT Steering Committee
Security(CARS)
Compliance, Audit, Risk &
Directors CEO CFO
Committee Board of
Committee Finance
Business Strategy
Compen-sation Committee
Magister of Information System
IT governance interrelationships (service provider perspective)
Board of Directors
Business
IT Strategy Compen-sation Finance Audit Strategy
Committee Committee Committee Committee Committee
CEO Investment &
CFO Compliance, Audit,
Services Board Risk &
(ISB) Security(CARS)
Value
IT Steering Management Management
Committee Committee Office (VMO)
IT Architecture Sales & Marketing
Review Board Account
Technology Council Management
Programme Business
CIO HR Process Oversight Management
Executives ! !
! Committee Office (PGMO)
! !
!
‘IT’
Magister of Information System
$ Magister of Information System
Magister of Information System
%& : % ) ; $ 1
% $ # !
$ # $ %& 67 89!
Magister of Information System
" ';%') * & %*;%') * & < %= # !
- 1
% % & >
2 %&
; ?
- .//- %
- ////
Magister of Information System
% @//A -/// %
# B "
%& # "
,
%& ; $ 1 2# !-## 3- -# !1
- 4! ! - 3- -#
% & ) A )
; ' ) > % ' + "%A 2 ! !
!, 45 ! "%-
2 ) - ) ! !
"%C
2 # #
) C $ ! = !
# "%D
2 ) D " ! # ' #
! 5 ! 5 !
4 ! !
4
"%4 ) ! !1 !1
"%E ! 4 ! #-
- 2 -
"%. ) !
2 A
2 "%F ) #!
4-# 24 -#
!"%@ 1 ! 2 - ) < # ! "%A/ ) G !
2 C ) #!
2 D ! 2 4 # #! A # !
2 E # !
- 2 . !
1- -4 " $ !
62 4-
2 F )
1 C !1 !1
! # !
#2
4 5 -5-! 2 @ ) !
D !
2 A/ ) ! 4 " !
2 AA ) ! E ) !
2 A- ) # .
! !
2 AC ) !
Magister of Information System
%& Business Goals
IT Processes Control Control Key Activities
Outcome Tests Objectives Responsibility & Performance Outcome Control
Accountability Maturity Models Control Practices Indicators Measures Design Tests
Chart
Magister of Information System
Dimensions of Maturity 8 9 . : /
&
$
and Goals
- 8 9
'
Risk and 52 8 Compliance
- ''
- . / Return on Investment and Cost-efficiency
98 . /
1 Magister of Information System Establish strategic direction and target investment mix Manage the availability of human resources
Determine the availability and sources of funds Establish informed and committed leadership
Update operational IT portfolios Launch and manage the programme
5 . 5/
Monitor and report on investment portfolio performance
Evaluate and select programmes to fund Optimise investment portfolio performance
5 . 5/
Monitor and report on the programme
Update the business case Retire the programme
Develop the detailed candidate programme business case
Define portfolio characteristics Define and implement processes
Develop full life-cycle costs and benefits Develop the programme plan
Understand the candidate programme & implementation options
Develop and initiate the initial programme business case
VAL IT domains & processes
. /
Continuously improve value management practices Establish effective governance monitoring
Align & integrate value management with enterprise financial planning
Magister of Information System
Raise awareness & obtain management commitment
!
Define scope Define risks Define resources and deliverables
Plan programme
- Assess actual performance
Define target for improvement Analyse gaps and identify improvements
Define projects Define improvement
Define projects Define improvement plan
Implement the improvements Monitor implementation performance
Review programme effectiveness Build sustainability
Identify new governance requirements