Round Table Discussion 3 Principles of IT Governance

1
Round Table Discussion 3 Principles of IT
Governance IT Governance from the Worlds
Perspective
By Dr. Wachara Chantatub Faculty of Commerce and
Accountancy Chulalongkorn University Email
wachara_at_acc.chula.ac.th
2
IT Governance from the Worlds Perspective

• Executive Summary
• Critical Issues of IT Management
• 4 Ps
• IT Management and Governance Frameworks
• IT Government
• The IT Governance Institute
• IT Governance Global Status Report 2006 (the
  Work)
• Conclusion

3
Executive Summary

• Over the years, IT has become the backbone of
  businesses to the point where it would be
  impossible for many to function (let alone
  succeed) without it. As a result of its
  increasing role in the enterprise, the IT
  function is changing, morphing from a technology
  provider into a strategic partner.
• IT Governance is a structure of relationships and
  processes to direct and control the enterprise in
  order to achieve the enterprises goals by adding
  value while balancing risk versus return over IT
  and its processes.
• This topic will present researches, findings,
  lessons learnt, and opinions on IT Governance
  from the worlds experts.

4
Critical Issues of IT Management

• Considering all the issues of IT management, we
  have identified the following as critical issues
• Environment
• Today IT manager must manage a decentralized,
  end-user-focused environment.
• Role
• The current IT manager, instead of serving as the
  technical custodian of computer hardware
  entities, now functions more like an agent
  between IT resources and end-users.
• Expanding Focus
• The IT manager must understand the global issues
  of the business and its customers, as well as
  have a comprehensive knowledge of global IT
  management. IT has expanded on an international
  level and, as such, the present focus is now on
  matters that are more global in nature. The
  influx of technology into nearly every country
  has opened a cross-cultural window into other
  nations that, to this point, was unavailable.

5

• Integration
• In a given organization, the IT department is no
  longer strictly a separate function, rather, it
  is an integrated function of all departments.
• Increased Risks
• IT managers must be knowledgeable enough to
  effectively deal with greatly increased security
  risks brought about by the integration of
  technology.
• Inadequate Preparation
• Business schools continue to graduate students
  lacking basic knowledge in IT management.
• Adapted from Curriculum Model 2000 of the
  Information Resource Management Association and
  the Data Administration Managers Association

6
4 Ps

• IT management is all about the efficient and
  effective use of the four Ps
• People
• Processes
• Products (tools and technology)
• Partners (suppliers, vendors, and outsourcing
  organizations).

7
IT Management and Governance Frameworks

• COBIT (Control Objectives for Information and
  Related Technology)
• ITIL (IT Infrastructure Library)
• CMMI (Capability Maturity Model Integration)
• BS 15000
• MOF (Microsoft Operations Framework)
• and more

8

• COBIT (Control Objective for Information and
  Related Technology)
• Issued by the IT Governance Institute (ITGI),
  COBIT is an industry accepted standard for IT
  security and control practices that provides a
  reference framework for management, users and
  security practitioners.
• ITIL (IT Infrastructure Library)
• ITIL is one of the most widely accepted
  management frameworks in the IT world and
  describes an integrated set of process-oriented
  best practices for managing IT services.

9

• CMMI
• Capability Maturity Model Integration (CMMI) is
  a process improvement approach that provides
  organizations with the essential elements of
  effective processes. It can be used to guide
  process improvement across a project, a division,
  or an entire organization. CMMI helps integrate
  traditionally separate organizational functions,
  set process improvement goals and priorities,
  provide guidance for quality processes, and
  provide a point of reference for appraising
  current processes.

10

• BS15000
• This is the first formal standard for IT Service
  Management, developed by the British Standards
  Institute (BSI Code of Practice for IT Service
  Management). It is viewed across the industry as
  a crucial step in turning best practices into
  reality.
• MOF (Microsoft Operations Framework)
• MOF is a collection of best practices,
  principles, and models. It provides comprehensive
  technical guidance for achieving mission-critical
  production system reliability, availability,
  supportability, and manageability for solutions
  and services built on Microsoft products and
  technologies. This guidance is presented in the
  form of white papers, service management guides,
  assessment tools, operations kits, best
  practices, case studies, and support tools that
  address the people, process, and technologies for
  effectively managing production systems within
  todays complex distributed IT environment.

11
Evolution of IT Management Frameworks
12
IT Governance

• IT Governance Process
• IT Governance Areas

Source www.itgi.org
13
IT Governance Process
Source www.itgi.org
14
IT Governance Areas

• Strategic alignment
• with focus on aligning with the business and
  collaborative solutions
• Value delivery
• concentrating on optimising expenses and proving
  the value of IT
• Risk management
• addressing the safeguarding of IT assets,
  disaster recovery and continuity of operations
• Resource management
• optimising knowledge and IT infrastructure
• Performance measurement
• tracking project delivery and monitoring IT
  services

Source www.itgi.org
15
The IT Governance Institute

• The IT Governance Institute (ITGI) (www.itgi.org)
  was established in 1998 in recognition of the
  increasing criticality of information technology
  to enterprise success. In many organizations,
  success depends on the ability of IT to enable
  achievement of business goals. In such an
  environment, governance over IT is as critical a
  board and management discipline as corporate
  governance or enterprise governance. Effective IT
  governance helps ensure that IT supports business
  goals, maximizes business investment in IT, and
  appropriately manages IT-related risks and
  opportunities.
• ITGI is a research think tank that exists to  be
  the leading reference on IT-enabled business
  systems governance for the global business
  community. ITGI aims to benefit enterprises by
  assisting enterprise leaders in their
  responsibility to make IT successful in
  supporting the enterprise's mission and goals. By
  conducting original research on IT governance and
  related topics, ITGI helps enterprise leaders
  understand and have the tools to ensure effective
  governance over IT within their enterprise.

16
IT Governance Global Status Report 2006 (the
Work)

• In 2005, PwC was commissioned by ITGI to conduct
  the second global survey on IT governance. The
  survey was conducted from July 2005 until October
  2005 and this report highlights the most
  significant find
• The purpose of the survey was to reach members of
  the C-suite to determine their sense of priority
  and actions already taken relative to IT
  governance and their need for tools and services
  to help assure effective IT governance.

17
Key Findings of the 2006 Survey

• 1. IT is more critical to business than ever.
• 2. General managers feel more positive toward IT
  than IT managers do.
• 3. Significant differences amongst industry
  sectors exist.
• 4. IT staffing is the most important IT-related
  problem.
• 5. IT security is not the most important
  IT-related problem.
• 6. IT outsourcing is out.
• 7. Awareness of ISACA and ITGI has increased.
• 8. Awareness of COBIT has increased.
• 9. Sarbanes-Oxley has not created the
  anticipated effect.
• 10. IT governance (and COBIT) is not as easily
  implemented as originally estimated.
• 11. COBIT is being used by about 10 percent of
  the IT population.

18

• 1. IT is more critical to business than ever.
• For 87 percent of the participants, IT is quite
  to very important to the delivery of the
  corporate strategy and vision.
• For 63 percent of the respondents, IT is
  regularly or always on the boards agenda.

Question Thinking about your overall corporate
strategy or vision, how important do you consider
IT to be to the delivery of this strategy or
vision?
19
Question How frequently is IT included on your
organisations board agenda?
20
2. General managers feel more positive toward IT
than IT managers do. Compared to IT managers,
general managers attach even more criticality and
importance to IT. In addition, they are generally
more satisfied with IT and with its strategic
alignment with the business.
Question Thinking about your overall corporate
strategy or vision, how important do you consider
IT to be to the delivery of this strategy or
vision?
21
3. Significant differences amongst industry
sectors exist. IT/telecom and financial services
appear to be better performers when it comes to
IT governance, while the retail and manufacturing
industries are lesser performers. These outcomes
are in line with the degree of strategic
importance of IT in these industry sectors.
Question Thinking about your overall corporate
strategy or vision, how important do you consider
IT to be to the delivery of this strategy or
vision?
22
4. IT staffing is the most important IT-related
problem. When taking into account all aspects of
a problem, such as frequency of occurrence,
severity of the problem and future evolution, IT
staffing appears to be the most important problem
in IT.
Question Compound problem index?
23
5. IT security is not the most important
IT-related problem. When taking all dimensions of
the problem into account, security (and
compliance) is ranked last of eight IT problem
categories.
Question Compound problem index?
24
6. IT outsourcing is out. IT outsourcing is no
longer seen as the most effective measure to
resolve IT problems. As business and IT have
become increasingly aware of the fact that IT
problems cannot be outsourced, they have tended
to bring control of problematic systems back
in-house.
Question How effective could the following high
level measures be for resolving your IT-related
problems?
25
7. Awareness of ISACA and ITGI has
increased. Awareness amongst the general IT
population of the ISACA and ITGI brands has
almost tripled compared to the 2003 survey.
Question What organisations are you aware of
that provide or implement solutions to IT
governance problems?
26
8. Awareness of COBIT has increased. Awareness in
the general population of the existence of COBIT
has increased by 50 percent since 2003, from 18
percent to 27 percent. In addition, one out of
six respondents who know COBIT claims to know the
contents to a great extent.
Question Are you personally aware of the
existence of COBIT ?
27
Question If you are personally aware of the
existence of COBIT, are you personally aware of
the contents of COBIT?
Question If you are personally aware of the
existence and the contents of COBIT, to what
extent are you aware of its contents?
28
9. Sarbanes-Oxley has not created the anticipated
effect. A lower than expected numberonly 38
percentof the COBIT users indicated that
Sarbanes-Oxley legislation or other new
accounting-related legislation or regulation was
the reason to introduce COBIT in their
organisation. (The survey did not distinguish
between old and new COBIT users, which could
explain the result.)
Question Was the Sarbanes-Oxley legislation, or
any other new accounting-related legislation or
regulation, a reason to introduce COBIT in your
organisation?
29
10. IT governance (and COBIT) is not as easily
implemented as originally estimated. A number of
results lead to the conclusion that implementing
IT governance is not as straightforward as
perhaps once thought. The same conclusion can be
made regarding COBIT implementation. Putting
things in perspective, however, these results
confirm that Good IT governance practices are
not built overnight they require time and
continued commitment. Implementing COBIT is
not a matter of taking it out of the box and
implementing it as written. Instead, it is a
process of selecting the most appropriate
elements, tailoring them as needed and applying
them to the specific needs of the organisation.
30
Question How easy or difficult has it been for
you to implement the COBIT framework or part of
the COBIT framework?
31
11. COBIT is being used by about 10 percent of
the IT population. The current acceptance rate of
COBITi.e., the percentage of the general IT
population using one or more parts of COBITis
now 10 percent (at least). Given the relatively
large number of respondents indicating that they
use an internally developed IT governance
solution, it is probable that there are a number
of hidden COBIT users who have implemented
portions of it in their own enterprise-specific
solution.
32
Question What solutions/frameworks do you use or
are you considering using?
33
Conclusion

• IT has become the backbone of enterprises.
• Enterprise needs IT management and governance
  framework(s) to direct and control the enterprise
  in order to achieve the enterprises goals by
  adding value while balancing risk versus return
  over IT and its processes.
• IT Governance Global Status Report 2006 (the
  Work) highlights the most significant findings
  of awareness, perceptions and applications of IT
  governance and IT governance frameworks.

34
3rd CIO Security Conference and Showcase
2006Proactive Preparation and Collaboration for
Thailand ICT Vision
Se
Platinum Sponsor
Gold Sponsor
Exhibitor
Strategic Alliances