What is IT Governance? Corporate governance

Slides:



Advertisements
Similar presentations
IT Governance & Quality Management
Advertisements

Museum Presentation Intermuseum Conservation Association.
Alignment of COBIT to Botswana IT Audit Methodology
Lisanne Sison Director ERM Bickmore
Chapter 10 Accounting Information Systems and Internal Controls
Environmental Management System (EMS)
IT Governance Infocom India Presentation December 6, 2006.
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
1 Continuity Planning for transportation agencies.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Business Crisis and Continuity Management (BCCM) Class Session
Operational risk management Margaret Guerquin, FSA, FCIA Canadian Institute of Actuaries 2006 General Meeting Chicago Confidential © 2006 Swiss Re All.
By Collin Smith COBIT Introduction By Collin Smith
COSO Framework A company should include IT in all five COSO components: –Control Environment –Risk Assessment –Control activities –Information and communication.
Why Managers Must Understand IT Managers play a key role –Frame opportunities and threats so others can understand them –Evaluate and prioritize problems.
Introduction to Systems Analysis and Design
Purpose of the Standards
1 Business Continuity and Compliance Working Together Kristy Justice, AVP WaMu Card Services 08/19/2008.
Change Advisory Board COIN v1.ppt Change Advisory Board ITIL COIN June 20, 2007.
COBIT® 5 for Risk Introduction
Information Technology Audit
Internal Auditing and Outsourcing
EASTERN MICHIGAN UNIVERSITY Continuity of Operations Planning (COOP)
Why Information Governance….instead of Records & Information Management? Angela Fares, RHIA, CRM, CISA, CGEIT, CRISC, CISM or
COBIT®. COBIT - Control Objectives for Information and related Technology C OBI T was initially created by the Information Systems Audit & Control Foundation.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Presenting The Broker-Dealer Certification Tool The Compliance Department Inc. Broker Dealer Compliance Consultants Compliance SCORE Powered by Keane BRMS.
An Educational Computer Based Training Program CBTCBT.
Continual Service Improvement Process
Module 3 Develop the Plan Planning for Emergencies – For Small Business –
Basics of OHSAS Occupational Health & Safety Management System
SMS Operation.  Internal safety (SMS) audits are used to ensure that the structure of an SMS is sound.  It is also a formal process to ensure continuous.
Chapter Three IT Risks and Controls.
Chapter 5 Internal Control over Financial Reporting
© 2013 Cengage Learning. All Rights Reserved. 1 Part Four: Implementing Business Ethics in a Global Economy Chapter 9: Managing and Controlling Ethics.
Roles and Responsibilities
Generally Accepted Recordkeeping Principles Generally Accepted Recordkeeping Principles ® Registered Trademark of ARMA International.
Corporate Responsibility and Compliance A Resource for Health Care Boards of Directors By Debbie Troklus, CHC and Michael C. Hemsley, Esq.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
BPK Strategic Planning: Briefing for Denpasar Regional Office Leadership Team Craig Anderson Ahmed Fajarprana August 11-12, 2005.
Holistic Approach to Security
Microsoft Operations Framework Morten Lauridsen Engagement Manager Microsoft Consulting Services Morten Lauridsen Engagement Manager.
DRP World Class Operations - Impact Workshop Info-Tech Research Group, Inc. Is a global leader in providing IT research and advice. Info-Tech’s products.
Fundamentals I: Accounting Information Systems McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Bank Audit. Internal Audit Internal audit is an independent, objective assurance activity and can give valuable insight in providing assurance that major.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
An Update of COSO’s Internal Control–Integrated Framework
Consultant Advance Research Team. Outline UNDERSTANDING M&E DATA NEEDS PEOPLE, PARTNERSHIP AND PLANNING 1.Organizational structures with HIV M&E functions.
Kathy Corbiere Service Delivery and Performance Commission
ITIL VS COBIT 06 PLM - Group 9
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
2/20/2016 Leveraging IT Governance and COBIT Chip Council, PhD, CGEIT, CISM, CISA Matt Schmidt, MS, CISSP, CISA Adjunct Professors, University of Minnesota.
Chapter 3: Business Continuity Planning. Planning for Business Continuity Assess risks to business processes Minimize impact from disruptions Maintain.
Introduction to ITIL and ITIS. CONFIDENTIAL Agenda ITIL Introduction  What is ITIL?  ITIL History  ITIL Phases  ITIL Certification Introduction to.
Business Continuity Disaster Planning
Dolly Dhamodiwala CEO, Business Beacon Management Consultants
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
Leadership Guide for Strategic Information Management Leadership Guide for Strategic Information Management for State DOTs NCHRP Project Information.
RISK MANAGEMENT IN THE PUBLIC SECTOR CONVERGING MULTIPLE STAKEHOLDER’S EXPECTATIONS Organised by National Treasury Presented by WELEKAZI DUKUZA CEREBRO.
AUDITING BUSINESS CONTINUITY PROGRAMS AND PLANS What to Look For Presented by: Tommye White, CBCP, DRP Chuck Walts, CBCP, CRP.
Risk Management Dr. Clive Vlieland-Boddy. Managements Responsibilities Strategy – Hopefully sustainable! Control – Hopefully maximising profits! Risk.
CPA Gilberto Rivera, VP Compliance and Operational Risk
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
COSO Internal Control s Framework
Alignment of COBIT to Botswana IT Audit Methodology
Cybersecurity ATD technical
Presentation transcript:

What is IT Governance? Corporate governance Processes, customs, rules, procedures, policies, and traditions Determine how to direct and control management activities People involved in corporate governance Board of directors, CEO, senior executives, and shareholders Interest in corporate governance has grown due to recent accounting scandals Information Technology for Managers

What is IT Governance? (continued) Decision-making process Involves investments in IT Includes defining: Decision-making process itself Who makes the decisions Who is held accountable for results How the results of decisions are communicated, measured, and monitored Information Technology for Managers

What is IT Governance? (continued) Primary goals of effective IT governance Ensuring that an organization achieves good value from its investments in IT Mitigating IT-related risks Information Technology for Managers

What is IT Governance? (continued) Information Technology for Managers

Ensuring that an Organization Achieves Good Value from its Investments in IT Many parts of the organization could not operate without IT Governance must be applied to the management of IT Effective IT strategic planning process ensures close alignment between business and IT goals Apply good project management principles Guide to Microsoft Virtual PC 2005 and Virtual Server 2007

Mitigating IT-Related Risks Use good internal controls and management accountability Internal control Provide reasonable assurance for: Effectiveness and efficiency of operations Reliability of financial reporting Compliance with applicable laws and regulations Improper conduct of senior managers and failure to hold managers accountable can circumvent internal controls Information Technology for Managers

Mitigating IT-Related Risks (continued) Rules and regulations Hold senior management accountable for the integrity of financial data and internal controls Accounting, consulting, and software firms can provide products and services Five key activities needed for effective IT governance Information Technology for Managers

Information Technology for Managers

Why Managers Must Understand IT Governance Universal goal for businesses Leveraging IT to transform an enterprise and create value-added services, increased revenue, and decreased expenses IT-related initiatives are seldom simple and straightforward Good IT governance IT organization is better aligned and integrated with the business Risks and costs are reduced IT helps the company gain a business advantage Information Technology for Managers

IT Governance Frameworks IT Infrastructure Library (ITIL) Provides best practices and criteria for effective IT services Control OBjectives for Information and Related Technology (COBIT) COBIT provides guidelines for more than 30 processes that span a wide range of IT-related activities Frameworks are complementary, not competing Information Technology for Managers

IT Infrastructure Library (ITIL) Set of guidelines initially formulated by the UK government Widely used today throughout Europe and the United States Standardize, integrate, and manage IT service delivery Consists of five distinct volumes Information Technology for Managers

IT Infrastructure Library (ITIL) (continued) Addresses Strategy and value planning Roles and responsibilities of key players Planning and implementing service strategies Business planning and IT strategy linkage Risks and critical success factors for implementing ITIL Information Technology for Managers

Control OBjectives for Information and Related Technology (COBIT) Set of guidelines Goal Align IT resources and processes with business objectives, quality standards, monetary controls, and security needs Issued by the IT Governance Institute www.isaca.org/cobit.htm Provides guidance for more than 30 IT-related processes grouped into four major categories Information Technology for Managers

Information Technology for Managers

Information Technology for Managers

Information Technology for Managers

Control OBjectives for Information and Related Technology (COBIT) (continued) Each of the processes is described in terms of: The process inputs The process description The process outputs The goals and metrics The RACI chart The maturity model Information Technology for Managers

Control OBjectives for Information and Related Technology (COBIT) (continued) Information Technology for Managers

Control OBjectives for Information and Related Technology (COBIT) (continued) “Maturity level” of management processes Scale of 0 to 5 Use the scale for each process to evaluate a number of items Use this information to choose: Which processes have priority for improvement Which can be addressed later Information Technology for Managers

Using PDCA and an IT Governance Framework Plan-Do-Check-Act (PDCA) model Tried and proven method Can be applied to a specific targeted process Each step in the model has specific objectives Information Technology for Managers

Information Technology for Managers

Information Technology for Managers

A Manager Takes Charge: Audatex Uses PDCA and ITIL to Improve Its Service Offerings Operates as a service provider for body shops and insurance companies Offers an integrated suite of software to support auto insurance collision repair shops Firm must invest heavily in product development, new technology, and improved products and services Ross McEleny, IT services director at Audatex Formed a process improvement team Established a continuous improvement loop Information Technology for Managers

Business Continuity Planning Disaster Unplanned interruption of normal business operations for an unacceptable period of time Can result in many negative consequences Key planning assumptions Must be built into an organization’s business continuity plan Information Technology for Managers

Business Continuity Planning (continued) Information Technology for Managers

Information Technology for Managers

Business Continuity Planning (continued) People and procedures required to ensure resumption of an organization’s essential, time-sensitive processes with minimal interruption Due diligence Effort made by an ordinarily prudent or reasonable party to avoid harm to another party Failure to make this effort may be considered negligence Scope of a full business continuity plan Information Technology for Managers

Business Continuity Planning (continued) Disaster recovery plan Subset of the business continuity plan Focuses on keeping components of the IT infrastructure functioning during a disaster or recovering them quickly afterward Information Technology for Managers

Information Technology for Managers

Process for Developing a Business Continuity Plan Identifying vital records and data Determine where and how they are being stored and backed up Must assess the adequacy of the current data storage plan Offsite backup recommended Conducting a business impact analysis Recovery time objective Time within which a business function must be recovered Information Technology for Managers

Information Technology for Managers

Defining Resources and Actions Required to Recover AAA priority business functions Document all the resources needed to recover the business function within the recovery time objective Identify the sequences of steps that must occur to recover from a disaster Specific features to consider for inclusion in the recovery of a AAA priority business function When all the preceding tasks have been completed for the AAA priority business functions: Repeat the process for all the AAA priority business functions, then for all AA priority, etc. Information Technology for Managers

Defining Emergency Procedures Emergency procedures define the steps to be taken during a disaster and immediately following Planning and practice of such procedures Minimize loss of life and injuries as well Reduce the impact on the business and its operations Develop in conjunction with professional first responders Computer, data, and equipment backup processes should be triggered automatically Information Technology for Managers

Identifying and Training Business Continuity Teams Control group Emergency response team Includes members of the fire department, police department, and other first responders Business recovery team Members of these teams should be carefully selected Wise to cross-train people Information Technology for Managers

Training Employees Employees should be trained to recognize and respond to various types of disaster warnings Good practice to identify “floor wardens” Most organizations conduct one or two disaster drills per year Information Technology for Managers

Practicing and Updating the Plan Test business continuity plan Ensure that it is effective and that people can execute it Employees are expected to exercise the business continuity plan and restore operations within the desired recovery time Capture problems or issues not addressed by the plan Revise it to incorporate solutions Plan must be continually updated to account for changes Information Technology for Managers

Information Technology for Managers

Summary IT governance Decision-making process that involves investments in IT Responsibility of executive management Five central themes of IT governance Use frameworks as a basis to develop their own governance model Each organization must perform an objective assessment of its unique risks and develop a comprehensive plan Information Technology for Managers