Presentation is loading. Please wait.

Presentation is loading. Please wait.

IT GOVERNANCE FRAMEWORK

Published byTracey Jennings Modified over 9 years ago

Similar presentations

Presentation on theme: "IT GOVERNANCE FRAMEWORK"— Presentation transcript:

1 IT GOVERNANCE FRAMEWORK
Mark Makepeace Mike Thorn Director Audit Director Business Standards & Improvement Group Internal Audit Business Information Systems 27 January 2005

2 Agenda Where we were Why we needed to change Where we are now
How we got there and what we got from it Where next Lessons Learned

3 Definitions of IT Governance
BIS takes its definitions of governance from those supplied by the IT Governance Institute (ITGI) ‘A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes.’

4 Where we were Organisational governance structure Cascaded objectives
Turnbull reporting IT “bricks” (RAG status) Benchmarking for IT services Balanced Scorecard and supporting MI Internal Audit assurance

5 Why we needed to change FSA regulated company and Stock Exchange Listed Demonstrable framework to satisfy External Audit and FSA supervision regime Credibility issue of internal framework versus industry standard Publication of ITGI Board Briefing on IT governance Share common understanding with IA of IT processes and risks to improve control and risk framework

6 Regulatory timeline

7 Where we are now Governance roles and responsibilities wheel:
identifies what, how and who IT balanced scorecard: reports on IT capability and performance CobiT Heat Map: identifies priority processes for risk management and improvement investment MI Reporting Flow: reports on aspects of IT to top level within organisation to ensure no surprises

8 How we got there Using IA’s strong relationship with IT senior management Facilitate corporate and IT governance initiatives Selling benefits of joint approach External credibility of existing IT bricks De-mystify regulatory “jargon” Commitment of time and resources in “trusted” environment IT IA

9 Adopting CobiT - 1 2002 Assessment Cobit processes v of process
L&G Bricks mapping CobiT Control Objectives Assessment of process Current and Goal maturity ratings CobiT management guidelines FSA inherent risk assessment CobiT framework Initial Heat Map published 2002 Process ownership assigned CobiT processes aligned to IT objectives CobiT control objectives IT Balanced scorecard aligned CobiT framework Note: internal audit involvement; CobiT module referenced

10 Adopting CobiT - 2 Half-yearly process Current and Goal
maturity ratings assessment CobiT management guidelines Moved to process based risk management CobiT framework Governance database developed CobiT Control objectives 2003 / 2004 Governance Management Committee formed Half-yearly Heat Maps published CobiT framework Note: internal audit involvement; CobiT module referenced

11 Where Next - IT Governance
Existing Process Process Improvement Based on CobiT Guidelines covering risk controls Include the 5 IT Governance Focus Areas Number of duplicate risks – variations on a theme Consolidate risks & underlying data Monthly balanced scorecard reporting focuses on risk Realign to the 5 IT governance focus areas Implementation of Governance Database Monthly MI easily produced

12 Lessons Learned - 1 In our view of FS sector, homegrown governance framework not sufficiently credible Essential to obtain and sustain senior management sponsorship across all relevant parties Organisation and existing management structure has finite capacity for change

13 Lessons Learned - 2 Implementation should be planned around existing capability Do not underestimate volume of work or difficulty of getting buy-in from business owners of IT processes i.e. manage facilities Maintain regular communication to keep topic “alive”

14 Questions?

Download ppt "IT GOVERNANCE FRAMEWORK"

Similar presentations

Organizational Governance

Organizational Governance
. . . a step-by-step guide to world-class internal auditing

. . . a step-by-step guide to world-class internal auditing
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Debt Management Strategy: Governance and Transparency

Debt Management Strategy: Governance and Transparency
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Alignment of Enterprise Governance and IT Governance

Alignment of Enterprise Governance and IT Governance
Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &

Core principles in the ASX CGC document. Which one do you think is the most important and least important? Presented by Casey Chan Ethics Governance &
IT Governance Infocom India Presentation December 6, 2006.

IT Governance Infocom India Presentation December 6, 2006.
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)

QUALITY ASSURANCE AND IMPROVEMENT PROGRAM (QAIP)
Enterprise Data Governance and the Role of Internal Audit May 12, 2014.

Enterprise Data Governance and the Role of Internal Audit May 12, 2014.
V i s i o n ACCOMPLISHED ™ Portfolio Management Breakthroughs Shelley Gaddie President Project Corps Pacific Northwest Portfolio Management Roundtable.

V i s i o n ACCOMPLISHED ™ Portfolio Management Breakthroughs Shelley Gaddie President Project Corps Pacific Northwest Portfolio Management Roundtable.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
Improving IT Governance Through Formal Change Management

Improving IT Governance Through Formal Change Management
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Contractor Assurance Discussion Forrestal Building Washington, D.C. December 14, 2011.

Contractor Assurance Discussion Forrestal Building Washington, D.C. December 14, 2011.
Quality evaluation and improvement for Internal Audit

Quality evaluation and improvement for Internal Audit
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.

COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
Supplier Relationship Management

Supplier Relationship Management
Trinidad & Tobago Corporate Governance Code 2013

Trinidad & Tobago Corporate Governance Code 2013

Similar presentations

Ads by Google