Presentation is loading. Please wait.

Presentation is loading. Please wait.

© IT Management Consulting Ltd., London, +44-7798 527910 Implementing IT Governance Frameworks within Regulated Institutions.

Published byOphelia Rice Modified over 9 years ago

Similar presentations

Presentation on theme: "© IT Management Consulting Ltd., London, +44-7798 527910 Implementing IT Governance Frameworks within Regulated Institutions."— Presentation transcript:

1 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com Implementing IT Governance Frameworks within Regulated Institutions Malta, 25th June, 2007 Dr. Martin Rosenberg Program Director International IT Management Consulting Ltd. www.mrosenberg.com governance@mrosenberg.com

2 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 2 - IT Governance Drivers 1. Pace of creating new regulations is increasing. Compliance is not going away! 2. Shift from tactical compliance efforts towards addressing multiple regulations 3. Compliance projects are costly and long, need for standardization of controls and automation 4. Need to reduce compliance efforts from end-to-end perspective by focusing on improved risk management and reliable corporate governance 5. Corporate governance depends on IT governance that creates a common language across IT departments and business units, facilitates risk mitigation and benefits business performance 6. Auditor skills and relationships not sufficient, limited availability of skills within accounting companies and IT. Good IT governance needed to facilitate auditing tasks 7. IT frameworks to help develop IT governance policies and controls for different compliance requirements 8. Need to mange outsourcing, acquisitions and business performance

3 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 3 - Sample of Regulations… … Euro-SOX (EU) EU Digital Signature Directive EU Data Protection Directive MiFID Basel II ISO Security Program Standards Payment Cards Data Security Standards … etc.

4 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 4 - “IT Governance – A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes.” source: ISACA IT Governance Definition

5 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 5 - IT Governance is NOT IT Management or IT Standards DIRECT CONTROL RISK MANAGE DECIDE POLICIES PROCESSES RELATIONSHIPS MEASUREMENTS IT Organization IT Governance Structure

6 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 6 - Need both Lifecycle Mgmt and Governance to properly manage investments, assets and quality Multiple Lifecycles Business Projects Services Assets Appl. Infra. Sourcing Plan Build Run   Lifecycles evolve in different pace and need synchronization Example: Service Mgmt Lifecycle Applies to Multiple Lifecycles

7 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 7 - IT Governance ties it all together and aligns with business goals IT Strategy Architecture Tech. Direction Program Mgmt Investments Resources IT Strategy Architecture Tech. Direction Program Mgmt Investments Resources POLICIES PROCESSES RELATIONSHIPS MEASUREMENTS DIRECT CONTROL RISK MANAGE DECIDE Plan Build Run Governing Lifecycles

8 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 8 - IT ManagementIT Governance PLAN BUILD RUN DECIDE DIRECT CONTROL RISK MANAGE IT Governance is not IT Processes Execution Simplified View

9 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 9 - Strategic Alignment  Ensuring the link of business and IT plans, defining IT value proposition, aligning IT and business operations Value Delivery  Executing IT value proposition via the delivery cycle Resource Management  Optimal investment in and management of critical IT resources Risk Management  Understanding enterprise’s appetite for risk and compliance requirements, implementing risk management responsibilities Performance Measurement  Tracking and monitoring strategy implementation, project completion, process performance and service delivery (e.g. via balanced scorecards) ©2005 IT Governance Institute (ITGI), All rights reserved IT Governance Focus Areas

10 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 10 - Strategic IT plan Info & Technical Architecture Investments and Budgets Program/Project Office Solutions/ Applications Development & Acquisition Projects & Enhancem. & Maintenance Service Delivery & Support Operations Vendor mgmt Performance Measurement Compliance & Control IT Governance Plan & Organize Develop Acquire & Implement Monitor & Evaluate Deliver & Support IT Organization’s Process Groupings - Problem Process Examples: PROBLEM: Very Little or NO End-to End Integration (Across the Board)

11 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 11 - Uncoordinated Commitment Multiple, incompatible IT frameworks with diverse focus and purpose: Investment-centric Functionality-centric Service-centric Strategy Development Architecture Operations Outsourcers Business Relations Business Relations Different Views of IT Value through different Frameworks! Multitude of IT Frameworks and Lack of Integration ISO 17799 ITIL RUP Other… PMI/Prince2 TOGAF

12 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 12 - COBIT an Integrating end-to-end ‘Umbrella’ Framework for IT COSO ISO 17799 ITIL TOGAF Best Practice Frameworks Other… COBIT PMI/Prince2 Business Function Business Function Business Function Business Function Business Function Business Function Business Function Business Function IT Function Corporate Governance IT Governance

13 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 13 - Value Delivery Resource Mgmt Risk Mgmt Strategic Alignment Plan Build Run BusinessProjectsArchitecture Performance Mgmt COSO PMI/Prince2 TOGAF ISO 17799 Best Practice Frameworks (examples) ITIL SecurityServices IT Governance CMM COBIT an Integrating end-to-end ‘Umbrella’ Framework for IT

14 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 14 -  Business-Focused  Process-Oriented  Control-Based  Measurement-Driven COBIT: An Integrated Control Framework

15 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 15 - ©2005 IT Governance Institute (ITGI), All rights reserved Control, Alignment, Monitoring

16 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 16 - PLAN AND ORGANIZE PLAN AND ORGANIZE AI1 Identify automated solutions AI2 Acquire and maintain application software AI3 Acquire and maintain technology infrastructure AI4 Enable operation and use AI5 Procure IT resources AI6 Manage changes AI7 Install and accredit solutions and changes ME1 Monitor & evaluate IT performance ME2 Monitor & evaluate internal control ME3 Ensure regulatory compliance ME4 Provide IT governance PO1 Define a strategic IT plan PO2 Define the information architecture PO3 Determine technological direction PO4 Define IT processes, org. & relationships PO5 Manage the IT investment PO6 Communicate mgmt aims and direction PO7 Manage IT human resources PO8 Manage quality PO9 Assess and manage IT risks PO10 Manage projects DS1 Define and manage service levels DS2 Manage third-party services DS3 Manage performance and capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify and allocate costs DS7 Educate and train users DS8 Manage service desk and incidents DS9 Manage the configuration DS10 Manage problems DS11 Manage data DS12 Manage the physical environment DS13 Manage operations DELIVER AND SUPPORT AQUIRE AND IMPLEMENT AQUIRE AND IMPLEMENT MONITOR AND EVALUATE MONITOR AND EVALUATE Business & Governance Objectives INFORMATION ©2005 IT Governance Institute (ITGI), All rights reserved Process Oriented

17 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 17 - PLAN AND ORGANIZE PLAN AND ORGANIZE DELIVER AND SUPPORT AQUIRE AND IMPLEMENT AQUIRE AND IMPLEMENT MONITOR AND EVALUATE MONITOR AND EVALUATE COBIT IT Governance Framework COBIT IT Governance Framework ITIL Framework ITIL Framework Business Perspective Service Delivery Service Support Application Management ICT Infrastructure Mgmt Security Management INFORMATION Mapping doc with COBIT V3 exists with COBIT V4.0 coming soon, See ITGI COBIT and ITIL mapping

18 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 18 - COBIT Framework provides well-defined links between:  IT Governance Requirements, IT Processes and IT Controls Top-Down Summary  COBIT framework ties businesses requirements for information and governance to the objectives of IT function  COBIT process model enables IT activities and resources to be properly managed and controlled based on control objectives and aligned and monitored using KGI and KPI metrics Bottom-Up Summary  IT resources are managed by IT processes to achieve IT goals that respond to the business requirements ©2005 IT Governance Institute (ITGI), All rights reserved COBIT Framework Model (summary)

19 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 19 - Benefits for Different Stakeholders : Reduced Risk, Improved Efficiency, Predictability, Cost-efficient use of Resources ©2005 IT Governance Institute (ITGI), All rights reserved COBIT Framework - Benefits   Executive Management - To obtain value from IT investments and balance risk and control investment in IT environment   Business Management - To obtain assurance on the management and control of IT services provided by internal or third parties   IT Management - To provide IT services that the business requires to support the business strategy in a controlled and managed way   Auditors - To substantiate their opinions and/or provide advice to management on internal controls

20 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 20 - COBIT – Widely Accepted IT Governance de facto standard   Selected as IT Governance framework and IT Internal Control framework by governments, commercial organizations and service providers (in 100+ countries) Sample organizations:   EU – European Commission Several Governments   Quebec Auditor General   Australian National Audit Office   US Department of Defense   US National Institute of Standards and Technology References COBIT   U.S. House of Representatives Adopts COBIT   US Federal Financial Institutions Examination Council (FFIEC)   Office of The State Auditor of Massachusetts   National Association of State Chief Information Officers (NASCIO)   Argentina and Uruguay governments   Colombian Bank Regulatory Body   Philippine Commission on Audit (COA) Adopts COBIT   E.g. companies: DaimlerChrysler, Royal Philips Electronics

21 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 21 - Portfolio Management Continuous Improvement Bottleneck Method IT Governance Best Practices Implementation Methods IT Processes IT Resources Business Requirements Implementing IT Governance

22 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 22 - IT Portfolio Management Selective governance processes implementation by: Populating and balancing portfolios (risks/returns, value) IT Initiatives Portfolio IT Investments Portfolio Program/Project Portfolio Services/Assets Portfolio Resource Management E.g. Services Portfolio is driven by overall IT Portfolio Management mapped to business drivers Risk Return Timing Value Investments Assets Applications Resources Services Projects IT Governance Implementation Method 1: Portfolio Management

23 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 23 - COBIT Maturity Levels Selective governance processes implementation through: IT Governance Assessment Decision on risk levels Investments decisions in security & controls Monitoring & Controlling Capability & Performance Incremental Improvements-> Raising level of maturity 0 Non-Existent 1 Initial 2 Repeatable 3 Defined 4 Managed 5 Optimized 50% 7% 30% 10% 3% ?% IT Governance Implementation Method 2: Continuous Improvement

24 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 24 - Structured Quick-Wins method used by 7% of leading organizations Principle: “applying smallest change to get the biggest positive impact” Based on: Systemic thinking Options analysis Emerging “people change techniques” What-If Analysis Analyzing Potential Bottlenecks Dependencies Timing Risk Value Activities Systems, Skills Etc. Activities Systems, Skills Etc. Impact on Service Delivery Impact on Business Drivers Most Significant Bottleneck Change Implementation IT Governance Implementation Method 3: The Bottleneck Method©

25 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 25 - Identifying “the weakest link” Prioritizing “first things first” Rapidly identifying hidden cost drivers and inefficiencies Enabling breakthrough improvements Continuous Improvement Bottleneck Method Effectiveness/Savings Time Breakthrough Improvements Fast-track effectiveness and cost savings compared with continuous improvement The Bottleneck Method© Benefits

26 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 26 - One Day COBIT Implementation Workshop Deliverable Generic or Customer Tailored Workshop IT Governance Assessment/Readiness (COBIT Based) 5 - 10 days Deliverable: Assessed Governance maturity level All Governance Committees & Processes “Skeleton” Implementation 4 – 6 weeks Deliverable: High level E-to-E Governance structure Quick-wins Process Improvements (via ‘bottleneck method’) of selected processes: 1 - 1.5 month per 3 processes Deliverable: fast-track governance maturity improvement Incremental Process Improvements (via continuous improvement) of selected processes: 3 – 6 month per 3 processes Deliverable: next process maturity level Typical IT Governance implementation projects

27 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 27 - Backup Slides

28 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 28 -  Effectiveness  Efficiency  Confidentiality  Integrity  Availability  Compliance  Reliability ©2005 IT Governance Institute (ITGI), All rights reserved Business Focused: Information Criteria

29 © IT Management Consulting Ltd., London, +44-7798 527910 governance@mrosenberg.com - 29 -  COBIT® Foundation Course  IT Control Objectives for Sarbanes-Oxley  COBIT® Security Baseline  Aligning COBIT®, ITIL® & ISO 17799 for Business Benefit  COBIT Mapping: Mapping ISO/IEC 17799:2000 With COBIT  COBIT Mapping: Mapping SEI’s CCM for SW With COBIT  COBIT Mapping: Mapping PMBOK© With CobiT 4.0  COBIT Mapping: TOGAF With CobiT 4.0  COBIT Mapping: Mapping ISO 17799:2005 With CobiT 4.0  COBIT Mapping: Mapping PRINCE2 With CobiT 4.0 Current Enhancements to COBIT

Download ppt "© IT Management Consulting Ltd., London, +44-7798 527910 Implementing IT Governance Frameworks within Regulated Institutions."

Similar presentations

Options appraisal, the business case & procurement

Options appraisal, the business case & procurement
Alignment of COBIT to Botswana IT Audit Methodology

Alignment of COBIT to Botswana IT Audit Methodology
Auditing Governance Functions

Auditing Governance Functions
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco Confidential 14854_10_2008_c1 1 Holistic Approach to Information Security Greg Carter, Cisco Security.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
IT Governance Infocom India Presentation December 6, 2006.

IT Governance Infocom India Presentation December 6, 2006.
Auditing Corporate Information Security John R. Robles Tuesday, November 1, 2005 Tel: 787-647-396.

Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.

Tax Risk Management Keeping Up with the Ever-Changing World of Corporate Tax March 27, 2007 Tax Services Bryan Slone March 27, 2007.
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
COBIT - II.

COBIT - II.
IT Governance Capability Maturity within Government

IT Governance Capability Maturity within Government
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Viewpoint Consulting – Committed to your success.

Viewpoint Consulting – Committed to your success.

Similar presentations

Ads by Google