• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Presentation - Making sense of IT governance – the ...
 

Presentation - Making sense of IT governance – the ...

on

  • 1,443 views

 

Statistics

Views

Total Views
1,443
Views on SlideShare
1,442
Embed Views
1

Actions

Likes
0
Downloads
84
Comments
0

1 Embed 1

http://www.slideshare.net 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • The Research Objective was to assess the extent to which known governance reference models, frameworks and standards address the specific governance requirements of ICT outsourcing companies. The research study was supported by a governance efficiency survey conducted on a South African subsidiary of a multinational ICT outsourcing company, where the director’s duties in respect of IT governance, were assessed. Research question: “Can a generic governance framework be formulated to address the specific governance requirements of ICT outsourcing organisations?”
  • The main objective of IT governance is, as is the case with corporate governance, to facilitate the discharge of director’s duties.
  • Governance is about meeting strategic objectives (performance) while meeting legal and regulatory, contractual and other obligatory requirements often supported by policies (conformance). The goal is to achieve both in a balanced way.
  • Criteria of good governance, governance codes and guidelines will be relevant in the court’s determination of what is regarded as an appropriate standard of conduct. The more established certain governance practices become, the more likely a court would regard conduct that conforms with these practices as meeting the required standard of care. Director’s responsibilities: It is every director's responsibility to ensure the business decisions are in line with the policies, procedures and plans that have been board sanctioned and approved. Directors have the ultimate responsibility to monitor the activities of the top management, and furthermore to act if not satisfied.
  • The King Report echoes the ITGI with the view that IT governance should be an integral part of the overall governance structures within a company that ensure that the company's IT sustains and extends the strategy and objectives The board must set the direction management should follow. In order to do this, ... the board, its members and subcommittees and all executives should assume a more significant role in terms of IT governance, and the Board should insist that a management framework for IT governance is established based on a common approach, for example COBIT (Control Objectives for Information and related Technology).
  • IT governance should focus on four key areas: strategic alignment with the business and collaborative solutions, including the focus on sustainability and the implementation of ‘green IT’ principles; value delivery: concentrating on optimising expenditure & proving the value of IT; risk management: addressing the safeguarding of IT assets, disaster recovery and continuity of operations; and resource management: optimising knowledge and IT infrastructure. Furthermore, none of these factors can be managed appropriately without performance measurement, tracking project delivery and monitoring IT services.
  • The King III key areas for IT governance maps to the COBIT Focus Areas: 1. Strategic alignment Focuses on ensuring the linkage of business and IT plans ; on defining, maintaining and validating the IT value proposition ; and on aligning IT operations with enterprise operations 2. Value delivery Creating new value for the enterprise, maintaining and extending existing value, and eliminating initiatives and assets that are not creating sufficient value. 3. Risk management Embedding risk management responsibilities in the organisation to address IT-related risks and using IT to assist in managing business risks. 4. Resource management Having the right capability to execute the strategic plan, and providing sufficient, appropriate and effective resources. 5. Performance measurement Tracking the achievement of the objectives of the enterprise to achieve goals measurable beyond conventional accounting; and compliance with specific external requirements.
  • CobiT is a globally accepted framework for IT governance based on industry standards and best practices. Once implemented, executives can ensure IT is aligned effectively with business goals and better direct the use of IT for business advantage. CobiT provides a common language for business executives to communicate goals, objectives and results with audit, IT and other professionals. VAL IT: A practice-based governance framework that can provide boards and executive management teams with practical guidance in making IT investment decisions and using IT to create enterprise value ISO 38500 : The purpose of this standard is to promote effective, efficient, and acceptable use of IT in all organisations. It sets out six principles for good corporate governance of IT: Responsibility, Strategy, Acquisition, Conformance, Performance and Human Behaviour ITIL: The UK’s Office of Government Commerce (OGC) has documented a set of good practices to assist with provisioning and managing IT services to meet the needs of an organisation... It is not a Standard but a description of good practices to be adopted by an organisation and adapted to meet its specific needs. ISO/IEC 27002: The goal of ISO/IEC 27002:2005 is to provide information to parties responsible for implementing information security within an organisation. It can be seen as a best practice for developing and maintaining security standards and management practices within an organisation to improve reliability on information security in inter-organisational relationships. Gov of Outsourcing : The objective of this domain practise document is to provide companies with the current high level approaches and best practices for outsource governance.
  • Val IT complements COBIT from a business and financial perspective. COBIT sets good practices for the means of contributing to the process of value creation, while Val IT sets good practices for the process outcomes, by providing enterprises with the structure they require to measure, monitor and optimise the realisation of business value from investment in IT. Are we doing the right things? The strategic question. Is the investment: In line with our vision Consistent with our business principles Contributing to our strategic objectives Providing optimal value, at affordable cost, at an acceptable level of risk Are we doing them the right way? The architecture question. Is the investment: In line with our architecture Consistent with our architectural principles Contributing to the population of our architecture In line with other initiatives Are we getting them done well? The delivery question. Do we have: Effective and disciplined management, delivery and change management processes Competent and available technical and business resources to deliver: The required capabilities The organisational changes required to leverage the capabilities Are we getting the benefits? The value question. Do we have: A clear and shared understanding of the expected benefits Clear accountability for realising the benefits Relevant metrics An effective benefits realisation process over the full economic life cycle of the investment
  • Status of IT governance best practise implementation: Although the best practices presented are mature, openly available and clearly described in literature, they are not necessarily being widely adopted. The 2005 ITGI/Lighthouse survey returned that on average 50-60% percent of organisations are not considering implementing these practices. This implies that in many organisations the awareness phase is yet to be initiated, and there is a lot of room for improvement in the IT governance domain.
  • The implementation of IT governance is an ongoing process, and the implementation of a governance framework is one of the first steps in this process. The Service Provider IT Governance Framework needs to mirror a largely similar arrangement at their outsource clients. The framework supplied by Val IT and COBIT needs to be supported by detail practitioner processes, for example ITIL. Various compliance requirements, for example SAS 70, the various ISO Standards, King III and the Companies Act will require either additional activities to be performed or current activities to be reviewed and adjusted to ensure compliance. Within the Outsource Client Interface, the necessary interfaces with outsourcing clients to ensure value delivery needs to be defined, which must be aligned and integrated with the Service Provider Interface at Outsource Clients.
  • According to Rottier, the generic enterprise management processes for any organisation consist of the development of enterprise strategy; strategic management of the product portfolio; and strategic management of capacity. All support processes (HR, Finance, IT, etc.) forms part of the ‘strategic management of capacity’ process. The Client Interface within an outsourcing organisation needs to integrate with the Service Provider Interface at their various clients. The degree of interfacing on each process within the Service Provider Interface depends on the contents of the outsourcing agreement, and can range from receiving information to being responsible for a significant part of a process. The client however stays accountable for the process, even where the outsourcer is responsible for the bulk of the process activities.   According to the Meta Group, each process within the Service Provider Interface should be documented in the following manner: Roles and responsibilities : To define the expectations and actions to be undertaken by the client and its service providers. Information to exchange : To define the minimum information to be shared between parties throughout the service fulfilment lifecycle. Handover points : To define the interaction points between the client and its service providers. Policies : To align the service providers’ mode of operations with the client’s strategy and the enterprise architecture, [for example governance, management, control and assurance requirements]. Multivendor matters : To ensure service providers operate effectively within a multisourced environment (e.g., ensuring that one service provider’s plans are performed with a full awareness of the impact on other service providers).   Once the Service Provider Interface has been defined, the Service Provider needs to integrate it with the Client Interface processes within his own organisation. It must be noted that there is no solitary correct organisational format for the outsourcing function within an outsource client. The structure depends on several factors which need to be considered e.g. size of the company, geographically distributed resources, degree of centralisation of the outsourced function, or vendor strategy (single or multi vendor strategy). The adequate distribution of activities and responsibilities between the partners and the hierarchical levels are the rationale for the design of the outsource governance organisation.
  • As organisations differ from each other, the governance bodies responsible for IT governance may differ from organisation to organisation. The key point is that the board needs to take full and active responsibility for ensuring that IT and business strategy are properly aligned. The way in which it chooses to do this depends upon individual circumstances. This diagram, while not intended to represent an organisational chart/structure, shows the IT governance interrelationships as applicable to an Outsourcing Service Provider. (The model has been simplified for presentation purposes and a full version of the model is available in my paper. The model can be generalised to apply to any organisation by removing the Account Management and Sales and Marketing functions) The bodies in the darker blue shade form the organisational backbone of IT governance in terms of COBIT. Whilst the IT Strategy Committee operates on board level, the IT Steering Committee, Architecture Review Board, Technology Council and Process Oversight Committee play a crucial role in the alignment on executive level. The Compliance, Audit, Risk and Security entities p rovide independent assurance to demonstrate that IT delivers what is needed, measures compliance with policies and focuses on alerts to new risks. From a Value Management perspective (shaded light blue), the Investment Services Board (ISB) is primarily accountable for managing the enterprise’s portfolio of investment programmes and existing/current services. The Value Management Office (VMO) acts as the secretariat for the ISB in managing investment and service portfolios.   According to the ITGI, it is of importance to ensure that the committees’ meetings are attended by the nominated members and that this responsibility is not delegated downwards. The delegation of these responsibilities to lower-level personnel will weaken the effectiveness of the committees and can lead to decisions that are not necessarily in the best interests of the business.  
  • As organisations differ from each other, the governance bodies responsible for IT governance may differ from organisation to organisation. The key point is that the board needs to take full and active responsibility for ensuring that IT and business strategy are properly aligned. The way in which it chooses to do this depends upon individual circumstances. This diagram, while not intended to represent an organisational chart/structure, shows the IT governance interrelationships as applicable to an Outsourcing Service Provider. (The model has been simplified for presentation purposes and a full version of the model is available in my paper. The model can be generalised to apply to any organisation by removing the Account Management and Sales and Marketing functions) The bodies in the darker blue shade form the organisational backbone of IT governance in terms of COBIT. Whilst the IT Strategy Committee operates on board level, the IT Steering Committee, Architecture Review Board, Technology Council and Process Oversight Committee play a crucial role in the alignment on executive level. The Compliance, Audit, Risk and Security entities p rovide independent assurance to demonstrate that IT delivers what is needed, measures compliance with policies and focuses on alerts to new risks. From a Value Management perspective (shaded light blue), the Investment Services Board (ISB) is primarily accountable for managing the enterprise’s portfolio of investment programmes and existing/current services. The Value Management Office (VMO) acts as the secretariat for the ISB in managing investment and service portfolios.   According to the ITGI, it is of importance to ensure that the committees’ meetings are attended by the nominated members and that this responsibility is not delegated downwards. The delegation of these responsibilities to lower-level personnel will weaken the effectiveness of the committees and can lead to decisions that are not necessarily in the best interests of the business.  
  • Although best practices are mature, openly available and clearly described in literature, they are not necessarily widely adopted. This implies that in many organisations, there is significant room for improvement in the IT governance domain of outsource service providers and clients. The research furthermore returned that current known governance reference models, frameworks and standards to a limited extent, address the specific governance requirements of ICT outsourcing companies. The overall results indicate that a focussed effort is required by SA outsource service providers and outsource clients alike to firstly assess their current state of compliance, and secondly to ensure their continual compliance to the King III principles for good IT governance. The generic IT governance framework as discussed earlier serves as a valuable contribution to this effort by providing practical models for the integration of processes and the organisation design of the service provider and outsource client.
  • It is normal for C OBI T to be used in conjunction with other good practices, standards and in-house developed guidance. C OBI T can act like an umbrella providing the framework for everything else. COBIT is focused on what is required to achieve adequate management and control of IT, and is positioned at a high level. COBIT has been aligned and harmonised with other, more detailed, IT standards and good practices COBIT acts as an integrator of these different guidance materials, summarising key objectives under one umbrella framework that also links to governance and business requirements. COSO (and similar compliant frameworks) is generally accepted as the internal control framework for enterprises. COBIT is the generally accepted internal control framework for IT.
  • This slide shows how C OBI T fits into the hierarchy—from business drivers at the top, down to specific governance processes and procedures. C OBI T is the bridge between business and enterprise governance requirements and specific IT governance practices.
  • COBIT’s information criteria: To satisfy business objectives, information needs to conform to certain control criteria, which COBIT refers to as business requirements for information. Based on the broader quality, fiduciary and security requirements, seven distinct, certainly overlapping, information criteria are defined as follows: • Effectiveness deals with information being relevant and pertinent to the business process as well as being delivered in a timely, correct, consistent and usable manner. • Efficiency concerns the provision of information through the optimal (most productive and economical) use of resources. • Confidentiality concerns the protection of sensitive information from unauthorised disclosure. • Integrity relates to the accuracy and completeness of information as well as to its validity in accordance with business values and expectations. • Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities. • Compliance deals with complying with the laws, regulations and contractual arrangements to which the business process is subject, i.e., externally imposed business criteria as well as internal policies. • Reliability relates to the provision of appropriate information for management to operate the entity and exercise its fiduciary and governance responsibilities. The COBIT domains: To govern IT effectively, it is important to appreciate the activities and risks within IT that need to be managed. They are usually ordered into the responsibility domains of plan, build, run and monitor. Within the COBIT framework, these domains are called: • Plan and Organise (PO)— Provides direction to solution delivery (AI) and service delivery (DS) • Acquire and Implement (AI)— Provides the solutions and passes them to be turned into services • Deliver and Support (DS)— Receives the solutions and makes them usable for end users • Monitor and Evaluate (ME )—Monitors all processes to ensure that the direction provided is followed Across these four domains, COBIT has identified 34 IT processes. The ME domain addresses performance management, monitoring of internal control, regulatory compliance and governance (ME4).
  • This shows all the components of COBIT and how they relate to each other.
  • Capability: Is the level of maturity required in the process to meet business requirements (ideally driven by clearly defined business and IT goals). The COBIT maturity models focus on capability and help an enterprise recognise the capability that best fits specific process requirements. Coverage: Is a measure of performance, i.e., how and where the capability needs to be deployed based on business need, and investment decisions based on costs and benefits. For example, a high level of security may have to be focused upon only for the most critical enterprise systems. Control: Is a measure of actual control and execution of the process, in managing risks and delivering the value expected in line with business requirements and risk appetite. A process may appear to be at the right capability level with the right management characteristics, but still fail because of an inadequate control design. This is an assessment against the COBIT control objectives considered necessary for the process. COBIT provides a generic maturity model for internal control, and processes PO6 and ME2 help institutionalise the need for good controls.
  • The COBIT governance framework, composed of four domains; 34 high-level control objectives; more than 200 detailed control objectives; and thousands of goals, metrics, gaps, risks and assets, is a complex system. The IT Governance Framework in its simplest form is implemented by one of the 34 COBIT processes. It however interacts heavily with a number of COBIT processes and provides the governance “link” for all the COBIT processes. This implies that, from a governance perspective, not all 34 processes needs to be implemented immediately: the decision about which processes to implement and their required maturity level should be dictated by strategic business drivers, risks and compliance requirements. To make an IT governance implementation project successful: Make IT governance a workable solution—able to deal with the challenges and pitfalls presented by IT. Focus as much on improving performance and enabling competitive advantage as preventing problems. Make IT governance a shared responsibility between the business (customer) and the IT service provider, with the full commitment and direction of the board . Align IT governance within a wider enterprise governance scheme. Boards and executive management need to extend enterprise governance to include IT, provide the necessary leadership and organisational structures, and insist on well-managed and properly controlled processes.

Presentation - Making sense of IT governance – the ... Presentation - Making sense of IT governance – the ... Presentation Transcript

  • Making sense of IT Governance – the implications of King III Presenter: Marlene Badenhorst (ACIS)
  • Content
    • Research objective and research question
    • Definitions of IT governance
    • Literature review of selected Codes, Frameworks, Standards and Best Practices
    • Assessment of the current industry application of governance concepts
    • A generic governance framework for IT governance and the governance of outsourcing
    • Conclusion
  • Research objective & research question
    • Research Objective:
    • Literature review; IT governance efficiency survey to assess:
      • Does known reference models, frameworks and standards address governance requirements of ICT outsourcing companies?
      • Current status of IT governance practices.
    • Research Question:
    • Can a generic governance framework be formulated to address these requirements?
  • What is ‘IT Governance’?
    • It is ...
    • the responsibility of the board and executive
    • It consists of...
    • The leadership, organisational structures & processes...
    • to ensure that the enterprise’s IT...
    • sustain and extend organisational strategies & objectives.
    Source: ITGI
    • Enterprise governance is about:
    • Conformance
      • Adhering to legislation, internal policies, audit requirements, etc.
    • Performance
      • Improving profitability, efficiency, effectiveness, growth, etc.
      • Enterprise governance drives IT governance
    Enterprise governance and IT governance require a balance between conformance and performance goals directed by the board. Source: ITGI Performance Conformance
  • What is the ‘governance of outsourcing’?
    • The responsibilities, roles, objectives, interfaces & controls required...
    • to anticipate change and ...
    • manage the introduction, maintenance, performance, costs and control of third-party provided services.
    Source: ITGI
  • Literature review of selected codes, frameworks, standards and best practices
  • King III requirements – the link between IT governance practices and law
    • Directors’ duty of care: ensure prudent and reasonable steps taken re IT governance.
    • Corporate governance practices, codes and guidelines lift the bar of what are regarded as appropriate standards of conduct.
    • Failure to meet a recognised standard of governance, albeit not legislated, may render a board or individual director liable at law.
  • King III requirements: IT governance
    • IT governance...
      • is the responsibility of the board;
      • should be an integral part of enterprise governance structures;
      • should be owned by the board.
    • The board must set the management direction. Required to...
      • assume more significant role in terms of IT governance, and
      • insist on establishment of an IT governance management framework:
        • To be based on a common approach, eg. COBIT.
  • King III requirements: IT Governance focus areas
    • IT governance should focus on four key areas:
    • strategic alignment with business;
    • value delivery;
    • risk management; and
    • resource management.
  • King III requirements: IT Governance focus areas
    • IT governance should focus on four key areas:
    • strategic alignment with business;
    • value delivery;
    • risk management; and
    • resource management.
    Source: ITGI COBIT focus areas PERFORMANCE MEASUREMENT RESOURCE MANAGEMENT RISK MANAGEMENT VALUE DELIVERY STRATEGIC ALIGNMENT www.itgi.org www.itgi.org
  • Context: Best Practices Source: Own source
  • Context: COBIT and VAL IT Source: Thorpe, cited by ITGI VAL IT COBIT The strategic question The value question. The architecture question The delivery question Are we getting the benefits? Are we getting them done well? Are we doing the right things? Are we doing them the right way?
  • Industry application of governance concepts
  • Status: IT Governance Best Practise Implementation Source: ITGI/Lighthouse survey 2005 72% 13% 8% 7% 66% 14% 10% 10% 66% 16% 9% 9% 61% 21% 9% 9% 50% 20% 12% 18% 51% 21% 12% 16% Active management of IT ROI Actual IT performance measurement IT Risk Management IT Value Delivery IT resource management Alignment between IT strategy and overall strategy 0% 100% Have implemented Implementing now Considering implementation Not considering implementation
  • Generic governance framework for IT and outsourcing
  • Generic governance model Source: own source Outsource Client IT Governance Framework Service Provider IT Governance Framework VAL IT COBIT Outsource Client Interface VAL IT COBIT Service Provider Interface Enterprise Governance of IT IT Governance Practitioner processes Practitioner processes Compliance require-ments Compliance require-ments
  • Generic process model Support processes Source: own source Service Provider Interface Develop enterprise strategy Strategic management of product portfolio Strategic management of capacity Manage enterprise Outsource Client (Buyer) Develop enterprise strategy Strategic management of product portfolio Strategic management of capacity Manage enterprise Support processes Service Provider Client Interface Outsource Client (n) Outsource Client 3 Outsource Client 2 Outsource Client 1 Service Provider (n) Service Provider 3 Service Provider 2 Service Provider 1
  • IT Strategy Committee Technology Council Audit Committee Sales & Marketing Compen-sation Committee Business Strategy Committee Finance Committee Board of Directors CEO Business Executives Programme Management Office (PGMO) CFO HR Compliance, Audit, Risk & Security(CARS) CIO IT Architecture Review Board Process Oversight Committee . . Account Management ‘ IT’ . . . . IT Steering Committee IT governance interrelationships (service provider perspective) Source: ITGI, own source
  • IT Strategy Committee Technology Council Audit Committee Sales & Marketing Compen-sation Committee Business Strategy Committee Finance Committee Board of Directors CEO Business Executives Investment & Services Board (ISB) Value Management Office (VMO) Programme Management Office (PGMO) CFO HR Compliance, Audit, Risk & Security(CARS) CIO IT Architecture Review Board Process Oversight Committee . . Account Management ‘ IT’ . . . . IT Steering Committee IT governance interrelationships (service provider perspective) Source: ITGI, own source
  • Conclusion
    • Best practices not widely adopted
    • Significant room for improvement in most companies’ IT governance domain
    • Governance best practices address outsourcing governance only to limited extent
    • A focussed effort is required by SA companies to ensure compliance to the King III principles for good IT governance
    • The generic framework that has been formulated addresses the need for an integrated approach to IT governance
  •  
  • Backup slides
  • Organisations will consider and use a variety of IT models, standards and best practices. These must be understood in order to consider how they can be used together, with C OBI T acting as the consolidator (‘umbrella’). ISO 9000 ISO 27002 ITIL COSO WHAT HOW
      • C OB IT & Other IT Management Frameworks
    SCOPE OF COVERAGE COBIT Source: ITGI
  • PERFORMANCE: Business Goals CONFORMANCE Basel II, Sarbanes- Oxley Act, etc. Enterprise Governance IT Governance ISO 9001:2000 ISO 27002 ISO 20000 Best Practice Standards QA Procedures Processes and Procedures Drivers C OBI T COSO Security Principles ITIL Balanced Scorecard
      • Where Does C OBI T Fit?
    Source: ITGI
  • BUSINESS OBJECTIVES AND GOVERNANCE OBJECTIVES Efficiency Applications Information Infrastructure People DELIVER AND SUPPORT MONITOR AND EVALUATE ACQUIRE AND IMPLEMENT INFORMATION IT RESOURCES C O B I T F R A M E W O R K Effectiveness Confidentiality Integrity Availability Compliance DS1 Define and manage service levels. DS2 Manage third-party services. DS3 Manage performance and capacity. DS4 Ensure continuous service. DS5 Ensure systems security. DS6 Identify and allocate costs. DS7 Educate and train users. DS8 Manage service desk and incidents. DS9 Manage the configuration. DS10 Manage problems. DS11 Manage data. DS12 Manage the physical environment. DS13 Manage operations. ME1 Monitor and evaluate IT performance. ME2 Monitor and evaluate internal control. ME3 Ensure compliance with external requirements. ME4 Provide IT governance. PO1 Define a strategic IT plan. PO2 Define the information architecture. PO3 Determine technological direction. PO4 Define the IT processes, organisation and relationships. PO5 Manage the IT investment. PO6 Communicate management aims and direction. PO7 Manage IT human resources. PO8 Manage quality. PO9 Assess and manage IT risks. PO10 Manage projects. AI1 Identify automated solutions. AI2 Acquire and maintain application software. AI3 Acquire and maintain technology infrastructure. AI4 Enable operation and use. AI5 Procure IT resources. AI6 Manage changes. AI7 Install and accredit solutions and changes. PLAN AND ORGANISE Reliability COBIT Framework Source: ITGI
      • Interrelationship of the COBIT Components
    Source: ITGI Responsibility & Accountability Chart Performance Indicators Key Activities Control Practices Control Design Tests Maturity Models Outcome Measures Control Outcome Tests Control Objectives IT Processes IT Goals Business Goals performed by requirements information broken down into for performance for outcome for maturity audited with implemented with based on derived from measured by audited with controlled by
  • Dimensions of Maturity Source: ITGI 100 % 0 1 2 3 4 5 HOW (capability) HOW MUCH (coverage) WHAT (control) IT Mission and Goals Return on Investment and Cost-efficiency Risk and Compliance Primary Drivers
  • VAL IT domains & processes Source: ITGI Develop and initiate the initial programme business case Understand the candidate programme & implementation options Develop full life-cycle costs and benefits Develop the programme plan Develop the detailed candidate programme business case Update operational IT portfolios Launch and manage the programme Update the business case Retire the programme Monitor and report on the programme Investment Management (IM) Establish strategic direction and target investment mix Manage the availability of human resources Determine the availability and sources of funds Evaluate and select programmes to fund Optimise investment portfolio performance Monitor and report on investment portfolio performance Portfolio Management (PM) Establish informed and committed leadership Define portfolio characteristics Define and implement processes Align & integrate value management with enterprise financial planning Continuously improve value management practices Establish effective governance monitoring Value Governance (VG)
  • Road map to IT governance Source: ITGI Raise awareness & obtain management commitment Identify Needs Define scope Define risks Define resources and deliverables Plan programme Envision solution Assess actual performance Define target for improvement Analyse gaps and identify improvements Plan solution Define projects Define improvement plan Implement solution Implement the improvements Monitor implementation performance Review programme effectiveness Operationalise solution Build sustainability Identify new governance requirements