Your SlideShare is downloading. ×
IT governance by Erik Guldentops
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

IT governance by Erik Guldentops

1,478
views

Published on

Erik Guldentops - management consultant en gastdocent Antwerp Management School …

Erik Guldentops - management consultant en gastdocent Antwerp Management School
IT governance

Published in: Business, Economy & Finance

1 Comment
0 Likes
Statistics
Notes
  • Be the first to like this

No Downloads
Views
Total Views
1,478
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
193
Comments
1
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 19-21 September Ghent Belgium IT Governance “How to deal with IT Value and IT Risk” Erik Guldentops Lecturer Antwerp Management School ErikGuldentops IT Governance Briefing eg_19092012 page 1 of 27
  • 2. Enterprise Governance of IT Strategic alignment Defining with the businsess how to achieve value whileFive mitigating riskdomains but Performance Mngnt Measuring how desiredreally only value is achieved and risk containedtwo subjects Resource Mngnt Acquiring and maintaining all that is necessary to achieve value and contain risk Erik Risk and ValueGuldentops IT Governance Briefing eg_19092012 page 2 of 27
  • 3. ErikGuldentops IT Governance Briefing eg_19092012 page 3 of 27
  • 4. IT Governance vs. IT Management IT GOVERNANCE Set Objectives • IT is aligned with the business • IT enables the business and maximises benefits • IT resources are used responsibly Evaluate • IT-related risks are managed appropriately Provide performance direction Measure and Translate report direction into performance Translate strategy into action strategy • Increase automation (make the business effective) • Decrease cost (make the enterprise efficient) • Manage risks (security, reliability & compliance) IT MANAGEMENT ErikGuldentops IT Governance Briefing eg_&9092012 pg 4 of 27
  • 5. Enterprise Governance of IT Board Executive LineManagement Erik Guldentops IT Governance Briefing eg_&9092012 pg 5 of 27
  • 6. Implementing Enterprise Governance of IT How do we know Where do we we are What are we want to be? progressing? doing about it? •Delivery Performance Portfolio •Service Quality • Programmes Objectives •Resource Utilisation •Benefits Realisation • Services •Risk Reduction • Resources Strategy Scorecards Business Cases Are the engines of IT Governance ErikGuldentops IT Governance Briefing eg_&9092012 pg 6 of 27
  • 7. Implementing Enterprise Governance of IT Metrics Inputs WHAT ? Outputs Responsibility & Goals Activities Accountability ? Performance HOW Metrics needs a process structure ErikGuldentops IT Governance Briefing eg_&9092012 pg 7 of 27
  • 8. Implementing Enterprise Governance of IT BUSINESS OBJECTIVES AND GOVERNANCE OBJECTIVES COBITME1 Monitor and evaluate IT PO1 Define a strategic IT plan. performance. PO2 Define the informationME2 Monitor and evaluate internal INFORMATION architecture. control. PO3 Determine technological direction.ME3 Ensure compliance with external requirements. Efficiency Integrity PO4 Define the IT processes, organization, and relationships.ME4 Provide IT governance. Effectiveness Availability PO5 Manage the IT investment. Compliance Confidentiality PO6 Communicate management aims Reliability and direction. MONITOR PLAN PO7 Manage IT human resources. AND AND PO8 Manage quality. EVALUATE ORGANIZE PO9 Assess and manage IT risks.DS1 Define and manage service levels. IT PO10 Manage projects.DS2 Manage third-party services. RESOURCESDS3 Manage performance and capacity.DS4 Ensure continuous service.DS5 Ensure systems security. ApplicationsDS6 Identify and allocate costs. AI1 Identify automated solutions. InformationDS7 Educate and train users. Infrastructure AI2 Acquire and maintain applicationDS8 Manage the service desk and People software. incidents. DELIVER AI3 Acquire and maintain technology ACQUIREDS9 Manage the configuration. AND infrastructure. ANDDS10 Manage problems. SUPPORT IMPLEMENT AI4 Enable operation and use.DS11 Manage data. AI5 Procure IT resources.DS12 Manage the physical environment. AI6 Manage changes.DS13 Manage operations. AI7 Install and accredit solutions and change. Erik Guldentops IT Governance Briefing eg_&9092012 pg 8 of 27
  • 9. Implementing Enterprise Governance of IT www.isaca.org ErikGuldentops IT Governance Briefing eg_&9092012 pg 9 of 27
  • 10. CobiT can be overwhelming ErikGuldentops IT Governance Briefing eg_19092012 page 10 of 27
  • 11. CobiT can be overwhelming ErikGuldentops IT Governance Briefing eg_19092012 page 11 of 27
  • 12. CobiT QuickStart for Small and Medium Sized Enterprised One objective Four practices Three critical success factors Two metrics ErikGuldentops IT Governance Briefing A simple progress measure eg_&9092012 pg 12 of 27
  • 13. SuitabilityCobiT QuickStart Assessment Span of control Communications pathApplicable to IT Sophistication IT Strategic Importance whom? IT Expenditure Segregation Sanity Check Risk Liabilities Compliance Past Problems Future Needs Required Expertise Erik Guldentops IT Governance Briefing eg_&9092012 pg 13 of 27
  • 14. What did 70 CISOCIO’s say about CIOIT Frameworks ? IT Governance Service Delivery Information Security CIONet Survey, Sep 2011 CobiT ITIL ISO27001 ErikGuldentops IT Governance Briefing eg_&9092012 pg 14 of 27
  • 15. Why implementan ITGovernanceFramework? CIONet Survey, Sep 2011 ErikGuldentops IT Governance Briefing eg_&9092012 pg 15 of 27
  • 16. What were the expected and actual benefits? Improved EFFICIENCY enterprise processes Extended staff capabilities Better service delivery EFFECTIVENESS Faster solution delivery Increased innovation expected RISK Reduced risk actual CIONet Survey, Sep 2011 ErikGuldentops IT Governance Briefing eg_&9092012 pg 16 of 27
  • 17. How did theymeasurebenefits? CIONet Survey, Sep 2011 ErikGuldentops IT Governance Briefing eg_&9092012 pg 17 of 27
  • 18. Relationship IT Governance Practices and Benefits Clustered Correlations PROCESS • Define a strategic IT plan • Manage the IT investment • Communicate management aims and direction IT • Assess and manage IT risks • Identify automated solutions • Acquire & maintain applications and infrastructure • Portfolio and investment management • Align the IT strategy to the business strategy GOAL • Provide service offerings and service levels in line with business IT reqrmnts • Acquire, develop and maintain IT skills that respond to the IT strategy • Ensure that IT demonstrates continuous improvement and readiness for future change • Cost optimisation of service delivery and business processes BUSINESS • Obtain reliable and useful information for strategic decision-making GOAL • Improve and maintain business process functionality and operational productivity • Enable and manage business change IT Governance Institue, Sep 2008 ErikGuldentops IT Governance Briefing eg_&9092012 pg 18 of 27
  • 19. IT Governance Implementation: Lessons Learned • Common language and common framework • Higher maturity • Better organisation • More useful management information • “IT really works” • Complexity • Less results than expected • High learning curve managers • Bogged down in details/paperwork • High level of senior management support required CIONet Survey, Sep 2011 ErikGuldentops IT Governance Briefing eg_&9092012 pg 19 of 27
  • 20. IT Governance Implementation: Lessons Learned Adoption of frameworks is not a simple nor self-contained project with measured costs. It is a gradual shift and inter-relates with many other initiatives. ErikGuldentops IT Governance Briefing eg_&9092012 pg 20 of 27
  • 21. Some notes on Risk and Value CIONet Survey, Sep 2012 ErikGuldentops IT Governance Briefing eg_&9092012 pg 21 of 27
  • 22. Some notes on Risk and Value For both riskand value, accept uncertainty and deal with it! ErikGuldentops IT Governance Briefing eg_&9092012 pg 22 of 27
  • 23. IT Value Research ErikGuldentops IT Governance Briefing eg_&9092012 pg 23 of 27
  • 24. IT Value Research ErikGuldentops IT Governance Briefing eg_&9092012 pg 24 of 27
  • 25. www.isaca.org ErikGuldentops IT Governance Briefing eg_&9092012 pg 25 of 27
  • 26. So what is the ROI on IT Governance Practices? In October 2006 Mc Kinsey and the London School of Economics measured the increase in productivity from investments in IT versus investments in management practices in 100 enterprises. + Management Practices Score 75th percentile +8% +20%1 and above 25th percentile 0 +2% and above - Intensity of IT deployment + 25th percentile 75th percentile and above and above ErikGuldentops IT Governance Briefing eg_&9092012 pg 26 of 27
  • 27. 19-21 September Ghent Belgium IT Governance “How to deal with IT Value and IT Risk” Erik Guldentops Lecturer Antwerp Management School ErikGuldentops IT Governance Briefing eg_19092012 page 27 of 27