2. Opening Questions and Agenda • What do you mean by Governance? • What do you mean by Management? • What is the difference between Governance and Management? • What is IT Governance? • What is Information Security Governance? From here, we will imply the meaning of Governance in “corporate context” only.
3. GovernanceGovernance is the system by which an organization is directedand controlled.It consists of a set of responsibilities that give strategicguidance to management to run the organization smoothly.
4. Governance and the “Board”A Board comprises of typically Directors, management representative (CEO), majorshareholders and other stakeholders. Collectively they constitute Board of Directors.The Board of Directors is the legal representative of the Governance of the organization.The Board extends the accountability of all people who are directly involved in “business”. Information Security Corporate Governance Governance IT Governance
5. Relation between Shareholders, Board of Directors and Management
6. Board Functions Company Vision Company Risk Values Mitigation Functions Protect of the OptimumShareholderConfidence Board Resource Utilization Adhere to Design compliance Policies and mandates Procedures
7. Comparison between Governance and Management
8. Responsibility Governance Management Sets policy in areas of financial Develops procedures that match board management, conflict of policy; implementation of the boards’ Policies and interests; reviews procedures, policies on a daily basis Procedures recommends updates and changes as needed; monitors organization’s compliance Develops and implements a Arranges logistics for planning board planning process, processes; writes objectives; develops defines organization’s vision; work plans, timelines; implements work Planning develops mission statement; plans; makes progress reports and sets goals; reviews and submits to Board approves objectives Ensures efficient financial Develops and implements financial policies and procedures and in management procedures as decided by accordance with the law Board; develops budgets; performs meeting the requirements of financial management tasks ; submits Finance funders; revises and approves regular financial reports to the board; budgets; reviews financial provides information to the auditor; reports; selects auditor and submits required reports to funders reviews audit;
9. Responsibility Governance Management Prepares agenda for meetings Assists with development of agendas for of the directors; decides what meetings of the directors; suggest Board committees are needed to committees or committee members to Operations accomplish its work; monitors board; sets up meetings, prepares and evaluates work of meeting minutes committees Hires, fires and evaluates the Hires, fires and evaluates the employees. chief executives. Determine Determines salaries of lower Personnel salaries of senior level management and employees management, prepares succession plan Develops strategies to acquire Assists with the development of Resource resources needed to pursue strategies; implements resourceDevelopment organization’s missions and strategies assigned by the Board objectives Evaluates chief executive and Evaluates staff; provides directors with the match between the information they need to evaluate match Evaluation organization’s vision and between the organization’s vision and mission and its activities and mission and its accomplishments; accomplishments; conducts project evaluation
10. IT Governance Corporate GovernanceIt is a subset of corporate Governance whichaddresses issues on how IT is applied across the ITorganization. GovernanceIT Governance governs IT assets and resources. Thatway, a better understanding of Total Cost ofOwnership (TCO) is achieved for IT assets.Helps to align IT objectives with business objectives producing significant business valuewhich is measurable and quantifiable.It is directly used by Directors on behalf of stakeholders who expect a return on theirinvestment. Associated Framework(s) • Control Objectives for Information and Related Technology (COBIT), • ISO/IEC 38500: IT Governance
11. How IT Governance is different from IT Management ? IT Governance IT ManagementDirectly used by the board members Acts as an execution body whichor directors who function on behalf functions as per the directions andof stakeholders/shareholders who goals set forward by the board.have invested their money in theorganizationMakes sure that IT objectives are Involved in implementation such asaligned with the business objectives budgeting, staffing, organizing andproducing measurable business controlling IT operations and assets. Itvalue essential for the growth of the is also involved in other aspects such asorganization. change management, software design, network planning, tech support etc.Brings in accountability within the Focuses on managing IT assets inenterprise due to the shared accordance with business needs andresponsibility of both the directors priorities.and shareholders
12. Information Security Corporate GovernanceGovernance (ISG) Information SecurityIt is a subset of corporate Governance which Governance (ISG)addresses issues on how Information Security isimplemented across the organization.ISG works in close tandem with IT Governance as well as the Organizational RiskManagement function; it provides effective controls for any leakage of confidentialinformation from the organization. It keeps businesses engaged in rapidly evolvingtechnological areasISG ensures service continuity and availability. By engaging in regular risk assessmentsit provides information about the risk appetite of the organization.It helps the board to take informed decisions before venturing into investments fornew business areas.ISG provides a peace of mind to stakeholders and shareholders that their investmentsare in "safe" state.
13. Implementing good IS Governance• Is your IS Governance delivering value?• Is your IS Governance well planned?• Is your IS Governance well managed and measurable?• Is your IS Governance able to properly manage and mitigate risk?