IT Governance

  • 444 views
Uploaded on

Presentation on IT Governance delivered for the ISACA Toronto Chapter

Presentation on IT Governance delivered for the ISACA Toronto Chapter

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to like this
No Downloads

Views

Total Views
444
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
53
Comments
1
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. IT Governance November, 2013
  • 2. @CarlosChalicoT #ISACA_ITG 2 IT Governance
  • 3. @CarlosChalicoT #ISACA_ITG 3 IT Governance
  • 4. @CarlosChalicoT #ISACA_ITG 4 IT Governance
  • 5. @CarlosChalicoT #ISACA_ITG 5 IT Governance
  • 6. @CarlosChalicoT #ISACA_ITG 6 Quote Robert Frost “The brain is a wonderful organ; it starts working the moment you get up in the morning and does not stop until you get into the office”
  • 7. @CarlosChalicoT #ISACA_ITG Carlos Chalico CISA, CISSP, CISM, CGEIT, CRISC, ISO27000 LA, PbD Ambassador Ouest Business Solutions Inc. Director Eastern Region 7 IT Governance
  • 8. @CarlosChalicoT #ISACA_ITG What´s in this for you? By the end of this session you will: ! • Understand the concept of governance, IT governance and its difference against IT management • Know the advantages of defining an effective IT Governance model • Know some frameworks available to define IT Governance (COBIT, ISO 38500) 8
  • 9. @CarlosChalicoT #ISACA_ITG First things first 9 Title: Elephant In The Room Artist: Leah Saulnier The Painting Maniac Medium: Painting - Oil
  • 10. @CarlosChalicoT #ISACA_ITG 10 Quote “Management must manage” Harold S. Geneen
  • 11. @CarlosChalicoT #ISACA_ITG So, what does this mean? Governance 11
  • 12. @CarlosChalicoT #ISACA_ITG FromWikipedia Governance is the act of governing. It relates to decisions that define expectations, grant power, or verify performance. It consists of either a separate process or part of decision-making or leadership processes. In modern nation-states, these processes and systems are typically administered by a government. 12
  • 13. @CarlosChalicoT #ISACA_ITG FromWikipedia Governance is the act of governing. It relates to decisions that define expectations, grant power, or verify performance. It consists of either a separate process or part of decision-making or leadership processes. In modern nation-states, these processes and systems are typically administered by a government. 13
  • 14. @CarlosChalicoT #ISACA_ITG From OECD 14 Corporate governance is one key element in improving economic efficiency and growth as well as enhancing investor confidence. Corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are se, and the means of attaining those objectives and monitoring performance are determined. http://www.oecd.org/corporate/ca/corporategovernanceprinciples/31557724.pdf
  • 15. @CarlosChalicoT #ISACA_ITG From OECD 15 Corporate governance is one key element in improving economic efficiency and growth as well as enhancing investor confidence. Corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined. http://www.oecd.org/corporate/ca/corporategovernanceprinciples/31557724.pdf
  • 16. @CarlosChalicoT #ISACA_ITG Other Sources 16
  • 17. @CarlosChalicoT #ISACA_ITG Key Points 17 ! •Relationships ! •Management •Board •Shareholders •Stakeholders ! •Structure ! •Objectives of the organization ! •Monitoring performance ! •Economic efficiency and growth ! •Confidence
  • 18. @CarlosChalicoT #ISACA_ITG 18 Quote Alison Holt “Organizations with good governance practices in place can be shown to be more successful than organizations without”
  • 19. @CarlosChalicoT #ISACA_ITG Turning Risk Into Results 19
  • 20. @CarlosChalicoT #ISACA_ITG Turning Risk Into Results 20
  • 21. @CarlosChalicoT #ISACA_ITG 21 Quote “Corporate governance is the system by which companies are directed and controlled” Adrian Cadbury
  • 22. @CarlosChalicoT #ISACA_ITG 22 So, what does this mean? IT Governance
  • 23. @CarlosChalicoT #ISACA_ITG 23 So, what does this mean?
  • 24. @CarlosChalicoT #ISACA_ITG 24 So, what does this mean? HBRHarvard Business Review http://blogs.hbr.org/2013/08/todays-cto-needs-to-become/ http://blogs.hbr.org/cs/2013/07/todays_cio_needs_to_be_the_chi.html CIO CTO
  • 25. @CarlosChalicoT #ISACA_ITG So, what does this mean? CIO Information Innovation
  • 26. @CarlosChalicoT #ISACA_ITG So, what does this mean? CTO Technology Transformation
  • 27. @CarlosChalicoT #ISACA_ITG 27 So, what does this mean? Innovate Transform Value
  • 28. @CarlosChalicoT #ISACA_ITG 28 So, what does this mean? Know Control Measure Rely IT Processes Infrastructure Elements
  • 29. @CarlosChalicoT #ISACA_ITG 29 So, what does this mean? In essence, the governance of IT is the theory that enables an organisation’s principal decision makers to make better decisions around IT and, at the same time, provides guidance for IT managers who are tasked with IT operations and the design, development and implementation of IT solutions.
  • 30. @CarlosChalicoT #ISACA_ITG 30 So, what does this mean? • Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives. • Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.
  • 31. @CarlosChalicoT #ISACA_ITG 31 So, what does this mean? The action of the board or governing body to direct IT activities and to build a decision-making model, combined with the action of the IT management teams to develop supporting systems, processes and procedures, result in the development of an IT governance framework. What to do How to do it
  • 32. @CarlosChalicoT #ISACA_ITG 32 Why IT Governance? • “Due diligence” • IT is critical to the business (and pervasive) • IT is strategic to the business • Expectations and reality don’t match • IT hasn’t gotten the attention it deserves (yet) • IT may involve huge investments and large risks
  • 33. @CarlosChalicoT #ISACA_ITG 33 Why IT Governance? IT Governance FrameworkCulture Goals Characteristics Organization
  • 34. @CarlosChalicoT #ISACA_ITG 34 Why IT Governance?
  • 35. @CarlosChalicoT #ISACA_ITG 35 Why IT Governance? 834
  • 36. @CarlosChalicoT #ISACA_ITG 36 Why IT Governance?
  • 37. @CarlosChalicoT #ISACA_ITG 37 Why IT Governance?
  • 38. @CarlosChalicoT #ISACA_ITG 38 Why IT Governance?
  • 39. @CarlosChalicoT #ISACA_ITG 39 Why IT Governance?
  • 40. @CarlosChalicoT #ISACA_ITG 40 Why IT Governance?
  • 41. @CarlosChalicoT #ISACA_ITG 41 Why IT Governance?
  • 42. @CarlosChalicoT #ISACA_ITG 42 Why IT Governance?
  • 43. @CarlosChalicoT #ISACA_ITG 43 Why IT Governance? GEIT IT value delivery Mitigation of • Strategic alignment • Resources availability & Mgt • Monitoring Objectives IT-related risks to the business
  • 44. @CarlosChalicoT #ISACA_ITG 44 Why IT Governance? ITGI identifies five focus areas of GEIT: • Strategic alignment • Value delivery • Risk management • Resource management • Performance measurement
  • 45. @CarlosChalicoT #ISACA_ITG 45 Why IT Governance?
  • 46. @CarlosChalicoT #ISACA_ITG 46 Why IT Governance?
  • 47. @CarlosChalicoT #ISACA_ITG Available Frameworks 47 ISO 38500 COBIT 5
  • 48. @CarlosChalicoT #ISACA_ITG 48 Quote Alison Holt “A tool is only a tool if it helps you and your business”
  • 49. IT Governance November, 2013 Break!
  • 50. @CarlosChalicoT #ISACA_ITG Why IT Governance? 50
  • 51. @CarlosChalicoT #ISACA_ITG 51 Quote Alison Holt “Where there is poor organisational governance practice in place, it will be difficult to implement good IT and information practice that delivers consistent quality deliverables”
  • 52. @CarlosChalicoT #ISACA_ITG What is ISO? 52 • International Organization for Standardization • World’s largest developer of voluntary standards • Founded in 1947 • 19,500 standards released • Members from 164 countries • Headquartered in Geneva, Switzerland The Boys. 65 delegates from 25 countries. London, 1946. http://www.iso.org
  • 53. @CarlosChalicoT #ISACA_ITG What is a Standard? 53 “A document that provides requirements, specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose. ISO standards can be purchased from the ISO store or from our members” Office in La Voie Creuse, Geneva, Switzerland, 2007. http://www.iso.org
  • 54. @CarlosChalicoT #ISACA_ITG What are the benefits? 54 “ISO International Standards ensure that products and services are safe, reliable and of good quality. For business, they are strategic tools that reduce costs by minimizing waste and errors, and increasing productivity.They help companies to access new markets, level the playing field for developing countries and facilitate free and fair global trade” http://www.iso.org
  • 55. @CarlosChalicoT #ISACA_ITG ISO/IEC 38500:2008 55 • Provides guiding principles for directors of organizations (owners, board members, partners, senior executives) on the effective, efficient, and acceptable use of IT within their organizations • Applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization.These processes could be controlled by IT specialists within the organization, external service providers, or business units within the organization. • It also provides guidance to those advising, informing, or assisting directors (this includes IT auditors) http://www.iso.org
  • 56. @CarlosChalicoT #ISACA_ITG ISO/IEC 38500:2008 56 • Based on Australian Standard AS 8015-2005 • Submitted for Fast Track ISO adoption • Alison Holt • New Zealand • Longitude 174 • Co-chaired ISO’s working group for IT Governance Framework standards http://www.ramin.com.au/itgovernance/as8015.html
  • 57. @CarlosChalicoT #ISACA_ITG 57 Quote Alison Holt “Implementing IT governance is not necessarily a quick process, but it is effective”
  • 58. @CarlosChalicoT #ISACA_ITG 58 ISO/IEC 38500:2008
  • 59. @CarlosChalicoT #ISACA_ITG 59 Process 1 Process 2 Process 3 Process n Information Technology Processes Pervasiveness ISO/IEC 38500:2008 Goal ISO 38500 Guidelines Directors Senior Executives Effective Efficient Acceptable ICTUse
  • 60. @CarlosChalicoT #ISACA_ITG 60 Quote “May the Force be with you” Obi Wan Kenobi
  • 61. @CarlosChalicoT #ISACA_ITG IT potential problems 61 • Different areas of the organisation have different relationships with different IT vendors • IT systems evolve independently with no united direction or strategy • IT systems under/over-perform • IT managers don’t understand the operation • Operational managers don’t understand IT • No sense of ownership on data, infrastructure and processes • Users frustrated for, apparently, not having enough resources • Nobody thinks or wants the CIO, except when there is a problem.
  • 62. @CarlosChalicoT #ISACA_ITG 62 ISO/IEC 38500:2008 ISO 38500 Scope, Application, Objectives Framework Guidance
  • 63. @CarlosChalicoT #ISACA_ITG Scope,Application, Objectives 63 Goal ISO 38500 Guidelines Directors Senior Executives Effective Efficient Acceptable ICTUse Confidence Stakeholders
  • 64. @CarlosChalicoT #ISACA_ITG 64 ISO/IEC 38500:2008 ISO 38500 Scope, Application, Objectives Framework Guidance
  • 65. @CarlosChalicoT #ISACA_ITG Framework 65 ISO 38500 Six Principles Model IT Governance IT Management 1. Responsibility 2. Strategy 3. Acquisition 4. Performance 5. Conformance 6. Human Behaviour
  • 66. @CarlosChalicoT #ISACA_ITG Responsibility 66 • Everyone understands and accepts his or her responsibility ! • This includes supply of and demand for IT ! • Those with responsibility for actions also have the authority to perform those actions
  • 67. @CarlosChalicoT #ISACA_ITG Responsibility 67
  • 68. @CarlosChalicoT #ISACA_ITG Responsibility 68 • The CIO that was not respected, even with an ISSP communicated and authorized • The “Perfect” Operational Director • The “jumping” requirements • The eternal “Yes” CIO • The 24x7x52xFOREVER HR requirement
  • 69. @CarlosChalicoT #ISACA_ITG Strategy 69 • Organisation’s business strategy considers current and future capabilities of IT ! • Strategic plans for IT satisfy the current and ongoing needs of the organisation
  • 70. @CarlosChalicoT #ISACA_ITG Strategy 70 • “With that money I can setup a new branch” • “Hey, that IT strategy made me think that the operational strategy needs to be re-visited”
  • 71. @CarlosChalicoT #ISACA_ITG 71 Strategy ?
  • 72. @CarlosChalicoT #ISACA_ITG Acquisition 72 • IT acquisitions are made for valid reasons ! • Appropriate analysis is made to support purchasing decisions ! • There is a balance among benefits, opportunities, costs and risks in the short and long term
  • 73. @CarlosChalicoT #ISACA_ITG Acquisition 73 • Some suggestions: • Understand required benefits • Informal chats with vendors • Define a formal purchasing process • Visit other organisations that are doing what you want to do • Understand the “do nothing” option • Check out references
  • 74. @CarlosChalicoT #ISACA_ITG Acquisition 74 Time and budget are important, but… ! …having the organisation understanding the motives is critical
  • 75. @CarlosChalicoT #ISACA_ITG Performance 75 • IT fits the requirements to support the organisation ! • IT provides services, levels of service and service quality required to meet the organisation’s current and future requirements
  • 76. @CarlosChalicoT #ISACA_ITG Performance 76 • Under-PerformanceVs. Over-Performance • We often over-procure for reasons of convenience • How would you react if your main server starts running out of space?
  • 77. @CarlosChalicoT #ISACA_ITG Conformance 77 • IT complies and supports compliance ! • Policies and practices are clearly defined, implemented and enforced
  • 78. @CarlosChalicoT #ISACA_ITG Conformance 78 • How easy has been for your company to configure the systems to comply with laws and regulations? Compliance on IT Systems Process Process 2 Process Process Change Change
  • 79. @CarlosChalicoT #ISACA_ITG Human Behaviour 79 • IT policies, practices and decisions show respect for human behaviour ! • This includes current and evolving needs of all of the people in the processes
  • 80. @CarlosChalicoT #ISACA_ITG Human Behaviour 80 • Have you defined policies to make clear how you want your IT systems to be used? • How are you balancing personalVs. professional use of the corporate IT resources? • Is your management team setting the tone? • How are you connecting with customers, providers, authority?
  • 81. @CarlosChalicoT #ISACA_ITG 81 ISO/IEC 38500:2008 ISO 38500 Scope, Application, Objectives Framework Guidance
  • 82. @CarlosChalicoT #ISACA_ITG Guidance 82 • Provides examples for the application of each one of the six principles
  • 83. @CarlosChalicoT #ISACA_ITG Guidance 83 • Additional documents: • Cloud computing • IT Audit • Digital forensics • Interoperability • Business frameworks
  • 84. @CarlosChalicoT #ISACA_ITG 84 Quote “Nothing will work unless you do” Maya Angelou
  • 85. @CarlosChalicoT #ISACA_ITG Implementing ISO 38500 85 Implementation Design and Definition Communication and awareness IT controls Policies and procedures Plan development Business processes improvements Current State Assessment Continuous Improvement Auditing Operation Monitoring Third parties considerations Extended IT governance IT processes improvements Problems identification Training and testing Adjustments Monitoring controls Reporting Audit guidelines Responsibility assignment
  • 86. IT Governance November, 2013 Break!
  • 87. @CarlosChalicoT #ISACA_ITG How has COBIT dealt with IT Governance? 87 Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
  • 88. @CarlosChalicoT #ISACA_ITG How has COBIT dealt with IT Governance? 88 • Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives (EDM) • Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM)
  • 89. @CarlosChalicoT #ISACA_ITG How has COBIT dealt with IT Governance? 89 COBIT 5 brings together the five principles that allow the enterprise to build an effective governance and management framework based on a holistic set of seven enablers that optimises information and technology investment and use for the benefit of stakeholders.
  • 90. @CarlosChalicoT #ISACA_ITG How has COBIT dealt with IT Governance? 90 IT Governance COBIT4.0/4.1 Management COBIT3 Control COBIT2 A business framework from ISACA, at www.isaca.org/cobit Audit COBIT1 2005/720001998 Evolutionofscope 1996 2012 Val IT 2.0 (2008) Risk IT (2009) © 2012 ISACA® All rights reserved.
  • 91. @CarlosChalicoT #ISACA_ITG COBIT Principles 91 • Meeting stakeholder needs • Covering the enterprise end-to-end • Applying a single integrated framework • Enabling a holistic approach • Separating governance from management
  • 92. @CarlosChalicoT #ISACA_ITG Meeting Stakeholder Needs 92 Enterprises exist to create value for their stakeholders.
  • 93. @CarlosChalicoT #ISACA_ITG 9393 • Enterprises have many stakeholders, and ‘creating value’ means different—and sometimes conflicting—things to each of them. • Governance is about negotiating and deciding amongst different stakeholders’ value interests. • The governance system should consider all stakeholders when making benefit, resource and risk assessment decisions. • For each decision, the following can and should be asked: • Who receives the benefits? • Who bears the risk? • What resources are required? Meeting Stakeholder Needs
  • 94. @CarlosChalicoT #ISACA_ITG 9494 Meeting Stakeholder Needs • Stakeholder needs have to be transformed into an enterprise’s actionable strategy. • The COBIT 5 goals cascade translates stakeholder needs into specific, actionable and customised goals within the context of the enterprise, IT- related goals and enabler goals. Source: COBIT® 5, figure 4. © 2012 ISACA® All rights reserved.
  • 95. @CarlosChalicoT #ISACA_ITG 9595 Meeting Stakeholder Needs • Benefits of the COBIT 5 goals cascade: • It allows the definition of priorities for implementation, improvement and assurance of enterprise governance of IT based on (strategic) objectives of the enterprise and the related risk. • In practice, the goals cascade: • Defines relevant and tangible goals and objectives at various levels of responsibility. • Filters the knowledge base of COBIT 5, based on enterprise goals to extract relevant guidance for inclusion in specific implementation, improvement or assurance projects. • Clearly identifies and communicates how (sometimes very operational) enablers are important to achieve enterprise goals.
  • 96. @CarlosChalicoT #ISACA_ITG 9696 Covering the enterprise ent-to-end • COBIT 5 addresses the governance and management of information and related technology from an enterprisewide, end-to-end perspective. • This means that COBIT 5: • Integrates governance of enterprise IT into enterprise governance, i.e., the governance system for enterprise IT proposed by COBIT 5 integrates seamlessly in any governance system because COBIT 5 aligns with the latest views on governance. • Covers all functions and processes within the enterprise; COBIT 5 does not focus only on the ‘IT function’, but treats information and related technologies as assets that need to be dealt with just like any other asset by everyone in the enterprise.
  • 97. @CarlosChalicoT #ISACA_ITG 9797 Covering the enterprise ent-to-end Key Components of a governance system Source: COBIT® 5, figure 9. © 2012 ISACA® All rights reserved. Source: COBIT® 5, figure 8. © 2012 ISACA® All rights reserved.
  • 98. @CarlosChalicoT #ISACA_ITG 98 Applying a single integrated framework • COBIT 5 aligns with the latest relevant other standards and frameworks used by enterprises: • Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000 • IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series,TOGAF, PMBOK/PRINCE2, CMMI • This allows the enterprise to use COBIT 5 as the overarching governance and management framework integrator. • ISACA plans a capability to facilitate COBIT user mapping of practices and activities to third-party references.
  • 99. @CarlosChalicoT #ISACA_ITG 99 Enabling a holistic approach • COBIT 5 enablers are: • Factors that, individually and collectively, influence whether something will work—in the case of COBIT, governance and management over enterprise IT • Driven by the goals cascade, i.e., higher-level IT-related goals define what the different enablers should achieve • Described by the COBIT 5 framework in seven categories
  • 100. @CarlosChalicoT #ISACA_ITG 100 Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved. Enabling a holistic approach
  • 101. @CarlosChalicoT #ISACA_ITG 101 Enabling a holistic approach • Processes—Describe an organised set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals • Organizational structures—Are the key decision- making entities in an organization • Culture, ethics and behavior—Of individuals and of the organization; very often underestimated as a success factor in governance and management activities
  • 102. @CarlosChalicoT #ISACA_ITG 102 Enabling a holistic approach • Principles, policies and frameworks—Are the vehicles to translate the desired behaviour into practical guidance for day-to-day management • Information—Is pervasive throughout any organisation, i.e., deals with all information produced and used by the enterprise. Information is required for keeping the organisation running and well governed, but at the operational level, information is very often the key product of the enterprise itself.
  • 103. @CarlosChalicoT #ISACA_ITG 103 Enabling a holistic approach • Services, infrastructure and applications—Include the infrastructure, technology and applications that provide the enterprise with information technology processing and services • People, skills and competencies—Are linked to people and are required for successful completion of all activities and for making correct decisions and taking corrective actions
  • 104. @CarlosChalicoT #ISACA_ITG 104 Enabling a holistic approach • Systemic governance and management through interconnected enablers—To achieve the main objectives of the enterprise, it must always consider an interconnected set of enablers, i.e., each enabler: • Needs the input of other enablers to be fully effective, e.g., processes need information, organisational structures need skills and behaviour • Delivers output to the benefit of other enablers, e.g., processes deliver information, skills and behaviour make processes efficient • This is a KEY principle emerging from the ISACA development work around the Business Model for Information Security (BMIS).
  • 105. @CarlosChalicoT #ISACA_ITG 105 Enabling a holistic approach COBIT 5 Enabler Dimensions: • All enablers have a set of common dimensions.This set of common dimensions: • Provides a common, simple and structured way to deal with enablers • Allows an entity to manage its complex interactions • Facilitates successful outcomes of the enablers Source: COBIT® 5, figure 13. © 2012 ISACA® All rights reserved.
  • 106. @CarlosChalicoT #ISACA_ITG Separating Government from Management 106 • The COBIT 5 framework makes a clear distinction between governance and management. • These two disciplines: • Encompass different types of activities • Require different organisational structures • Serve different purposes • Governance—In most enterprises, governance is the responsibility of the board of directors under the leadership of the chairperson. • Management—In most enterprises, management is the responsibility of the executive management under the leadership of the CEO.
  • 107. @CarlosChalicoT #ISACA_ITG Separating Government from Management 107 • Governance ensures that stakeholders needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed-on direction and objectives (EDM). • Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).
  • 108. @CarlosChalicoT #ISACA_ITG Separating Government from Management 108 COBIT 5 is not prescriptive, but it advocates that organisations implement governance and management processes such that the key areas are covered, as shown. Source: COBIT® 5, figure 15. © 2012 ISACA® All rights reserved.
  • 109. @CarlosChalicoT #ISACA_ITG Separating Government from Management 109 • The COBIT 5 framework describes seven categories of enablers (Principle 4). Processes are one category. • An enterprise can organise its processes as it sees fit, as long as all necessary governance and management objectives are covered. Smaller enterprises may have fewer processes; larger and more complex enterprises may have many processes, all to cover the same objectives. • COBIT 5 includes a process reference model (PRM), which defines and describes in detail a number of governance and management processes.The details of this specific enabler model can be found in the COBIT 5: Enabling Processes volume.
  • 110. @CarlosChalicoT #ISACA_ITG 110 Quote “It’s a trap!” Admiral Ackbar
  • 111. @CarlosChalicoT #ISACA_ITG Implementing GEIT with COBIT 111
  • 112. @CarlosChalicoT #ISACA_ITG 112 Implementing GEIT with COBIT Source: COBIT® 5, © 2012 ISACA® All rights reserved.
  • 113. @CarlosChalicoT #ISACA_ITG 113 Implementing GEIT with COBIT
  • 114. @CarlosChalicoT #ISACA_ITG 114 • The improvement of the governance of enterprise IT (GEIT) is widely recognized by top management as an essential part of enterprise governance • Information and the pervasiveness of IT are increasingly part of every aspect of business and public life • The need to drive more value from IT investments and manage an increasing array of IT-related risk has never been greater • Increasing regulation and legislation over business use of information is also driving heightened awareness of the importance of a well-governed and managed IT environment Implementing GEIT with COBIT
  • 115. @CarlosChalicoT #ISACA_ITG 115 Implementing GEIT with COBIT • ISACA has developed the COBIT 5 framework to help enterprises implement sound governance enablers. Indeed, implementing good GEIT is almost impossible without engaging an effective governance framework. Best practices and standards are also available to underpin COBIT 5 • Frameworks, best practices and standards are useful only if they are adopted and adapted effectively.There are challenges that need to be overcome and issues that need to be addressed if GEIT is to be implemented successfully. • COBIT 5: Implementation provides guidance on how to do this
  • 116. @CarlosChalicoT #ISACA_ITG 116 Implementing GEIT with COBIT • COBIT 5: Implementation covers the following subjects: • Positioning GEIT within an enterprise • Taking the first steps towards improving GEIT • Implementation challenges and success factors • Enabling GEIT-related organisational and behavioural change • Implementing continual improvement that includes change enablement and programme management • Using COBIT 5 and its components
  • 117. @CarlosChalicoT #ISACA_ITG 117 Value of GEIT
  • 118. @CarlosChalicoT #ISACA_ITG TheValue of CGEIT 118 CGEIT recognizes a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices.As a CGEIT certified professional, you demonstrate that you are capable of bringing IT governance into an organization—that you grasp the complex subject holistically, and therefore, enhance value to the enterprise.  http://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-enterprise-it/Pages/default.aspx
  • 119. @CarlosChalicoT #ISACA_ITG TheValue of CGEIT 119
  • 120. @CarlosChalicoT #ISACA_ITG GRC 120
  • 121. @CarlosChalicoT #ISACA_ITG GRC Magic Quadrant 121
  • 122. @CarlosChalicoT #ISACA_ITG Top 10 GRC challenges 122 1. Management complexity of risk and compliance programs 2. Organisational alignment of risk and compliance metrics and control across functional domains 3. Managing regulatory complexity to reduce the cost of compliance 4. Privacy and intelectual property protection 5. Cybersecurity risks 6. BYOD and mobile strategy 7. Supplyvalue chain risk 8. Building out infrastructure to enable situational awareness and predictive analytics 9. Aligning operational security with risk and compliance programs 10. Aligning business continuity and availability with risk management
  • 123. @CarlosChalicoT #ISACA_ITG 123 Quote “The only place success comes before work is in the dictionary” Vince Lombardi
  • 124. @CarlosChalicoT #ISACA_ITG 124 Case Study Please follow instructions to review the Case Study.
  • 125. @CarlosChalicoT #ISACA_ITG Conclusions 125 • The world is changing and the IT departments need to get adapted to that • Governance of Enterprise IT is mandatory, complexity in compliance, value requirements, innovation and transformation needs, support its implementation • Effective governance requires a committed organisation • ISO 38500 and COBIT 5 can be the frameworks for implementing this
  • 126. @CarlosChalicoT #ISACA_ITG FinalThoughts 126 http://www.slideshare.net/sap/99-facts-on-the-future-of-business
  • 127. @CarlosChalicoT #ISACA_ITG FinalThoughts 127
  • 128. @CarlosChalicoT #ISACA_ITG FinalThoughts 128
  • 129. @CarlosChalicoT #ISACA_ITG FinalThoughts 129
  • 130. @CarlosChalicoT #ISACA_ITG FinalThoughts 130
  • 131. @CarlosChalicoT #ISACA_ITG FinalThoughts 131 SAP & Vuzix Augmented Reality
  • 132. @CarlosChalicoT #ISACA_ITG FinalThoughts 132
  • 133. @CarlosChalicoT #ISACA_ITG FinalThoughts 133
  • 134. @CarlosChalicoT #ISACA_ITG FinalThoughts 134
  • 135. @CarlosChalicoT #ISACA_ITG Questions and Answers 135 Carlos Chalico CISA, CISSP, CISM, CGEIT, CRISC, ISO27000 LA, PbD Ambassador Ouest Business Solutions Inc. carlos.chalico@ouestsolutions.com (647)6388062 twitter: @CarlosChalicoT LinkedIn: ca.linkedin.com/in/carloschalico/
  • 136. IT Governance November, 2013 Thank You!