Your SlideShare is downloading. ×
IT_Governance iia uganda_presentation_ruyooka_2011
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.


Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

IT_Governance iia uganda_presentation_ruyooka_2011


Published on

Issues in Information Technology (IT) Governance for Internal Auditors. …

Issues in Information Technology (IT) Governance for Internal Auditors.
Presented at the IIA Uganda National Conference, 2011

  • Be the first to comment

  • Be the first to like this

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide
  • COBIT also provides information on what processes should be delegated and to whom they should be delegated. This helps to ensure that IT processes are being managed at the appropriate level within an enterprise. The ‘RACI’ Chart is defined for each process and indicates who is responsible, accountable, consulted or should be informed about specific tasks within a given process. The roles in the RACI chart are categorised for all processes as: • Chief executive officer (CEO) • Chief financial officer (CFO) • Business executives • Chief information officer (CIO) • Business process owner • Head operations • Chief architect • Head development • Head IT administration (for large enterprises, the head of functions such as human resources, budgeting and internal control) • The project management officer (PMO) or function • Compliance, audit, risk and security (groups with control responsibilities but not operational IT responsibilities)
  • Transcript

    • 1. “Issues in IT Governance for Internal Auditors”By:Ambrose Ruyooka, PMP®Ag. Commissioner for Information Technology,Ministry of Information and Communications Technology (ICT),Uganda.14thApril 2011, Kampalaambrose.ruyooka@gmail.com11IIA Uganda National Conference 2011
    • 2. IntroductionIntroduction [Governance]The combination of processes andstructures implemented by the board toinform, direct, manage, and monitor theactivities of the organization toward theachievement of its objectives.22
    • 3. IntroductionIntroduction Corporate Governance“Corporate Governance is the system by whichbusiness corporations are directed andcontrolled. Specifies the distribution of rightsand responsibilities among differentparticipants (e.g. Board, management,shareholders, stakeholders) and spells out therules and procedures for making decisions oncorporate affairs.” (OCED)33
    • 4. IT Governance introductionIT Governance introduction IT GovernanceIT GovernanceDiscipline of corporate GovernanceFocus is on IT systems performance and riskmanagement IT GovernanceIT Governance“System by which IT within enterprises is directed andcontrolled. IT governance structure specifies the distribution ofrights and responsibilities among participants (e.g. Board,business, IT managers) and spells out the rules andprocedures for making decisions on IT” (ITSMF)44
    • 5. IT Governance DefinedIT Governance Defined IIA International Professional PracticesFramework:[IT Governance] Consists of the leadership,organizational structures and processes thatensure that the enterprise’s informationtechnology sustains and extends theorganization’s strategies and objectives.55
    • 6. IT Governance Defined…IT Governance Defined… IT Governance Institute (ITGI): [IT Governance] is the responsibility of theboard of directors and executive management.It is an integral part of enterprise governanceand consists of the leadership andorganisational structures and processes thatensure that the organisation’s IT sustains andextends the organisation’s strategies andobjectives.66
    • 7. Definitions ctd..Definitions ctd.. According to CobiT. 4.1 framework: IT Governance is the responsibility of executivesand the board of directors, and consists of theleadership, organizational structures andprocesses that ensure that the enterprise’s ITsustains and extends the organization’sstrategies and objectives.77
    • 8. More concepts…More concepts… [IT Controls] Controls that supportbusiness management and governanceas well as provide general and technicalcontrols over information technologyinfrastructures such as applications,information, infrastructure, and people.88
    • 9. Motivation for IT GovernanceMotivation for IT Governance The rising global interest in IT governance islargely due to compliance initiatives. The recent Legal, Regulatory advancementsby Government of Uganda: Enactment of “Cyber Laws”(The ElectronicTransactions law, The Electronic Signatures lawand Computer Misuse law ) Enactment of the National Information TechnologyAuthority Act E-Government Policy Framework99
    • 10. Motivation for IT GovernanceMotivation for IT GovernanceAcknowledging :Acknowledging : Coupling of IT to business performanceCoupling of IT to business performance Complexity presented by IT investmentsComplexity presented by IT investments Need for mitigation of IT-related risksNeed for mitigation of IT-related risks That IT projects can easily get out ofThat IT projects can easily get out ofcontrol and profoundly affect thecontrol and profoundly affect theperformance of an organization.performance of an organization.1010
    • 11. Development of IT GovernanceDevelopment of IT GovernanceContribution of IT toDelivery of BusinessStrategyIT Informs theBusiness onNewTechnologiesSource – ITGI SurveyIT Governance 2009
    • 12. IT Governance Development ctd…IT Governance Development ctd…1212Accountablefor ITGovernanceSource – ITGI SurveyIT Governance 2009
    • 13. IT Governance DimensionsIT Governance Dimensions1313IT GovernanceResourceManagementStrategicAlignment ValueDeliveryPerformanceMeasurementRiskManagement
    • 14. IT Governance Dimensions What we do?=> Strategic Alignment Aligning with Business Goals Providing collaborative solutions Why do It?=> Value Delivery Optimising IT costs Proof of value delivered What could go wrong=> Risk Management Safeguarding assests Continuity and compliance Who, What , How? => Resource Management Assets, infrastructure, knowledge and partners Was it Done? => Perfomance Measuremet Metrics, Scorecards and dash boards1414
    • 15. IT Governance - ISO38500IT Governance - ISO38500DIRECTEVALUATEMONITORCorporateGovernanceof ICTBusinessStrategyRiskenvironmentICT Projects ICT OperationsPlansPoliciesProposalsPerformanceOriginal image copyright ISO/IEC 20086 principles of good IT governance• Conformance• Human behaviour• Acquisition• Performance• Responsibility• StrategyDirectors’activitiesBusinessprocess
    • 16. Uncovering IT IssuesUncovering IT Issues Failure of IT projects to deliver what they promised Satisfaction of end users with the quality of the IT service Availability of sufficient IT resources, infrastructure andcompetencies to meet strategic objectives Overrun of IT operational budgets The number and frequency of IT projects going overbudget The amount of IT effort going to firefighting rather thanenabling business improvements1616
    • 17. Finding Out How Management Addresses theIT Issues The alignment of enterprise and IT objectives Measurement of the value delivered by IT Appropriateness of strategic initiatives taken by executivemanagement to manage IT and the critical relationship tomaintenance and growth of the enterprise Clarity of enterprise positioning relative to technology: pioneer,early adopter, follower or laggard. Clarity on risk: risk-avoidance or risk-taking up-to-date inventory of IT risks relevant to the enterprise Actions taken to address these risks1717
    • 18. To Self-assess IT Governance Practices Regular briefing of the board on IT risks to which the enterprise isexposed Regular appearance of IT as an item on the agenda of the boardaddressed in a structured manner Ability of the board to articulate and communicate the businessobjectives for IT alignment Clear view of the board on the major IT investments from a riskand return perspective The board obtaining regular progress reports on major IT projectsby The board getting independent assurance on the achievement ofIT objectives and the containment of IT risks1818
    • 19. 1919Key IT Governance StakeholdersExecutive ManagementSet direction for IT, monitor results andinsist on corrective measuresDefines business requirements for IT andensures that value is delivered and risks aremanagedDelivers and improves IT services asrequired by the businessProvides independent assurance todemonstrate that IT delivers what isneededMeasures compliance with policies andfocuses on alerts to new risksRisk andcomplianceIT auditIT managementBoards
    • 20. Original slide copyright ISACAOriginal slide copyright ISACADefined Responsibilities for EachDefined Responsibilities for EachProcessProcessLink business goals to IT goals. C IA/RI CIdentify critical dependencies and currentperformance.C C RA/RC C C C C CBuild an IT strategic plan. A C C R I C C C C I CBuild IT tactical plans. C I A C C C C C R IAnalyse programme portfolios and manageproject and service portfolios.C I I A R R C R C C IRACI ChartActivitiesFunctionsA RACI chart identifies who is Responsible,Accountable, Consulted and/or Informed.
    • 21. ConclusionConclusion IT is an integral part of the business. ITgovernance is an integral part of enterprisegovernance. Need clearly define IT Governance Roles andResponsibilities Development of an IT GovernanceImplementation Plan is significant The Government of Uganda has over the lastdecade steadily developed a Policy, Legal andRegulatory environment to facilitate uptake ofInformation Technology Governance.2121
    • 22. ReferencesReferences www.oecd.orgwww.oecd.org2222
    • 23. 2323Thank you!