1.
USAID Finance for Economic Development
(FED) Program
Workshop: “IT Governance in Banks”
May 27, 2014

2.
IT Governance:
Why, How, When…
Komitas Stepanyan, PhD, CRISC, CMRM
CobIT Foundation Certificate
YEREVAN - 2014

3.
Agenda
Introduction
 The problem
 Management Expectations of IT
 IT management challenges
 Key risk
Framework
Implementation Guidance

4.
Is IT Works as needed??? Statistics…
Over 80% of IT project are delivered late and over budget. (Standish
Group – Oct 2006)
Nearly 60% of all IT projects are delivered with less functionality that
originally promised. (Standish Group – Mar 2007)
More than 25% of the IT projects usually fail (Gartner Group – May 2006)
Less than 5% of project fail due to technical reasons – Nearly all
obstacles are related to poorly defined requirements, poor
sponsorship, weak management controls or all of the above. (Gartner
Group – May 2006)
The IT aspects of CG are one of things that CEO’s think they don’t have to
understand-until it bites them! (Piter Morriss - KPMG)

5.
Facts…
“ IT Governance is the responsibility of the Board of
Directors and executive management.
It is an integral part of enterprise governance and consists of the leadership and
organizational structures and processes that ensure that the organization’s IT
sustains and extends the organizations strategies and objectives.”
IT Governance Institute Board Briefing, Second Edition, 2003

6.
Strategic
Alignment
Value
Creation
Risk
Management
Resource
Management
Performance
Measurement
Plan
&
Organize
Acquire
& Implement
Deliver
&
Support
Monitor

7.
Management/Business Expectations of IT
- What does management expect from IT?
?
Information
Technologies
- What is an IT at all?
- How to use it?
- How to manage it?
- How to be sure everything works as needed?
- How to measure results?
It’s the time to recognize and manage complexity
It’s the time to open “Black Box” …

8.
Information management challenges
How the organization will operate
How the information systems themselves will work.
Information systems are only successful if they are used.

9.
Key risk
Misalignment between IT and Business
 Time and budget overruns
 Ineffective IT Investments
 Useless IT systems
 Anachronism IT systems
Apply good IT(and not only) risk management to ensure success

10.
Agenda
Introduction
 The problem
 Management Expectations of IT
 Information management challenges
 Key risk
Framework
Implementation Guidance

11.
The psychology/ sociology of Failed Systems
Inconsistent
materials
Work
overloads
Lack of
measures
& defined
processes
Cascading
rework
Soloed
functional
processes
Inconsistent
procedures for
identical tasks
Unintegrated
best practices

12.
CobIT Framework
Management’s IT
Expectations
Management’s IT
Responsibilities

13.
Management Needs COBIT
To Evaluate IT Investment Decisions
To Balance Risk and Control of Investment
To Benchmark Existing and Future IT Environment
76% of various CEOs and CIOs are aware of the
benefits offered by IT governance frameworks, yet
only 42% of them had any intention of implementing
such a framework” (Loggerenberg 2006)

14.
Business Requirements
CobIT Cube
IT Processes
DS M PO AI Domains
Processes
Activities
People
Application
Information
Infrastructure

15.
Who Benefits from More Effective and Sustainable IT Governance?
 What Executives Get
 – Business improvements that result from knowledgeable participation in IT decision-making from an enterprise
perspective
 – Ensures that key IT investments support the business and provide optimum returns to the business
 – Ensures compliance with laws regulations
 What Mid-Level Business Managers Get
 – Convinces senior business managers that their combined business -IT resources are being managed effectively
 – Helps to ensure that business services for which they are responsible will meet commitments
 What Senior IT Managers Get
 – Obtains sponsorship and support and a clear focus on important strategic and operational initiatives
 – Improves customer relationships by delivering results in a more predictable and consistent manner, with the
involvement of the customer
 What Program/Project and Operations Managers Get
 Helps in resolving issues, review progress and, enable faster decisions
 What Everyone Gets
 – Facilitates communications about how IT contributes to the business
 – Improves coordination, cooperation, communications and synergy across the organization
 – Less stress

16.
Agenda
Introduction
 The problem
 Management Expectations of IT
 Information management challenges
 Key risk
Framework
Implementation Guidance

17.
How To Implement CobIT in an Organization
Top Down Approach
Audit Committee Approach
Audit and IT Management Consensus Approach
Regulation/Legislation

18.
Getting Started – Board and Executive Questions for IT
Does the IT strategy align with the business strategy?
Is the IT investment justified based on its contributions to the business?
How likely will IT meet or exceed its plans, objectives and initiatives?
Is IT being managed prudent, effectively? How is that measured?
How is IT delivering value?
Is IT developing and maintaining constructive relationships with customers, vendors and
others?
Is IT delivering projects and services on time, within scope, within budget and with high
quality?
Is IT staffed adequately, wit the right skills and competencies?
How does IT management and operations compare to other best practice organizations
How is IT managing and planning for contingencies, disasters, security, and back- up?
How is IT measuring its performance? What key performance measures?
Does the Board review and possibly approve the IT strategy?
Is a risk management policy, assessment and mitigation practice followed for IT?

19.
To Adopt CobIT, Who Needs To Be Influenced?
 Chief Executive (e.g., CEO)
 Senior IT Executive (CIO or VP of IT)
 IT Steering Committee
 IT Management
 Business managers

20.
CobIT Maturity Model
How do you know where you are?
Nonexistent Initial Repeatable Defined Managed Optimised
0 1 2 3 4 5

21.
CB RA Case
Before CobIT Implementation

22.
CB RA Case
After CobIT Implementation

23.
CB RA Case
After CobIT Implementation - 2011
Process Maturity By CobIT
IT Processes
Maturity level
AVRG IT
AVRG IT &
IT Audit
IT Audit
Benchmark

24.
Summary
• IT governance is a broad and complex topic with many parts
• Clearly defined roles, ownership and accountability
• IT governance is integral part of corporate governance
• IT governance is a journey and not only destination

25.
To be or NOT to be?
D I s c u s s I o n
IT Governance or NOT IT Governance?

26.
Business and IT’s Perpetual Disconnect
AT Kearney, from a survey conducted in December 2001, report
that only 17% of businesses had IT strategies that were "fully
aligned and developed simultaneously" with corporate strategy.
Furthermore, 45% of participants did not feel that their IT
strategies were developed to support or align with their
corporate strategy.
Fact: The Corporate Alignment Profile most often shows IT as the most unaligned group.

27.
CEOs Seeking a Solution
The IT Governance Global Status Report (2004) found that 80%+
of CEOs recognised that “IT Governance or some form thereof is
required” to resolve “IT issues”.
The Report also found that 57% of CEOs looked to IT Governance
to align IT strategy (and 53% to manage IT risks).
However the Report concluded that “solutions in this domain are
not yet available”.

28.
What CIOs Want ?
The top benefits CIOs were hoping to achieve:
Increased IT credibility with the business (81%);
Closer alignment between IT and business objectives (69%);
Improved teamwork between IT and internal business partners (68%);
Improved ability for CIO to influence the business (46%).
#CIO Research Reports. June 1, 2005. Turning IT Doubters into True Believers
http://www2.cio.com/research/index.cfm

29.
The Pieces of CobIT
Executive Summary - Senior Executives (CEO, CIO)
Framework - Senior Operational Management (Directors of IT)
Control Objectives - Middle Management (Mid-Level IT Management)
Audit Guidelines - Line Management (Applications or Operations
Management)
Management Guidelines - Operational Management, Director of IS, Mid-
Level IT Management
Implementation Tool Set - Director of IS, Mid-Level IS Management
For additional information:
www.isaca.org; www.itgi.org
komitas.stepanyan@cba.am