19-21 September Ghent Belgium                IT Governance         “How to deal with IT Value and IT Risk”                ...
Enterprise Governance of IT                                      Strategic alignment                                      ...
ErikGuldentops   IT Governance Briefing   eg_19092012 page 3 of 27
IT Governance vs. IT Management                                IT GOVERNANCE                    Set Objectives            ...
Enterprise Governance of IT        Board   Executive       LineManagement    Erik Guldentops   IT Governance Briefing   eg...
Implementing Enterprise                Governance of IT                          How do we know     Where do we           ...
Implementing Enterprise                                                Governance of IT             Metrics               ...
Implementing Enterprise Governance of IT                                                       BUSINESS OBJECTIVES AND    ...
Implementing Enterprise                                     Governance of IT                                        www.is...
CobiT can be               overwhelming   ErikGuldentops   IT Governance Briefing   eg_19092012 page 10 of 27
CobiT can be               overwhelming   ErikGuldentops   IT Governance Briefing   eg_19092012 page 11 of 27
CobiT QuickStart             for Small and Medium Sized Enterprised                                      One objective    ...
SuitabilityCobiT QuickStart                                 Assessment                       Span of control              ...
What did 70                                                        CISOCIO’s say about                                    ...
Why implementan ITGovernanceFramework?                                      CIONet Survey, Sep 2011   ErikGuldentops   IT ...
What were the expected and actual benefits?                                     Improved                     EFFICIENCY   ...
How did theymeasurebenefits?   CIONet Survey, Sep 2011   ErikGuldentops      IT Governance Briefing   eg_&9092012 pg 17 of...
Relationship IT Governance Practices and Benefits                                     Clustered Correlations        PROCES...
IT Governance Implementation: Lessons Learned             •   Common language and common framework             •   Higher ...
IT Governance Implementation: Lessons Learned          Adoption of frameworks is not a          simple nor self-contained ...
Some notes on Risk and Value                                      CIONet Survey, Sep 2012   ErikGuldentops   IT Governance...
Some notes on Risk and Value       For both riskand value, accept uncertainty and deal with it!   ErikGuldentops   IT Gove...
IT Value                                      Research   ErikGuldentops   IT Governance Briefing       eg_&9092012 pg 23 o...
IT Value               Research   ErikGuldentops   IT Governance Briefing   eg_&9092012 pg 24 of 27
www.isaca.org   ErikGuldentops   IT Governance Briefing   eg_&9092012 pg 25 of 27
So what is the ROI on IT Governance Practices?  In October 2006 Mc Kinsey and the London School of Economics   measured th...
19-21 September Ghent Belgium                IT Governance         “How to deal with IT Value and IT Risk”                ...
Upcoming SlideShare
Loading in …5
×

IT governance by Erik Guldentops

2,723 views

Published on

Erik Guldentops - management consultant en gastdocent Antwerp Management School
IT governance

Published in: Business, Economy & Finance

IT governance by Erik Guldentops

  1. 1. 19-21 September Ghent Belgium IT Governance “How to deal with IT Value and IT Risk” Erik Guldentops Lecturer Antwerp Management School ErikGuldentops IT Governance Briefing eg_19092012 page 1 of 27
  2. 2. Enterprise Governance of IT Strategic alignment Defining with the businsess how to achieve value whileFive mitigating riskdomains but Performance Mngnt Measuring how desiredreally only value is achieved and risk containedtwo subjects Resource Mngnt Acquiring and maintaining all that is necessary to achieve value and contain risk Erik Risk and ValueGuldentops IT Governance Briefing eg_19092012 page 2 of 27
  3. 3. ErikGuldentops IT Governance Briefing eg_19092012 page 3 of 27
  4. 4. IT Governance vs. IT Management IT GOVERNANCE Set Objectives • IT is aligned with the business • IT enables the business and maximises benefits • IT resources are used responsibly Evaluate • IT-related risks are managed appropriately Provide performance direction Measure and Translate report direction into performance Translate strategy into action strategy • Increase automation (make the business effective) • Decrease cost (make the enterprise efficient) • Manage risks (security, reliability & compliance) IT MANAGEMENT ErikGuldentops IT Governance Briefing eg_&9092012 pg 4 of 27
  5. 5. Enterprise Governance of IT Board Executive LineManagement Erik Guldentops IT Governance Briefing eg_&9092012 pg 5 of 27
  6. 6. Implementing Enterprise Governance of IT How do we know Where do we we are What are we want to be? progressing? doing about it? •Delivery Performance Portfolio •Service Quality • Programmes Objectives •Resource Utilisation •Benefits Realisation • Services •Risk Reduction • Resources Strategy Scorecards Business Cases Are the engines of IT Governance ErikGuldentops IT Governance Briefing eg_&9092012 pg 6 of 27
  7. 7. Implementing Enterprise Governance of IT Metrics Inputs WHAT ? Outputs Responsibility & Goals Activities Accountability ? Performance HOW Metrics needs a process structure ErikGuldentops IT Governance Briefing eg_&9092012 pg 7 of 27
  8. 8. Implementing Enterprise Governance of IT BUSINESS OBJECTIVES AND GOVERNANCE OBJECTIVES COBITME1 Monitor and evaluate IT PO1 Define a strategic IT plan. performance. PO2 Define the informationME2 Monitor and evaluate internal INFORMATION architecture. control. PO3 Determine technological direction.ME3 Ensure compliance with external requirements. Efficiency Integrity PO4 Define the IT processes, organization, and relationships.ME4 Provide IT governance. Effectiveness Availability PO5 Manage the IT investment. Compliance Confidentiality PO6 Communicate management aims Reliability and direction. MONITOR PLAN PO7 Manage IT human resources. AND AND PO8 Manage quality. EVALUATE ORGANIZE PO9 Assess and manage IT risks.DS1 Define and manage service levels. IT PO10 Manage projects.DS2 Manage third-party services. RESOURCESDS3 Manage performance and capacity.DS4 Ensure continuous service.DS5 Ensure systems security. ApplicationsDS6 Identify and allocate costs. AI1 Identify automated solutions. InformationDS7 Educate and train users. Infrastructure AI2 Acquire and maintain applicationDS8 Manage the service desk and People software. incidents. DELIVER AI3 Acquire and maintain technology ACQUIREDS9 Manage the configuration. AND infrastructure. ANDDS10 Manage problems. SUPPORT IMPLEMENT AI4 Enable operation and use.DS11 Manage data. AI5 Procure IT resources.DS12 Manage the physical environment. AI6 Manage changes.DS13 Manage operations. AI7 Install and accredit solutions and change. Erik Guldentops IT Governance Briefing eg_&9092012 pg 8 of 27
  9. 9. Implementing Enterprise Governance of IT www.isaca.org ErikGuldentops IT Governance Briefing eg_&9092012 pg 9 of 27
  10. 10. CobiT can be overwhelming ErikGuldentops IT Governance Briefing eg_19092012 page 10 of 27
  11. 11. CobiT can be overwhelming ErikGuldentops IT Governance Briefing eg_19092012 page 11 of 27
  12. 12. CobiT QuickStart for Small and Medium Sized Enterprised One objective Four practices Three critical success factors Two metrics ErikGuldentops IT Governance Briefing A simple progress measure eg_&9092012 pg 12 of 27
  13. 13. SuitabilityCobiT QuickStart Assessment Span of control Communications pathApplicable to IT Sophistication IT Strategic Importance whom? IT Expenditure Segregation Sanity Check Risk Liabilities Compliance Past Problems Future Needs Required Expertise Erik Guldentops IT Governance Briefing eg_&9092012 pg 13 of 27
  14. 14. What did 70 CISOCIO’s say about CIOIT Frameworks ? IT Governance Service Delivery Information Security CIONet Survey, Sep 2011 CobiT ITIL ISO27001 ErikGuldentops IT Governance Briefing eg_&9092012 pg 14 of 27
  15. 15. Why implementan ITGovernanceFramework? CIONet Survey, Sep 2011 ErikGuldentops IT Governance Briefing eg_&9092012 pg 15 of 27
  16. 16. What were the expected and actual benefits? Improved EFFICIENCY enterprise processes Extended staff capabilities Better service delivery EFFECTIVENESS Faster solution delivery Increased innovation expected RISK Reduced risk actual CIONet Survey, Sep 2011 ErikGuldentops IT Governance Briefing eg_&9092012 pg 16 of 27
  17. 17. How did theymeasurebenefits? CIONet Survey, Sep 2011 ErikGuldentops IT Governance Briefing eg_&9092012 pg 17 of 27
  18. 18. Relationship IT Governance Practices and Benefits Clustered Correlations PROCESS • Define a strategic IT plan • Manage the IT investment • Communicate management aims and direction IT • Assess and manage IT risks • Identify automated solutions • Acquire & maintain applications and infrastructure • Portfolio and investment management • Align the IT strategy to the business strategy GOAL • Provide service offerings and service levels in line with business IT reqrmnts • Acquire, develop and maintain IT skills that respond to the IT strategy • Ensure that IT demonstrates continuous improvement and readiness for future change • Cost optimisation of service delivery and business processes BUSINESS • Obtain reliable and useful information for strategic decision-making GOAL • Improve and maintain business process functionality and operational productivity • Enable and manage business change IT Governance Institue, Sep 2008 ErikGuldentops IT Governance Briefing eg_&9092012 pg 18 of 27
  19. 19. IT Governance Implementation: Lessons Learned • Common language and common framework • Higher maturity • Better organisation • More useful management information • “IT really works” • Complexity • Less results than expected • High learning curve managers • Bogged down in details/paperwork • High level of senior management support required CIONet Survey, Sep 2011 ErikGuldentops IT Governance Briefing eg_&9092012 pg 19 of 27
  20. 20. IT Governance Implementation: Lessons Learned Adoption of frameworks is not a simple nor self-contained project with measured costs. It is a gradual shift and inter-relates with many other initiatives. ErikGuldentops IT Governance Briefing eg_&9092012 pg 20 of 27
  21. 21. Some notes on Risk and Value CIONet Survey, Sep 2012 ErikGuldentops IT Governance Briefing eg_&9092012 pg 21 of 27
  22. 22. Some notes on Risk and Value For both riskand value, accept uncertainty and deal with it! ErikGuldentops IT Governance Briefing eg_&9092012 pg 22 of 27
  23. 23. IT Value Research ErikGuldentops IT Governance Briefing eg_&9092012 pg 23 of 27
  24. 24. IT Value Research ErikGuldentops IT Governance Briefing eg_&9092012 pg 24 of 27
  25. 25. www.isaca.org ErikGuldentops IT Governance Briefing eg_&9092012 pg 25 of 27
  26. 26. So what is the ROI on IT Governance Practices? In October 2006 Mc Kinsey and the London School of Economics measured the increase in productivity from investments in IT versus investments in management practices in 100 enterprises. + Management Practices Score 75th percentile +8% +20%1 and above 25th percentile 0 +2% and above - Intensity of IT deployment + 25th percentile 75th percentile and above and above ErikGuldentops IT Governance Briefing eg_&9092012 pg 26 of 27
  27. 27. 19-21 September Ghent Belgium IT Governance “How to deal with IT Value and IT Risk” Erik Guldentops Lecturer Antwerp Management School ErikGuldentops IT Governance Briefing eg_19092012 page 27 of 27

×