Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Information System Management Coursework by May Hnit Oo Khin


Published on

Information System Management Coursework by May Hnit Oo Khin

Published in: Education
  • Be the first to comment

  • Be the first to like this

Information System Management Coursework by May Hnit Oo Khin

  1. 1. Information Systems Management COMP 1486 Word Count - 1500 1
  2. 2. Information Systems Management COMP 1486 Acknowledgement Firstly, we would like to express the special words of gratitude to IT Governance Institute forpublishing the case studies concerned with IT Governance and allowing everyone to reuse or to apply inmaking his/her own research. We could reference and use IT governance case study of Sun Microsystemsfor our ISM coursework because of their allowance. Moreover, we would like to present our genuineappreciation to our supervisor, Daw Moe Pale, for her priceless and expert guidelines and we also thankall people who helped us to accomplish this coursework but left to mention here. 2
  3. 3. Information Systems Management COMP 1486 Executive Summary Recently, the concept of IT governance has gradually grasped the attention of both privateorganizations and public organizations because it can control organization’s IT activities to reduce ITrelated risks and costs. So, we will justify with Sun Microsystems to prove how IT governance can bringmany values to organizations. Sun Microsystems is a leading provider of computer hardware, software and IT related serviceswith 30,000-plus staff. In 2000, Sun reduced its IT budget by 30 %. At the same time, Sun tried to complywith SOX 404 regulations. Consequently, Sun implemented high level control framework COBITintegrating with other IT governance frameworks such as ITIL, SOX compliance framework, etc tomanage its IT resources effectively. IT governance is used for organization’s seven categories of controls: granting system access,classifying data security, role-based duties segregation, data validation, event-driven authorizations, batchprocessing and interfaces. To establish IT governance, Sun mapped its IT activities to COBIT’s 34 high-level control activities. To conclude, IT governance facilitated Sun to significantly define the accountability ofstakeholders to handle IT activities with its IT governance structure and Sun could comply with SOXregulations due to IT governance processes. Moreover, overhead costs can be controlled because of KPIs,KGIs and being able to reduce key risks more. According to the results of process assessment workshops,Sun reached maturity level 2.5 in measuring its implemented IT governance. Thus, Sun is now planningfuture-thinking activities to reach the maturity level higher than the current position so that Sun can livein harmony with ever changing business world. 3
  4. 4. Information Systems Management COMP 1486 4
  5. 5. Information Systems Management COMP 1486 The Description of the Organization and the Market in which it Operates (Word Count - 151) Nowadays, many organizations appreciate the essence of IT governance and start applying thisconcept to fulfil their business objectives in the competitive world. Among them, we want to demonstrateSun Microsystems as a model. It was established in 1982 by embracing a remarkable vision, “The Network is the Computer” andthis boosts its market position as a foremost provider of Internet services, industrial-strength hardwareand software. So, products such as workstations, servers and IT services are available under this Inc.According to employment statistics, 30,000-plus employees are working for branches of Sun sited in 100countries. Being an international company, Sun’s IT department must support its wide community with 6data centers with 1,700 servers, 600 applications and 600 terabytes of data. Moreover, Sun must handle 5million e-mails and 4 million hits for internal web pages per day. Hence, Sun determined to apply IT governance for controlling its IT resources. 5
  6. 6. Information Systems Management COMP 1486 A Description of the IT Governance Used (Word Count - 299) Recently, IT governance has been a dominant factor for attaining business success from investingin IT. Furthermore, Sarbanes-Oxley (SOX) Act makes arising IT governance issues for enhancing internalcontrols on financial reporting. Consequently, IT governance frameworks were introduced to Sun. Sun applied ITIL for managing IT services and Sigma for assuring quality. However, ITIL cannotfully support IT governance. So, CIO realized that a common framework is needed to scrutiny Sun IT’salignment with company’s overall business strategy. Then, COBIT is selected for IT governance inorganization’s seven categories of controls: granting system access, classifying data security, role-basedduties segregation, data validation, event-driven authorizations, batch processing and interfaces. To establish IT governance more effective, ITIL, Prince 2, SOX compliance framework, etc wereintegrated with COBIT which embraces 34 high-level control objectives under four domains. As theexamples of IT governance used, we will explain how Sun mapped its IT processes to COBIT with thelast domain and who are liable for the processes with the first domain. Monitor and Evaluate domain has 4 processes. Firstly, overall processes were monitored inaccordance with operational dashboard, customer metrics/survey. Next, Sun ensured that business needsare satisfied by internal controls. Then, assurance of compliance with laws is obtained. Finally, Sun’s ITfunctions were controlled by independent audit. Besides, individual responsibilities must be assigned to execute Sun IT processes becausesuccessful IT governance inevitably needs accountability for making decisions. For example, IT relatedmatters were processed by CTO and ITSTAR. ITGOV focused on budget, defining communication linesand monitoring activities. ITSM managed quality metrics. But, potential risks were addressed by allgroups. Finally, process assessment workshop was held to estimate maturity, key risks and costs to reducethem, business benefits, performance indicators, goal indicators, etc. By these ways, sun implemented ITgovernance successfully. 6
  7. 7. Information Systems Management COMP 1486 A Summary of the Case Study (Word Count - 300) Sun Microsystems established in 1982 is a leading provider of computer hardware, software andIT related services with 30,000-plus staff. In 2004, Sun tried to comply with Sarbanes-Oxley 404 forcorporate transparency. Moreover, enhancing business value by the use of IT led Sun to apply ITgovernance frameworks. Firstly, ITIL framework and other process improvement methods were used for governing Sun’sIT functions. Later, CIO recommended COBIT for more positive impacts on IT governance. Some ITstaff were against to implement COBIT because resources were stretched thin. But, they accepted COBITwhich embraces 34 high-level control objectives under four domains since it enables cross-processintegration with SOX, ITIL, PRINCE 2, etc. IT governance was applied for Sun’s seven categories of controls. Sun systematically framed itsIT governance with well-defined roles and responsibilities for their IT processes. To do this, processeswere mapped to COBIT framework prior mapping them with process owners (IT governance committee,other groups). Moreover, process assessment workshop was held for identifying gaps and assuring ITgovernance was well established. According to workshop, Sun only reached maturity level 2.5 for overall IT governanceprocesses. Since key risks of not closing with gap were only 1.28, cost for reducing them was low andease to implement them was easy. Likewise, highest business benefits can be gained because of havinglow risks and it was rated as 9. Performance and goal indicators were assessed based on overheadcosts. Besides, maturity level for each process was shown in a radar-style chart and costs vs. benefits onfour-quadrant chart to let the audience see clearly. To maintain momentum for IT governance, Sun will plan future-thinking activities such as givingmore COBIT presentations to staff, demonstrating links between COBIT and Sun’s already adoptedmethods and discussing with process owners to fit with COBIT. 7
  8. 8. Information Systems Management COMP 1486 A critical Analysis of the Impact of the IT Governance on the Organization (Word Count - 750) IT governance is essential for organizations because it can add value to business by addressingtactical alignment between business and IT, measuring IT performance and controlling IT risks. Since ITgovernance has a great impact on organizations, they need to evaluate whether implemented ITgovernance is effective. Generally, this evaluation is processed by considering IT governanceframework used, implemented IT governance structure, processes and its outcome metrics.Therefore, we will analyze the impact of IT governance on Sun Microsystems based on these facts. Nowadays, organizations with high awareness of IT governance issues enhance their ITgovernance by combining two or more frameworks. Likewise, Sun implemented COBIT as high levelcontrol framework and used ITIL, PRINCE 2, SOX framework, etc at COBIT’s appropriate stages tomeet business requirements more. Moreover, as COBIT can integrate with other frameworks, resourcesalready used for them will not be a waste in the resource-constrained environment. Therefore, we can say that Suns tailor-made IT governance framework have good impact on Sunbecause it provides guidelines to systematically manage Sun’s IT resources. Furthermore, Sun will beable to comply with Sarbanes-Oxley regulations more than ever because a high level framework cancreate strong relationships with external and internal auditors through clearly described Suns ITactivities. IT governance structure can be categorized as centralized, decentralized and federal based onorganizational structure. As Sun IT organization transformed into centralized approach from distributedone, we can infer that Sun applied centralized IT governance structure. 8
  9. 9. Information Systems Management COMP 1486 In analyzing its IT governance structure, we observed that Sun demonstrated the transparentaccountability of its major governing bodies. For example, Sun assigned ITGOV for monitoring activitiesand budget, ITSTAR for advising all IT related matters and ITSM for managing quality metrics. By considering these facts, it is obvious that Sun could standardize its IT functions and controlcosts because of centralized IT governance structure and advantages such as ability to make decisionsquickly and eliminating redundant functions were gained because of transparent accountability andmanaging by people in top management, i.e. CIO, ITGOV. In analyzing Sun’s IT governance processes, we observed that Sun implemented its ITgovernance processes by mapping its IT processes to 34 high-level control activities of COBIT concernedwith planning and organizing to achieve business and IT objectives, acquiring and implementing ITgovernance processes, delivering and supporting the required services, and monitoring IT performance.Furthermore, these governance processes were defined by the most senior Sun’s IT executives to assurecoverage of all processes. Thus, we can conclude that Sun could generically express what IT governanceprocesses were implemented and this will have great impact on showing organizational internal controlsfor IT activities. For IT governance to be successful, organizations must monitor their IT performance accordingto their defined metrics. Similarly, we noticed that metrics dealing with evaluating benefits vs. costs/riskswere used to criticize Sun’s IT governance. By analyzing the result of process assessment workshop inour case study, we can infer that Sun could reduce its IT risks. 9
  10. 10. Information Systems Management COMP 1486 Since Sun could address key risks more and put key controls in place after implementing ITgovernance, Sun gained high business benefits for its prioritized functions. Besides, Sun measuredwhether their business requirements were achieved by IT processes and how well these processes wereperforming based on its annual overhead costs. Therefore, we think that Sun could easily control itsoverhead costs because of these key goal indicators (KGIs) and key performance indicators (KPIs). To summarize, IT governance has a great impact on Sun to get business success. The mostobvious advantage is increasing possibility of complying with SOX regulations. Moreover, criticalsuccess factors: optimizing Sun’s IT operations, bridging gaps between business and IT, becomingaccountability of stakeholders prominent and eliminating redundant functions were achieved. Besides,overhead costs and IT risks were reduced because of defined KGIs and KPIs. According to the declaration of Sun, administration costs were reduced and it reached breakevenpoint within 4 months. Although Sun obtained many returns on investment, it was only at maturity stageof 2.5 because there was only awareness for IT governance in Sun and IT governance activities were onlyunder development at that time. Furthermore, Sun’s IT governance framework was developed while all ITstaff were not fully familiar with it. However, Sun is now training its staff to understand more about ITgovernance concepts and to reach higher maturity stage. If Sun can successfully perform these future-thinking activities, we strongly believe that many happy returns will be brought to Sun. Ideas for A critical Analysis of the Impact of the IT Governance on the Organization Sessionare Referenced from below Resources 10
  11. 11. Information Systems Management COMP 1486 ReferencesBook ReferencesBook Name : Business Information Systems 3rd EditionAuthor Name : Paul Bocij, Dave Chaffey, Andrew Greasley & Simon Hickie,ISBN : 0273688146 Publisher : CPI – Bath Press, UKBook Name : COBIT 3rd Edition Executive SummaryAuthor Name : COBIT Steering Committee and IT Governance InstituteISBN : 1-893209-15-6 Web References IT Governance Case Study URL : Management/ContentDisplay.cfm Access Date : 10th September 2012 Description of the IT Governance Used URL : Access Date : 15th September 2012 A critical Analysis of the Impact of the IT Governance on the Organization URL : ent/HTMLDisplay.cfm&ContentID=19657 ay.cfm&ContentID=19659 formatted.pdf, Access Date : 15th September 2012 11
  12. 12. Information Systems Management COMP 1486BibliographyAndrew Greasley, Paul Bocij, Dave Chaffey, Simon Hickie. (2006). Business InformationSystems (3rd Edition ed.). (A. Greasley, Ed.) England: CPI - Bath Press, UK.COBIT Steering Committee and IT Governance Institue. Executive Summary. In COBIT 3rdEdition. 12