IT Governance Vs IT Management Presentation V0.1


Published on

IT Governance versus IT Management what is the difference?

IT Governance Vs IT Management Presentation V0.1

  1. 1. START<br />START<br />
  2. 2. Tools & Techniques for<br />IT Governance<br />& Management<br />Richard Willis<br />
  3. 3. Background<br />Information<br />
  4. 4. BackgroundInformation<br />Examples of well-known IT failures<br /><ul><li>Virgin Blue
  5. 5. National Australia Bank
  6. 6. Commonwealth Bank of Australia</li></ul>Necessity for a comprehensive IT governance model<br />Common frameworks and standards for IT operations<br /><ul><li>ITIL
  7. 7. COBIT
  8. 8. ISO/IEC 38500:2008
  9. 9. ISO/IEC 27001
  10. 10. CMMI
  11. 11. Balanced Scorecard
  12. 12. Six Sigma</li></li></ul><li>Corporate<br />Governance<br />
  13. 13. Corporate<br />Governance<br />UTS Centre for Corporate Governance:<br />“Corporate governance is the system by which business corporations are directed and controlled.”<br />Corporate management vs. governance<br />Adapted from Tricker (2009)<br />
  14. 14. Information<br />Technology<br />Governance<br />
  15. 15. Information Technology<br />Governance<br />IT Governance Institute definition:<br />“IT Governance is the responsibility of the Board of Directors and the Executive Management”<br />Key IT Governance Functions<br /><ul><li>IT governance is about “who is entitled to make major decisions”
  16. 16. IT governance is about “who has input”
  17. 17. IT governance is about: “who is accountable for implementing those decisions”
  18. 18. IT governance is different from IT management</li></li></ul><li>Information Technology<br />Governance<br />
  19. 19. Information Technology<br />Governance<br />Source: Henderson and Venkatraman (1993)<br />
  20. 20. IT Governance<br />Vs.<br />IT Management<br />
  21. 21. IT Governance vs.<br />IT Management<br />IT governance<br /><ul><li>Primarily concerned with facilitating (strategic) decision making
  22. 22. Organisation specific and cannot be delegated to the market</li></ul>IT service management<br /><ul><li>More focused on the operational excellence of the IT function
  23. 23. Focused on the effective and efficient internal supply of IT services and products
  24. 24. Focused on the management of present IT operations
  25. 25. Elements can be commissioned to an external provider </li></li></ul><li>IT Governance vs.<br />IT Management<br />Business<br />Orientation<br />External<br />Internal<br />IT <br />Governance<br />IT <br />Management<br />Time <br />Orientation<br />Present<br />Future<br />
  26. 26. IT Governance & Corporate Governance<br />
  27. 27. IT Governance &<br />Corporate Governance<br />IT departments as strategic partners:<br /><ul><li>No longer just an expense
  28. 28. A tool for increasing business</li></ul>IT departments…<br /><ul><li>First emerged in 1993
  29. 29. Deal primarily with the relationship between strategic objectives and IT management</li></li></ul><li>IT Governance &<br />Corporate Governance<br />Source: Effective Governance Pty Ltd (2010)<br />
  30. 30. Why Adopt IT<br />Governance?<br />
  31. 31. Why Adopt IT<br />Governance?<br />IT Governance increases profit margins, raises market capitalisation, enhances shareholder returns.<br />Companies with above average IT Governance are 20% more profitable<br />Investors pay 14%-22% more for well-run, well-governed<br />Top-rated Corporate Governance companies return more than triple to investors<br />Problems with IT Governance<br />Often confused with good management practices and IT control frameworks<br />More important to be focused on value and performance than on risk and compliance<br />
  32. 32. Why Adopt IT<br />Governance<br />Tools to guide the governance of IT functions<br /><ul><li>ISO/IEC 38500:2008
  33. 33. COBIT
  34. 34. ITIL
  35. 35. ISO/IEC 27001
  36. 36. CMMI
  37. 37. TickIT
  38. 38. Balanced Scorecard
  39. 39. Six Sigma
  40. 40. TOGAF</li></li></ul><li>COBIT<br />Control Objectives for Information<br />and Related Technologies<br />
  41. 41. COBIT<br />Control Objectives for Information and Related Technologies<br />A set of best practices (framework) for IT management<br />Created in 1996 by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI)<br />Provides a high-level, comprehensive IT governance and control framework<br />COBIT consists of three main parts: <br />Control framework<br />Management guideline <br />Implementation toolset<br />COBIT awareness exceeds 50%; adoption and use is around 30%<br />
  42. 42. ISO/IEC 38500:2008 <br />Corporate Governance of Information Technology<br />
  43. 43. ISO/IEC 38500:2008 <br />Corporate Governance of Information Technology<br />The ISO/IEC 38500:2008 standard provides a framework, vocabulary and six principles for good ICT governance <br />Responsibility - establish clearly understood responsibilities for ICT management<br />Strategy - plan ICT to best support the organisation’s strategy;<br />Acquisition - acquire ICT for valid reasons<br />Performance - ensure that ICT performs well, whenever required<br />Conformance - ensure ICT conforms with legislation and policies <br />Human behaviour - ensure ICT respects human factors<br />
  44. 44. ISO/IEC 38500:2008 <br />Corporate Governance of Information Technology<br />Directors should govern IT through three main tasks<br />Evaluate the current and future use of IT;<br />Direct preparation and implementation of plans and policies <br />Monitor conformance to policies, and performance against the plans<br />
  45. 45. ISO/IEC 38500:2008 <br />Corporate Governance of Information Technology<br />Six Sigma can be applied<br />Model for Corporate Governance of IT<br />ISO/IEC 38500:2008<br />
  46. 46. ITIL<br />Information Technology<br />Infrastructure<br />Library<br />
  47. 47. ITIL<br />Information Technology Infrastructure Library<br />A public framework that describes Best Practice in IT service management <br />Most widely accepted approach to IT service management in the world<br />Key improvement to ITIL V3: Addition of the Continual Service Improvement (CSI) Process<br />
  48. 48. ITIL<br />Information Technology Infrastructure Library<br />The 5 processes<br />Continual Service Improvement (CSI)<br />Service Strategy<br />Service Design<br />Service Transition<br />Service Operation<br />Continual Service Improvement (CSI): 3 key processes for effective implementation of continual improvement<br />The 7-Step Improvement Process<br />Service Measurement<br />Service Reporting <br />
  49. 49. ITIL<br />Information Technology Infrastructure Library<br />The 7 Steps<br />Step 1 - Define what you should measure <br />Step 2 - Define what you can measure <br />Step 3 - Gather the data <br />Step 4 - Process the data <br />Step 5 - Analyse the data<br />Step 6 - Present and use the Information<br />Step 7- Implement corrective action<br />
  50. 50. IT Governance<br />Maturity<br />
  51. 51. IT Governance<br />Maturity<br />With formal processes and structures – such as an IT strategy and steering groups – the organisation can better: <br />align IT strategy with the business strategy <br />transform high level strategic goals into actual IT projects<br />establish procedures for prioritising IT projects that are understood and supported by all senior managers<br />
  52. 52. IT Governance<br />Maturity<br />Source: Control Objectives for Information and related Technology (COBIT)<br />IT Governance Maturity Levels<br />
  53. 53. Governance &<br />Management Tools<br />
  54. 54. Governance&<br />Management Tools<br />Many tools can be used separately and together<br />Some tools are more suited to governance, some more to management<br />Requirement is to develop a framework that integrates both IT governance and management into the wider business<br />
  55. 55. Conclusions<br />
  56. 56. Conclusions<br />IT is now a regular agenda item for corporate boards<br />IT governance is a component of corporate governance <br />Major difference between IT management and governance:<br />IT management is internally and present time focused,<br />IT governance is externally focused and future orientated<br />
  57. 57. Conclusions<br />Implications: IT is no longer just a tool, it is an organisation’slife blood<br />Limitations: BSC tends to be broad brush tool for strategy, whereas a surgical tool is needed for IT governance<br />Future directions<br />Develop an IT Governance Maturity Model (ITMM) based on the standard 5 steps of CMMI<br />ITMM would allow the classification of the management tools to determine its position on the life cycle of IT governance<br />Evaluate ITMM across various industry types, sizes and locations to allow organisations to determine their relative maturity when benchmarked against similar entities<br />
  58. 58. END OF SHOW<br />START<br />