Business ProjectProject Progress Evaluation Feedback Form .docx

Business Project
Project Progress Evaluation
Feedback Form Week 3
Date:
__________________________________________________
Student Name:
__________________________________________________
__________________________________________________
Project Title: Effect Of Increasing Training Budget
Project Type: Business Research
Researchers:
Has a topic been chosen and a problem statement created?
Yes { } NO { }
Was the problem statement submitted in a 1-4 page paper that
includes an introduction to the topic with appropriate
documentation?
Yes { } No { }
Specifically, if any, needs additional content or rewriting to
create more clarity? What specific recommendations do you
have to help in this process?
_____________________________________________________
___________________
_____________________________________________________
___________________

_____________________________________________________
___________________
_____________________________________________________
___________________
What is your workable timetable that states specific objectives
and target completion dates for completing the final draft of the
plan? Write the timetable below:
_____________________________________________________
___________________
_____________________________________________________
___________________
_____________________________________________________
___________________
_____________________________________________________
___________________
Feedback Form #3 – Project Proposal and Plan
▼
THE UK’S LEADING PROVIDER OF EXPERT SERVICES
FOR IT PROFESSIONALS
NATIONAL COMPUTING CENTRE
IT Governance
Developing a successful governance strategy

A Best Practice guide for decision makers in IT
IT Governance
A Best Practice guide for decision makers in IT
The effective use of information technology is now an accepted
organisational imperative - for
all businesses, across all sectors - and the primary motivation;
improved communications and
commercial effectiveness. The swift pace of change in these
technologies has consigned many
established best practice approaches to the past. Today's IT
decision makers and business
managers face uncertainty - characterised by a lack of relevant,
practical, advice and standards
to guide them through this new business revolution.
Recognising the lack of available best practice guidance, the
National Computing Centre has
created the Best Practice Series to capture and define best
practice across the key aspects of
successful business.
Other Titles in the NCC Best Practice series:
IT Skills - Recruitment and Retention ISBN 0-85012-867-6

The New UK Data Protection Law ISBN 0-85012-868-4
Open Source - the UK opportunity ISBN 0-85012-874-9
Intellectual Property Rights - protecting your intellectual assets
ISBN 0-85012-872-2
Aligning IT with Business Strategy ISBN 0-85012-889-7
Enterprise Architecture - understanding the bigger picture ISBN
0-85012-884-6
IT Governance - developing a successful governance strategy
ISBN 0-85012-897-8
Security Management - implementing ISO 27000 ISBN 0-
85012-885-4
All title are available from NCC see the website for further
details www.ncc.co.uk
The National Computing Centre - generating best practice
1
IT Governance
Developing a Successful
Governance Strategy
A Best Practice Guide for Decision Makers in IT
IT Governance Developing a Successful Governance Strategy
2 3
Foreword
For organisational investment in IT to deliver full value, it is
recognised that IT has to be fully aligned to business strategies
and direction, key risks have to be identified and controlled,

and legislative and regulatory compliance demonstrated. IT
Governance covers this and more, and in light of recent
corporate failures, scandals and failure, enjoys a higher profile
today
than ever before.
Back in 2003, IMPACT launched an IT Governance Specialist
Development Group (SDG) to identify the issues that need to be
addressed and to share and further develop the practical
approaches to IT governance used in their organisations.
Over the past two years, heads of IT governance from Abbey,
Aon, Avis, Barclays, BOC, DfES, Eli Lilly, Learning & Skills
Council, Legal & General, NOMS, Royal Mail and TUI Group
have examined what they identified as the key topics and, with
the guidance of IT governance expert Gary Hardy, have defined
the good practices captured in this guide.
For further information on the IMPACT Programme, its
Professional Development Programme and the IT Governance
and
CobiT Specialist Development Group, please contact Elisabetta
Bucciarelli on 0207 842 7900 or email [email protected]
impact-sharing.com. The IMPACT Programme is a division of
the National Computing Centre.
The IMPACT Programme
International Press Centre
76 Shoe Lane
London EC4A 3JB
IT Governance
A Best Practice Guide for decision makers in IT
Published by

The National Computing Centre
Oxford House
Oxford Road
Manchester
M1 7ED
Website: www.ncc.co.uk
Tel: 0161 242 2121
Fax: 0161 242 2499
First published November 2005
Copyright © National Computing Centre 2005
ISBN: 0-85012-877-8
British Cataloguing in Publication
A CIP catalogue record for this book is available from the
British Library
Printed and bound in the UK
All rights reserved: no part of this publication may be
reproduced, stored in a retrieval system, or transmitted in any
form or by any means,
electronic, mechanical, photocopying, recording or otherwise
without either the prior written permission of the authors and
Publisher or as
permitted by the Copyright, Designs and Patents Act 1988.
Enquiries for such permissions should be made to the Publisher.
Disclaimer
Every care has been taken by the authors, and by the National
Computing Centre, and associated working groups, in the
preparation of this
publication, but no liability whatsoever can be accepted by the

authors or by National Computing Centre, or associated NCC
working groups,
for actions taken based on information contained in this
document.
All trademarks acknowledged.
2 3
1 IT Governance – The Business Case . . . . . . . . . . . 4
1 . 1 W h y i s I T G o v e r n a n c e i m p o r t a n t ? . . .
. . . . . . . 5
1 . 2 W h a t d o e s I T G o v e r n a n c e c o v e r ? . . . .
. . . . . . 6
1 . 3 W h a t a r e t h e b e n e f i t s ? . . . . . . . . . . .
. . . . . . 6
1 . 4 W h a t i s I T G o v e r n a n c e b e s t p r a c t i c e ?
. . . . . . . 7
2 Performance Measurement . . . . . . . . . . . . . . . . .
. 9
2 . 1 W h y i s p e r f o r m a n c e m e a s u r e m e n t i m p
o r t a n t ? . 9
2 . 2 W h a t d o e s p e r f o r m a n c e m e a s u r e m e n t
c o v e r ? . 1 0
2 . 3 W h o a r e t h e s t a k e h o l d e r s a n d w h a t a r
e
t h e i r r e q u i r e m e n t s ? . . . . . . . . . . . . . . . .
. . . . 11
2 . 4 W h a t s h o u l d w e m e a s u r e ? . . . . . . . . .
. . . . . . 1 2

2 . 5 W h a t i s b e s t p r a c t i c e ? . . . . . . . . . . . .
. . . . . . 1 2
3 Implementation Roadmap . . . . . . . . . . . . . . . . . .
. 1 4
3 . 1 G o a l s a n d s u c c e s s c r i t e r i a . . . . . . . .
. . . . . . . 1 4
3 . 2 H o w t o g e t s t a r t e d . . . . . . . . . . . . . . .
. . . . . 1 5
3 . 3 W h o n e e d s t o b e i n v o l v e d a n d w h a t a r
e t h e i r
r o l e s a n d r e s p o n s i b i l i t i e s ? . . . . . . . . . .
. . . . . 1 6
4 Communication Strategy & Culture . . . . . . . . . . . . .
1 8
4 . 1 W h o d o w e n e e d t o i n f l u e n c e ? . . . . . .
. . . . . . 1 8
4 . 2 W h a t a r e t h e k e y m e s s a g e s ? . . . . . . . .
. . . . . 1 9
4 . 3 C o m m u n i c a t i o n b e s t p r a c t i c e s . . . . .
. . . . . . . 2 0
4 . 4 D e v e l o p i n g a n i n f l u e n c i n g s t r a t e g y .
. . . . . . . . 2 0
4 . 5 C h a n g e r o a d m a p . . . . . . . . . . . . . . . .
. . . . . 2 2
5 Capability Maturity & Assessment . . . . . . . . . . . . .
. 2 3
5 . 1 W h y I T c a p a b i l i t y i s i m p o r t a n t . . . . .
. . . . . . . 2 3
5 . 2 H o w t o m e a s u r e I T c a p a b i l i t y . . . . . .
. . . . . . . 2 4
5 . 3 S e t t i n g m a t u r i t y t a r g e t s a n d c o n s i d e r
i n g

i m p r o v e m e n t s . . . . . . . . . . . . . . . . . . . . .
. . . 2 5
5 . 4 R o a d m a p f o r s u s t a i n i n g t h e a p p r o a c h
. . . . . . . 2 5
5 . 5 S e l f a s s e s s m e n t t o o l . . . . . . . . . . . . .
. . . . . . 2 6
6 Risk Management . . . . . . . . . . . . . . . . . . . . .
. . . . 2 8
6 . 1 W h a t a r e t h e r i s k s ? . . . . . . . . . . . . . .
. . . . . . 2 8
6 . 2 W h a t i s t h e b e s t a p p r o a c h f o r r i s k a n a
l y s i s
a n d m a n a g e m e n t ? . . . . . . . . . . . . . . . . . .
. . 2 9
6 . 3 U s i n g s t a n d a r d s a n d b e s t p r a c t i c e s –
i s c e r t i f i c a t i o n u s e f u l ? . . . . . . . . . . . . .
. . . . . 3 0
6 . 4 W h a t a r e t h e r o l e s o f m a n a g e m e n t , s t a
f f
a n d a u d i t o r s ? . . . . . . . . . . . . . . . . . . . . .
. . . 3 1
6 . 5 W h o n e e d s t o b e c o m p e t e n t ? . . . . . . .
. . . . . . 3 1
6 . 6 W h a t c o m p e t e n c e i s r e q u i r e d ? . . . . . .
. . . . . . 3 2
6 . 7 H o w t o o b t a i n , d e v e l o p , r e t a i n a n d v e
r i f y
c o m p e t e n c e . . . . . . . . . . . . . . . . . . . . . .
. . . 3 3
6 . 8 W h e n t o s o u r c e c o m p e t e n c e f r o m o u t s

i d e . . . . 3 5
6 . 9 K e y l e a r n i n g p o i n t s . . . . . . . . . . . . .
. . . . . . . 3 5
7 Supplier Governance . . . . . . . . . . . . . . . . . . . .
. . . . 3 7
7 . 1 W h y i s s u p p l i e r g o v e r n a n c e i m p o r t a n
t ? . . . . . . 3 7
7 . 2 T h e c u s t o m e r ’s r o l e . . . . . . . . . . . . . .
. . . . . 3 8
7 . 3 H o w b e s t t o s e l e c t a s u p p l i e r . . . . . .
. . . . . . . 4 0
7 . 4 T h e c u s t o m e r / s u p p l i e r r e l a t i o n s h i p .
. . . . . . . . 4 0
7 . 5 S e r v i c e m a n a g e m e n t t e c h n i q u e s a n d S
L A S . . . 4 1
7 . 6 T h e s u p p l i e r / o u t s o u r c i n g g o v e r n a n c e
l i f e c y c l e . 4 2
8 IT & Audit Working Together and Using CobiT . . . . . 4 3
8 . 1 I n t r o d u c t i o n t o C o b i T . . . . . . . . . . . .
. . . . . . 4 3
8 . 2 H o w i s C o b i T b e i n g u s e d ? . . . . . . . . .
. . . . . . 4 4
8 . 3 W h a t a r e t h e r o l e s o f I T a n d a u d i t f o r
I T G o v e r n a n c e ? . . . . . . . . . . . . . . . . . . .
. . . 4 5
8 . 4 H o w c a n I T a n d i n t e r n a l a u d i t w o r k b e
t t e r
t o g e t h e r ? . . . . . . . . . . . . . . . . . . . . . . . .
. . . 4 5
9 Information Security Governance . . . . . . . . . . . . . .
4 8

9 . 1 B a c k g r o u n d . . . . . . . . . . . . . . . . . . .
. . . . . . 4 8
9 . 2 W h a t i s i n f o r m a t i o n s e c u r i t y ? . . . . .
. . . . . . . . 4 9
9 . 3 W h e r e t o f o c u s . . . . . . . . . . . . . . . . .
. . . . . . 5 0
9 . 4 R o l e s a n d r e s p o n s i b i l i t i e s . . . . . . . .
. . . . . . . 5 0
9 . 5 A c t i o n p l a n n i n g a n d b e s t p r a c t i c e . . .
. . . . . . . 5 2
10 Legal & Regulatory Aspects of IT Governance . . . . . 5 3
1 0 . 1 L e g a l a n d r e g u l a t o r y f a c t o r s a f f e c t i
n g
I T G o v e r n a n c e . . . . . . . . . . . . . . . . . . . .
. . . 5 3
1 0 . 2 R o l e s a n d r e s p o n s i b i l i t i e s . . . . . . .
. . . . . . . . 5 4
1 0 . 3 B e s t a p p r o a c h t o c o m p l i a n c e . . . . . .
. . . . . . . 5 5
1 0 . 4 W h a t I T h a s t o d o . . . . . . . . . . . . . . .
. . . . . . 5 6
1 0 . 5 D e a l i n g w i t h t h i r d p a r t i e s . . . . . . .
. . . . . . . . . 5 8
1 0 . 6 C r i t i c a l s u c c e s s f a c t o r s . . . . . . . . .
. . . . . . . . 5 9
11 Architecture Governance . . . . . . . . . . . . . . . . .
. . . 6 0
11 . 1 W h y i s a r c h i t e c t u r e g o v e r n a n c e i m p
o r t a n t ? . . . 6 0
11 . 2 W h a t a r e t h e o b j e c t i v e s o f a r c h i t e c t
u r e
g o v e r n a n c e ? . . . . . . . . . . . . . . . . . . . . . .

. . 6 1
12 Managing the IT Investment . . . . . . . . . . . . . . . .
. . 6 3
1 2 . 1 W h y i s m a n a g i n g t h e I T i n v e s t m e n t i
m p o r t a n t ? 6 3
1 2 . 2 P o r t f o l i o m a n a g e m e n t . . . . . . . . . . .
. . . . . . . 6 4
1 2 . 3 B e n e f i t s m a n a g e m e n t . . . . . . . . . . .
. . . . . . . 6 5
1 2 . 4 M e a s u r i n g i n v e s t m e n t p e r f o r m a n c e .
. . . . . . . 6 5
1 2 . 5 I m p r o v e v a l u e d e l i v e r y a n d R O I . . .
. . . . . . . . 6 6
1 2 . 6 M e a s u r i n g a n d c o n t r o l l i n g I T o p e r a t
i o n a l c o s t s 6 6
1 2 . 7 P r o j e c t r i s k m a n a g e m e n t . . . . . . . . .
. . . . . . . 6 6
13 Success Factors . . . . . . . . . . . . . . . . . . . . . .
. . . . 6 7
Contents
4 5
1 IT Governance – The Business Case
1.1 Why is IT Governance important? . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .5
1.2 What does IT Governance cover? . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6
1.3 What are the benefits? . . . . . . . . . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
1.4 What is IT Governance best practice? . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
The guide focuses on 12 key topics selected by the group
because of their importance to effective IT governance:
T h e b u s i n e s s c a s e – T h e o r g a n i s a t i o n n e e
d s t o u n d e r s t a n d t h e v a l u e p r o p o s i t i o n
P e r f o r m a n c e m e a s u r e m e n t – I s t h e s h i p “
o n c o u r s e ” ?
I m p l e m e n t a t i o n r o a d m a p – H o w t o s t a r t –
W h a t p a t h t o f o l l o w
C o m m u n i c a t i o n s – H o w t o e x p l a i n t h e o b j
e c t i v e s a n d c h a n g e t h e c u l t u r e
C a p a b i l i t y a s s e s s m e n t – F i n d i n g o u t t h e
t r u e c u r r e n t s t a t e o f I T g o v e r n a n c e
R i s k m a n a g e m e n t – W h a t r i s k s e x i s t a n d
h o w t o m a k e s u r e t h e y a r e d e a l t w i t h
S u p p l i e r g o v e r n a n c e – E x t e r n a l p a r t i e s p
l a y a b i g r o l e a n d m u s t b e i n c l u d e d
I T a n d a u d i t w o r k i n g t o g e t h e r – H o w t o c
o - o p e r a t e f o r a c o m m o n g o a l
I n f o r m a t i o n s e c u r i t y – A k e y t o p i c i n t o d
a y ’s n e t w o r k e d e n v i r o n m e n t
L e g a l a n d r e g u l a t o r y a s p e c t s – C o m p l i a n
c e i s a g l o b a l c o n c e r n
A r c h i t e c t u r e s – T h e f o u n d a t i o n f o r e f f e c
t i v e t e c h n i c a l s o l u t i o n s
M a n a g i n g i n v e s t m e n t s – E n s u r i n g v a l u e i
s d e l i v e r e d a n d b e n e f i t s r e a l i s e d
Implementation of this guidance, or indeed any IT best practice,
should be consistent with your organisation’s management
style and the way your organisation deals with risk management
and delivery of IT value. Please share these ideas with your

business users, external service providers, and auditors, since to
realise their full value, all stakeholders of IT services should
be involved.
All analysts currently agree that probably the biggest risk and
concern to top management today is failing to align IT to real
business needs, and a failure to deliver, or be seen to be
delivering, value to the business. Since IT can have such a
dramatic
effect on business performance and competitiveness, a failure to
manage IT effectively can have a very serious impact on the
business as a whole.
Corporate Governance generally has taken on even greater
significance. It is being recognised that IT has a pivotal role to
play
in improving corporate governance practices, because critical
business processes are usually automated and directors rely on
information provided by IT systems for their decision making.
With the growth of direct connection between organisations and
their suppliers and customers, and more and more focus on how
IT can be used to add value to business strategy, the need
to effectively manage IT resources and avoid IT failures and
poor performance has never been greater.
The current climate of cost reduction and budget restriction has
resulted in new norm – there is an expectation that IT
resources should always be used as efficiently as possible and
that steps are taken to organise these IT resources ready for
the next cycle of growth and new IT developments. A key
aspect of these factors is the increasing use of third party
service
providers and the need to manage these suppliers properly to
avoid costly and damaging service failures.
This briefing provides a high level set of business arguments

for IT Governance. It also explains how an IT Governance
initiative can enable business and IT executives to:
B e s u r e t h a t t h a t t h e y a r e a w a r e o f a l l I T
r e l a t e d r i s k s l i k e l y t o h a v e a n i m p a c t o n
t h e i r o r g a n i s a t i o n ;
K n o w h o w t o i m p r o v e t h e m a n a g e m e n t p r
o c e s s e s w i t h i n I T t o m a n a g e t h e s e r i s k s ;
E n s u r e t h e r e a r e m a n a g e a b l e r e l a t i o n s h i
p s w i t h s u p p l i e r s , s e r v i c e p r o v i d e r s a n d
w i t h t h e b u s i n e s s ( c u s t o m e r s ) ;
E n s u r e t h e r e i s a t r a n s p a r e n t a n d u n d e r s t
a n d a b l e c o m m u n i c a t i o n o f t h e s e I T
a c t i v i t i e s a n d m a n a g e m e n t p r o c e s s e s t o s
a t i s f y t h e B o a r d a n d o t h e r i n t e r e s t e d
s t a k e h o l d e r s .
4 5
IT Governance covers the culture, organisation, policies and
practices that provide this kind of oversight and transparency of
IT – IT Governance is part of a wider Corporate Governance
activity but with its own specific focus. The benefits of good IT
risk management, oversight and clear communication not only
reduce the cost and damage caused by IT failures – but also
engenders greater trust, teamwork and confidence in the use of
IT itself and the people trusted with IT services.
1.1 Why is IT Governance important?

IT Governance has become very topical for a number of
reasons:
I n t h e w a k e o f E n r o n a n d o t h e r c o r p o r a t e
s c a n d a l s , “ G o v e r n a n c e ” g e n e r a l l y h a s
t a k e n o n e v e n g r e a t e r s i g n i f i c a n c e . I T h a
s a p i v o t a l r o l e t o p l a y i n i m p r o v i n g
c o r p o r a t e g o v e r n a n c e p r a c t i c e s .
M a n a g e m e n t ’s a w a r e n e s s o f I T r e l a t e d r i
s k s h a s i n c r e a s e d .
T h e r e i s a f o c u s o n I T c o s t s i n a l l o r g a n i
s a t i o n s .
T h e r e i s a g r o w i n g r e a l i s a t i o n t h a t m o r e
m a n a g e m e n t c o m m i t m e n t i s n e e d e d t o
i m p r o v e t h e m a n a g e m e n t a n d c o n t r o l o f I
T a c t i v i t i e s .
IMPACT’s IT Governance Special Interest Group (SIG) has
examined these trends and found that the following issues drive
the need for IT Governance:
T h e r e i s a g e n e r a l l a c k o f a c c o u n t a b i l i t y
a n d n o t e n o u g h s h a r e d o w n e r s h i p
a n d c l a r i t y o f r e s p o n s i b i l i t i e s f o r I T s e r
v i c e s a n d p r o j e c t s . T h e c o m m u n i c a t i o n
b e t w e e n c u s t o m e r s ( I T u s e r s ) a n d p r o v i d
e r s h a s t o i m p r o v e a n d b e b a s e d o n j o i n t
a c c o u n t a b i l i t y f o r I T i n i t i a t i v e s .
T h e r e i s a p o t e n t i a l l y w i d e n i n g g a p b e t w
e e n w h a t I T d e p a r t m e n t s t h i n k t h e b u s i n e
s s
r e q u i r e s a n d w h a t t h e b u s i n e s s t h i n k s t h e
I T d e p a r t m e n t i s a b l e t o d e l i v e r.

O r g a n i s a t i o n s n e e d t o o b t a i n a b e t t e r u n
d e r s t a n d i n g o f t h e v a l u e d e l i v e r e d b y I T,
b o t h i n t e r n a l l y a n d f r o m e x t e r n a l s u p p l i
e r s . M e a s u r e s a r e r e q u i r e d i n b u s i n e s s ( t
h e
c u s t o m e r ’s ) t e r m s t o a c h i e v e t h i s e n d .
To p m a n a g e m e n t w a n t s t o u n d e r s t a n d “ h o
w i s m y o r g a n i s a t i o n d o i n g w i t h I T i n
c o m p a r i s o n w i t h o t h e r p e e r g r o u p s ? ”
M a n a g e m e n t n e e d s t o u n d e r s t a n d w h e t h e
r t h e i n f r a s t r u c t u r e u n d e r p i n n i n g t o d a y ’s
a n d t o m o r r o w ’s I T ( t e c h n o l o g y, p e o p l e , p
r o c e s s e s ) i s c a p a b l e o f s u p p o r t i n g
e x p e c t e d b u s i n e s s n e e d s .
B e c a u s e o r g a n i s a t i o n s a r e r e l y i n g m o r e
a n d m o r e o n I T, m a n a g e m e n t n e e d s t o b e
m o r e a w a r e o f c r i t i c a l I T r i s k s a n d w h e t h
e r t h e y a r e b e i n g m a n a g e d . F u r t h e r m o r e ,
i f t h e r e i s a l a c k o f c l a r i t y a n d t r a n s p a r e
n c y w h e n t a k i n g s i g n i f i c a n t I T d e c i s i o n s
,
t h i s c a n l e a d t o r e l u c t a n c e t o t a k e r i s k s a
n d a f a i l u r e t o s e i z e t e c h n o l o g y
o p p o r t u n i t i e s .
A n d f i n a l l y, t h e r e i s a r e a l i s a t i o n t h a t b e
c a u s e I T i s c o m p l e x a n d h a s i t s o w n f a s t
c h a n g i n g a n d u n i q u e c o n d i t i o n s , t h e n e e d
t o a p p l y s o u n d m a n a g e m e n t d i s c i p l i n e s
a n d c o n t r o l s i s e v e n g r e a t e r.
Stakeholders include:

To p l e v e l b u s i n e s s l e a d e r s s u c h a s t h e B o
a r d , E x e c u t i v e , n o n - E x e c s , a n d e s p e c i a l l
y
h e a d s o f F i n a n c e , O p e r a t i o n s a n d I T.
T h o s e t h a t h a v e a r e s p o n s i b i l i t y f o r i n v e
s t o r a n d p u b l i c r e l a t i o n s .
I n t e r n a l a n d e x t e r n a l a u d i t o r s a n d r e g u l
a t o r s .
M i d d l e l e v e l b u s i n e s s a n d I T m a n a g e m e n
t .
K e y b u s i n e s s p a r t n e r s a n d s u p p l i e r s .
S h a r e h o l d e r s .
C u s t o m e r s .
Concerns they typically have include:
Av a i l a b i l i t y, s e c u r i t y a n d c o n t i n u i t y o f I
T s e r v i c e s .
C o s t s a n d m e a s u r a b l e r e t u r n s o n i n v e s t m
e n t s .
Q u a l i t y a n d r e l i a b i l i t y o f s e r v i c e – n o e
m b a r r a s s m e n t s .
I T n o t a p p e a r i n g t o r e s p o n d t o t h e r e a l n
e e d s o f t h e b u s i n e s s .
I d e n t i f i c a t i o n a n d m a n a g e m e n t o f I T r e l
a t e d r i s k s t o t h e b u s i n e s s .
IT Governance – The Business Case1
6 7

C a p a b i l i t y a n d s k i l l s o f h u m a n r e s o u r c e s
.
C o m p l i a n c e t o l e g a l , r e g u l a t o r y a n d c o n t
r a c t u a l r e q u i r e m e n t s .
R e s p o n s i v e n e s s a n d n i m b l e n e s s t o c h a n g
i n g c o n d i t i o n s .
1.2 What does IT Governance cover?
IT Governance is a relatively new concept as a defined
discipline and is still evolving.
IT Governance is not just an IT issue or only of interest to the
IT function. In its broadest sense it is a part of the overall
governance of an entity, but with a specific focus on improving
the management and control of Information Technology for the
benefit of the primary stakeholders. Ultimately it is the
responsibility of the Board of Directors to ensure that IT along
with other
critical activities is adequately governed. Although the
principles are not new, actual implementation requires new
thinking
because of the special nature of IT.
IT Governance spans the culture, organisation, policy and
practices that provide for IT management and control across
five key areas1:
A l i g n m e n t – P r o v i d e f o r s t r a t e g i c d i r e c t
i o n o f I T a n d t h e a l i g n m e n t o f I T a n d t h e
b u s i n e s s w i t h r e s p e c t t o s e r v i c e s a n d p r o
j e c t s .
Va l u e D e l i ve r y – C o n f i r m t h a t t h e I T / B u s
i n e s s o r g a n i s a t i o n i s d e s i g n e d t o
d r i v e m a x i m u m b u s i n e s s v a l u e f r o m I T. O

v e r s e e t h e d e l i v e r y o f v a l u e b y I T t o t h e
b u s i n e s s , a n d a s s e s s R O I .
R i s k M a n a ge m e n t – A s c e r t a i n t h a t p r o c e s
s e s a r e i n p l a c e t o e n s u r e t h a t r i s k s
h a v e b e e n a d e q u a t e l y m a n a g e d . I n c l u d e a
s s e s s m e n t o f t h e r i s k a s p e c t s o f I T
i n v e s t m e n t s .
Re s o u r c e M a n a ge m e n t – P r o v i d e h i g h - l e v
e l d i r e c t i o n f o r s o u r c i n g a n d u s e o f I T
r e s o u r c e s . O v e r s e e t h e a g g r e g a t e f u n d i n
g o f I T a t e n t e r p r i s e l e v e l . E n s u r e t h e r e i
s
a n a d e q u a t e I T c a p a b i l i t y a n d i n f r a s t r u c t
u r e t o s u p p o r t c u r r e n t a n d e x p e c t e d f u t u r
e
b u s i n e s s r e q u i r e m e n t s .
Pe r fo r m a n c e M e a s u r e m e n t – Ve r i f y s t r a t e
g i c c o m p l i a n c e , i . e . a c h i e v e m e n t
o f s t r a t e g i c I T o b j e c t i v e s . R e v i e w t h e m e
a s u r e m e n t o f I T p e r f o r m a n c e a n d t h e
c o n t r i b u t i o n o f I T t o t h e b u s i n e s s ( i . e . d
e l i v e r y o f p r o m i s e d b u s i n e s s v a l u e ) .
IT Governance is not a one-time exercise or something achieved
by a mandate or setting of rules. It requires a commitment
from the top of the organisation to instil a better way of dealing
with the management and control of IT. IT Governance is an
ongoing activity that requires a continuous improvement
mentality and responsiveness to the fast changing IT
environment.
IT Governance can be integrated within a wider Enterprise
Governance approach, and support the increasing legal and
regulatory requirements of Corporate Governance.

1.3 What are the benefits?
Investments are likely to be needed to improve and develop the
IT Governance areas that need attention. It is important
therefore, to begin with as good a definition as possible of the
potential benefits from such an initiative to help build a viable
business case. The expected benefits can then become the
project success criteria and be subsequently monitored.
The IMPACT IT Governance SIG has identified the following
main areas of benefit likely to arise from good IT Governance:
Transparency and Accountability
I m p r o v e d t r a n s p a r e n c y o f I T c o s t s , I T p r
o c e s s , I T p o r t f o l i o ( p r o j e c t s a n d s e r v i c e
s ) .
C l a r i f i e d d e c i s i o n - m a k i n g a c c o u n t a b i l i
t i e s a n d d e f i n i t i o n o f u s e r a n d p r o v i d e r
r e l a t i o n s h i p s .
Return on Investment/Stakeholder Value
I m p r o v e d u n d e r s t a n d i n g o f o v e r a l l I T c o
s t s a n d t h e i r i n p u t t o R O I c a s e s .
C o m b i n i n g f o c u s e d c o s t - c u t t i n g w i t h a n
a b i l i t y t o r e a s o n f o r i n v e s t m e n t .
S t a k e h o l d e r s a l l o w e d t o s e e I T r i s k / r e t u
r n s .
I m p r o v e d c o n t r i b u t i o n t o s t a k e h o l d e r r e
t u r n s .
1. Board Briefing on IT Governance, 2nd Edition, the IT
Governance Institute®.

6 7
E n h a n c e m e n t a n d p r o t e c t i o n o f r e p u t a t i o
n a n d i m a g e .
Opportunities and Partnerships
P r o v i d e r o u t e t o r e a l i s e o p p o r t u n i t i e s t h
a t m i g h t n o t r e c e i v e a t t e n t i o n o r
s p o n s o r s h i p .
P o s i t i o n i n g o f I T a s a b u s i n e s s p a r t n e r (
a n d c l a r i f y i n g w h a t s o r t o f b u s i n e s s p a r t
n e r
I T i s ) .
F a c i l i t a t e j o i n t v e n t u r e s w i t h o t h e r c o m
p a n i e s .
F a c i l i t a t e m o r e b u s i n e s s l i k e r e l a t i o n s h i
p s w i t h k e y I T p a r t n e r s ( v e n d o r s a n d
s u p p l i e r s ) .
A c h i e v e a c o n s i s t e n t a p p r o a c h t o t a k i n g
r i s k s .
E n a b l e s I T p a r t i c i p a t i o n …
Harrisburg University
ISEM 547
Governance Overview & Corporate Governance

Objectives
Components of Governance
What is Corporate Governance
Good Governance & Best Practices
2
What is Governance?
3
What is Governance ?
Governance incorporates all the guiding principles, codes of
conduct, regulations, processes, procedures, and polices that
coordinate and control an organization’s resources and actions
Governance frameworks often take the form of councils, boards,
and committees that ensure accountability and compliance.
4

Key components of Governance Framework
5
Components of Governance Frameworks
Governing Bodies: these are entities established within the
organization for the creation, execution, and management of
governance (Boards, Committees, Councils, Workgroup);
Board: is a group of people who have the oversight, power, and
authority to decide and control the workings of and
organization. They are more strategic, set the direction, and can
delegate its functions and authority to a committee.
Committees: are usually subgroups created and sanctioned by
the board to carry out much of the detail work for specific
purposes with formal charter and protocols. Committee
members are usually assigned due to their expertise and/or have
a vested interest.
Council: an official government body with the power to make
and/or enforce laws to control a country, land area, people or
organization. Note: legal council is often consulted regarding
IT matters.
Workgroup: is a ad hoc group of subject-matter experts of
individuals assembled to work together on a common goal or
task. Often formed to work with committees on specific
initiatives for a limited time period then disbanded when the
task has been completed.

Organizations usually has a mix of business and IT related
governing entities.
6
Policy: are principles, rules, and protocols formulated or
adopted by an organization to govern its actions.
Procedures are specific instructions to be used to implement
policy requirements in a specific way; they are enforceable
through the policy
Guidelines are general rules, practices, and/or instructions that
can be referenced to comply with policy; they are not
enforceable but recommended as best practices that should be
followed
Policies should have a formal lifecycle and change management
process
7
Standards: refer to something that is considered by an authority
or by general consent as a basis of comparison (e.g., industry,
protocols, academic, etc.)

Metric: is a quantifiable measure that is used to track and assess
the status of a specific process, system, or entity. Metrics can
be used to determine status, effectiveness or compliance (e.g.,
governing bodies, policies, processes, procedures, systems,
components, etc.)
8
Enterprise Risk Management: Risk management is the
identification, assessment, and prioritization of risks to
minimize, monitor, and control the probability and/or impact of
unfortunate events or to maximize the realization of
opportunities.
Training: is an effective mechanism used for stakeholder
awareness regarding governing bodies and policies are
important to inform and educate stakeholders
Communications: define communication strategies and plans for
stakeholders when instituting new or making changes to existing
governance frameworks within the organization.
9
IT Governance Frameworks
Governance Pro
10

Good Governance
Governance Pro
11
Characteristics of Good Governance
Good governance has eight major characteristics: participatory,
consensus oriented, accountable, transparent, responsive,
effective and efficient, equitable and inclusive, and follows the
rule of law.
Rule of Law requires fair legal frameworks that are enforced by
an impartial regulatory body, for the full protection of
stakeholders.
Transparency means that information should be provided in
easily understandable forms and media, freely available and
directly accessible
Governance Pro
12

Responsiveness requires that organizations and their processes
are designed to serve the best interests of stakeholders within a
reasonable timeframe
Consensus Oriented requires consultation to understand and best
serve the different interests of all stakeholders affected by the
policy.
Equity and Inclusiveness the organization that provides the
opportunity and mechanisms for its stakeholders to improve
their well-being
Effectiveness and Efficiency means that the processes
implemented by the organization to produce favorable results
and meet the needs of its stakeholders
Governance Pro
13
Accountability is a key tenet of good governance. Who is
accountable for what should be documented in policy
statements.
Participation inclusion of both men and women, either directly
or through legitimate representatives, is a key cornerstone of
good governance.
Governance Pro
14
Corporate Governance
MIT Sloan School Center for Information Systems Research

(CISR)
15
Senior Executive Team
Strategy
Desired Behaviors & Outcomes
Board of Directors
Governance Committees & Workgroups
Key Corporate Assets
Human Assets
Financial Assets
Physical Assets
Data/Information & IT Assets
Brand Reputation
Relationship Assets
IP Assets
Key Asset Governance
Legal & Regulatory
Shareholders
Other Stakeholders
Risk Management Policies & Procedures Audits &
Compliance
Standards Organizations
IT Governance
What is Corporate Governance ?
Corporate governance is the system of rules, practices and
processes by which a company is directed and controlled
Is a framework of values, rules, policies, and practices by which

the Board of Directors (BOD) ensures accountability, fairness,
and transparency in a company.
Corporate governance involves balancing the many interests of
the stakeholders of a corporation and the protection of corporate
assets
16
Corporate Governance Framework
Corporate BOD via senior executive team authorizes the
establishment and provides oversite of governing bodies that
align with corporate strategy and drive desired behaviors and
outcomes
Governance committees and workgroups are the workhorse of
the corporate governance framework
IT Governance is a subset of Corporate Governance
17
Corporate Governance Framework - Assets
Human Assets
Financial Assets
Physical Assets
Brand-Reputation Asset
IP Assets

Relationship
Data/Information & IT Assets
18
Benefits of Corporate Governance
Legal compliance
Improves Company Reputation
Establishes oversight, transparency, accountability, and controls
in place that are in best interest of the company
Shareholder Wealth Creation
Decrease conflicts and fraud
Fewer Fines, Penalties, & Lawsuits
Increase competitiveness and higher market valuation
19
What are the governing bodies associated with corporate
governance?
Has anyone been a part of a corporate governing body (e.g.,
board, committee, workgroup)? Do you feel corporate policies

are effective?
What was the purpose of the governing body and what decisions
did they make?
What are the characteristics of good governance?
What assets are to be protected through corporate governance?
Where is IT Governance in relationship to corporate
governance?
20
Group Discussion Questions
Assignments
Chapter 8 (IT Managers Handbook)
Homework 3: Corporate & IT Governance Frameworks
Project 2:
Part A: Create an IT Governance Matrix
Part B: Create a Governance Charter for Enterprise Security
Committee
Part C: Write a Information Security Policy for Data
Classifications
21
Harrisburg University

ISEM 547
IT Governance
Objectives
What is IT Governance
Key Stakeholders & Respective Concerns
Importance of IT Governance
Benefits of IT Governance
Best Practices
IT Governance Areas (High-level Frameworks)
Governing Entities in an Organization
Defining Charters for Governing Entities
2
IT Governance
3
What is IT Governance?
4

IT Principles (Alignment & Value Delivery)
Data/Information Governance
Application Governance
IT Architecture Governance
IT Financial Governance
Project Portfolio Governance
Infrastructure Governance
Process Governance
Contract & Procurement
Governance
Vendor/Supplier Governance
Service Governance
Security
Risk Management
Audits & Compliance
Continuity
Sustainability
Ethics
Performance
Capabilities
Legal Regulatory
IT Governance
IT Decisions & Outcomes
IT Governance is a subset discipline of Corporate Governance
IT Governance covers the culture, organization, policies, and
practices that provide the proper due diligence, controls,
oversight, and transparency of IT
Ultimately it is the responsibility of the Board of Directors to

ensure that IT is adequately governed
5
IT Governance is not a one-time exercise or something achieved
by a mandate or setting of rules.
It requires a commitment from the top of the organization
IT Governance is an ongoing activity that requires a continuous
improvement in responses to the fast-changing business and IT
environments
IT Governance can be integrated within a wider Enterprise
Governance approach, and support the increasing legal and
regulatory requirements of Corporate Governance
6
IT Governance Framework (Key Areas)
Data/Information Governance
Application Governance
Architecture Governance
Service Governance
Infrastructure Governance
Vendor/Supplier Governance
Financial Governance
Project & Portfolio Governance

Process Governance
Contracts & Procurements Governance
7
Definitions:
IT Principles are a related set of high-level statements about
how IT is used in the business to achieve its goals and
objectives.
IT Infrastructure refers to an enterprise's entire collection of
hardware, software, networks, data centers, facilities and related
equipment used to develop, test, operate, monitor, manage
and/or support business and IT services.
IT Architecture is an organized set of consensus decisions on
policies & principles, services & common solutions, standards
& guidelines as well as specific vendor products used by IT
providers both inside and outside the organization to support
business and IT services.
IT Services A set of related functions provided or facilitated by
the IT organization in support of one or more business areas. IT
technical and professional services enable organizations in the
creation, management and optimization of or access to
information and business processes.
IT service management (ITSM) refers to the entirety of
activities – directed by policies, organized and structured in
processes and supporting procedures – that are performed by an

organization or part of an organization to plan, design, build,
deliver, operate and control IT services offered to customers.
8
IT Governance
Purpose & Importance of IT Governance
9
What is Purpose of IT Governance?
In every organization, IT governance must address eight
interrelated IT decisions:
IT Principals & Controls
IT Services
IT Architecture
IT Infrastructure
Business Applications
Data/Information
Cybersecurity
IT Investment & Prioritization
These decisions are critical to the success of the digital
enterprise
10

What is Purpose of IT Governance?
IT Governance purpose is to ensure that the proper processes,
controls, procedures, polices, legal, and management practices
are in place.
Key areas auditor’s look at regarding IT governance:
Alignment (all areas)
Risk Management
IS/IT Management
Financial Management
Vendor/Supplier Management
Data/Information Security
Resource Management
Compliance
11
Importance of IT Governance?
Increased corporate awareness of cyber security and other IT
related risks
Validate protection, acquisition, or replacement strategies of IT
assets
Improve the management and control of IT activities (indirect
or direct impact on business outcomes)
Improve clarity and transparency regarding significant IT
decisions
Ensure accountability, ownership, and clarity of responsibilities
for IT services, projects, and investments

Promote consistent architecture and utilization of industry
standards
Better understanding of the value delivered by IT, both
internally and from external suppliers
Cost controls and operational efficiency
Proper management of IT assets and investments
Compliance with internal and external auditors and regulators
12
IT Governance
Stakeholders of IT Governance
13
Stakeholders of IT Governance?
Top level business leaders
Investors and public relations
Internal and external auditors and regulators
Middle level business and IT management
Business partners and suppliers
Shareholders
Customers/Citizens
Auditors

14
Concerns of Stakeholders
Availability, security and continuity of Business and IT
services
Costs and measurable returns on investments
Quality and reliability of services
IT inability to respond to business needs
Identification and management of IT related risks to the
business
Compliance to legal, regulatory and contractual requirements
Responsiveness and nimbleness to changing conditions
Use and protection of customer data, information, and other
corporate computing assets
15
IT Governance
Benefits of IT Governance
16

Benefits of Governance
IT Governance Specialist Development Group (SDG) has
outlined some key benefits associated with IT Governance:
Transparency and Accountability
Return on Investment/Stakeholder Value
Enhancement and protection of reputation and image
Improved outcomes regarding key IT governance decisions
17
Benefits of Governance
Enhancement and protection of reputation and image
Improved transparency and outcomes regarding key IT
governance decisions
Expansion of Business Opportunities & Partnerships
Performance Improvement
Ensure Compliance (Internal & External)
18
IT Governance
Best Practices of IT Governance
19

An enterprise wide approach should be adopted
Top level commitment backed up by clear accountability is a
necessity
An agreed IT Governance and control framework is required
20
Trust needs to be gained for the IT function (in house and/or
external)
Stakeholder Management
Establish Process Governance & Assessment Method

21
Process Governance and Assessments?
22
Creating IT Governance Program
Secure executive sponsorship with clear direction, goals, and
objectives for establishing an enterprise IT governance program
Establish IT Governance Steering Committee (Cross-functional
representation)
Define the strategy for establishing the enterprise IT
governance program with CFS (e.g., governing bodies and
frameworks, IT policy lifecycle management, risk management,
and key IT areas)
Coordinate with key stakeholders to define an executable
transition roadmap and timeframes
Establish a deliverables based project plan using a phased
approach
Celebrate accomplishments and leverage lessons learned for

course corrections and continuous improvement
23
What key areas should be incorporated into your organization’s
IT governance framework?
Has anyone been a part of a IT governing body (e.g., board,
committee, workgroup)?
What was the purpose of the IT governing body and what
decisions did they make?
Outline some key areas auditor’s look at regarding IT
governance?
Why is IT Governance important?
What are some of the key benefits that can be derived from IT
Governance?
24
Group Discussion Questions
IT Governance Frameworks

Governing Bodies
25
IT Governance Framework
IT governance framework should have defined governing
entities specific to IT domain and governance decision areas
Membership will be based on organizational positions, roles,
and subject matter expertise
Purpose, objectives, membership, decision authority,
interrelationship, meeting frequency should all be defined in a
charter for each governing body
Each governing body should have a designated Chair Person or
Coe-Chairs appointed
Charters should be reviewed and signed by executive
management
It is not uncommon to have IT managers serve on multiple
governing bodies or participate on a needs be bases for matters
that cross domain boundaries
Arbitration and final decision authority rests with an executive
steering committee or board
IT governance frameworks should be structured to push
decisions to the lowest level possible based on the predefined
criteria (e.g., thresholds, policy, authority, type, elevation
conditions, etc.)
Alignment of IT portfolios and change management processes
are vital for effective IT governance frameworks (e.g., services,
applications, security, policy, infrastructure, architecture)

26
IT Governance Framework
27
Information Technology Executive Board
Data/Information Committee
Enterprise Security Committee
Architecture & Infrastructure Committee
Enterprise IT Services Committee
Enterprise Application Committee
Business & IT Strategic Plans
IT Portfolios
IT Finance & Budget
IT Contracts & Procurements
Recommending bodies with limited delegated decision authority
Decision Making Body
Senior Executive Team
IT Service Governance Framework?
28

Data Governance Framework?
29
IT Governance Framework - Matrix
30Governing
EntityPurposeScope/JurisdictionResponsibilitiesDecisionsDeliv
erablesMembershipInter-RelationshipBusiness & IT Executive
BoardData/Information CommitteeEnterprise Application
CommitteeArchitecture & Infrastructure Committee Enterprise
Security CommitteeEnterprise IT Services Committee
IT Governance Matrix
Creating Governance Entity Charters
31

What is a Charter ?
A formal document that defines a governing entity granting
certain rights, privileges, and authority to monitoring the
actions, policies, practices, and decisions of organizations.
Defines its purpose, responsibilities, composition, and mandates
its function(s) and lays down rules for its conduct and
delegation of authority.
Charters are usually authorized or revoked by corporate
executives
32
Charter Elements
Each governance entity within and organization should have a
charter document with executive approval
IT Governance charter document contains the following
sections:
Governance Entity Name
Purpose
Scope/Jurisdiction
Objectives
Responsibilities
Decision Authority
Membership Chair Person(s) & Members (appointments and
rotation)
Deliverables
Structure (meeting frequency and location)
Relationships (Other governing entities)
Executive Signatures (CEO, CIO, COO, etc.) & Dates
Version Control

The organization who is responsible for policy lifecycle
management usually facilitate the creation and maintenance of
the IT Governance Charters
33
What happens when there is a lack of collaboration and synergy
between these governing entities?
Why is it important to have a governance matrix and charters
defined for your IT governance framework?
34
Group Discussion
Assignments
Chapter 8 (IT Managers Handbook)
Homework 3: Corporate & IT Governance Frameworks
Project 2:
Part A: Create an IT Governance Matrix
Part B: Create a Governance Charter for Enterprise Security

Committee
Part C: Write a Information Security Policy for Data
Classifications
35

Business ProjectProject Progress Evaluation Feedback Form .docx

Recommended

Recommended

More Related Content

Similar to Business ProjectProject Progress Evaluation Feedback Form .docx

Similar to Business ProjectProject Progress Evaluation Feedback Form .docx (20)

More from felicidaddinwoodie

More from felicidaddinwoodie (20)

Recently uploaded

Recently uploaded (20)

Business ProjectProject Progress Evaluation Feedback Form .docx