The document provides information about an upcoming training on IT Governance to be delivered by Goutama Bachtiar. It includes details about the trainer's background and experience in IT advisory, consulting, auditing, and education. The training objectives are to address key knowledge areas related to IT Governance domains such as framework, strategy alignment, value delivery, risk management, and performance measurement. The targeted participants are corporate and IT management, IT auditors, and senior IT management. The training agenda covers various topics around governance vs management, frameworks, strategy, value, risk, performance and more. It also discusses the ISACA CGEIT certification domains that the training maps to.
According to Gartner, "The stongest performing IT organizations are distinguished by strong strategy practices. The weak performing IT organizations are distinguished by weak delivery practices."
Having an IT strategy and executing it are important.
This brief presentation covers:
1. Why IT Strategy?
2. What does a great IT Strategy look like?
3. How to create a great IT Strategy
4. How to make the IT Strategy real
IT Governance – The missing compass in a technology changing worldPECB
The webinar covers:
• Overview of IT Governance
• Benefits of IT Governance
• IT Governance implementation : Approach and Methodology
• Key critical success factors
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB partner.
Link of the recorded session published on YouTube: https://youtu.be/Ux_Yk4JLy0M
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
According to Gartner, "The stongest performing IT organizations are distinguished by strong strategy practices. The weak performing IT organizations are distinguished by weak delivery practices."
Having an IT strategy and executing it are important.
This brief presentation covers:
1. Why IT Strategy?
2. What does a great IT Strategy look like?
3. How to create a great IT Strategy
4. How to make the IT Strategy real
IT Governance – The missing compass in a technology changing worldPECB
The webinar covers:
• Overview of IT Governance
• Benefits of IT Governance
• IT Governance implementation : Approach and Methodology
• Key critical success factors
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB partner.
Link of the recorded session published on YouTube: https://youtu.be/Ux_Yk4JLy0M
Almost every business decision requires executives and managers to balance risk and reward, and efficiency in that process is essential to an enterprise’s success. Too often though, IT risk (business risk related to the use of IT) is overlooked.
While other business risks such as market, credit and operational risks have long been incorporated into the decision-making processes, IT risk has usually been relegated to technical specialists outside the boardroom, despite falling under the same risk category as other business risks: failure to achieve strategic objectives.
This session intends to address business risks related to the use of IT, looking at industry standards, frameworks and best practices, as well as focusing on real world examples and specific plans on how to implement IT Risk Management on every level of your company.
This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here:
http://flevy.com/browse/business-document/it-strategy-209
This is a comprehensive document on Information Technology (IT) / Management Information Systems (MIS) Strategy.
This document includes IT strategy frameworks, critical success factors, detailed project approach and organizational structure, sample deliverables, and more.
Capability assessment of IT Governance using COBIT 4 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
Introduction to Enterprise architecture and the steps to perform an Enterpris...Prashanth Panduranga
This presentation was used to introduce Enterprise Architecture, Introduction to how to perform an Enterprise Architecture Assessment followed by TechSharp introduction.
Deliverables in the presentation is not clear, the slides represent what was shown as part of the demo.
List of deliverables:
Application Rationalization framework
Portfolio Analysis framework
Road Map
Current state analysis
Target State establishing process
System Context
System Landscape
This presentation is intended to assist CIO's with setting up a formal IT Governance model for their college or university. There are two companion files also in Slideshare linked at the end of an IT Governance Committee Charter and an IT Project Governance Guideline.
IT Governance PowerPoint Presentation SlidesSlideTeam
This deck consists of total of twenty one slides. It has PPT slides highlighting important topics of It Governance PowerPoint Presentation Slides. This deck comprises of amazing visuals with thoroughly researched content. Each template is well crafted and designed by our PowerPoint experts. Our designers have included all the necessary PowerPoint layouts in this deck. From icons to graphs, this PPT deck has it all. The best part is that these templates are easily customizable. Just click the DOWNLOAD button shown below. Edit the colour, text, font size, add or delete the content as per the requirement. Download this deck now and engage your audience with this ready made presentation. http://bit.ly/39hBT7Z
Business Architecture is a multi dimensional discipline primarily focused on organizational structure and performance in terms of business strategy, business functions, capabilities, roles and their relationships. Implementing and executing Business Strategy goals is among Business Architecture’s focus areas.
This presentation and discussion will focus on Strategic planning relationship with Business Architecture. Employing Business Architecture techniques, Corporate Planners can translate business strategy goals into actions, identify critical areas of enterprise change and transformation while identifying and mitigating related risks.
Your Challenge
Organizations have to adapt to a growing number of trends, putting increased pressure on IT to move at the same speed as the business.
The business, seeing that IT is slower to react, looks to external solutions to address its challenges and capitalize on opportunities.
IT and business leaders don’t have a clear and unified understanding or definition of an operating model.
Our Advice
Critical Insight
The IT operating model is not a static entity and should evolve according to changing business needs.
However, business needs are diverse, and the IT organization must recognize that the business includes groups that consume technology in different patterns. The IT operating model needs to support and enable multiple groups, while continuously adapting to changing business conditions.
Impact and Result
Determine how each technology consumer group interacts with IT. Use consumer experience maps to determine what kind of services consumer groups use and if there are opportunities to improve the delivery of those services.
Identify how changing business conditions will affect the consumption of technology services. Classify your consumers based on business uncertainty and reliance on IT to plan for the future delivery of services.
Optimize the IT operating model. Create a target IT operating model based on the gathered information about technology service consumers. Select different implementations of common operating model elements: governance, sourcing, process, and structure.
Digital Transformation And Solution ArchitectureAlan McSweeney
Digital strategy is a statement about the organisation’s digital positioning, competitors and customer and collaborator needs and behaviour to achieve a direction for innovation, communication, transaction and promotion. Digital strategy needs to be defined in the same framework structure as the proposed digital architecture platform.
Achieving the target digital organisation means deploying solutions that enable the digital architecture. Solution architecture needs to design solutions that fit into the target digital architecture framework. This requires:
• Solution architecture team operating in an integrated manner designing solutions to a set of common standards and that run on the platform
• Solution architecture team leadership ensuring solutions conform to the common standards
• Solution architecture technical leadership to develop and maintain common solution design standards
• Solution architecture updates the digital reference architecture based on solution design experience
Digital solution design requires greater discipline to create an integrated set solutions that operate within the rigour of the digital architecture framework. The solution architecture function must interact with other IT architecture disciplines to ensure the set of solutions that implement the digital framework operate together. This requires greater solution architecture team leadership. This needs to be supplemented and supported by a well-defined set of digital solution design standards.
This follows-on from the previous presentation: Digital Transformation And Enterprise Architecture
https://www.slideshare.net/alanmcsweeney/digital-transformation-and-enterprise-architecture.
This Slideshare presentation is a partial preview of the full business document. To view and download the full document, please go here:
http://flevy.com/browse/business-document/it-strategy-209
This is a comprehensive document on Information Technology (IT) / Management Information Systems (MIS) Strategy.
This document includes IT strategy frameworks, critical success factors, detailed project approach and organizational structure, sample deliverables, and more.
Capability assessment of IT Governance using COBIT 4 Process Assessment Model (PAM). Presented for Information System Department, Universitas Bakrie - Indonesia
Introduction to Enterprise architecture and the steps to perform an Enterpris...Prashanth Panduranga
This presentation was used to introduce Enterprise Architecture, Introduction to how to perform an Enterprise Architecture Assessment followed by TechSharp introduction.
Deliverables in the presentation is not clear, the slides represent what was shown as part of the demo.
List of deliverables:
Application Rationalization framework
Portfolio Analysis framework
Road Map
Current state analysis
Target State establishing process
System Context
System Landscape
This presentation is intended to assist CIO's with setting up a formal IT Governance model for their college or university. There are two companion files also in Slideshare linked at the end of an IT Governance Committee Charter and an IT Project Governance Guideline.
IT Governance PowerPoint Presentation SlidesSlideTeam
This deck consists of total of twenty one slides. It has PPT slides highlighting important topics of It Governance PowerPoint Presentation Slides. This deck comprises of amazing visuals with thoroughly researched content. Each template is well crafted and designed by our PowerPoint experts. Our designers have included all the necessary PowerPoint layouts in this deck. From icons to graphs, this PPT deck has it all. The best part is that these templates are easily customizable. Just click the DOWNLOAD button shown below. Edit the colour, text, font size, add or delete the content as per the requirement. Download this deck now and engage your audience with this ready made presentation. http://bit.ly/39hBT7Z
Business Architecture is a multi dimensional discipline primarily focused on organizational structure and performance in terms of business strategy, business functions, capabilities, roles and their relationships. Implementing and executing Business Strategy goals is among Business Architecture’s focus areas.
This presentation and discussion will focus on Strategic planning relationship with Business Architecture. Employing Business Architecture techniques, Corporate Planners can translate business strategy goals into actions, identify critical areas of enterprise change and transformation while identifying and mitigating related risks.
Your Challenge
Organizations have to adapt to a growing number of trends, putting increased pressure on IT to move at the same speed as the business.
The business, seeing that IT is slower to react, looks to external solutions to address its challenges and capitalize on opportunities.
IT and business leaders don’t have a clear and unified understanding or definition of an operating model.
Our Advice
Critical Insight
The IT operating model is not a static entity and should evolve according to changing business needs.
However, business needs are diverse, and the IT organization must recognize that the business includes groups that consume technology in different patterns. The IT operating model needs to support and enable multiple groups, while continuously adapting to changing business conditions.
Impact and Result
Determine how each technology consumer group interacts with IT. Use consumer experience maps to determine what kind of services consumer groups use and if there are opportunities to improve the delivery of those services.
Identify how changing business conditions will affect the consumption of technology services. Classify your consumers based on business uncertainty and reliance on IT to plan for the future delivery of services.
Optimize the IT operating model. Create a target IT operating model based on the gathered information about technology service consumers. Select different implementations of common operating model elements: governance, sourcing, process, and structure.
Digital Transformation And Solution ArchitectureAlan McSweeney
Digital strategy is a statement about the organisation’s digital positioning, competitors and customer and collaborator needs and behaviour to achieve a direction for innovation, communication, transaction and promotion. Digital strategy needs to be defined in the same framework structure as the proposed digital architecture platform.
Achieving the target digital organisation means deploying solutions that enable the digital architecture. Solution architecture needs to design solutions that fit into the target digital architecture framework. This requires:
• Solution architecture team operating in an integrated manner designing solutions to a set of common standards and that run on the platform
• Solution architecture team leadership ensuring solutions conform to the common standards
• Solution architecture technical leadership to develop and maintain common solution design standards
• Solution architecture updates the digital reference architecture based on solution design experience
Digital solution design requires greater discipline to create an integrated set solutions that operate within the rigour of the digital architecture framework. The solution architecture function must interact with other IT architecture disciplines to ensure the set of solutions that implement the digital framework operate together. This requires greater solution architecture team leadership. This needs to be supplemented and supported by a well-defined set of digital solution design standards.
This follows-on from the previous presentation: Digital Transformation And Enterprise Architecture
https://www.slideshare.net/alanmcsweeney/digital-transformation-and-enterprise-architecture.
Stewardship is extending to IT as Boards question the depth of their enterprise’s reliance on IT.
Some thoughts on how IT risk, control, audit and assurance is evolving toward the broader concept of IT governance.
Why IT governance should be on the Board of Directors’ agenda wherever IT is strategic to the business.
How it fits in the broader concepts of enterprise governance and how management and boards can address it.
Feedback on Technology Governance, Strategy, and Funding Proposal: Executive ...Ron Dolin
This is feedback I provided to the California Judicial Branch on their report: Technology Governance, Strategy, and Funding Proposal: Executive Summary.
First San Francisco Partner's Managing Director, Kelle O'Neal spoke to group of 150+ people at Oracle Open World, October, 2009 about Data Governance and its imperative use of technology to support data quality in large organizations.
slide3:Simply put, it’s putting structure around how organizations align IT strategy with business strategy, ensuring that companies stay on track to achieve their strategies and goals, and implementing good ways to measure IT’s performance. It makes sure that all stakeholders’ interests are taken into account and that processes provide measurable results. An IT governance framework should answer some key questions, such as how the IT department is functioning overall, what key metrics management needs and what return IT is giving back to the business from the investment it’s making.
slide 5:• Strategic alignment: Linking business and IT so they work well together. Typically, the lightning rod is the planning process, and true alignment can occur only when the corporate side of the business communicates effectively with line-of-business leaders and IT leaders about costs, reporting and impacts.
• Value delivery: Making sure that the IT department does what’s necessary to deliver the benefits promised at the beginning of a project or investment. The best way to get a handle on everything is by developing a process to ensure that certain functions are accelerated when the value proposition is growing, and eliminating functions when the value decreases.
• Resource management: One way to manage resources more effectively is to organize your staff more efficiently—for example, by skills instead of by line of business. This allows organizations to deploy employees to various lines of business on a demand basis.
• Risk management: Instituting a formal risk framework that puts some rigor around how IT measures, accepts and manages risk, as well as reporting on what IT is managing in terms of risk.
• Performance measures: Putting structure around measuring business performance. One popular method involves instituting an IT Balanced Scorecard, which examines where IT makes a contribution in terms of achieving business goals, being a responsible user of resources and developing people. It uses both qualitative and quantitative measures to get those answers.
Swot analysis of COMSATS Institute of Information Technology, Abbottabad Zohaib HUSSAIN
SWOT Analysis Of COMSATS Abbottabad introduction to management assigment 4
its just an assigment based on not any research or data its opinion based assigment
Impact of Changing World Politics in Managing RiskPECB
The webinar discussed how the Trump administration will manage risks during their governance and how it will have impact in the US as well as throughout the world. The likely changes that will occur during his administration and how these changes will affect the management of risk internationally are also mentioned.
Main points covered:
• Unique Risk Characteristics of Trump Administration
• International Aspect of Managing Risk
• Essential Steps to Managing Risk
• Current Approaches to Risk Management
• Involving Your Personnel Instead of Outsiders
• Foreseeing and Identifying Risk Prior to Impact
• Ranking Risk for Countermeasure Effectiveness
• Attaining Managed Risk!
Presenter:
Dr. Vernon Grose is the Chairman of Omega Systems Group and the author of the best-seller– “MANAGING RISK: Systematic Loss Prevention for Executives”, along with three other books, and over 60 professional papers. He has been an executive in 3 major US corporations and was appointed by President Ronald Reagan as a Member of the National Transportation Safety Board. His expertise has been solicited for over 500 TV interviews internationally involving aviation crashes and disasters. Appointed to the NASA Advisory Board for Apollo spacecraft missions, he has had the opportunity to meet 10 of the 12 men who walked on the Moon. Dr. Grose has taught graduate-level university courses in the US, Canada, Germany, Spain, and Mexico related to managing risk.
Link of the recorded session published on YouTube: https://youtu.be/6naMwZqpQL0
5 Top Tips for Implementing a Successful Safety Culture in Global OrganizationsPECB
A safety culture within an organization values and embeds safety in every process, decision and action. This webinar explores what needs to be done in implementing a safety culture and what are the top actions and traps to consider during the implementation.
Main points covered:
• Why is the implementation of safety culture important?
• What works when implementing a safety culture?
• What are the elite actions to take during the implementation of safety culture?
• Which dangerous traps should you avoid while implementing the safety culture?
Presenter:
Cathy Hansell, the President of Breakthrough Results, has over 30 years of safety, health, environmental (SHE), product and manufacturing quality experience, holding various senior leadership roles at several international corporations. She is a frequent guest speaker at business and academia conferences, councils and symposia in such topics as safety culture, sustainability, leadership engagement, six sigma and wellness. She was awarded the 2010 Woman of the Year in the Safety and Health Field from the National Association of Professional Women, and one of the Top 100 Women in Safety Engineering from the American Society of Safety Engineers. Most recently, Cathy co-founded the Centre for Corporate Responsibility and Sustainable Development in Europe.
Link of the recorded session published on YouTube: https://youtu.be/35JZgF3v2Jo
High-performing organizations achieve results by utilizing portfolio management to select the right projects at the right time with the right resources based on a data-driven selection methodology. Portfolio management adds value to an organization’s bottom line by optimizing the organization’s capacity and capabilities to meet the demands of an ever changing market and technology trends. It does this by providing insight and global visibility of the organizations approved set of strategic criteria against a backdrop of organizational constraints. This presentation provides a few of the value creation processes that implementing a best in class portfolio management solution can provide to your organization.
To learn more: http://developingaculturethatworks.com/
تواصل_تطوير
المحاضرة رقم 203
مستشار / محمد خليفة
عنوان المحاضرة
Establish and Operate PMO in AI Era
بناء وتشغيل مكاتب إدارة المشاريع في عصر الذكاء الإصطناعي
يوم السبت 25 فبراير 2023
السابعة مساء توقيت القاهرة
الثامنة مساء توقيت مكة المكرمة
و الحضور عبر تطبيق زووم من خلال الرابط
https://us02web.zoom.us/meeting/register/tZ0qd-2opzooGtw_oBDiphAYxXezijJEo3WK
علما ان هناك بث مباشر للمحاضرة على القنوات الخاصة بجمعية المهندسين المصريين
ونأمل أن نوفق في تقديم ما ينفع المهندس ومهمة الهندسة في عالمنا العربي
والله الموفق
للتواصل مع إدارة المبادرة عبر قناة التليجرام
https://t.me/EEAKSA
ومتابعة المبادرة والبث المباشر عبر نوافذنا المختلفة
رابط اللينكدان والمكتبة الالكترونية
https://www.linkedin.com/company/eeaksa-egyptian-engineers-association/
رابط قناة التويتر
https://twitter.com/eeaksa
رابط قناة الفيسبوك
https://www.facebook.com/EEAKSA
رابط قناة اليوتيوب
https://www.youtube.com/user/EEAchannal
رابط التسجيل العام للمحاضرات
https://forms.gle/vVmw7L187tiATRPw9
ملحوظة : توجد شهادات حضور مجانية لمن يسجل فى رابط التقيم اخر المحاضرة.
CHAPTER 10
INFORMATION GOVERNANCE
Information Governance and Information
Technology Functions
ITS 833
Dr. Mia Simmons
Chapter Overview
■ This chapter will cover pages 189-206 in
your book.
■ This chapter discusses how Information
Technology (IT) aligns directly with the
success of Information Governance.
2
What is Information Technology?
■ Information technology (IT) is a core function impacted by
information governance (IG) efforts.
– The IT side, shared responsibility for IG means the IT
department itself must take a closer look at IT processes
and activities with an eye to IG.
– A focus on improving IT efficiency, software development
processes, and data quality will help contribute to the
overall IG program effort
3
CIO & IT Leaders Key Focus Areas
■ Four IG areas for successful delivery of IG efforts:
1. Don’t focus on technology, focus on business impact
■ IT needs to become more business savvy, more businesslike, more
focused on delivering business benefits that can help the organization
to meet its business goals and achieve its business objectives.
2. Customize your IG approach for your specific business, folding in
any industry-specific best practices possible.
■ there are components that are common to all industries, but tailoring
your approach to your organization is the only way to deliver real
business value and results
3. Make the business case for IG by tying it to business objectives
■ The business case must be presented in order to gain executive
sponsorship, which is an essential component of any IG effort.
4. Standardize use of business terms
■ IG requires a cross-functional effort, so you must be speaking the
same language, which means the business terms you use in your
organization must be standardize
4
Data
Governance
■ Data is big, data is growing, data is
valuable, and the insights that can be
gained by analyzing clean, reliable data
with the latest analytic tools are a sort of
new currency.
■ focuses on information quality from the
ground up (at the lowest or root level), so
that subsequent reports, analyses and
conclusions are based on clean, reliable,
trusted data (or records) in database
tables
■ Data governance is a newer, hybrid
quality control discipline that includes
elements of data quality, data
management, IG policy development,
business process improvement, and
compliance and risk management.
■ Data governance with real-time analytics
and business intelligence (BI) software
not only can yield insights into significant
and emerging trends but also can provide
solid information for decision makers to
use in times of crisis—or opportunity.
5
Steps to Governing Data
Effectively
1. Recruit a strong executive sponsor.
2. Assess your current state
3. Set the ideal state vision and strategy.
4. Compute the value of your data.
5. Asses Risk
6. Implement a going-forward strategy
7. Assign accountabili.
CHAPTER 10
INFORMATION GOVERNANCE
Information Governance and Information
Technology Functions
ITS 833
Dr. Mia Simmons
Chapter Overview
■ This chapter will cover pages 189-206 in
your book.
■ This chapter discusses how Information
Technology (IT) aligns directly with the
success of Information Governance.
2
What is Information Technology?
■ Information technology (IT) is a core function impacted by
information governance (IG) efforts.
– The IT side, shared responsibility for IG means the IT
department itself must take a closer look at IT processes
and activities with an eye to IG.
– A focus on improving IT efficiency, software development
processes, and data quality will help contribute to the
overall IG program effort
3
CIO & IT Leaders Key Focus Areas
■ Four IG areas for successful delivery of IG efforts:
1. Don’t focus on technology, focus on business impact
■ IT needs to become more business savvy, more businesslike, more
focused on delivering business benefits that can help the organization
to meet its business goals and achieve its business objectives.
2. Customize your IG approach for your specific business, folding in
any industry-specific best practices possible.
■ there are components that are common to all industries, but tailoring
your approach to your organization is the only way to deliver real
business value and results
3. Make the business case for IG by tying it to business objectives
■ The business case must be presented in order to gain executive
sponsorship, which is an essential component of any IG effort.
4. Standardize use of business terms
■ IG requires a cross-functional effort, so you must be speaking the
same language, which means the business terms you use in your
organization must be standardize
4
Data
Governance
■ Data is big, data is growing, data is
valuable, and the insights that can be
gained by analyzing clean, reliable data
with the latest analytic tools are a sort of
new currency.
■ focuses on information quality from the
ground up (at the lowest or root level), so
that subsequent reports, analyses and
conclusions are based on clean, reliable,
trusted data (or records) in database
tables
■ Data governance is a newer, hybrid
quality control discipline that includes
elements of data quality, data
management, IG policy development,
business process improvement, and
compliance and risk management.
■ Data governance with real-time analytics
and business intelligence (BI) software
not only can yield insights into significant
and emerging trends but also can provide
solid information for decision makers to
use in times of crisis—or opportunity.
5
Steps to Governing Data
Effectively
1. Recruit a strong executive sponsor.
2. Assess your current state
3. Set the ideal state vision and strategy.
4. Compute the value of your data.
5. Asses Risk
6. Implement a going-forward strategy
7. Assign accountabili ...
With the rapid evolution of Information Technology (IT) applications, and practices across the organization, appropriate IT Governance (ITG) has become essential to an organization’s success. The use of IT has become pervasive in every facet of the organisations’ endeavours in supporting and evolving each aspect of the business. As IT is associated with risk and value opportunities, a comprehensive, high-level system is required in each organization to minimise the associated risks and optimize value. The fact that the IT value to be achieved due to effective IT governance is related to efficient and cost effective IT delivery, innovation and business impact. This presentation highlights the Critical Success Factors (CSFs) needed for the successful and effective implementation of ITG.
IT Governance or Corporate governance of information technology is a subset discipline of corporate
governance, focused on information and technology (IT) and its performance and risk management.
The interest in IT Governance is due to the ongoing need within organizations to focus value creation efforts
on an organization's strategic objectives and to better manage the performance of those responsible for creating this value in the best interest of all stakeholders.
Where will BRM find themselves in Product Centric Organizations in the Near F...Svetlana Sidenko
Re-defining the role of the Business Relationship Manager in a context of organization's rapid evolution towards product-centric operating models is increasingly needed. Here are possible venues for the BRM role evolution within organizations moving from a “project” to “product” mindset.
This presentation discusses the impact of most organizations shifting from being project-centered to product-centered and the future of the Business Relationship Management as a role and discipline in the product-centered organizations.
Information and Technology Operating Models are rapidly changing from previously centered on projects and project management to models centered on product and product management. Agile methods and lean principles are being widely adopted to support these models. In recent Gartner survey*, 85% of respondents said their organization has adopted or plans to institute a product-centric approach for an average of 80% of their work by 2022. This shift is impacting Business Relationship Management as a role and discipline, leaving no place for the tactical BRMs in the future in product-centered organizations. Strategic BRMs, who represent IT to Business, will play an important role in this transition, to ensure that the business value is realised. However, when the Product Management matures to the enterprise level, the Business Relationship Management will evolve.
#Futureproofing your School: A Toolkit for BursarsMark S. Steed
Presentation to the COBIS Bursars' Conference on Friday 2nd February.
The presentation looks at three areas:
1) A Strategic Tool for Competitor Analysis and Prioritising Resources;
2) Digital Governance - what it is and how to do it;
3) Using Automated Systems to Manage Data: The end of School Reports; Reporting to Governors; Automating Appraisal and Media Content Strategy.
IT Governance: Governance & Management of Enterprise IT, 25 - 28 October 2015...360 BSI
Information and related technology have become increasingly crucial in the sustainability, growth and management of value and risk in most enterprises. As a result, IT has moved from a support role to a central position within enterprises.
The enhanced role of IT for enterprise value creation and risk management has been accompanied by an increased emphasis on the Governance and Management of Enterprise IT (GEIT).
Enterprise stakeholders and the governing board wish to ensure that IT fulfills the goals of the enterprise. GEIT is an integral part of overall corporate governance.
GEIT addresses the definition and implementation of processes, structures and relational mechanisms within the enterprise that enable business and IT staff to
execute their responsibilities in support of creating or sustaining business value.
In this course you will learn and understand how to assess and evaluate an organization’s GEIT and make sure that IT is properly aligned with the business objectives.
COBIT 5 can help enterprises create optimal value from IT by maintaining a balance between realizing benefits, optimizing risk management and leveraging resources. The COBIT 5.0 addresses both business and IT functional areas and provides a governance, management and operational framework for enterprises of all sizes, whether commercial, not-for-profit or public sector.
Contact Kris at kris@360bsi.com to register.
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
This courseware was designed for the training entitled 'Governance and Management of Enterprise IT with COBIT 5 Framework' with the objective of understanding COBIT 5 Framework as well as achieving IT Governance effectiveness using the respective framework.
Similar to Comprehending Information Technology Governance (20)
Discussing how to deal with frauds occurred in e-banking channels by implementing end-to-end controls (deterrent, preventive, detective, responsive, corrective and recovery), the line of defences as well as deploying numerous anti-fraud strategies.
Utilizing Internet for Fraud Examination and InvestigationGoutama Bachtiar
1st Session titled Redefining Fraud, Examination, Investigation and Cyber Crime delivered for Indonesia's Risk Management Certification Agency named Badan Sertifikasi Manajemen Resiko (BSMR).
The seminar itself titled 'Preventing Fraud within E-Channels in Banking Sector'.
Valuing Information Management and IT ArchitectureGoutama Bachtiar
Delivered in guest lecture session for International Business Accounting Program, Faculty of Business and Management, Petra Christian University, Surabaya, East Java, Indonesia.
Riding and Capitalizing the Next Wave of Information TechnologyGoutama Bachtiar
Delivered in guest lecture session for International Business Accounting Program, Faculty of Business and Management, Petra Christian University, Surabaya, East Java, Indonesia.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
2. Allow Me to Introduce Myself
February 2013
Developed by @goudotmobi
2
3. Trainer Profile
15 years of working experience with exposure in
advisory, consulting, audit, training and education,
software development, project management and
network administration
VP - Head of Information Technology at Roligio Group
Advisor at Global Innovations and Technology
Platform
Subject Matter Expert, Editorial Journal Reviewer and
Exam Developer at ISACA
Program Evaluator at Project Management Institute
Microsoft Faculty Fellow
Columnist and contributor at ZDNet Asia, e27.co,
Forbes Indonesia, DetikINET and InfoKomputer
among others
5. Background and Objectives
BACKGROUND
• IT Governance is to a country’s constitution what management is to the
country’s laws
• Corporate Governance, IT Governance, and IT Security Governance are
responsibilities of Board or Senior Management
• The significance of IT governance can be judged from the fact that ISACA
has introduced a new certification, Certified in the Governance of
Enterprise IT (CGEIT), effective since December, 2008, just on the
respective subject
• Topics covered will map directly to ISACA’s job practice areas (domains)
OBJECTIVES
• The training will address key knowledge areas related to IT Governance
domains: IT Governance Framework, IT/Business Strategy Alignment, IT
Value Delivery, Risk Management, Resource Management and
Performance Measurement
• Differentiate between IT Governance and IT Management, and help set up
IT Governance Framework including IT alignment, Value delivery, Risk
Management, Performance Management, and Resource Utilization
February 2013
Developed by @goudotmobi
5
6. Targeted Participants
• Corporate and IT management interested in learning
the “what” and “how to” on IT Governance
• IT auditors and Management Consultants who’d like to
learn how to audit IT Governance, and provide
governance-related services to Senior Client
Management
• Senior IT management responsible for understanding
theory and implementation of IT Governance, Value
Delivery, IT Risk Management, Information Security,
and Balanced Score Card (BSC) Implementation
February 2013
Developed by @goudotmobi
6
7. Training Agenda
•
•
•
•
•
•
•
Governance vs Management
IT Governance Framework
IT Alignment with Business Requirements
IT Value Delivery
IT Risk Management
IT Performance Measurement
IT Balanced Score Card
February 2013
Developed by @goudotmobi
7
8. Training Agenda (cont’d)
•
•
•
•
•
•
•
IT Resource Management
Board’s Oversight Committees
IT Strategy Committee
IT Steering Committee
Board’s Business Continuity Oversight
Auditing IT Governance
Maturity of IT Governance With CMM Scale
February 2013
Developed by @goudotmobi
8
9. ISACA Certification
CGEIT constitutes:
1. IT Governance Framework (25%)
2. Strategic Alignment (15%)
3. Value Delivery (15%)
4. Risk Management (20%)
5. Resource Management (13%)
6. Performance Measurement (12%)
February 2013
Developed by @goudotmobi
9
11. Common Issues
•
•
•
•
Disconnect between IT & everyone else
IT is overwhelmed
Projects are delayed; not as successful
Customer dissatisfaction & “I’ll do it myself”
mentality
• Multiple systems exist for similar needs
• IT lacks direction
February 2013
Developed by @goudotmobi
11
12. Common Issues (cont’d)
•
•
•
•
•
No one person is accountable for IT
Technology does not make things better
Security concerns
Data in multiple places/hard to pull together
Projects not delivered or not done well
February 2013
Developed by @goudotmobi
12
13. Solution
•
•
•
•
•
•
Well-defined decision making process
Forward thinking IT leadership
High-performing IT management team
Easily understood Architecture & Standards
Project Evaluation & Prioritization
Best Practice Project Management approach
February 2013
Developed by @goudotmobi
13
14. Understanding IT Governance
• Comprises the body of issues addressed in
considering how IT is applied within the
enterprise.
• Effective enterprise governance focuses on:
– Individual and group expertise
– Experience in specific areas
• Key element: alignment of business and IT
February 2013
Developed by @goudotmobi
14
15. What is IT Governance?
• Structure to help align IT strategy with
business strategy
• According to ITGI, there are 5 areas of focus:
– Strategic alignment
– Value delivery
– Resource management
– Risk management
– Performance measures
February 2013
Developed by @goudotmobi
15
16. IT Governance Definition
“The responsibility of executives and the board
of directors, and consists of the leadership,
organizational structures and processes that
ensure that the enterprise’s IT sustains and
extends the organization’s strategies and
objectives”
February 2013
Developed by @goudotmobi
16
17. Three Pillars of IT Governance
IT Governance
Infrastructure
Management
1
7
IT Use/Demand
Management
Developed by @goudotmobi
IT Project
Management
19. IT Governance Institute
• IT Governance Institute (www.itgi.org) is a non-profit,
independent research entity that provides guidance for
global business community on issues related to governance
of IT assets
• Established by ISACA in 1998 to help exec and IT pro ensure
that IT delivers value and its risks are mitigated through
alignment with enterprise objectives, IT resources are
properly allocated, and IT performance is measured
• ITGI developed Control Objectives for Information and
related Technology (COBIT®) and Val ITTM, and offers
original research and case studies to help enterprise
leaders and boards of directors fulfill their IT governance
responsibilities and help IT professionals deliver valueadding services
February 2013
Developed by @goudotmobi
19
20. Why is IT Governance important?
•
•
•
•
•
•
Compliance with regulations
Competitive advantage
Support of enterprise goals
Growth and innovation
Increase in intangible assets
Reduction of risk
February 2013
Developed by @goudotmobi
20
21. Why is IT Governance important? (cont’d)
February 2013
Developed by @goudotmobi
21
22. Who is involved?
•
•
•
•
•
Team leaders
Managers
Executives
Board of Directors
Stakeholders
February 2013
Developed by @goudotmobi
22
23. Governance and Management
• Governance ensures that enterprise objectives
are achieved by evaluating stakeholder needs,
conditions and options; setting direction through
prioritisation and decision making; and
monitoring performance, compliance and
progress against agreed-on direction and
objectives (EDM)
• Management plans, builds, runs and monitors
activities in alignment with the direction set by
the governance body to achieve the enterprise
objectives (PBRM)
February 2013
Developed by @goudotmobi
23
24. Corporate Governance of IT
ISO/IEC 38500: 2008
Corporate governance of IT
Scope
• Provides guiding principles for directors of organizations
(including owners, board members, directors, partners,
senior executives, or similar) on the effective, efficient,
and acceptable use of IT within their organizations
• Applies to the governance of management processes (and
decisions) relating to the ICT services used by an
organization. These processes could be controlled by IT
specialists within the organization or external service
providers, or by business units within the organization
February 2013
Developed by @goudotmobi
24
25. Corporate Governance of IT (cont.)
ISO/IEC 38500: 2008
Corporate Governance of IT
2.1 Principles
Principle 1: Responsibility
Principle 2: Strategy
Principle 3: Acquisition
Principle 4: Performance
Principle 5: Conformance
Principle 6: Human Behavior
February 2013
Developed by @goudotmobi
25
27. Approaches Currently In Use
• Business As Usual - “Firefighting”
• Legislation - “Forced”
• Best Practice Focused
February 2013
Developed by @goudotmobi
27
28. Commencing Best Practices
Quality & Control Models
• ISO 900x
• COBIT®
• TQM
• EFQM
• Six Sigma
• COSO
• Deming
• etc..
Process Frameworks
• ITIL®
• Application Service Library
• Gartner CSD
• IBM Processes
• EDS Digital Workflow
• Microsoft MOF
• Telecom Ops Map
• etc..
•What is not defined cannot be controlled
•What is not controlled cannot be measured
•What is not measured cannot be improved
February 2013
Developed by @goudotmobi
28
29. ITIL® v2 to v3
Introduction to ITIL
T
h
e
Planning To Implement Service Management
T
h
e
Service Management
B The
u Business
s Perspective
i
Service
n
Delivery
Small-Scale
e
Implementation
s
s
Application Management
Service
Support
ICT
Infrastructure
Management
Security
Management
T
e
c
h
n
o
l
o
g
y
Software Asset Management
February 2013
Developed by @goudotmobi
29
30. ITIL® v2 Service Support Model
The Business, Customers or Users
Monitoring
Tools
Incidents
Incident
Management
Service reports
Incident statistics
Audit reports
Communications
Difficulti
Updates
es
Work-arounds
Queries
Customer
Survey reports
Enquirie
Incidents Service Desk
Changes
s
Customer
Survey
Problem
reports
Management
Releases
Problem statistics
Problem reports
Problem reviews
Diagnostic aids
Audit reports
Incidents
February 2013
Change
Management
Change schedule
CAB minutes
Change statistics
Change reviews
Audit reports
Problems
Known Errors
Release
Management
Release schedule
Release statistics
Release reviews
Secure library’
Testing standards
Audit reports
Changes
CMDB
Developed by @goudotmobi
Configuration
Management
CMDB reports
CMDB statistics
Policy standards
Audit reports
ReleasesCls
Relationships
30
31. ITIL® V2 Service Delivery Model
Business, Customers and Users
Communications
Querie
Updates
Reports
s
Enquiri
Service Level
es
Availability
Management
Availability plan
AMDB
Design criteria
Targets/Thresholds
Reports
Audit reports
Management
Capacity
Management
Capacity plan
CDV
Targets/thresholds
Capacity reports
Schedules
Audit reports
Requirements
Targets
Achievements
Financial
Management
For IT Services
Financial plan
Types and models
Costs and charges
Reports
Budgets and forecasts
Audit reports
Management
Tools
February 2013
Alerts and
Exceptions
Changes
Developed by @goudotmobi
SLAs, SLRs
OLAs
Service reports
Service
catalogue
SIP
IT Exception
Service
Continuity
reports
Management
Audit reports
IT continuity plans
BIS and risk analysis
Requirements defined
Control centers
DR contracts
Reports
Audit reports
31
32. IT Governance and ITIL®version 3
February 2013
Developed by @goudotmobi
32
33. IT Governance and COBIT
Why Get Into Governance?
• Due diligence”
• IT is critical to the business
• IT is strategic to the business
• Expectations and reality don’t match
• IT hasn’t gotten the attention it deserves
• IT involves huge investments and large
risks
February 2013
Developed by @goudotmobi
33
34. IT Governance and COBIT
“Due diligence”
• Infrastructure and productive functions
• Skills, culture, operating environment
• Capabilities, risks, process knowledge and
customer information
• Service levels
Enterprises should be equally inquisitive
about themselves.
February 2013
Developed by @goudotmobi
34
35. IT Governance and COBIT
IT Is Critical to Most Businesses
This criticality arises from:
• The increasing dependence on information and the
systems and communications that deliver it
• The dependence on entities beyond the direct control of
the enterprise
• IT failures increasingly impacting reputation and enterprise
value
• The potential for technologies to dramatically change
organisations and business practices, create new
opportunities and reduce costs
• The risks of doing business in an interconnected world
• The need to build and maintain knowledge essential to
sustain and grow the business
February 2013
Developed by @goudotmobi
35
36. IT Governance and COBIT
Why Has IT Not Gotten the Attention It
Merits?
• IT requires more technical insight than do other
disciplines to understand how IT
• Enables the enterprise
• Creates risks
• Gives rise to opportunities
• IT has traditionally been treated as an entity
separate to the business
• IT is complex, and even more so in the extended
enterprise operating in a networked economy
February 2013
Developed by @goudotmobi
36
37. IT Governance and COBIT
October 1992: A new
command and control
system developed by
the London ambulance
service failed on the
first day of operation.
1997: Barings Bank
collapsed as a result of
unauthorized trading, in
part enabled by the
willful manipulation of
management
information.
August 1997: UK
investment managers,
Save & Prosper,
abandoned a major
new IT system, having
spent 2 million pounds
on its design and
implementation.
February 2013
Developed by @goudotmobi
October 1998: UK
Internet bank Egg
launched a new onlineonly credit card, only to
find its technical
infrastructure was
unable to cope with the
demand.
37
38. IT Governance and COBIT
What Should Boards Do About It?
•
•
•
•
Be driven by stakeholder value
Adopt an IT governance framework
Ask the right questions
Focus on IT’s
• Alignment with the business
• Value delivery
• Risk management
• Measure result
IT Value
Delivery
IT
Strategic
Alignment
Stakeholder
Value Drivers
Risk
Management
Performance
Measurement
February 2013
Developed by @goudotmobi
38
39. IT Governance and COBIT
What Should
Management Do About
It?
Align IT strategy with
business goals
Cascade strategy and
goals down into the
organisation
Set up organisational
structures that facilitate
strategy implementation
Adopt a control and
governance framework
Provide IT
infrastructures that
facilitate creation and
sharing of business
information
Embed responsibilities
for risk management in
the organisation
Focus on important IT
processes and core IT
competencies
Measure performance
(balanced business
scorecard)
February 2013
Developed by @goudotmobi
39
40. IT Governance and COBIT
COBIT: An IT Control Framework
Starts from the premise that IT needs to
deliver the information that the
enterprise needs to achieve its objectives.
Promotes process focus and process
ownership
Divides IT into 34 processes belonging to
four domains and provides a high level
control objective for each
Looks at fiduciary, quality and security
needs of enterprises, providing seven
information criteria that can be used to
generically define what the business
requires from IT
Is supported by a set of over 300 detailed
control objectives
February 2013
Developed by @goudotmobi
•
Planning
•
Acquiring &
Implementing
•
Delivery & Support
•
Monitoring
Effectiveness
Efficiency
Availability
Integrity
Confidentiality
Reliability
Compliance
40
41. IT Governance and COBIT
IT Governance Defined (1)
Several definitions with common elements:
•
•
•
•
Responsibility of the board of directors
Protects shareholder value
Ensures risk transparency
Directs and controls IT investment, opportunity, benefits
and risks
• Aligns IT with the business while accepting IT is a critical
input to and component of the strategic plan, influencing
strategic opportunities
• Sustains the current operation and prepares for the
future
• Is an integral part of a global governance structure
February 2013
Developed by @goudotmobi
41
42. IT Governance and COBIT
IT Governance Defined (2)
IT governance, like other governance subjects, is
the responsibility of executives and shareholders
(represented by the board of directors). It
consists of the leadership and organisational
structures and processes that ensure that the
organisation’s IT sustains and extends the
organisation’s strategies and objectives.
February 2013
Developed by @goudotmobi
42
43. IT Governance and COBIT
IT Governance Framework
Act if not
aligned
Set
measurable
goals
Deliver
Compare against the
results
goals
Measure
performance
February 2013
Developed by @goudotmobi
43
44. IT Governance and COBIT
IT Governance Framework
Set Objectives
IT is aligned with the
business
IT enables the
business and
maximises benefits
IT resources are used
responsibly
IT-related risks are
managed
appropriately
Provide
Direction
IT Activities
Compare
Increase automation
(make the business
effective)
Decrease cost
(make the enterprise
efficient)
Manage risks
(security, reliability and
compliance)
Measure
Performance
February 2013
Developed by @goudotmobi
44
45. Enterprise Governance
• Responsibilities and practices exercised by the
board and executive management with goals
of:
• Provide strategic direction
• Ensure achieved objectives
• Appropriately managed risk
• Responsible resource use
February 2013
Developed by @goudotmobi
45
46. Enterprise Governance Objective
A Balance of
• Performance
By improve profit, efficiency, effectiveness,
growth, etc
• Conformance
Adhere to legislation, internal policies, audit
requirements, etc
Both Enterprise governance and IT governance
require a balance between performance and
conformance goals as directed by the board
February 2013
Developed by @goudotmobi
46
47. Enterprise vs IT Governance
• Enterprise
Responsibilities and practices exercised by the board
and exec management with goals of:
–
–
–
–
Provide strategic direction
Ensure achieved objectives
Appropriately managed risk
Responsible resource use
• IT
Part of enterprise governance
Consisting of leadership, organizational structures and
processes that ensure that the enterprise’s IT sustains
and furthers the enterprise strategies and objectives
February 2013
Developed by @goudotmobi
47
50. Governance, Stakeholders, Interests
• IT Governance is part of Enterprise Governance
• Governance Focus Areas
– Strategic Alignment
– Value Delivery
– Risk Management
– Resource Management
– Performance Measurement
• Governance objective is balance of
– Performance – Value Delivery
– Conformance – Risk Management
February 2013
Developed by @goudotmobi
50
51. Governance, Stakeholders, Interests (cont’d)
Governance Stakeholders include
– Board & Executives
– Business & IT Management
– Risk and Compliance & IT Audit
Stakeholders
– Have Governance Role & Responsibilities
– Expect Inputs and Deliver Outputs to
Governance Process
February 2013
Developed by @goudotmobi
51
52. IT Governance Framework (ITGI)
Provide
Direction
IT Activities
Set Objectives
v
v
v
v
IT is aligned with the business
IT enables the business and
maximizes benefits
IT resources are used responsibly
IT-related risks managed
appropriately
v
Compare
v
v
Increase automation (make the
business effective)
Decrease cost (make enterprise
efficient)
Manage risks (security reliability
and compliance)
Measure
Performance
February 2013
Developed by @goudotmobi
52
57. Content Overview
• For Framework
Process Controls
Application Controls
Maturity Attributes
• For each Process
Description, linkage to business goal, …
Detailed Control Objectives
Management Guidelines
February 2013
Process Inputs and Outputs
Process Activities and RACI
Measurements
Maturity Model
Developed by @goudotmobi
57
58. Val IT V.2.0 – Value Management
February 2013
Developed by @goudotmobi
58
59. Val IT
• Val IT supports the enterprise goal of
• creating optimal value from IT enabled investments
at an affordable cost, with an acceptable level of risk
• and is guided by
• a set of principles applied in value management
processes
• that are enabled by
• key management practices
• and are measured by
• performance against goals and metrics
February 2013
Developed by @goudotmobi
59
60. Val IT Key Definitions
• Project—A structured set of activities concerned with delivering a defined
capability (that is necessary but not sufficient to achieve a required
business outcome) to the enterprise based on an agreed upon schedule
and budget
• Program —A structured grouping of inter-dependent projects that are
both necessary and sufficient to achieve a desired business outcome and
create value. These projects could involve, but are not limited to, changes
in the nature of the business, business processes, the work performed by
people, as well as the competencies required to carry out the work,
enabling technology and organizational structure. The investment program
is the primary unit of investment within Val IT
• Portfolio—Groupings of ‘objects of interest’ (investment program, IT
services, IT projects, other IT assets or resources) managed and monitored
to optimize business value. The investment portfolio is of primary interest
to Val IT
• IT service, project, asset or other resource portfolios are of primary
interest to COBIT
February 2013
Developed by @goudotmobi
60
62. Value Governance
The goal of VG is to ensure that value management practices
are embedded in the enterprise, enabling it to secure optimal
value from its IT‐enabled investments throughout full
economic life cycle
An executive commitment to value governance helps
enterprises:
– Establish the governance framework for value management in a
manner that is fully integrated with overall enterprise governance
– Provide strategic direction for the investment decisions
– Define the characteristics of portfolios required to support new
investments and resulting IT services, assets and other resources
– Improve value management on a continual basis, based on lessons
learned
February 2013
Developed by @goudotmobi
62
63. Value Governance Process
• VG1: Establish informed and committed
leadership
• VG2: Define and implement processes
• VG3: Define portfolio characteristics
• VG4: Align and integrate value management with
enterprise financial planning
• VG5: Establish effective governance monitoring
• VG6: Continuously improve value management
practices
February 2013
Developed by @goudotmobi
63
64. Portfolio Management
• The goal of portfolio management (PM) is to
ensure that an enterprise secures optimal value
across its portfolio of IT‐enabled investments
• An executive commitment to portfolio
management helps enterprises:
– Establish and manage resource profiles
– Define investment thresholds
– Evaluate, prioritize, and select, defer, or reject new
investments
– Manage and optimize the overall investment portfolio
– Monitor and report on portfolio performance
February 2013
Developed by @goudotmobi
64
65. Portfolio Management Process
• PM1 Establish strategic direction and target
investment mix
• PM2 Determine the availability and sources of
funds
• PM3 Manage the availability of human resources
• PM4 Evaluate and select program to fund
• PM5 Monitor and report on investment portfolio
performance
• PM6 Optimize investment portfolio performance
February 2013
Developed by @goudotmobi
65
66. Investment Management
The goal of investment management (IM) is to ensure that the
enterprise’s individual IT-enabled investments contribute to optimal
value. When organizational leaders commit to investment
management they improve their ability to:
–
–
–
–
Identify business requirements
Develop a clear understanding of candidate investment program
Analyze alternative approaches to implementing the program
Define each program and document, and maintain a detailed business
case for it, including benefits’ details, throughout full economic life
cycle of investment
– Assign clear accountability and ownership (for benefits realization)
– Manage each program through its full economic life cycle, including
retirement
– Monitor and report on each program’s
February 2013
Developed by @goudotmobi
66
67. Investment Management Process
• IM1 Develop and evaluate the initial program concept
business case
• IM2 Understand the candidate program and
implementation options
• IM3 Develop the program plan
• IM4 Develop full life‐cycle costs and benefits
• IM5 Develop the detailed candidate program business case
• IM6 Launch and manage the program
• IM7 Update operational IT portfolios
• IM8 Update the business case
• IM9 Monitor and report on the program
• IM10 Retire the program
February 2013
Developed by @goudotmobi
67
70. Risk IT Principles
• The Risk IT framework principles are
– Effective enterprise governance of IT risk:
– Always connects to business objectives
– Aligns the management of IT‐related business risk with
overall enterprise risk management
– Balances the costs and benefits of managing risk
• Effective management of IT risk
– Promotes fair and open communication of IT risk
– Establishes the right tone from the top while defining and
enforcing personal accountability for operating within
acceptable and well‐defined tolerance levels
– Is a continuous process and part of daily activities
February 2013
Developed by @goudotmobi
70
71. Risk IT Building Blocks
Key building blocks of good IT risk management:
• Set responsibility for IT risk management
• Set objectives and define risk appetite and
tolerance
• Identify, analyze and describe risk
• Monitor risk exposure
• Treat IT risk
• Link with existing guidance to manage risk
February 2013
Developed by @goudotmobi
71
72. Risk Assessment
ISACA Risk IT
Information Security Risk Management for
ISO 27001
IT Risk Assessment
Frameworks
CRAMM Information Security Toolkit
OCTAVE (Operationally Critical Threat,
Asset, Vulnerability Evaluation)
February 2013
Developed by @goudotmobi
72
73. IT Risk ASSESSMENT
•Definition of risk assessment
The potential that a given threat will exploit vulnerabilities of
an asset or group of assets to cause loss or damage to the
assets. The impact or relative severity of the risk is
proportional to the business value of the loss/damage and to
the estimated frequency of the threat.
February 2013
Developed by @goudotmobi
73
74. IT Risk ASSESSMENT
Components of risk assessment
• Threats to, and vulnerabilities of,
processes and/or assets (including both
physical and information assets)
• Impact on assets based on threats and
vulnerabilities
• Probabilities of threats (combination of
the likelihood and frequency of
occurrence)
February 2013
Developed by @goudotmobi
74
75. ISACA Risk IT
Risk IT: A Balance is Essential
• Risk and value are two sides of the same coin.
• Risk is inherent to all enterprises.
BUT
Enterprises need to ensure that opportunities for
value creation are not missed by trying to
eliminate all risk.
February 2013
Developed by @goudotmobi
75
76. Risk IT Extends Val IT and COBIT
Risk IT complements and
extends COBIT and Val IT
to make a more complete
IT governance guidance
resource.
February 2013
Developed by @goudotmobi
76
77. IT-related Risk Management
Risk IT is not limited to information security. It covers all ITrelated risks, including:
• Late project delivery
• Not achieving enough
value from IT
• Compliance
• Misalignment
• Obsolete or inflexible
IT architecture
• IT service delivery
problems
February 2013
Developed by @goudotmobi
77
78. Guiding Principles of Risk IT
Always connect to enterprise objectives.
Align the management of IT-related business risk
with overall enterprise risk management.
Balance the costs and benefits of managing risk.
Promote fair and open communication of IT risk.
February 2013
Developed by @goudotmobi
78
79. Guiding Principles of Risk IT
Establish the right tone from the top while defining
and enforcing personal accountability for operating
within acceptable and well-defined tolerance levels.
Understand that this is a continuous process and an
important part of daily activities.
February 2013
Developed by @goudotmobi
79
80. Key Risk IT Content: The “What”
• Key content of the Risk IT framework includes:
• Risk management essentials
•
In Risk Governance: Risk appetite and tolerance,
responsibilities and accountability for IT risk
management, awareness and communication, and risk
culture
•
In Risk Evaluation: Describing business impact and
risk scenarios
•
In Risk Response: Key risk indicators (KRI) and risk
response definition and prioritisation
• Section on how Risk IT extends and enhances COBIT and
Val IT (Note: Risk IT does not require the use of COBIT or
Val IT.)
February 2013
Developed by @goudotmobi
80
81. Key Risk IT Content: The “What”
• Process model sections that contain:
• Descriptions
• Input-output tables
• RACI (Responsible, Accountable, Consulted, Informed)
table
• Goals and Metrics Table
• Maturity model is provided for each domain
• Appendices
• Reference materials
• High-level comparison of Risk IT to other risk management
frameworks and standards
• Glossary
February 2013
Developed by @goudotmobi
81
82. Risk IT Three Domains
February 2013
Developed by @goudotmobi
82
83. Risk IT: The “How”
• Key contents of The Risk IT Practitioner Guide:
•
•
Review of the Risk IT process model
Risk IT to COBIT and Val IT
•
How to use it:
1. Define a risk universe and scoping risk management
2. Risk appetite and risk tolerance
3. Risk awareness, communication and reporting: includes key risk indicators, risk
profiles, risk aggregation and risk culture
4. Express and describe risk: guidance on business context, frequency, impact,
COBIT business goals, risk maps, risk registers
5. Risk scenarios: includes capability risk factors and environmental risk factors
6. Risk response and prioritisation
7. A risk analysis workflow: “swim lane” flow chart, including role context
8. Mitigation of IT risk using COBIT and Val IT
•
•
Mappings: Risk IT to other risk management standards and frameworks
Glossary
February 2013
Developed by @goudotmobi
83
84. Risk/Response Definition
The purpose of defining a risk
response is to bring risk in line
with the defined risk tolerance
for the enterprise after due risk
analysis.
In other words, a response needs
to be defined such that future
residual risk (=current risk with
the risk response defined and
implemented) is as much as
possible (usually depending on
budgets available) within risk
tolerance limits.
February 2013
Developed by @goudotmobi
84
85. Risk IT Benefits and Outcomes
Accurate view on current and near-future IT-related events
End-to-end guidance on how to manage IT-related risks
Understanding of how to capitalise on the investment made in an IT internal control
system already in place
Integration with the overall risk and compliance structures within the enterprise
Common language to help manage the relationships
Promotion of risk ownership throughout the organisation
Complete risk profile to better understand risk
February 2013
Developed by @goudotmobi
85
86. Information Security Risk Management
for Iso/IEC 27001/ISO 27005
ISO/IEC 27000 Family of Standards
• ISO/IEC 27001 based on BS7799 by British
Standards Institution
• Adopts “plan-do-check-act” process model
• Information Security Management System
(ISMS) standard (ISO/IEC 27001)
• Formal specification mandates specific
requirements
• Adoption of ISO/IEC 27001 allows for formal
audit and certification to explicit standard
• Risk management based on ISO/IEC 27000
standards
February 2013
Developed by @goudotmobi
86
87. Information Security Risk Management
for Iso/IEC 27001/ISO 27005
ISO/IEC 27005
• Information security risk management
standard
• Does not specify, recommend or name
any specific risk analysis method
• Does specify a structured, systematic
and rigorous process from analysis
risks to creating the risk treatment
plan
February 2013
Developed by @goudotmobi
87
88. CRAMM Information security risk
toolkit
• Provides staged and disciplined approach towards IT
risk assessment
Source: http://www.cramm.com/overview/howitworks.htm
February 2013
Developed by @goudotmobi
88
89. CRAMM Information security risk
toolkit
Asset identification and valuation
•
•
•
•
Physical
Software
Data
Location
Threat and vulnerability assessment
•
•
•
•
•
Hacking
Viruses
Failures of equipment or software
Wilful damage or terrorism
Errors by people
Countermeasure selection and recommendation
February 2013
Developed by @goudotmobi
89
90. CERT OCTAVE
Operationally Critical Threat, Asset, and
Vulnerability Evaluation Framework by
Software Engineering Institute (1999)
• Components of information security risk evaluation
• Processes with required inputs, activities, outputs
• Phase 1: Build asset-based threat profiles
• Phase 2: Identify Infrastructure Vulnerabilities
• Phase 3: Develop security strategy and plans
Self-directed information security risk
evaluation
Analysis team includes people from business
units and IT department
February 2013
Developed by @goudotmobi
90
93. Regulatory requirements
Steps to determine compliance with external requirements:
• Identify external requirements
• Establishment and organization
• Responsibilities
• Correlation to financial, operational and IT audit functions
• Document pertinent laws and regulations
• Banking Act
• Insurance Act
• Circulars by Regulator
• Government Instruction Manual or Circular
• Statutory Act
February 2013
Developed by @goudotmobi
93
94. Val IT Principles
• IT enabled investments will:
– Be managed as a portfolio of investments
– Include the full scope of activities required to achieve business value
– Be managed through their full economic life cycle
• Value delivery practices will:
– Recognize that there are different categories of investments that will be
evaluated and managed differently
– Define and monitor key metrics and will respond quickly to any changes
or deviations
– Engage all stakeholders and assign appropriate accountability to the
delivery of capabilities and the realization of business benefits
– Be continually monitored, evaluated and improved
February 2013
Developed by @goudotmobi
94
95. The COBIT 5 Framework
• Simply stated, COBIT 5 helps enterprises create
optimal value from IT by maintaining a balance
between realising benefits and optimising risk levels
and resource use.
• COBIT 5 enables information and related technology
to be governed and managed in a holistic manner for
the entire enterprise, taking in the full end-to-end
business and functional areas of responsibility,
considering the IT-related interests of internal and
external stakeholders.
• The COBIT 5 principles and enablers are generic
and useful for enterprises of all sizes, whether
commercial, not-for-profit or in the public sector.
February 2013
Developed by @goudotmobi
95
99. COBIT 5 Framework
The main, overarching COBIT 5 product
Contains the executive summary and the full
description of all of the COBIT 5 framework
components:
The five COBIT 5 principles
The seven COBIT 5 enablers plus
An introduction to the implementation guidance provided by
ISACA (COBIT 5 Implementation)
An introduction to the COBIT Assessment Programme (not
specific to COBIT 5) and the process capability approach
being adopted by ISACA for COBIT
February 2013
Developed by @goudotmobi
99
101. Five COBIT 5 Principles
The five COBIT 5 principles:
1.Meeting Stakeholder Needs
2.Covering the Enterprise End-to-end
3.Applying a Single Integrated Framework
4.Enabling a Holistic Approach
5.Separating Governance From Management
February 2013
Developed by @goudotmobi
101
103. Meeting Stakeholder Needs
(cont.)
Principle 1. Meeting Stakeholder Needs:
Enterprises have many stakeholders, and ‘creating value’
means different—and sometimes conflicting—things to
each of them.
Governance is about negotiating and deciding amongst
different stakeholders’ value interests.
The governance system should consider all stakeholders
when making benefit, resource and risk assessment
decisions.
For each decision, the following can and should be asked:
- Who receives the benefits?
- Who bears the risk?
- What resources are required?
February 2013
Developed by @goudotmobi
103
105. Meeting Stakeholder Needs
(cont.)
Principle 1. Meeting Stakeholder Needs:
Benefits of the COBIT 5 goals cascade:
It allows the definition of priorities for implementation,
improvement and assurance of enterprise governance of IT
based on (strategic) objectives of the enterprise and the
related risk.
In practice, the goals cascade:
Defines relevant and tangible goals and objectives at
various levels of responsibility.
Filters the knowledge base of COBIT 5, based on
enterprise goals to extract relevant guidance for inclusion
in specific implementation, improvement or assurance
projects.
Clearly identifies and communicates how (sometimes very
operational) enablers are important to achieve enterprise
goals.
February 2013
Developed by @goudotmobi
105
106. Covering the Enterprise End-to-end
Principle 2. Covering the Enterprise End-to-end:
COBIT 5 addresses the governance and management of
information and related technology from an enterprisewide,
end-to-end perspective.
This means that COBIT 5:
Integrates governance of enterprise IT into enterprise
governance, i.e., the governance system for enterprise IT
proposed by COBIT 5 integrates seamlessly in any
governance system because COBIT 5 aligns with the
latest views on governance.
Covers all functions and processes within the enterprise;
COBIT 5 does not focus only on the ‘IT function’, but
treats information and related technologies as assets that
need to be dealt with just like any other asset by everyone
in the enterprise.
February 2013
Developed by @goudotmobi
106
108. Applying a Single Integrated Framework
Principle 3. Applying a Single Integrated Framework:
COBIT 5 aligns with the latest relevant other standards and
frameworks used by enterprises:
Enterprise: COSO, COSO ERM, ISO/IEC 9000,
ISO/IEC 31000
IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series,
TOGAF, PMBOK/PRINCE2, CMMI
This allows the enterprise to use COBIT 5 as the
overarching governance and management framework
integrator.
ISACA plans a capability to facilitate COBIT user mapping
of practices and activities to third-party references.
February 2013
Developed by @goudotmobi
108
109. Enabling a Holistic Approach
Principle 4. Enabling a Holistic Approach
COBIT 5 enablers are:
• Factors that, individually and collectively,
influence whether something will work—in the
case of COBIT, governance and management
over enterprise IT
• Driven by the goals cascade, i.e., higher-level
IT-related goals define what the different
enablers should achieve
• Described by the COBIT 5 framework in seven
categories
February 2013
Developed by @goudotmobi
109
111. Enabling a Holistic Approach (cont.)
Principle 4. Enabling a Holistic Approach:
1. Processes—Describe an organised set of practices and activities to achieve
certain objectives and produce a set of outputs in support of achieving overall
IT-related goals
2. Organisational structures—Are the key decision-making entities in an
organisation
3. Culture, ethics and behaviour—Of individuals and of the organisation; very
often underestimated as a success factor in governance and management
activities
4. Principles, policies and frameworks—Are the vehicles to translate the desired
behaviour into practical guidance for day-to-day management
5. Information—Is pervasive throughout any organisation, i.e., deals with all
information produced and used by the enterprise. Information is required for
keeping the organisation running and well governed, but at the operational level,
information is very often the key product of the enterprise itself.
6. Services, infrastructure and applications—Include the infrastructure,
technology and applications that provide the enterprise with information
technology processing and services
7. People, skills and competencies—Are linked to people and are required for
successful completion of all activities and for making correct decisions and
taking corrective actions
February 2013
Developed by @goudotmobi
111
112. Enabling a Holistic Approach (cont).
Principle 4. Enabling a Holistic Approach:
Systemic governance and management through
interconnected enablers—To achieve the main objectives
of the enterprise, it must always consider an
interconnected set of enablers, i.e., each enabler:
Needs the input of other enablers to be fully effective, e.g., processes
need information, organisational structures need skills and behaviour
Delivers output to the benefit of other enablers, e.g., processes deliver
information, skills and behaviour make processes efficient
This is a KEY principle emerging from the ISACA
development work around the Business Model for
Information Security (BMIS).
February 2013
Developed by @goudotmobi
112
114. Separating Governance From Management
Principle 5. Separating Governance From Management:
The COBIT 5 framework makes a clear distinction
between governance and management.
These two disciplines:
Encompass different types of activities
Require different organisational structures
Serve different purposes
Governance—In most enterprises, governance is the
responsibility of the board of directors under the
leadership of the chairperson.
Management—In most enterprises, management is the
responsibility of the executive management under the
leadership of the CEO.
February 2013
Developed by @goudotmobi
114
115. Separating Governance From Management (cont.)
Principle 5. Separating Governance From
Management:
• Governance ensures that stakeholders needs, conditions
and options are evaluated to determine balanced,
agreed-on enterprise objectives to be achieved; setting
direction through prioritisation and decision making;
and monitoring performance and compliance against
agreed-on direction and objectives (EDM).
• Management plans, builds, runs and monitors
activities in alignment with the direction set by the
governance body to achieve the enterprise objectives
(PBRM).
February 2013
Developed by @goudotmobi
115
117. Separating Governance From Management (cont.)
Principle 5. Separating Governance from
Management:
The COBIT 5 framework describes seven categories of
enablers (Principle 4). Processes are one category.
An enterprise can organise its processes as it sees fit,
as long as all necessary governance and management
objectives are covered. Smaller enterprises may have
fewer processes; larger and more complex enterprises
may have many processes, all to cover the same
objectives.
COBIT 5 includes a process reference model (PRM),
which defines and describes in detail a number of
governance and management processes. The details of
this specific enabler model can be found in the COBIT
5: Enabling Processes volume.
February 2013
Developed by @goudotmobi
117
118. COBIT 5: Enabling Processes
COBIT 5: Enabling Processes complements
COBIT 5 and contains a detailed reference guide
to the processes that are defined in the COBIT 5
process reference model:
In Chapter 2, the COBIT 5 goals cascade is recapitulated
and complemented with a set of example metrics for the
enterprise goals and the IT-related goals.
In Chapter 3, the COBIT 5 process model is explained and
its components defined.
Chapter 4 shows the diagram of this process reference
model.
Chapter 5 contains the detailed process information for all
37 COBIT 5 processes in the process reference model.
February 2013
Developed by @goudotmobi
118
121. COBIT 5: Enabling Processes (Cont.)
COBIT 5: Enabling Processes:
• The COBIT 5 process reference model subdivides the ITrelated practices and activities of the enterprise into two
main areas—governance and management— with
management further divided into domains of processes:
• The GOVERNANCE domain contains five
governance processes; within each process, evaluate,
direct and monitor (EDM) practices are defined.
• The four MANAGEMENT domains are in line with
the responsibility areas of plan, build, run and monitor
(PBRM).
February 2013
Developed by @goudotmobi
121
122. COBIT 5 Implementation
• The improvement of the governance of enterprise IT
(GEIT) is widely recognised by top management as an
essential part of enterprise governance.
• Information and the pervasiveness of information
technology are increasingly part of every aspect of
business and public life.
• The need to drive more value from IT investments and
manage an increasing array of IT-related risk has never
been greater.
• Increasing regulation and legislation over business use of
information is also driving heightened awareness of the
importance of a well-governed and managed IT
environment.
February 2013
Developed by @goudotmobi
122
123. COBIT 5 Implementation (cont.)
• ISACA has developed the COBIT 5 framework to help
enterprises implement sound governance enablers
• Indeed, implementing good GEIT is almost impossible
without engaging an effective governance framework
• Best practices and standards are also available to underpin
COBIT 5
• Frameworks, best practices and standards are useful only
if they are adopted and adapted effectively
• There are challenges that need to be overcome and issues
that need to be addressed if GEIT is to be implemented
successfully
February 2013
Developed by @goudotmobi
123
124. COBIT 5 Implementation (cont.)
• COBIT 5: Implementation covers the following subjects:
• Positioning GEIT within an enterprise
• Taking the first steps towards improving GEIT
• Implementation challenges and success factors
• Enabling GEIT-related organisational and behavioural
change
• Implementing continual improvement that includes
change enablement and programme management
• Using COBIT 5 and its components
February 2013
Developed by @goudotmobi
124
128. COBIT 5 Future Supporting Products
Future supporting products:
• Professional Guides:
• COBIT 5 for Information Security
• COBIT 5 for Assurance
• COBIT 5 for Risk
• Enabler Guides:
• COBIT 5: Enabling Information
• COBIT Online Replacement
• COBIT Assessment Programme:
• Process Assessment Model (PAM): Using COBIT 5
• Assessor Guide: Using COBIT 5
• Self-assessment Guide: Using COBIT 5
February 2013
Developed by @goudotmobi
128
129. Governance (and Management) in COBIT 5
• Governance ensures that enterprise objectives are
achieved by evaluating stakeholder needs, conditions and
options; setting direction through prioritisation and
decision making; and monitoring performance, compliance
and progress against agreed direction and objectives
(EDM).
• Management plans, builds, runs and monitors activities in
alignment with the direction set by the governance body to
achieve the enterprise objectives (PBRM).
• Exercising governance and management effectively in
practice requires appropriately using all enablers. The
COBIT process reference model allows us to focus easily on
the relevant enterprise activities.
February 2013
Developed by @goudotmobi
129
130. Governance in COBIT 5
• The COBIT 5 process reference model subdivides the ITrelated practices and activities of the enterprise into two main
areas—governance and management—with management
further divided into domains of processes
• The GOVERNANCE domain contains five governance
processes; within each process, evaluate, direct and monitor
(EDM) practices are defined.
•01 Ensure governance framework setting and maintenance.
•02 Ensure benefits delivery.
•03 Ensure risk optimization.
•04 Ensure resource optimization.
•05 Ensure stakeholder transparency.
• The four MANAGEMENT domains are in line with the
responsibility areas of plan, build, run and monitor (PBRM).
February 2013
Developed by @goudotmobi
130
132. Risk Management in COBIT 5
• The GOVERNANCE domain contains five governance
processes, one of which focuses on stakeholder risk-related
objectives: EDM03 Ensure risk optimisation.
• Process Description
• Ensure that the enterprise’s risk appetite and tolerance
are understood, articulated and communicated, and
that risk to enterprise value related to the use of IT is
identified and managed.
• Process Purpose Statement
• Ensure that IT-related enterprise risk does not exceed
risk appetite and risk tolerance, the impact of IT risk to
enterprise value is identified and managed, and the
potential for compliance failures is minimised.
February 2013
Developed by @goudotmobi
132
133. Risk Management in COBIT 5 (cont.)
• The MANAGEMENT Align, Plan and Organise domain
contains a risk-related process: APO12 Manage risk.
• Process Description
• Continually identify, assess and reduce IT-related risk
within levels of tolerance set by enterprise executive
management.
• Process Purpose Statement
• Integrate the management of IT-related enterprise
risk with overall ERM, and balance the costs and
benefits of managing IT-related enterprise risk.
February 2013
Developed by @goudotmobi
133
135. Risk Management in COBIT 5 (cont.)
• All enterprise activities have associated risk exposures
resulting from environmental threats that exploit enabler
vulnerabilities
• EDM03 Ensure risk optimisation ensures that the
enterprise stakeholders approach to risk is articulated to
direct how risks facing the enterprise will be treated.
• APO12 Manage risk provides the enterprise risk
management (ERM) arrangements that ensure that the
stakeholder direction is followed by the enterprise.
• All other processes include practices and activities that
are designed to treat related risk (avoid,
reduce/mitigate/control, share/transfer/accept).
February 2013
Developed by @goudotmobi
135
137. Compliance in COBIT 5
• The MANAGEMENT Monitor, Evaluate and Assess domain
contains a compliance focused process: MEA03 Monitor,
evaluate and assess compliance with external
requirements.
• Process Description
• Evaluate that IT processes and IT-supported business
processes are compliant with laws, regulations and
contractual requirements. Obtain assurance that the
requirements have been identified and complied with, and
integrate IT compliance with overall enterprise compliance.
• Process Purpose Statement
• Ensure that the enterprise is compliant with all applicable
external requirements.
February 2013
Developed by @goudotmobi
137
139. Compliance in COBIT 5 (cont.)
• Legal and regulatory compliance is a key part of the
effective governance of an enterprise, hence its inclusion
in the GRC term and in the COBIT 5 Enterprise Goals and
supporting enabler process structure (MEA03).
• In addition to MEA03, all enterprise activities include
control activities that are designed to ensure compliance
not only with externally imposed legislative or regulatory
requirements but also with enterprise governancedetermined principles, policies and procedures.
February 2013
Developed by @goudotmobi
139
142. Aligning IT and Business Strategy
• Corporate Mission – Business Goals – IT
Strategy
• Requires involvement from many levels and
activities within the enterprise.
• Lack of alignment leads to adverse business
issues.
• Strong IT Governance contributes toward
proper alignment.
February 2013
Developed by @goudotmobi
142
144. Ensuring Value and Effectiveness
• IT issues are the least understood, despite
increasing reliance placed on IT.
• Initiate IT governance structures with the right
level of executive involvement.
• Board of Director’s require essential IT related
skills
February 2013
Developed by @goudotmobi
144
145. Information Systems Governance
• Consists of leadership, organizational
structures and processes that safeguard
information.
• Security over information assets.
• Benefits of IS Governance.
• IS is a top-down process.
February 2013
Developed by @goudotmobi
145
146. Measuring IT Governance
Performance
• Measuring IT performance is a key concern as it
demonstrates the effectiveness and added
business value of IT.
• Commonly seen as the IT “Black Hole” – costs
continually rise without clear evidence of value
derived from the IT function.
• Traditional performance measurement methods
require monetary values which are hard to apply
to IT systems.
February 2013
Developed by @goudotmobi
146
148. IT Balanced Scorecard
• One of the most effective means to aid an
organization in achieving IT and business alignment.
• Provides a systematic translation of the IT strategy
into tangible success factors and metrics.
• Gives a balanced view of the value added by IT to the
business.
• Calculating the value of IT investments is a business
issue for which business managers are ultimately
responsible for.
February 2013
Developed by @goudotmobi
148
149. ISACA Global Status Report 2K8 (cont’d)
Research purposes
Reach members of the C-Suite to determine their sense of priority
and actions taken relative to IT governance
Understand their need for tools and services to help ensure effective
IT governance
Detailed objectives
Survey and analyze the degree to which the concept of IT
governance is recognized, established and accepted within
boardrooms and especially by chief information officers (CIOs)
Determine what level of IT governance expertise exists and which
frameworks are known and are (or will be) adopted
Measure the extent to which ITGI’s own framework, Control
Objectives for Information and related Technology (COBIT), is
selected and how it is perceived
February 2013
Developed by @goudotmobi
149
150. ISACA Global Status Report 2K8 (cont’d)
Revealed Results
Insufficient IT staff availability, service delivery issues and difficulty
proving the value of information technology continue to concern
executives at organizations around the world
58% noted an insufficient number of staff, compared to 35 percent
in 2005
48 % said that IT service delivery problems remain the second most
common problem
38 %point to problems relating to staff with inadequate skills
30 % reported problems anticipating the return on investment (ROI)
for IT expenditures
The study is a follow-up to ITGI’s 2003 and 2005 surveys and tracks
IT governance trends over the past four years
February 2013
Developed by @goudotmobi
150
151. ISACA Global Status Report 2K8 (cont’d)
• Survey Sample
Researchers contacted CIOs and chief executive officers
(CEOs). The total number of interviews conducted was
749, of which 652 were from a random sample of
organizations
71 were known as COBIT users and 26 were
experienced COBIT users
• Global Reach
The interviews were conducted worldwide (in 23
countries), and all continents/regions were
represented.
February 2013
Developed by @goudotmobi
151
152. New Ways of Implementing IT Governance
Lifecycle Approach by synergizing in between COBIT, ValIT and RiskIT
February 2013
Developed by @goudotmobi
152
154. Lifecycle Phase Walkthrough
Phases:
• What are the drivers?
• Where are we now?
• Where do we want to be?
• What needs to be done?
• How do we get there?
• Did we get there?
• How do we keep the momentum going?
February 2013
Developed by @goudotmobi
154
155. What Are The Drivers?
• Goal of Phase:
– Outline the business case
– Identify stakeholders, roles & responsibilities
– IT Governance program “wake-up call” and
communication kick-off
• Need for new or improved IT Governance Organization
recognized in Pain Points and/or Trigger events
• Pain Points analyzed for root cause and opportunities
looked for during Trigger events
• Root causes and opportunities provide business case
for improved or new IT Governance initiatives
February 2013
Developed by @goudotmobi
155
156. Trigger Events
•
•
•
•
•
•
•
•
•
Merger, acquisition or divestiture
An enterprise-wide governance focus or
Shift in the market, economy or competitive position
Change in business operating model or sourcing
arrangements
A new CIO, CFO, COO or CEO
External audit or consultant assessments
A new business strategy
New regulatory or compliance requirements
Significant technology change or paradigm shift
February 2013
Developed by @goudotmobi
156
157. Common Painful Points
•
•
•
•
•
•
•
•
•
•
•
Failed IT initiatives
Rising Costs
Resource waste through duplication or overlap in IT
Perception of low business initiatives value for IT investments
Significant incidents related to IT risk (e.g. data loss)
Service Delivery Problems
Failure to meet regulatory or contractual requirements
Audit findings for poor IT performance or low service levels
Insufficient IT resources
IT Staff burnout/disastisfaction
IT enabled changes frequently failing to meet business needs (late
deliveries or budget overruns)
• Hidden and/or rogue IT spending
• Multiple and complex IT assurance efforts
• Board members or senior managers that are reluctant to engage with IT
February 2013
Developed by @goudotmobi
157
158. Where are we now?
• Define the Problems and Opportunities
– See paint point causes and trigger event opportunities
• Form Powerful Guiding Team
– Knowledgeable about the business environment
– Have insight into influencing factors
• Assess the Current State
– Identify IT goals and their alignment with enterprise goals
– Identify the most important processes
– Understand management’s risk appetite
– Understand the maturity of existing governance and
related processes
February 2013
Developed by @goudotmobi
158
159. Where do we want to be?
• Define the Roadmap
– Describe the high level change enablement plan and
objectives
• Communicate Desired Vision
– Develop a communication strategy
– Communicate the vision
– Articulate the rationale and benefits of the change
– Set the “tone at the top”
• Define Target State and Perform Gap Analysis
– Define the target for improvement
– Analyze the gaps
– Identify potential improvements
February 2013
Developed by @goudotmobi
159
160. What Needs to be done?
• Develop Program Plan
– Prioritize potential initiatives
– Develop formal and justifiable projects
– Use plans that include contribution and program objectives
• Empower Role Players and Identify Quick Wins
– High Benefit, easy implementation should come first
– Obtain buy-in by key stakeholders affected by the change
– Identify strengths in existing processes and leverage accordingly
• Design and Build Improvements
– Plot improvements onto a grid to assist with prioritization
– Consider approach, deliverables, resources needed, costs,
estimated time scales, project dependencies and risks
February 2013
Developed by @goudotmobi
160
161. How Do We Get There?
• Execute the Plan
– Execute projects according to an integrated program plan
– Provide regular update reports to stakeholders
– Document and Monitor the contribution of projects while
managing risks identified
• Enable Operation and Use
– Build on the momentum and credibility of quick wins
– Plan cultural and behavioral aspects of the broader transition
– Define Measures of Success
• Implement Improvements
– Adopt and Adapt best practices to suit the organization’s
approach to policies and process changes
February 2013
Developed by @goudotmobi
161
162. Did We Get There?
• Realize Benefits
– Monitor the overall performance of the program against business
case objectives
– Monitor and measure the investment performance
• Embed New Approaches
– Provide transition from project mode to “business as usual”
– Monitor whether new roles and responsibilities have been taken
on
– Track and assess objectives of the change response plans
– Maintain communication and ensure communication between
appropriate stakeholders continues
• Operate and Measure
– Set targets for each metric
– Measure metrics against targets
– Communicate results and adjust targets as necessary
February 2013
Developed by @goudotmobi
162
163. How Do We Keep Momentum Going?
• Continual Improvements – keeping the momentum is critical to
sustainment of the lifecycle
• Review the Program Benefits
– Review Program effectiveness through program review gate
• Sustain
– Conscious reinforcement (reward achievers)
– Ongoing communication campaign (feedback on performance)
– Continuous top management commitment
• Monitor and Evaluate
– Identify new governance objectives based on program experience
– Communicate lessons learned and further improvement
requirements for the next iteration of the cycle
February 2013
Developed by @goudotmobi
163
165. Change Enablement
• Guidance provided at each lifecycle phase
• Based on Cotter Model
– Establish a sense of urgency
– Form a powerful guiding coalition
– Create and communicate a clear vision, expressed simply
– Empower others to act on the vision, identifying and
implementing quick-wins
– Enable use and implement improvements/produce more
change
– Institutionalize new approaches
– Sustain
February 2013
Developed by @goudotmobi
165
166. Program Management Guidance
• Guidance provided at each lifecycle phase
– Initiate program
– Define problems and opportunities
– Define roadmap
– Develop program plan
– Execute plan
– Realize benefits
– Review program effectiveness
• Detailed guidance provided by Val IT
February 2013
Developed by @goudotmobi
166
168. Considerations in a Sourced
Environment
• Sourcing Strategy
• Contract
Management
• Finance
Management
• Relationship
Management
• Performance
Management
February 2013
168
Developed by @goudotmobi
169. Sourcing Strategy
• Part of IT Strategic Plan
• Inventory of critical Supplier relationships
• Update based on changes to Business, IT or
Supplier Strategies
• May contain intervention plans
February 2013
169
Developed by @goudotmobi
170. Contract Management
• Initial negotiation and inlife change management
• Defines Services/Quality
• Defines ownership of
Intellectual Property
• Compliance with Law and
Policy
• Audit Rights
February 2013
170
Developed by @goudotmobi
171. Contract Change Management
• Required by either changing business
needs or to address ambiguity.
• Should be viewed as a negotiation.
• Each party will attempt to get
concessions not previously obtained
- value is at risk
• Depend on Relationship
Management for smaller changes to
avoid this risk
February 2013
171
Developed by @goudotmobi
172. Intellectual Property
• Supplier IP may be
used to deliver
efficiencies ($)
• However, use of
Supplier IP may limit
sourcing flexibility.
• Who owns process
‘know-how’ and does
this change over
time?
• What risk does this
represent?
February 2013
172
Developed by @goudotmobi
NPS
173. Intellectual Property
Mitigations
• Inventory, inventory, inventory
– IT processes supporting the business
– Materials (documents, rights, etc.)
• Risk Management discussion with
business
• Seek legal help
• Follow up!
February 2013
173
Developed by @goudotmobi
174. Audit Rights
•
•
•
•
Business requirements drive specifics.
Must be in the initial contract
For supplier shared services, SAS70 Type II
Audit rights should be unlimited and at no
cost.
NPS
February 2013
174
Developed by @goudotmobi
175. Finance Management
• Deal financials reporting
• Invoice Verification
– Service receipt
– Credits
– Incentives
• Internal cost recovery
NPS
February 2013
175
Developed by @goudotmobi
176. Finance Management
• This is THE PLACE to receive an
independent confirmation of IT value
delivery.
• Budgets are a very unforgiving reality
check!
NPS
February 2013
176
Developed by @goudotmobi
177. Relationship Management
• Overall Supplier
management
• Monitor business needs
• Communication Forums
• Issue Management
• Risk Management
• Project Management
February 2013
177
Developed by @goudotmobi
178. Risk Management
• IT Governance process to evaluate
Supplier Financial, Service Delivery,
Relationship and Information Security
risks in total.
• As before, there may be a translation
here from technical risk to business risk.
• Can use Probability x Business Impact as
the metric. The business should supply
the Impact.
• This can be a powerful tool to use with
Suppliers. They speak the lingua franca as
well.
NPS
February 2013
178
Developed by @goudotmobi
179. Project Management
•Good Project Management helps assure value
delivery
•Define ‘project’ vs. ‘daily work’ in the contract.
•Has linkages to Finance Management (paying
Project costs), Service Delivery (assuring
Project deliverables)
NPS
February 2013
179
Developed by @goudotmobi
180. Performance Management
•
•
•
•
Aligning Service Delivery Requirements
Managing and Reporting against SLAs
Management of individual projects
Work prioritization
February 2013
180
Developed by @goudotmobi
181. Best Practices for IT Governance
IT governance has become significant due to:
• Demands for better return from IT investments
• Increases in IT expenditures
• Regulatory requirements for IT controls
• Selection of service providers and outsourcing
• Complexity of network security
• Adoptions of control frameworks
• Benchmarking
February 2013
Developed by @goudotmobi
181
182. Best Practices for IT Governance (cont’d)
Audit role in IT governance
• Audit plays a significant role in the successful
implementation of IT governance within an
organization
• Reporting on IT governance involves auditing at the
highest level in the organization and may cross
division, functional or departmental boundaries
February 2013
Developed by @goudotmobi
182
183. Best Practices for IT Governance (cont’d)
• In accordance with the defined role of the IS auditor, the
following aspects related to IT governance need to be
assessed:
– Alignment of the IS function with the organization’s mission,
vision, values, objectives and strategies
– Achievement of performance objectives established by the
business (e.g., effectiveness and efficiency) by the IS function
– Legal, environmental, information quality, fiduciary, security,
and privacy requirements
– The control environment of the organization
– The inherent risks within the IS environment
– IT investment/expenditure
February 2013
Developed by @goudotmobi
183
184. Auditing IT Governance
Indicators of potential problems include:
• Unfavorable end-user attitudes
• Excessive costs
• Budget overruns
• Late projects
• High staff turnover
• Inexperienced staff
• Frequent hardware/software errors
February 2013
Developed by @goudotmobi
184
185. IT Governance Audit Planning
• Audit Team Composition
• Audit Criteria
• Learning from the Balanced
Scorecard Approach
February 2013
185
Developed by @goudotmobi
186. Audit Team Composition
• Leadership - Business or IT?
– Audit Supervision and Auditor in
Charge Independence is a must
• Beware setting up an audit team
that may reflect corporate IT
Governance issues
• Consider sourcing
knowledgeable auditors
February 2013
186
Developed by @goudotmobi
187. IT Governance Audit Criteria/Standards
• IIA Governance Auditing
Standards
• ISACA / ITGI IT Governance
Auditing Guidelines
• ITGI Risk IT Framework
• ITGI Val IT Framework
• << Insert your Company business
policies here >>
February 2013
187
Developed by @goudotmobi
188. Learnings from the Balanced Scorecard
• Consider IT Governance from
various business points of view
(1)
– Corporate
– Customer
– Operational Excellence
– Future / Sustainability
1. “Measuring and Improving IT Governance Through the Balanced Scorecard”
Information Systems Control Journal, Volume 2, 2005
February 2013
188
Developed by @goudotmobi
189. Balanced Scorecard:
Corporate View
Objective
Business/ IT Alignment
Operational budget
approval
Value Delivery
Business Unit Performance
Cost Management
Attainment of expense and
recovery targets
Risk Management
Results of Internal Audits
Intercompany Synergy
February 2013
189
Example Metrics
Single System Solutions
Developed by @goudotmobi
190. Balanced Scorecard:
Customer View
Objective
Customer Satisfaction
Business Unit Survey
ratings
Competitive Costs
Attainment of unit cost
targets
Development Performance
Major Project Scores
Operational Performance
February 2013
190
Example Metrics
Attainment of targeted
levels
Developed by @goudotmobi
191. Balanced Scorecard:
Operational View
Objective
Development Process
Function Point Measures
Operational process
Change Management
effectiveness
Process Maturity
Level of IT Processes
Enterprise Architecture
February 2013
191
Example Metrics
State of the infrastructure
assessment
Developed by @goudotmobi
192. Balanced Scorecard:
Future View
Objective
Human Resource
Management
Staff Turnover
Employee Satisfaction
Satisfaction survey scores
Knowledge Management
February 2013
192
Example Metrics
Implementation of learned
lessons
Developed by @goudotmobi
193. Reviewing Documentation
The following documents should be reviewed:
• IT strategies, plans and budgets
• Security policy documentation
• Organization/functional charts
• Job descriptions
• System development and program change procedures
• Operations procedures
• Human resource manuals
• Quality assurance procedures
February 2013
Developed by @goudotmobi
193
Editor's Notes
Trainer presentationslides for InformationTechnology Governance training. Image credit: Europeanfinancialreview.com
Image credit: blogs.adobe.com
Picture credit: Convergemerge and ISACA SF Chapter
Picture credit: Convergemerge and ISACA SF Chapter
Picture credit: Convergemerge and ISACA SF Chapter
Key Findings on the survey, see IT-Governance-Global-Status-Report-April-2008.pdf
Review Manual Reference Pages:p. 88 - 90
The IS auditor should confirm that the terms of reference state the:• Scope of the work• Reporting line to be used• IS auditor’s right of access to information
Content to Emphasize: The organizational status and skill sets of the IS auditor should be considered for appropriateness with regard to the nature of the planned audit. Review Manual Reference Pages:p. 90