4. • Technology plays key role in current/rebuilding
economies and cooperation* in/after COVID-19
pandemic
• Companies, Governments & Society* needs to make
full use of digital technologies to confront the
COVID-19 pandemic
• Risks & Challenges arise on Resilience, Recovery, the
New Reality of WFH & safety of staff ( Auditing, IT
operations, Security, Privacy, Capacity, Continuity…)
8. • IT Governance Framework have already been
implemented at the organisational level in many
countries
• Central bank of Lebanon (Circulars, BCC 222/2000 General guide for IT Security,
272, 1s44/2017 Cybercrime, 123/2008 Business Continuity Plan. 272/2011 Security
of information technology systems ,146/2018 GDPR, Law 81/2018 electronic
signature and privacy) but missing updated of old BCC 222/2000 and organization
structures.
• Central Bank of Jordan regulations number No.:(65/2016) its adjustments
number )984-6-10(
• Egypt, I have not seen anything related to ICT governance the Egypt 2030 plan only
mentions it but no details
• Implementing IT governance at the national level
will deliver better benefits to the Organizations.
9. • Information & Communication Technology
Governance framework (or I&T governance
framework) is a type of framework that defines
the ways, structures and methods through which
an organisation can implement, manage, direct
and monitor IT governance.
11. IT Governance is concerned with value delivery from digital
transformation and the mitigation of business risk that results from
digital transformation. More specifically, three main outcomes
can be expected after successful adoption of IT Governance:
Benefits realization—This consists of creating value for the
enterprise through I&T, maintaining and increasing value derived
from existing I&T investments, and eliminating IT initiatives and
assets that are not creating sufficient value.
12. Risk optimization—This entails addressing the business risk
associated with the use, ownership, operation,
involvement, influence and adoption of I&T within an
enterprise. I&T-related business risk consists of I&T-related
events that could potentially impact the business.
Resource optimization—This ensures that the appropriate
capabilities are in place to execute the strategic plan
and sufficient, appropriate and effective resources are provided.
13. In the light of digital transformation and now
Covid-19, information and technology (I&T)
have become crucial in the support, sustainability,
growth of enterprises and maybe survival.
Previously, governing boards (boards of directors)
and senior management could delegate, ignore or
avoid I&T-related decisions. In most sectors
and industries, such attitudes are now ill
advised.
14. Challenges
So what were the challenges of the Board and
executives in this uncertain time :
Travel restrictions, social distancing quarantines,
and other measures will often hinder a physical
meeting of the board or shareholders. Not to
speak of the fact that some directors or
shareholders might become infected by
COVID-19.
15. Questions and lessons
• Was there a I&T Governance part of BOD?
▫ If yes was it effectively managed
• Was communication secured timely due to
disruption of traditional channels or needed new
technologies to support it
• Did Board meetings occur?
• Legalities of remote boards, and document
signing, was eSignature introduced
17. Risk oversight is key as new and
unforeseen issues emerge
• One of the primary responsibilities of the board of
directors is risk oversight. Boards must understand the
risks facing the companies they oversee, and they must
ensure that management has implemented appropriate
measures to identify, monitor, and manage those risks.
For example, as a result of COVID-19, companies have
had to implement their pre-pandemic business
continuity plans, as physical distancing and work-from-
home policies have become the norm. Companies that
had invested in more comprehensive business continuity
planning and technology before the pandemic may have
had an advantage in managing the crisis so far.
18. • In particular, boards may find companies exposed to
new risks related to Services disruptions, capital
allocation, Assets, liquidity, cybersecurity, and key
person risk. Not to mention risks to firms’
reputations if they fail to meet emerging best
practices on communication and treatment of
employees. Over the long term, we expect boards to
take a critical look at the effectiveness of their
companies’ risk policies to ensure they are prepared
for a wide variety of potential risk events
19.
20.
21. What are the main COBIT
objective/Process needed?
Managed Assets Managed Security Managed Continuity Managed Security
22. ICT Governance RedFlags & Controls
• ICT governance is nothing but the way in which a IT
functions. It includes a system of rules and processes
that direct and controls a I&T. The aim of enforcing ICT
governance is to balance the interests of a company’s
shareholders
• ICT Governance integrates best practices to ensure that
the organization’s IT is aligned with, and supports, the
business objectives; delivers value; manages risk
associated with IT; manages its IT resources effectively
and efficiently; and measures its own performance.
24. ICT Governance RedFlags & Controls
• Monitoring by board.
• Internal audits of ICT Governance system and
robust policies.
• Proper balance of power.
• Performance based remuneration.
• Monitoring by large shareholders and other
stakeholders.
25. The board should also monitor and review:
• ICT strategy
• ICT major plans of action
• ICT annual budgets and business plans
• ICT performance
• ICT major capital expenditures, acquisitions and divestitures
• ICT governance practices and changes
• ICT compensation and succession planning
• ICT risk policy
• Immature ICT risk management, non-investment in
information technology, and defective or non-existent
controls, particularly “non financial”