SlideShare a Scribd company logo

#sitbru Session 3 IT Governance for sap practitioners by Prof. G. Ataya

mgillet
mgillet

SAP Inside Track Brussels - Session 3 IT Governance for sap practitioners by Professor Georges Ataya

1 of 21
IT Governance Masterclass Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA External Relations Chair, ISACA Professor, Solvay Business School Managing Partner, ICT Control NV
Georges Ataya MSCS, PBA, CISA, CISM, CISSP • Professor and Academic Director at Solvay Brussels School of Economics and Management in charge of IT Management Education www.solvay.edu/it) www.solvay.edu/it) • Academic relations Committee Chair at ISACA (ISACA.org) (ISACA.org) • Managing Partner ICT Control SA (www.ictcontrol.eu) • Participated in various researches and publications. • Georges@ictcontrol.eu – www.ataya.info
Why Does IT needs a Governance Framework? Do any of these conditions sound familiar? • Growing complexity of IT environments • Fragmented IT infrastructures or applications • Demand for technologists outstripping supply • Communication gap between business and IT managers • IT service levels that are disappointing • Marginal productivity gains on technology investments • Impaired organisational flexibility and nimbleness to change • User frustration leading to ad hoc solutions • IT managers operating like fire fighters
IT Governance Needs a Management Framework Driving Forces Map Onto the IT IT Governance GOVERNANCE Concepts Focus Areas RESOURCE MANAGEMENT
Six IT Governance domains IT Governance Risk Concepts Management Strategic Resources Alignment Management Value Performance Management Measurement
Definition
Governance, Risk & Compliance: GRC Compliance is the act of adhering to, and demonstrating adherence to, external laws and Compliance regulations as well as corporate policies and procedures. Risk is the effect of uncertainty on business objectives; risk management is the coordinated Risk Governance is the culture, policies, activities to direct processes, laws, and control an and institutions that organization to realize Governance define the structure by which opportunities companies are while managing directed and negative events. managed. Source: OCEG (Open Compliance and Ethics Group)
Practices and processes in value governance Value Governance – elements Strategy Management A M r a c n h a Portfolio Management i g t e e m VALUE c e RISK Programme Management A M s g t n Total s m u t Benefits – r Total e t Costs Project Management t e Operations Management Source: IT Governance Institute
Projects success
Value Governance is based around The Four “Ares” - continually asking… Are we Are we doing getting the right the things? benefits? Are we Are we doing them getting the right them done way? well? Source: Fujitsu Consulting
Risk approaches Dependent on the type of risk and its significance to the business, management and the board may choose to: to: Mitigate Implementing controls, e.g., acquire and deploy security technology to protect the IT infrastructure Transfer Sharing risk with partners or transferring it to insurance coverage Accept Formally acknowledging that the risk exists and monitoring it
Risk management of enterprise IT resources (application, information, infrastructure, people) IT Risk Analysis Approach Source: IT Governance Institute
Does Your IT Architecture Look Like… (needed a) …blueprint to bring order to “spaghetti layer of applications, boxes and wires” Toby Redshaw VP of Strategy & Architecture Motorola
Four architectural views Business View Application View Information View Technology View What are the business strategies and processes that will make Which applications do we need to facilitate the business us successful What information do we need to manage in the process and manipulateneeded to support the information and What technology is the information business application needs
IT Governance needs a control framework How is it being used? IT Governance IT Governance Audit Methodology Security Security CobiT Sarbanes Oxley - Oxley Framework Outsourcing Outsourcing Process Standards Policy Policy “CobiT is the framework that gives me an end-to-end view of IT.” John Carrow, CIO, Unisys “CobiT is an end-to-end catalogue of IT decisions.” Simon Shapiro, CIO, Investec
COBIT Framework BUSINESS OBJECTIVES AND GOVERNANCE OBJECTIVES C O B I T ME1 Monitor and evaluate IT FRAMEWORK PO1 Define a strategic IT plan. performance. INFORMATION PO2 Define the information ME2 Monitor and evaluate architecture. internal control. Efficiency Integrity PO3 Determine technological ME3 Ensure compliance with Effectiveness Availability direction. external requirements. Compliance PO4 Define the IT processes, ME4 Provide IT governance. Confidentiality organisation and Reliability relationships. MONITOR PLAN PO5 Manage the IT investment. AND AND PO6 Communicate management EVALUATE ORGANISE aims and direction. IT PO7 Manage IT human resources. DS1 Define and manage service RESOURCES PO8 Manage quality. levels. PO9 Assess and manage IT risks. DS2 Manage third-party services. PO10 Manage projects. DS3 Manage performance and capacity. DS4 Ensure continuous service. Applications Information DS5 Ensure systems security. AI1 Identify automated solutions. Infrastructure DS6 Identify and allocate costs. People AI2 Acquire and maintain DS7 Educate and train users. DELIVER application software. ACQUIRE DS8 Manage service desk and AND AI3 Acquire and maintain AND incidents. SUPPORT IMPLEMENT technology infrastructure. DS9 Manage the configuration. AI4 Enable operation and use. DS10 Manage problems. AI5 Procure IT resources. DS11 Manage data. AI6 Manage changes. DS12 Manage the physical AI7 Install and accredit solutions environment. and changes. DS13 Manage operations.
Setting the Direction of IT Governance across the enterprise (in support of the business) Provide Direction Set Objectives IT Activities IT is aligned with the Increase automation business (make the business IT enables the business effective) & maximises benefits Compare Decrease cost (make the IT resources are used enterprise efficient) responsibly Manage risks (security, IT-related risks are reliability & compliance) managed appropriately Measure Performance • Objective: ensure that IT enables, sustains and extends the organisation’s strategies and objectives • Method: providing direction and exercising control • Content: Leadership, organisational structures and processes • Responsibility: board of directors and executive management Source: IT Governance Institute
Value chain linkage between Enterprise Strategy and IT Enterprise Business IT IT Strategy & Goals for IT Goals Processes Scorecard Architecture IT deliver Business Governance Information Requirements Requirements require influence run Information IT Applications Services Processes imply Information Infrastructure Criteria need & People Source: IT Governance Institute
Benchmarking IT process maturity by industry sector Po1 3.50 M1 Po3 3.00 DS11 Po5 Finance 2.50 Other DS10 2.00 Po9 IT Services 1.50 DS5 Po10 Public Sector Ret & Manu DS4 A11 DS1 A12 A16 A15 Po1 Po1 Po1 3.50 3.50 M1 3.50 Po3 M1 Po3 M1 Po3 3.00 3.00 3.00 DS11 Po5 DS11 2.50 Po5 DS11 2.50 Po5 2.50 2.00 2.00 2.00 DS10 Po9 DS10 Po9 DS10 Po9 1.50 1.50 1.50 1.00 1.00 1.00 DS5 Po10 DS5 Po10 DS5 Po10 DS4 A11 DS4 A11 DS4 A11 DS1 A12 DS1 A12 DS1 A12 A16 A15 A16 A15 A16 A15 Financial Services Public Sector Retail/Manufacturing Source: IT Governance Institute
Where Does Frameworks Fit? CONFORMANCE PERFORMANCE: Drivers Basel II, Sarbanes- Business Goals Oxley Act, etc. Balanced Enterprise Governance Scorecard COSO IT Governance COBIT 4.1 ISO ISO ISO Standards Best Practice 9001:2000 27002 20000 QA Security ITIL V3 Processes and Procedures procedures Principles
Why Isn’t Everyone Doing This? We do this already. It’s not exciting. You’re making it much too complex. It’s not easy. It’s an IT problem. Lack of business engagement / accountability We don’t know where to start! 21

Recommended

Amnded stratexpoint screens1
Amnded stratexpoint screens1Amnded stratexpoint screens1
Amnded stratexpoint screens1Andrew Smart
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity ModelConferencias FIST
 
Cobi t riskmanagementframework_iac
Cobi t riskmanagementframework_iacCobi t riskmanagementframework_iac
Cobi t riskmanagementframework_iacuniversity of sargodha
 
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...prosenzw69
 
High Level Intro
High Level IntroHigh Level Intro
High Level Intro
faisalsadaf
 
Risk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc anenyRisk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc anenyИван Вали-Пур
 
Rms corp gov 15march2012
Rms corp gov 15march2012Rms corp gov 15march2012
Rms corp gov 15march2012RBAPAT54
 
Information Security Risks Management Maturity Model (ISRM3)
Information Security Risks Management Maturity Model (ISRM3)Information Security Risks Management Maturity Model (ISRM3)
Information Security Risks Management Maturity Model (ISRM3)leolemes
 

Recommended

Amnded stratexpoint screens1
Amnded stratexpoint screens1Amnded stratexpoint screens1
Amnded stratexpoint screens1Andrew Smart
 
Security Maturity Model
Security Maturity ModelSecurity Maturity Model
Security Maturity ModelConferencias FIST
 
Cobi t riskmanagementframework_iac
Cobi t riskmanagementframework_iacCobi t riskmanagementframework_iac
Cobi t riskmanagementframework_iacuniversity of sargodha
 
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...prosenzw69
 
High Level Intro
High Level IntroHigh Level Intro
High Level Intro
faisalsadaf
 
Risk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc anenyRisk seminar - john crawley & emer mc aneny
Risk seminar - john crawley & emer mc anenyИван Вали-Пур
 
Rms corp gov 15march2012
Rms corp gov 15march2012Rms corp gov 15march2012
Rms corp gov 15march2012RBAPAT54
 
Information Security Risks Management Maturity Model (ISRM3)
Information Security Risks Management Maturity Model (ISRM3)Information Security Risks Management Maturity Model (ISRM3)
Information Security Risks Management Maturity Model (ISRM3)leolemes
 
Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...
SPTechCon
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training course
Iman Baradari
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
Network Intelligence India
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking Day
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Qualified Audit Partners Governance, Audit It, Audit Training
Qualified Audit Partners Governance, Audit It, Audit TrainingQualified Audit Partners Governance, Audit It, Audit Training
Qualified Audit Partners Governance, Audit It, Audit Training
Patrick Soenen
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontier
Ramsés Gallego
 
It governance product
It governance productIt governance product
It governance product
Arul Nambi
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Amper ERM Presentation to FEI
Amper ERM Presentation to FEIAmper ERM Presentation to FEI
Amper ERM Presentation to FEIjravi
 
Business continuity management fundamentals update
Business continuity management fundamentals updateBusiness continuity management fundamentals update
Business continuity management fundamentals update
Exo Futures
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
Capgemini
 
IT Governance with Digité Enterprise
IT Governance with Digité EnterpriseIT Governance with Digité Enterprise
IT Governance with Digité Enterprise
Digite Inc
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCE
Rudy Shoushany
 
Understanding co bit 4.1
Understanding co bit 4.1Understanding co bit 4.1
Understanding co bit 4.1
n|u - The Open Security Community
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summarydgeoghegan
 
A Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & ComplianceA Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & Compliance
InnoTech
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security Governance
Leo de Sousa
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAE
Wheelhouse Advisors LLC
 
Internal audit requirement
Internal audit requirementInternal audit requirement
Internal audit requirementabhijitsingh007
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Lennart Bredberg
 
Have a blog for lunch : the slides
Have a blog for lunch : the slidesHave a blog for lunch : the slides
Have a blog for lunch : the slides
mgillet
 
Sitbru session 1 sap communities & sap mentors by m. gillet
Sitbru session 1 sap communities & sap mentors by m. gilletSitbru session 1 sap communities & sap mentors by m. gillet
Sitbru session 1 sap communities & sap mentors by m. gilletmgillet
 

More Related Content

Similar to #sitbru Session 3 IT Governance for sap practitioners by Prof. G. Ataya

Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...
SPTechCon
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training course
Iman Baradari
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
Network Intelligence India
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking Day
Iyad Mourtada, CMA, CIA, CFE, CCSA, CRMA, CPLP
 
Qualified Audit Partners Governance, Audit It, Audit Training
Qualified Audit Partners Governance, Audit It, Audit TrainingQualified Audit Partners Governance, Audit It, Audit Training
Qualified Audit Partners Governance, Audit It, Audit Training
Patrick Soenen
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontier
Ramsés Gallego
 
It governance product
It governance productIt governance product
It governance product
Arul Nambi
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governancenooralmousa
 
Amper ERM Presentation to FEI
Amper ERM Presentation to FEIAmper ERM Presentation to FEI
Amper ERM Presentation to FEIjravi
 
Business continuity management fundamentals update
Business continuity management fundamentals updateBusiness continuity management fundamentals update
Business continuity management fundamentals update
Exo Futures
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
Capgemini
 
IT Governance with Digité Enterprise
IT Governance with Digité EnterpriseIT Governance with Digité Enterprise
IT Governance with Digité Enterprise
Digite Inc
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCE
Rudy Shoushany
 
Understanding co bit 4.1
Understanding co bit 4.1Understanding co bit 4.1
Understanding co bit 4.1
n|u - The Open Security Community
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summarydgeoghegan
 
A Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & ComplianceA Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & Compliance
InnoTech
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security Governance
Leo de Sousa
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAE
Wheelhouse Advisors LLC
 
Internal audit requirement
Internal audit requirementInternal audit requirement
Internal audit requirementabhijitsingh007
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Lennart Bredberg
 

Similar to #sitbru Session 3 IT Governance for sap practitioners by Prof. G. Ataya (20)

Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...Understanding and Implementing Governance for SharePoint 2010 by Bill English...
Understanding and Implementing Governance for SharePoint 2010 by Bill English...
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training course
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking Day
 
Qualified Audit Partners Governance, Audit It, Audit Training
Qualified Audit Partners Governance, Audit It, Audit TrainingQualified Audit Partners Governance, Audit It, Audit Training
Qualified Audit Partners Governance, Audit It, Audit Training
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontier
 
It governance product
It governance productIt governance product
It governance product
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
Amper ERM Presentation to FEI
Amper ERM Presentation to FEIAmper ERM Presentation to FEI
Amper ERM Presentation to FEI
 
Business continuity management fundamentals update
Business continuity management fundamentals updateBusiness continuity management fundamentals update
Business continuity management fundamentals update
 
Governance, Risk, and Compliance Services
Governance, Risk, and Compliance ServicesGovernance, Risk, and Compliance Services
Governance, Risk, and Compliance Services
 
IT Governance with Digité Enterprise
IT Governance with Digité EnterpriseIT Governance with Digité Enterprise
IT Governance with Digité Enterprise
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCE
 
Understanding co bit 4.1
Understanding co bit 4.1Understanding co bit 4.1
Understanding co bit 4.1
 
Risk Offering Summary
Risk Offering SummaryRisk Offering Summary
Risk Offering Summary
 
A Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & ComplianceA Value Centric Approach to Governance Risk & Compliance
A Value Centric Approach to Governance Risk & Compliance
 
Effective IT Security Governance
Effective IT Security GovernanceEffective IT Security Governance
Effective IT Security Governance
 
Common Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAECommon Objectives of the CRO and the CAE
Common Objectives of the CRO and the CAE
 
Internal audit requirement
Internal audit requirementInternal audit requirement
Internal audit requirement
 
Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010Security Governance by Risknavigator 2010
Security Governance by Risknavigator 2010
 

More from mgillet

Have a blog for lunch : the slides
Have a blog for lunch : the slidesHave a blog for lunch : the slides
Have a blog for lunch : the slides
mgillet
 
Sitbru session 1 sap communities & sap mentors by m. gillet
Sitbru session 1 sap communities & sap mentors by m. gilletSitbru session 1 sap communities & sap mentors by m. gillet
Sitbru session 1 sap communities & sap mentors by m. gilletmgillet
 
#sitbru Session 4 Introduction to STVN and using it to leverage better data a...
#sitbru Session 4 Introduction to STVN and using it to leverage better data a...#sitbru Session 4 Introduction to STVN and using it to leverage better data a...
#sitbru Session 4 Introduction to STVN and using it to leverage better data a...
mgillet
 
#sitbru Keu 2.0 what's the point by C. De Cock
#sitbru Keu 2.0 what's the point by C. De Cock #sitbru Keu 2.0 what's the point by C. De Cock
#sitbru Keu 2.0 what's the point by C. De Cock
mgillet
 
#sitbru Keynote EU 2.0 Whats The Point by B. Nieuwenhuis
#sitbru Keynote EU 2.0 Whats The Point by B. Nieuwenhuis#sitbru Keynote EU 2.0 Whats The Point by B. Nieuwenhuis
#sitbru Keynote EU 2.0 Whats The Point by B. Nieuwenhuis
mgillet
 
How to promote SAP Communities and the SAP Mentors initiative locally entert(...
How to promote SAP Communities and the SAP Mentors initiative locally entert(...How to promote SAP Communities and the SAP Mentors initiative locally entert(...
How to promote SAP Communities and the SAP Mentors initiative locally entert(...
mgillet
 

More from mgillet (6)

Have a blog for lunch : the slides
Have a blog for lunch : the slidesHave a blog for lunch : the slides
Have a blog for lunch : the slides
 
Sitbru session 1 sap communities & sap mentors by m. gillet
Sitbru session 1 sap communities & sap mentors by m. gilletSitbru session 1 sap communities & sap mentors by m. gillet
Sitbru session 1 sap communities & sap mentors by m. gillet
 
#sitbru Session 4 Introduction to STVN and using it to leverage better data a...
#sitbru Session 4 Introduction to STVN and using it to leverage better data a...#sitbru Session 4 Introduction to STVN and using it to leverage better data a...
#sitbru Session 4 Introduction to STVN and using it to leverage better data a...
 
#sitbru Keu 2.0 what's the point by C. De Cock
#sitbru Keu 2.0 what's the point by C. De Cock #sitbru Keu 2.0 what's the point by C. De Cock
#sitbru Keu 2.0 what's the point by C. De Cock
 
#sitbru Keynote EU 2.0 Whats The Point by B. Nieuwenhuis
#sitbru Keynote EU 2.0 Whats The Point by B. Nieuwenhuis#sitbru Keynote EU 2.0 Whats The Point by B. Nieuwenhuis
#sitbru Keynote EU 2.0 Whats The Point by B. Nieuwenhuis
 
How to promote SAP Communities and the SAP Mentors initiative locally entert(...
How to promote SAP Communities and the SAP Mentors initiative locally entert(...How to promote SAP Communities and the SAP Mentors initiative locally entert(...
How to promote SAP Communities and the SAP Mentors initiative locally entert(...
 

Recently uploaded

June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
Levi Shapiro
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
Landownership in the Philippines under the Americans-2-pptx.pptx
Landownership in the Philippines under the Americans-2-pptx.pptxLandownership in the Philippines under the Americans-2-pptx.pptx
Landownership in the Philippines under the Americans-2-pptx.pptx
JezreelCabil2
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
thanhdowork
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
Wasim Ak
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
tarandeep35
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Mohd Adib Abd Muin, Senior Lecturer at Universiti Utara Malaysia
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
Dr. Shivangi Singh Parihar
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
chanes7
 
Delivering Micro-Credentials in Technical and Vocational Education and Training
Delivering Micro-Credentials in Technical and Vocational Education and TrainingDelivering Micro-Credentials in Technical and Vocational Education and Training
Delivering Micro-Credentials in Technical and Vocational Education and Training
AG2 Design
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
deeptiverma2406
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
chanes7
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
Landownership in the Philippines under the Americans-2-pptx.pptx
Landownership in the Philippines under the Americans-2-pptx.pptxLandownership in the Philippines under the Americans-2-pptx.pptx
Landownership in the Philippines under the Americans-2-pptx.pptx
 
A Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptxA Survey of Techniques for Maximizing LLM Performance.pptx
A Survey of Techniques for Maximizing LLM Performance.pptx
 
Normal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of LabourNormal Labour/ Stages of Labour/ Mechanism of Labour
Normal Labour/ Stages of Labour/ Mechanism of Labour
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
S1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptxS1-Introduction-Biopesticides in ICM.pptx
S1-Introduction-Biopesticides in ICM.pptx
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptxChapter 4 - Islamic Financial Institutions in Malaysia.pptx
Chapter 4 - Islamic Financial Institutions in Malaysia.pptx
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Digital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments UnitDigital Artifact 1 - 10VCD Environments Unit
Digital Artifact 1 - 10VCD Environments Unit
 
Delivering Micro-Credentials in Technical and Vocational Education and Training
Delivering Micro-Credentials in Technical and Vocational Education and TrainingDelivering Micro-Credentials in Technical and Vocational Education and Training
Delivering Micro-Credentials in Technical and Vocational Education and Training
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 
The basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptxThe basics of sentences session 5pptx.pptx
The basics of sentences session 5pptx.pptx
 

#sitbru Session 3 IT Governance for sap practitioners by Prof. G. Ataya

  • 1. IT Governance Masterclass Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA External Relations Chair, ISACA Professor, Solvay Business School Managing Partner, ICT Control NV
  • 2. Georges Ataya MSCS, PBA, CISA, CISM, CISSP • Professor and Academic Director at Solvay Brussels School of Economics and Management in charge of IT Management Education www.solvay.edu/it) www.solvay.edu/it) • Academic relations Committee Chair at ISACA (ISACA.org) (ISACA.org) • Managing Partner ICT Control SA (www.ictcontrol.eu) • Participated in various researches and publications. • Georges@ictcontrol.eu – www.ataya.info
  • 3. Why Does IT needs a Governance Framework? Do any of these conditions sound familiar? • Growing complexity of IT environments • Fragmented IT infrastructures or applications • Demand for technologists outstripping supply • Communication gap between business and IT managers • IT service levels that are disappointing • Marginal productivity gains on technology investments • Impaired organisational flexibility and nimbleness to change • User frustration leading to ad hoc solutions • IT managers operating like fire fighters
  • 4. IT Governance Needs a Management Framework Driving Forces Map Onto the IT IT Governance GOVERNANCE Concepts Focus Areas RESOURCE MANAGEMENT
  • 5. Six IT Governance domains IT Governance Risk Concepts Management Strategic Resources Alignment Management Value Performance Management Measurement
  • 7. Governance, Risk & Compliance: GRC Compliance is the act of adhering to, and demonstrating adherence to, external laws and Compliance regulations as well as corporate policies and procedures. Risk is the effect of uncertainty on business objectives; risk management is the coordinated Risk Governance is the culture, policies, activities to direct processes, laws, and control an and institutions that organization to realize Governance define the structure by which opportunities companies are while managing directed and negative events. managed. Source: OCEG (Open Compliance and Ethics Group)
  • 8. Practices and processes in value governance Value Governance – elements Strategy Management A M r a c n h a Portfolio Management i g t e e m VALUE c e RISK Programme Management A M s g t n Total s m u t Benefits – r Total e t Costs Project Management t e Operations Management Source: IT Governance Institute
  • 10. Value Governance is based around The Four “Ares” - continually asking… Are we Are we doing getting the right the things? benefits? Are we Are we doing them getting the right them done way? well? Source: Fujitsu Consulting
  • 11. Risk approaches Dependent on the type of risk and its significance to the business, management and the board may choose to: to: Mitigate Implementing controls, e.g., acquire and deploy security technology to protect the IT infrastructure Transfer Sharing risk with partners or transferring it to insurance coverage Accept Formally acknowledging that the risk exists and monitoring it
  • 12. Risk management of enterprise IT resources (application, information, infrastructure, people) IT Risk Analysis Approach Source: IT Governance Institute
  • 13. Does Your IT Architecture Look Like… (needed a) …blueprint to bring order to “spaghetti layer of applications, boxes and wires” Toby Redshaw VP of Strategy & Architecture Motorola
  • 14. Four architectural views Business View Application View Information View Technology View What are the business strategies and processes that will make Which applications do we need to facilitate the business us successful What information do we need to manage in the process and manipulateneeded to support the information and What technology is the information business application needs
  • 15. IT Governance needs a control framework How is it being used? IT Governance IT Governance Audit Methodology Security Security CobiT Sarbanes Oxley - Oxley Framework Outsourcing Outsourcing Process Standards Policy Policy “CobiT is the framework that gives me an end-to-end view of IT.” John Carrow, CIO, Unisys “CobiT is an end-to-end catalogue of IT decisions.” Simon Shapiro, CIO, Investec
  • 16. COBIT Framework BUSINESS OBJECTIVES AND GOVERNANCE OBJECTIVES C O B I T ME1 Monitor and evaluate IT FRAMEWORK PO1 Define a strategic IT plan. performance. INFORMATION PO2 Define the information ME2 Monitor and evaluate architecture. internal control. Efficiency Integrity PO3 Determine technological ME3 Ensure compliance with Effectiveness Availability direction. external requirements. Compliance PO4 Define the IT processes, ME4 Provide IT governance. Confidentiality organisation and Reliability relationships. MONITOR PLAN PO5 Manage the IT investment. AND AND PO6 Communicate management EVALUATE ORGANISE aims and direction. IT PO7 Manage IT human resources. DS1 Define and manage service RESOURCES PO8 Manage quality. levels. PO9 Assess and manage IT risks. DS2 Manage third-party services. PO10 Manage projects. DS3 Manage performance and capacity. DS4 Ensure continuous service. Applications Information DS5 Ensure systems security. AI1 Identify automated solutions. Infrastructure DS6 Identify and allocate costs. People AI2 Acquire and maintain DS7 Educate and train users. DELIVER application software. ACQUIRE DS8 Manage service desk and AND AI3 Acquire and maintain AND incidents. SUPPORT IMPLEMENT technology infrastructure. DS9 Manage the configuration. AI4 Enable operation and use. DS10 Manage problems. AI5 Procure IT resources. DS11 Manage data. AI6 Manage changes. DS12 Manage the physical AI7 Install and accredit solutions environment. and changes. DS13 Manage operations.
  • 17. Setting the Direction of IT Governance across the enterprise (in support of the business) Provide Direction Set Objectives IT Activities IT is aligned with the Increase automation business (make the business IT enables the business effective) & maximises benefits Compare Decrease cost (make the IT resources are used enterprise efficient) responsibly Manage risks (security, IT-related risks are reliability & compliance) managed appropriately Measure Performance • Objective: ensure that IT enables, sustains and extends the organisation’s strategies and objectives • Method: providing direction and exercising control • Content: Leadership, organisational structures and processes • Responsibility: board of directors and executive management Source: IT Governance Institute
  • 18. Value chain linkage between Enterprise Strategy and IT Enterprise Business IT IT Strategy & Goals for IT Goals Processes Scorecard Architecture IT deliver Business Governance Information Requirements Requirements require influence run Information IT Applications Services Processes imply Information Infrastructure Criteria need & People Source: IT Governance Institute
  • 19. Benchmarking IT process maturity by industry sector Po1 3.50 M1 Po3 3.00 DS11 Po5 Finance 2.50 Other DS10 2.00 Po9 IT Services 1.50 DS5 Po10 Public Sector Ret & Manu DS4 A11 DS1 A12 A16 A15 Po1 Po1 Po1 3.50 3.50 M1 3.50 Po3 M1 Po3 M1 Po3 3.00 3.00 3.00 DS11 Po5 DS11 2.50 Po5 DS11 2.50 Po5 2.50 2.00 2.00 2.00 DS10 Po9 DS10 Po9 DS10 Po9 1.50 1.50 1.50 1.00 1.00 1.00 DS5 Po10 DS5 Po10 DS5 Po10 DS4 A11 DS4 A11 DS4 A11 DS1 A12 DS1 A12 DS1 A12 A16 A15 A16 A15 A16 A15 Financial Services Public Sector Retail/Manufacturing Source: IT Governance Institute
  • 20. Where Does Frameworks Fit? CONFORMANCE PERFORMANCE: Drivers Basel II, Sarbanes- Business Goals Oxley Act, etc. Balanced Enterprise Governance Scorecard COSO IT Governance COBIT 4.1 ISO ISO ISO Standards Best Practice 9001:2000 27002 20000 QA Security ITIL V3 Processes and Procedures procedures Principles
  • 21. Why Isn’t Everyone Doing This? We do this already. It’s not exciting. You’re making it much too complex. It’s not easy. It’s an IT problem. Lack of business engagement / accountability We don’t know where to start! 21