2/20/2016 leveraging it governance and cobit chip council, phd, cgeit, cism, cisa matt schmidt, ms,...
DESCRIPTION
2/20/2016 The Problem – Current IT Issues IT Strategy Not Aligned With the Business Staffing Issues High IT Cost – Low ROI Service Delivery ProblemsTRANSCRIPT
05/05/2305/05/23
Leveraging IT Governance and COBIT
Chip Council, PhD, CGEIT, CISM, CISA Matt Schmidt, MS, CISSP, CISAAdjunct Professors, University of Minnesota
05/05/23
Agenda Introduction – 2:40 – 3:00 IT Governance – 3:00 – 3:45
The Problem What Is IT Governance How to evaluate it How to Deploy it
Frameworks – 3:45 – 4:20 COBIT/ValIT (Chip) ISO 2700x/ITIL (Matt)
Future Directions – 4:20 – 4:30 ISO/IEC DIS 29382 (Chip)
05/05/23
The Problem – Current IT Issues IT Strategy Not Aligned With the Business
Staffing Issues
High IT Cost – Low ROI
Service Delivery Problems
05/05/23
What Is IT GovernanceSpecifying the decision rights and
accountability framework to encourage desirable behavior in the use of IT.
Peter Weill and Jeanne W. RossIT Governance: How Top Performers Manage IT Decision Rights for Superior Results (2004)
05/05/23
Another DefinitionIT governance is the responsibility of
the board of directors and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategies and objectives.
- IT Governance Institute
05/05/23
IT Governance Focus• Risk Management• Value Delivery• Strategic Alignment• Resource Management• Performance Measurement
- IT Governance Institute
05/05/23
How to evaluate it? Weill and Ross
Survey to quickly assess the effectiveness of an enterprise’s IT governance.
Recommended to have at least 10 senior managers take the survey.
Four Objectives To Assess
Cost-effective use of IT Effective use of IT for asset utilization Effective use of IT for growth Effective use of IT for business flexibility
05/05/23
How to evaluate it? Question 1 – Outcomes
How important are the following outcomes of your IT governance, on a scale from 1 (Not Important) to 5 (Very Important)
05/05/23
How to evaluate it? Question 2 - Success
What is the influence of the IT governance in your business on the following measures of success, on a scale from 1 (Not Successful) to 5 (Very Successful)
05/05/23
How to evaluate it? Calculating Governance Performance
Not all firms rank the outcomes with the same importance, so the answers to the first question are used to weight the answers to the second question.
05/05/23
How to deploy it? Ad Hoc Approach Use a Standard or Framework A Combination of the Two
IMPORTANT: Any standard approach must be customized to meet the needs of the organization (Don’t be that guy or gal!)
05/05/23
Benefits of the Standard Approach1. The Wheel Exists 2. Structured3. Best Practices 4. Knowledge Sharing5. Auditable
-George Spafford
05/05/23
COBIT
05/05/23
COBIT Information Criteria Efficiency Effectiveness Availability Integrity Confidentiality Compliance Reliability
05/05/23
COBIT Framework
05/05/23
Tools COBIT 4.1 Control Objectives COBIT 4.1 Assurance Guide COBIT Implementation Guide
Worksheets Sample Reports Management Concerns Diagnostics Risk Assessments
05/05/23
ISO 2700x/ITIL ISO/IEC 17799/27002 – Code of Practice for Information
Security Management
Twelve main sections with specialized recommendations for risk assessment, security policy, governance, compliance, etc.
Based heavily on C-I-A Triad Principles
ITIL (IT Infrastructure Library)
IT Operations and Service Delivery Best Practices
Security recommendations based heavily on ISO/IEC 17799/27002
05/05/23
Leveraging Multiple Frameworks Typical driver for implementing multiple frameworks is regulatory
compliance, however, that does not have to be the driver.
One size does not fit all.
Consider available mapping guidance to address overlap.
Underlying Themes
Understand your environment Understand risks to your environment Manage the risks to an acceptable level (acceptable level
05/05/23
ISO/IEC 29382 Corporate Governance of Information Technology Standard
The ISO/IEC 29382 Corporate Governance of Information Technology Standard An updated version of the Australian Standard AS8015, published in 2005. This standard expresses six principles for good governance of IT use:
Responsibility Strategy Acquisition Performance, Conformance Human Behavior
It is intended to guide the behavior of the organization, Provides a lens or framework through which the behavior can be evaluated. Describes the tasks that must be implemented in the governance system – at a much higher level than
one finds in frameworks like ITIL and COBIT Makes no reference to frameworks such as ITIL and COBIT but compliments many of them It specifically acknowledges that organizations should select appropriate frameworks.
-Mark ToomeyManaging Director Infonomics Pty LtdMelbourne, Australia
05/05/23
Acknowledgements- Bob Frelinger, CISA, CSSGB - Common Issues in
Implementing IT Governance and How to Resolve Them (Presentation)
- Peter Weill and Jeanne W. Ross IT Governance: How Top Performers Manage IT Decision Rights for Superior Results (2004) (Book)
- IT Governance Institute, COBIT 4.1 Framework (2007)- George Spafford: The Benefits of Standard IT
Governance Frameworks: Datamation (2003)- Mark Toomey Managing Director Infonomics Pty Ltd
05/05/23
Discussion