Diapositiva 1

UCB SAN PABLO SIS303Docente: Ph.D. Indira GuzmanAlineamiento Estrategico1Strategic Alignment (Chan, 2002)Strategic alignment means the fit between the priorities and activities of the IS function and the business unit. The goal in strategic alignment is for IS priorities, capabilities, decisions, and actions to support those of the entire business.

Alineamiento Estratgico de SI/TI Planificacin estratgica integrando los conceptos y posibilidades de TI/SI, dos enfoques: El apoyo sistemtico de las TI a los procesos de la empresa para mejorarlos de manera continua, hacindolos ms eficientes, o El rediseo radical de los procesos de negocio.

3Histricamente el plan de TI fue enfocado a infraestructura interna -procesos, aplicaciones, hardware, las personas y capacidades internas.Plan estratgico de TI que genere un marco de accin y direccin.

Importancia de Alinear TI y Estrategia 4IT Governance5What is IT Governance?6Information Technology Governance (Gobierno de TI) es una disciplina subconjunto de Gobierno Corporativo centrada en el rendimiento de las tecnologa de la informacin (TI) y su y la gestin del riesgo.

El creciente inters en IT Governance se debe en parte a las iniciativas de cumplimiento de reglamentos (por ejemplo, la ley Sarbanes-Oxley (EE.UU.) y Basilea II (Europa)), as como el reconocimiento de que los proyectos de TI puede salir fcilmente fuera de control y afectar profundamente el desempeo de una organizacin.6

6IT governance es responsabilidad del consejo de administracin y la gestin ejecutiva. Es una parte integrante de la gobernanza empresarial y consiste en el liderazgo y las estructuras organizativas y procesos que garanticen que la organizacin de TI sea capaz de sostener y extender las estrategias de la organizacin y sus objetivosWhat is IT Governance?ITGI, Board Briefing on IT Governance

7IT Governance se ocupa deQuien toma las decisiones (poder)Porque ellos las toman (alineamiento)Como se las toman (proceso de toma de decisiones)

Idealmente las decisiones son tomadas conjuntamente entre la administracion del negocio y la administracion de TI. Comunicacion efectiva y eficiente entre TI y el negocio.Aspectos criticos para la apropiada toma de deciciones respecto a TIs.

A 2002 Gartner survey found that 20 percent of all expenditures on IT is wasteda finding that represents, on a global basis, an annual destruction of value totaling about US $600 billion.

A 2004 IBM survey of Fortune 1000 CIOs found that, on average, CIOs believe that 40 percent of all IT spending brought no return to their organizations.

A 2006 study conducted by The Standish Group found that only 35 percent of all IT projects succeeded while the remainder (65 percent ) were either challenged or failed.En los ltimos aos, las encuestas han revelado de manera consistente que del 20 al 70 por ciento de las inversiones a gran escala de cambios basados en TI presentan perdidas o no resultan en las ganancias calculadas para la empres. o no para un retorno a la empresa (De hecho, una encuesta sobre la medicin de los costos y valor, encontro que en muchas empresas, menos del 8 por ciento del presupuesto en TI se gasta en las iniciativas que realmente crean algun valor para la empresa.Reference: Val IT Framework 2.0Motivos de su ImportanciaNike reportedly lost more than US $200 million through difficulties experienced in implementing its supply chain software.

Failures in IT-enabled logistics systems at MFI and Sainsbury in the UK led to multimillion-pound write-offs, profit warnings and share priceerosion.

Tokyo Gas reported a US $46.6 million special loss due to cancellation of a large customer relationship management (CRM) project.

In the public sector, the UK Department for Work and Pensions apparently squandered more than 2 billion by abandoning three major projects.Headlines around the world corroborate these findings:Reference: Val IT Framework 2.0What Makes IT Governance so important? Strategic importance of IT Extended Enterprise Regulatory requirements Cost optimisation Return on investmentDrivers

Low return from high-cost IT investments, and transparency of ITs performance are two top issuesMore than 30% claim negative return from IT investments targeting efficiency gains40% do not have good alignment between IT plans and business strategyInterest in and use of active management of the return on IT investments has doubled in 2 years (28% to 58%) Gartner more than 600 billion $ thrown away annually on ill conceived or ill executed IT projects Standish Group about 20% of projects fail outright, 50% are challenged and only 30% are successful ITGI 2005 Survey early findings confirm concerns

Forces Driving IT Governance

ComplianceSecurityBusiness/ITAlignmentROIProjectExecution12What makes IT Governance so important?

Shareholders want protection for the Enterprises Share Priceif not filed, auditor must include a paragraph in its annual report that it cannot vouch for the enterprises ability as a going concern"... Si no es parte del informe, el auditor debe incluir un prrafo en su informe anual que no puede dar fe de la capacidad de la empresa de seguir como negocio en marcha ..."financial reporting system is not up to speedthe company has lost a third more of its market value yesterday as it revealed a virtual collapse of its financial reporting systemdata entry problemsMayores Preocupaciones de los lideres en TI para el 2008(segun una encuesta de la revista ComputerWorld)

# 1 on this list is IT Governance, including business alignmentFrom the Dec 10, 2007 issue of Computerworld Magazine (pg 74) Computerworld Magazine is a publication of International Data Group Inc.

Why is IT Governance important?1515IT are in competition for budget Business is beating IT to and for budget

IT needs to become a business focused discipline

IT is viewed by senior management as Fire Fighters and not Planners or implementers

IT is viewed as a monetary drain on business

IT needs to compete effectively at the C level

Business does not perceive IT as value for money

15Governance IssuesHuman interfaceRecords ManagementEducationLaws of the Land & beyond

16Risk Issues

1718Legislative Issues

18

Security Issues19Internal Threats

20External Threats

21Physical Security

222323What should Information Technology Governance Deliver?Executives should focus on Information Technology Governance, which when properly implemented should provide the following:

2324Un tema general de IT Governance se refiere a que las capacidades de TI ya no puede ser algo que los que administran el negocio no entiendan y que tambin TI debe entender el negocio y sus necesidades.

El manejo de TI ha sido siempre un problema para los ejecutivos de alto nivel de una empresa debido a la naturaleza tcnica de las TI; por lo tanto, las decisiones clave fueron dejadas a los profesionales de TI. IT Governance implica un sistema en el que todas las partes interesadas, incluida la Junta, los clientes internos y reas afines tales como las finanzas, tienen la informacin necesaria para la toma de decisiones. Esto evitar que un solo actor, por lo general de TI, sean culpados por malas decisiones. Tambin evita que los usuarios ms tarde se quejen de que el sistema no se comporta como se esperaba.

24

Caracteristicas24What are the IT Governance Characteristics (2)?25Most importantly - The board needs to understand the overall architecture of its company's IT applications portfolio The board must ensure that management knows what information resources are out there, what condition they are in, and what role they play in generating revenue

25

25IT Governance Goals2626The primary goals for Information Technology Governance are:

assure that the investments in IT generate business value

(2) mitigate the risks that are associated with IT.

This can be done by implementing an organizational structure with well-defined roles for the responsibility for information, business processes, applications, infrastructure thats is well communicated across the organization.

26C2Cs GRC Model view supporting IT Governance

Who is this aimed at?

Senior Management CIOsCISOsIT ManagersIT staffandIT centric organizations 28IT Governance Institute

IT GovernanceInstitute is anon-profitresearch think-tankassociated with ISACA29An Overview of IT Governance30IT Governance Needs a Management FrameworkDriving ForcesMap Onto theIT GovernanceFocus Areas

31Areas de Gobierno de TI

Interrelaciones de los Componentes de COBIT

Beneficios de Implementar COBIT como marco de referencia de Gobierno sobre TI

IT Governance Life Cycle35IT Governance Control Cycle

IT Governance Control Cycle

Assess EnvironmentBased on COBIT, develop an approach for improved internal control to meet regulatory requirements that incorporates business and IT mission, vision, and strategyEstablish risk management strategyFormally document existing processesIT Governance Control Cycle

Maintain IT Controls FrameworkDevelop controls framework to supports sound business decisionsDocument integration points in the current environmentCreate an organizational mechanism to support the governance of ITMitigate identified risks through the IT controls frameworkIT Governance Control Cycle

Develop & Refine Governing DocumentsUtilize a central repository for governing documentsDevelop a consistent approach for creating governing documentsConsistently apply processes and proceduresGain executive commitment for IT governance frameworks and structureIT Governance Control Cycle

Communicate and TrainProvide Tone at the TopDevelop a strategic communication plan for mission objectives and overall management directionExecute strategic communication planImplement a standard training program to avoid unnecessary and redundant trainingIT Governance Control Cycle

Implement and OperateAlign staff responsibilities with IT control objectivesAchieve sustainability of IT controls in the operational environmentSupport continuous improvement of operational effectiveness and accountabilityIT Governance Control Cycle

Measure and ValidateRevise current metrics program to include newly defined controlsVerify the sustainability of defined controls Develop cost effective automated measurementsMeasure all processes to include Applications, Databases, Platforms and NetworksIT Governance Control Cycle

Monitor and ReportReport on continued effectiveness of controlsIncrease transparency to auditors of issues and actions takenAccurately attest to ITs compliance with policy, laws, and regulationsImprove existing processes using metrics trending IT Governance Control Cycle

EnforceReinforce required policy compliance and standards conformanceDefine a consistent approach for enforcement across all processesC2Cs GRC Model view supporting IT Governance

A quienes afecta?

Senior Management CIOsCISOsIT ManagersIT staffandIT centric organizations 46;-)PREGUNTAS47