IT Governance Regulatory. P.K.Patel AGM, MoF

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "IT Governance Regulatory. P.K.Patel AGM, MoF"

Transcription

1 IT Governance Regulatory Perspective P.K.Patel AGM, MoF

2 Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation of these aspects? Gopalakrishna committee recommendation on IT Governance Findings from Banks

3 What is IT Governance?

4 IT Governance IT is now at the core of most organizations ability to execute strategy. IT governance is the process by which decisions are made around IT investments. How decisions are made, who makes the decision, who is held accountable, and how the results of decisions are measured and monitored are all parts of IT governance IT governance can not exist in isolation but must be a subset of enterprise governance.

5 IT Governance The structure, oversight and management processes which ensure the delivery of the expected benefits of IT in a controlled way to help enhance the long term sustainable success of the enterprise. IT Governance focuses specifically on information technology systems, their performance and risk management.

6 IT Governance- Need? Value/ cost, Aligning IT with business, Security, Keeping IT running, Managing complexity, Regulatory compliant- Organizations require a structured approach for managing these and other challenges. This will ensure that there are agreed objectives for IT, good management controls in place and effective monitoring of performance to keep on track and avoid unexpected outcomes.

7 IT Governance

8 What does IT Governance Cover? It s delivery of value to the business and mitigation of IT risk. The first is driven by strategic alignment of IT with the business and the second is driven by embedding accountability into the enterprises. Both needs to be supported by adequate resources and measured to ensure that the results are obtained. This leads to the five main focus areas for IT Governance. Two of them are outcomes: value delivery and risk management. Three of them are drivers: strategic alignment, resource management and performance management. IT Governance is a continuous life- cycle. It s is a process, using resources necessary to execute responsibilities.

9 IT Governance Organizational Structure IT governance stakeholders include- Board of directors IT strategy committees CEOs Business executives CIOs IT steering committee Chief Risk officer Risk committees IT line management IT Organizational Structure- IT Technology, IT Development, IT Operation, IT Assurance

10 Policies and Procedures Board approved policies- Hardware and network architecture, Hardware and software procurement strategy, standards, outsourcing, IT department organizational structure, number of IT expertise, change process Operational procedures especially for data centre Annual review Conversion of long range IT strategy to short-range plans regularly Enterprise information model Enterprise data dictionary CIO- key business player, owner of IT functions

11 IT Governance

12 Strategic Alignment Ensuring that IT strategy is aligned with the business strategy and that distributed IT strategies are consistent and integrated IT alignment is a journey not a destination.

13 IT Strategic Alignment When formulating an IT strategy, a bank must consider- Business Objectives and competitive environment Current and future technologies: Costs, risks and benefits Capability of the IT organization and technology to deliver current and future level of services Operating cost of current IT : whether this provide sufficient value to the business Regulatory and compliance environment

14 Contd. With respect to IT Strategic Alignment, Banks need to ensure the following: Up to date business strategy IT development projects have business case IT budget priorities portfolio of IT- related investment programme IT strategy committee review the management about IT related investments IT steering committee composed of executives from business and IT management Performance of IT management is monitored Comprehensive and ongoing due diligence and oversight process is established for managing the bank s outsourced activities

15 Value delivery Is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing cost and proving the intrinsic value of IT. It is important not only to focus on measurements based on value realisation (i.e., financial measures), but also to take into account the enterprise s performance in creating value. Fit for purpose and meeting business requirements, flexibility to adopt future requirements, throughput and response times, ease of use, resiliency and security, integrity, accuracy and confidentiality of information

16 Banks should consider. Board and senior management are briefed about the value that IT delivers to business in respect of customer service, cost, speed of delivery, quality, ROI and value-add to business etc Reporting and tracking of major IT projects Current rate of failure of IT projects Costs involved in managing incidents (network outage and system downtime) Level of end-user and customer satisfaction with the quality of IT service

17 With respect to value delivery, banks need to ensure that IT investment programmes are managed to ensure are aligned with business strategy and objectives IT controls to minimize IT related vulnerabilities, increase efficiency, use resources optimally and increase the effectiveness of IT processes Proper MIS Project management and quality assurance Evaluation of IT internal control failures and weaknesses Project level steering committees Independent assurance on the achievement of IT objectives and the containment of IT risks is conducted regularly Prioritize IT initiatives and assign ownership for IT enabled business opportunities Periodical review of all non-performing or irrelevant IT projects in the banks

18 Risk Management Requires risk awareness by senior corporate officers, a clear understanding of the enterprise s appetite for risk, understanding of compliance requirement, transparency about the significant risks to the enterprise, and embedding of risk management responsibilities in the organisation.

19 Banks should consider Banks position- risk appetite and tolerance levels Maintain a list of IT risks Implement and document risk framework to assess, mitigate approach and analysis cost against benefits Document measures adopted to contain IT risks Reporting system related to IT risks Actual or potential conflicts between operational functions and IT functions

20 With respect to IT risk management, banks need to ensure that Assessment of IT risks and suitably mitigation Bank-wide risk management policy Risk management process for e-banking activities All risks related to suppliers are considered- relationship management, escrow and second sourcing Appropriate incident response plans Operational risk- assessed and relevant controls are implemented Adherence to customer privacy requirement Legislative, regulatory and contractual requirements on the use of systems and softwares where IPR, copyrights and on the use of proprietary software products are applicable

21 Contd. Information Security Policy Comprehensive and centralized change control system for project or application Project management framework and approach Use of IT control framework- COBIT, ITIL, ISO etc Inter-dependencies between risk elements are considered in the risk assessment process IT outsourcing ( Due diligence, monitoring vendor performance, managing SLAs)

22 IT Resource Management Is about the optimal investment in, and the proper management of, critical IT resources: application, information, infrastructure and people. Key issues relate to the optimisation of Knowledge and infrastructure.

23 Banks should consider Current practices followed for managing IT assets IT assets: under-utilised or over- utilised Current short-term and long-term IT strategy in view of the expected business growth Outsourcing strategy IT expertise pool

24 With respect to IT resource management, banks need to ensure that Board is aware of IT resource, infrastructure and investment Policies and procedures for information systems monitoring facilities Record management- responsibilities and authorities of individuals Requirement for trained resources Procedures to assess the integration and interoperability of complex IT processes Responsibilities, relationships, authorities and performance criteria of project team members and stakeholders Procurement practices

25 Performance measurement Tracks and monitors strategy implementation, project completion, process performance and service delivery, using, for example, IT balance scorecrds.

26 Banks should consider Identifying and quantifying IT costs and benefits, ROI, NPV, IRR and payback method Overcoming limitations of measuring unquantifiable values Assess current performance measurement metrics, current MIS, process to evaluate performance of contractors and outsourced service providers, service level agreements Assess ROI trends, practices followed by industry competitors and the bank s performance status in comparison

27 With respect to IT performance management, banks need to ensure that IT projects- appropriate strategic and cost and reward analysis on a periodic basis Standard template for making return versus risk balance IT balance scorecard, maturity level Periodic assessment of IT budget deviations Periodic review and update of IS policies and procedures

28 IT Balanced Scorecard It is a concept for measuring a company s activities in terms of its vision and strategies, to give a comprehensive view of the performance of a business. It measures financial perspective, customer perspective, business process perspective, Learning and growth perspective Business contribution, User orientation, Operational excellence, Future orientation

29 IT Governance- Maturity model 0- Non existent 1- Initial or adhoc 2- Repeatable but intuitive 3- Defined process 4- Managed and measurable 5- Optimized

30 Gopalkrishna committee recommendation

31 IT Governance i. Banks to have a Board approved documented IT strategy/plan ii. A comprehensive IT policy to be framed and reviewed annually. Board Level Strategy Committee Minimum of TWO Directors one of them to be an independent Director All members of the committee to be technically competent At least one member with substantial expertise in managing technology Thrust of the Working group is on a top down approach to IT Governance

32 IT Governance iii. Position of Chief Information Officer (CIO) to be created CIO to act as owner of IT function Help in alignment of business and technology iv. Creation of IT Steering Committee Representations from IT, HR, Legal, business functions Committee to help bank in implementing IT strategy To assess the transparency, accountability, effectiveness of the IT Governance structure in banks v. Stress on training and skill development for effective IT implementation in banks Periodic assessment of training requirements Ensure availability of competent human resources Supporting Organizational structure to be commensurate with the size of the bank, scale of business activities.

33 IT Governance vi. Monitoring of IT function s performance Timely delivery, adherence to budget Appropriate value/benefits vii. Banks to maintain Enterprise data Dictionary Dictionary to have organization s data syntax rules Facilitate data sharing amongst applications Common understanding of data amongst IT users Prevention of incompatibility viii. Project management approach to implementation and management of IT projects ix. Bank wide risk management policy or operational risk policy to include IT risks reviewed annually Key Focus of IT Governance strategic alignment, value delivery, risk, resource and performance management

34 IT Governance x. IT function to support robust MIS in banks xi. Implementation of well known IT control frameworks such as COBIT xii. Collaborative effort with IDRBT for sharing of information, discussing issues and challenges. A forum of CIOs and senior IT officials to share experiences Good IT Governance for robust IT systems, IT risk management, MIS and deriving value from IT

35 Study

36 IT Governance in Banks Role of board- Establish/Direct/Guide/Review/Question Strategy and Alignment- i) Does the bank have a clear IT strategy? ii) If so, how is it aligned to the business strategy? iii) Whether suitable IT organisation and appropriate resources are ensured in consonance with the IT strategy?

37 IT Policy issues i) Does the bank have a clear vision on the course of development of applications outsourcing/in-house? ii) Do documented outsourcing and in-house development policies exist in the bank? If not, what action has been taken to lay down these policies? iii) Has the IT security policy been established? Whether the bank has subscribed itself to IT standards such as ISO17799? iv) Does the bank follow a standard IT process governance framework such as Control Objectives for Information and related Technology (COBIT)? v) Whether the charter of the IS Audit function in the bank is exhaustive and the same is carried-out purposefully? vi) Is there a system in place to ensure compliance to legal and regulatory prescriptions and guidelines on e-banking, etc.?

38 IT investments i) Is the proposal in line with the approved IT strategy? ii) How does the proposal map to the business goal (short/medium/long term)? iii) Is it supported by a detailed project analysis? iv) If a new delivery channel is proposed, whether it is directed towards a niche segment or across the board? Determine the gaps in servicing any segment, check for new opportunities and provide suitable direction. v) Is there a possibility of the new delivery channel negatively impacting an existing channel? If so, whether it is justified by the need for, say, retaining market competitiveness? vi) Whether the proposal conforms to the bank's outsourcing/in-house development policy?

39 Contd. vii) Whether the surplus capabilities, if any, of the existing IT infrastructure can, instead, be utilised? viii) Is the proposed technological solution state-of- the-art? ix) Whether scalability (i.e., expandable option) is ensured, where appropriate, to take care of higher level of transactions in future? x) Whether redundancy, where appropriate, is ensured to enable uninterrupted supply?

40 Contd xi) How will the proposed solution integrate with the existing enterprise-wide IT enviornment? Whether open/generic standards are proposed to facilitate inter-operability? xii) Whether the bank has/expects to have reasonable pool of expertise to manage the proposed solution? Proposals for imparting expertise details. xiii) If regulatory approval is required for the proposal, whether it has been taken/being taken?

41 Value Delivery i) Review the performance of the projects both cost and time overruns to be looked into. ii) Direct establishment of metrics for evaluation and assess the results. For eg., cost/transaction to be worked-out across services delivered over different channels. Utilisation of cost effective channels vis-à-vis the other channels by the customers should be examined and guidance for improving the performance to be provided, where appropriate. iii) Check the market share of the various IT-based services offered and provide suitable direction. iv) Analyse the impact of IT-based services on the bank's bottom line and reputation and suggest the future course of action. v) Determine the RoI and review the same against the projection for suitable action. Other positive results like retention of customers, addition of more customers, etc., should also be kept in view in the assessment.

42 Management of IT Resources i) Determine whether IT resources are managed efficiently by seizing the opportunities offered by up-to-date technologies. ii) Whether the IT resources are/will be able to support the present and future business needs efficiently and effectively? iii) Is the bank committed to training and educating the staff on the operation and management of relevant technologies? iv) Review the change management policies and procedures.

43 Risk Management i) Review the provisions for DRP/BCP for their adequacy and coverage. Whether the relevant procedures are reviewed and updated, simulated tests being carried-out, etc. ii) Review the implementation of the IT security policy by the bank whether detailed instructions and procedural guidelines are in place, whether suitable organisational structure has been established to implement the policy, steps taken for imbibing the enterprise-wide security consciousness, etc. iii) Set the direction for devising the metrics on the subject and review the same e.g., number of outages in service caused by security attacks / denial of service, number of customer complaints received on non-availability of/deficient service, etc. iv) Verify compliance to regulatory prescriptions.

44 Performance Management i) Establish the relevant metrics/benchmarks and review them e.g., the instances and durations of downtime during the review period, number and nature of customer complaints received, utilisation level of network bandwidth/ system capacity, etc. ii) Review the performance of third party vendors vis-à-vis the SLA.

45 Thank You

Technology & IT Governance in Indian Banking

Technology & IT Governance in Indian Banking Technology & IT Governance in Indian Banking Gaurang Trivedi, PhDc Saurashtra University, Rajkot, India Trivedi.gaurang.d@gmail.com Phone : 93276 82228 Abstract : Technology as the differentiator has become

More information

IT Charter and IT Governance Framework

IT Charter and IT Governance Framework IT Charter and IT Governance Framework Status: Custodian: Approved Director: Information Technology Date approved: 2013-12-04 Implementation date: 2013-12-05 Decision number: SAQA 02102/13 Due for review:

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

IT Governance Charter

IT Governance Charter Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.co.za 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms

More information

S11 - Implementing IT Governance An Introduction Debra Mallette

S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Introduction to IT Governance Implementation using COBIT and Val IT Speaker: Debra Mallette, CGEIT, CISA, CSSBB Session Objectives

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II).

The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Page 1 of 7 The CIPM certification is comprised of two domains: Privacy Program Governance (I) and Privacy Program Operational Life Cycle (II). Domain I provides a solid foundation for the governance of

More information

Preliminary Reference Guide for Software as a Service (SaaS)

Preliminary Reference Guide for Software as a Service (SaaS) Preliminary Reference Guide for Software as a Service (SaaS) for the evaluation of the service providers' software development process Maiara Heil Cancian Florianópolis, March/2009 About the author Maiara

More information

Development, Acquisition, Implementation, and Maintenance of Application Systems

Development, Acquisition, Implementation, and Maintenance of Application Systems Development, Acquisition, Implementation, and Maintenance of Application Systems Part of a series of notes to help Centers review their own Center internal management processes from the point of view of

More information

Implementation of a Quality Management System for Aeronautical Information Services -1-

Implementation of a Quality Management System for Aeronautical Information Services -1- Implementation of a Quality Management System for Aeronautical Information Services -1- Implementation of a Quality Management System for Aeronautical Information Services Chapter IV, Quality Management

More information

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK INDEX 1 Introduction... 2 Contextual background... 2.1 The CobiT 5 framework (2012)... 2.2 The ISO 27000 series (2005, 2011)... 2.3 The Risk IT

More information

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS

SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS SHARED ASSESSMENTS PROGRAM STANDARD INFORMATION GATHERING (SIG) QUESTIONNAIRE 2014 MAPPING TO OCC GUIDANCE (2013-29) ON THIRD PARTY RELATIONSHIPS An overview of how the Shared Assessments Program SIG 2014

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

COMMUNIQUE. Information Technology (IT) Governance Guidance

COMMUNIQUE. Information Technology (IT) Governance Guidance COMMUNIQUE 14-COM-002 July 14, 2014 Information Technology (IT) Governance Guidance The Credit Union Prudential Supervisors Association (CUPSA) has established an IT Risk Working Group to focus on IT governance

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA

More information

Balanced Scorecard; a Tool for Measuring and Modifying IT Governance in Healthcare Organizations

Balanced Scorecard; a Tool for Measuring and Modifying IT Governance in Healthcare Organizations Balanced Scorecard; a Tool for Measuring and Modifying IT Governance in Healthcare Organizations Ehsan Borousan, Roozbeh Hojabri, Mahmoud Manafi and Aliread Hooman Abstract Nowadays healthcare organizations

More information

Quick Guide: Meeting ISO 55001 Requirements for Asset Management

Quick Guide: Meeting ISO 55001 Requirements for Asset Management Supplement to the IIMM 2011 Quick Guide: Meeting ISO 55001 Requirements for Asset Management Using the International Infrastructure Management Manual (IIMM) ISO 55001: What is required IIMM: How to get

More information

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface. iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management

More information

Cyber security standard

Cyber security standard Cyber security standard Brief description This *Standard specifies security standards that protect *ICT systems and data from unintended or unauthorized access, damage or destruction. Related policies

More information

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction Contents Acknowledgments Introduction 1. Governance Overview How Do We Do It? What Do We 1 Get Out of It? 1.1 What Is It? 1 1.2 Back to Basics 2 1.3 Origins of Governance 3 1.4 Governance Definition 5

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

How to Ace IT Governance Without Tech Expertise

How to Ace IT Governance Without Tech Expertise How to Ace IT Governance Without Tech Expertise 50 POWERFUL QUESTIONS READY TO ASK AT YOUR NEXT BOARD MEETING Corporate Director and Creator of THE BOARDROOM BLUEPRINT TM OVERVIEW 50 POWERFUL I.T. QUESTIONS

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

The Asset Management Landscape

The Asset Management Landscape The Asset Management Landscape ISBN 978-0-9871799-1-3 Issued November 2011 www.gfmam.org The Asset Management Landscape www.gfmam.org ISBN 978-0-9871799-1-3 Published November 2011 This version replaces

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February

More information

Blending Corporate Governance with. Information Security

Blending Corporate Governance with. Information Security Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

Credit Union Liability with Third-Party Processors

Credit Union Liability with Third-Party Processors World Council of Credit Unions Annual Conference Credit Union Liability with Third-Party Processors Andrew (Andy) Poprawa CEO, Deposit Insurance Corporation of Ontario Canada 1 Credit Union Liability with

More information

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management

White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK. By James Christiansen, VP, Information Risk Management White Paper THE FIVE STEPS TO MANAGING THIRD-PARTY RISK By James Christiansen, VP, Information Management Executive Summary The Common Story of a Third-Party Data Breach It begins with a story in the newspaper.

More information

GOVERNANCE OF INFORMATION TECHNOLOGY IN HIGHER EDUCATION

GOVERNANCE OF INFORMATION TECHNOLOGY IN HIGHER EDUCATION GOVERNANCE OF INFORMATION TECHNOLOGY IN HIGHER EDUCATION SPANISH ASSOCIATION OF UNIVERSITY RECTORS CONFERENCIA DE RECTORES DE LAS UNIVERSIDADES ESPAÑOLAS Information Technology (IT) has become critical

More information

Information Technology Governance. Steve Crutchley CEO - Consult2Comply www.consult2comply.com

Information Technology Governance. Steve Crutchley CEO - Consult2Comply www.consult2comply.com Information Technology Governance Steve Crutchley CEO - Consult2Comply www.consult2comply.com What is IT Governance? Information Technology Governance, IT Governance is a subset discipline of Corporate

More information

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory

More information

Operations. Group Standard. Business Operations process forms the core of all our business activities

Operations. Group Standard. Business Operations process forms the core of all our business activities Standard Operations Business Operations process forms the core of all our business activities SMS-GS-O1 Operations December 2014 v1.1 Serco Public Document Details Document Details erence SMS GS-O1: Operations

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE

SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE SABPP IT GOVERNANCE COMMITTEE TERMS OF REFERENCE PREAMBLE The purpose of the IT Governance Committee is to ensure that IT is effectively governed at SABPP in accordance with the King III Code of Governance

More information

INFORMATION TECHNOLOGY THIRD PARTY SERVICE MANAGEMENT POLICY

INFORMATION TECHNOLOGY THIRD PARTY SERVICE MANAGEMENT POLICY INFORMATION TECHNOLOGY THIRD PARTY SERVICE MANAGEMENT POLICY Version 1.0 FEBRUARY 2007 Document Title: Summary: Information Technology Third Party Service Management Policy This policy defines the Institute

More information

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015 Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...

More information

PROJECT MANAGEMENT FRAMEWORK

PROJECT MANAGEMENT FRAMEWORK PROJECT MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Executive Assistant to

More information

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY INTRODUCTION Information security has evolved. As the landscape of threats increases and cyber security 1 management becomes

More information

Project Management Office (PMO) Charter. Enhanz Pte. Ltd.

Project Management Office (PMO) Charter. Enhanz Pte. Ltd. Project Management Office (PMO) Charter for Enhanz Pte. Ltd. Version 1.0 Prepared by Enhanz Consulting PMO Lead I Document Version History Version Date Description of Changes Author Approver 1.0 05/10/2012

More information

Chayuth Singtongthumrongkul

Chayuth Singtongthumrongkul IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional

More information

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager Document Reference Number Date Title Author Owning Department Version Approval Date Review Date Approving Body UoG/ILS/IS 001 January 2016 Information Security and Assurance Policy Information Security

More information

Security in the Cloud: Visibility & Control of your Cloud Service Providers

Security in the Cloud: Visibility & Control of your Cloud Service Providers Whitepaper: Security in the Cloud Security in the Cloud: Visibility & Control of your Cloud Service Providers Date: 11 Apr 2012 Doc Ref: SOS-WP-CSP-0412A Author: Pierre Tagle Ph.D., Prashant Haldankar,

More information

C ONTENTS. Acknowledgments

C ONTENTS. Acknowledgments kincaidtoc.fm Page vii Friday, September 20, 2002 1:25 PM C ONTENTS Preface Acknowledgments xxi xxvii Part 1 CRM: Is It Right for Your Company? 1 Chapter 1 Commerce in the 21st Century 3 1.1 Understanding

More information

Financial Services Guidance Note Outsourcing

Financial Services Guidance Note Outsourcing Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14

More information

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER MAY 2012 INDEX 1 Introduction... 1 2 Contextual background... 3 2.1 The CobiT 5 framework (2012)... 4 2.2 The ISO 27000 series (2005,

More information

Electronic Payment Schemes Guidelines

Electronic Payment Schemes Guidelines BANK OF TANZANIA Electronic Payment Schemes Guidelines Bank of Tanzania May 2007 Bank of Tanzania- Electronic Payment Schemes and Products Guidleness page 1 Bank of Tanzania, 10 Mirambo Street, Dar es

More information

Assessing Your Information Technology Organization

Assessing Your Information Technology Organization Assessing Your Information Technology Organization Are you running it like a business? By: James Murray, Partner Trey Robinson, Director Copyright 2009 by ScottMadden, Inc. All rights reserved. Assessing

More information

Measuring Continuity Planning Program. Performance

Measuring Continuity Planning Program. Performance Measuring Continuity Planning Program Performance Carl B Jackson Director Crisis Management & Continuity Planning Resource Center (CMCPRC) Measuring Continuity Planning Program Performance Session Agenda

More information

ITIL Roles Descriptions

ITIL Roles Descriptions ITIL Roles s Role Process Liaison Incident Analyst Operations Assurance Analyst Infrastructure Solution Architect Problem Manager Problem Owner Change Manager Change Owner CAB Member Release Analyst Test

More information

The ITIL v.3. Foundation Examination

The ITIL v.3. Foundation Examination The ITIL v.3. Foundation Examination ITIL v. 3 Foundation Examination: Sample Paper 4, version 3.0 Multiple Choice Instructions 1. All 40 questions should be attempted. 2. There are no trick questions.

More information

Auditing Outsourcing Arrangements

Auditing Outsourcing Arrangements Auditing Outsourcing Arrangements Eileen Healy Enterprise Risk Services Director 16 April 2015 Contact Details: - Email: - ehealy@deloitte.ie Mobile: - 086 164 3082 Session Objectives To provide an understanding

More information

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll Request for Proposal Supporting Document 3 of 4 Contract and Relationship December 2007 Table of Contents 1 Introduction 3 2 Governance 4 2.1 Education Governance Board 4 2.2 Education Capability Board

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

Company size matters: Perspectives on IT Governance

Company size matters: Perspectives on IT Governance www.pwc.com/ca/technology-consulting Company size matters: Perspectives on IT Governance versus large Canadian organizations and IT Governance PwC conducted research for the 4th edition of the IT Governance

More information

ITS Project Management

ITS Project Management ITS Project Management Policy Contents I. POLICY STATEMENT II. REASON FOR POLICY III. SCOPE IV. AUDIENCE V. POLICY TEXT VI. PROCEDURES VII. RELATED INFORMATION VIII. DEFINITIONS IX. FREQUENTLY ASKED QUESTIONS

More information

TECHNOLOGY STRATEGY AUDIT

TECHNOLOGY STRATEGY AUDIT TECHNOLOGY STRATEGY AUDIT Executive Summary It is our intention to facilitate the understanding of technology strategy and its integration with business strategies. This guideline is organized as series

More information

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus

More information

IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October 2 2008

IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October 2 2008 IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October 2 2008 Jan Duffy, Research Director Industry Insights Agenda About IDC Insights Today s organizational complexities

More information

Effectively Using CobiT in IT Service Management

Effectively Using CobiT in IT Service Management Effectively Using CobiT in IT Service Management Crown copyright material is reproduced with the permission of the Controller of HMSO and Queen s Printer for Scotland. ITIL is a Registered Trade Mark of

More information

Chief Information Security Officer

Chief Information Security Officer Principles Vision Purpose Statement Chief Information Security Officer healthalliance Purpose, Vision and Principles healthalliance provides shared services to benefit NZ health organisations. We will

More information

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE

END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE END TO END DATA CENTRE SOLUTIONS COMPANY PROFILE About M 2 TD M2 TD is a wholly black Owned IT Consulting Business. M 2 TD is a provider of data center consulting and managed services. In a rapidly changing

More information

Procurement Capability Standards

Procurement Capability Standards IPAA PROFESSIONAL CAPABILITIES PROJECT Procurement Capability Standards Definition Professional Role Procurement is the process of acquiring goods and/or services. It can include: identifying a procurement

More information

www.pwc.co.uk Cyber security Building confidence in your digital future

www.pwc.co.uk Cyber security Building confidence in your digital future www.pwc.co.uk Cyber security Building confidence in your digital future November 2013 Contents 1 Confidence in your digital future 2 Our point of view 3 Building confidence 4 Our services Confidence in

More information

Digital Continuity in ICT Services Procurement and Contract Management

Digital Continuity in ICT Services Procurement and Contract Management Digital Continuity in ICT Services Procurement and Contract Management This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage

More information

Institute for Development and Research in Banking Technology

Institute for Development and Research in Banking Technology Institute for Development and Research in Banking Technology Keynote Address by Shri. R. Gandhi, In-Charge Director, IDRBT, at the Conference of IT Chiefs, IDRBT, Hyderabad on July 04, 2005 IT Infrastructure

More information

Based on 2008 Survey of 255 Non-IT CEOs/Executives

Based on 2008 Survey of 255 Non-IT CEOs/Executives Based on 2008 Survey of 255 Non-IT CEOs/Executives > 50% Ranked ITG as very important > 75% of businesses consider ITG to be an integral part of enterprise governance, but the overall maturity level is

More information

SERV SER ICE DE SIGN

SERV SER ICE DE SIGN SERVICE DESIGN Service Design Set of specialized organizational capabilities for providing value to customers in the form of services SOURCE: ITIL Service Design Publication, p. 11 Service Design Goals

More information

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Accounting and Management Information Systems Vol. 11, No. 1, pp. 44 55, 2012 ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Pavel NĂSTASE 1 and Simona Felicia UNCHIAŞU

More information

Guidelines on Information security, Electronic Banking, Technology risk management and cyber frauds

Guidelines on Information security, Electronic Banking, Technology risk management and cyber frauds Guidelines on Information security, Electronic Banking, Technology risk management and cyber frauds Reserve Bank of India Department of Banking Supervision, Central Office, Mumbai Page 1 Table of Contents

More information

Service excellence and Managed Print Services

Service excellence and Managed Print Services Ensuring service quality through strong governance May 2012 With so many printer companies having jumped on the managed print services bandwagon, 2012 will see this buzz continue as more organisations

More information

Integrating Project Management and Service Management

Integrating Project Management and Service Management Integrating Project and Integrating Project and By Reg Lo with contributions from Michael Robinson. 1 Introduction Project has become a well recognized management discipline within IT. is also becoming

More information

Practical Approaches to Achieving Sustainable IT Governance

Practical Approaches to Achieving Sustainable IT Governance Practical Approaches to Achieving Sustainable IT Governance Beyond Mandates: Getting to Sustainable IT Governance Best Practices Agenda IT Governance Definition IT Governance Principles IT Governance Decisions

More information

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010 Public Record Office Victoria PROS 10/10 Strategic Management Guideline 5 Records Management Strategy Version Number: 1.0 Issue Date: 19/07/2010 Expiry Date: 19/07/2015 State of Victoria 2010 Version 1.0

More information

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0

ITIL by Test-king. Exam code: ITIL-F. Exam name: ITIL Foundation. Version 15.0 ITIL by Test-king Number: ITIL-F Passing Score: 800 Time Limit: 120 min File Version: 15.0 Sections 1. Service Management as a practice 2. The Service Lifecycle 3. Generic concepts and definitions 4. Key

More information

COBIT The comprehensive IT governance. framework that addresses every aspect of IT and integrates all of the main global IT standards.

COBIT The comprehensive IT governance. framework that addresses every aspect of IT and integrates all of the main global IT standards. COBIT The comprehensive IT governance framework that addresses every aspect of IT and integrates all of the main global IT standards. COBIT4.1 Does your enterprise s IT support the business? Is it aligned

More information

Leveraging the Private Cloud for Competitive Advantage

Leveraging the Private Cloud for Competitive Advantage Leveraging the Private Cloud for Competitive Advantage Introduction While it is universally accepted that organisations will leverage cloud solutions to service their IT needs, there is a lack of clarity

More information

Policy Title: Information and Communication Technologies (ICT) Service Management Policy. Policy Number: P60122

Policy Title: Information and Communication Technologies (ICT) Service Management Policy. Policy Number: P60122 Policy Title: Information and Communication Technologies (ICT) Service Management Policy Policy Number: P60122 Section Reference Policy Contents Page(s) 1. Policy Administration 2 2. Policy Objective,

More information

BRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper

BRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper BRIDGE the gaps between IT, cloud service providers, and the business. IT service management for the cloud Business white paper Executive summary Today, with more and more cloud services materializing,

More information

Finding your balance Top tips for successful HR delivery in multiple countries across Europe

Finding your balance Top tips for successful HR delivery in multiple countries across Europe Perspectives Finding your balance Top tips for successful HR delivery in multiple countries across Europe ...organisations are striving for a more standardised approach across all their business locations

More information

Availability Management: A CA Service Management Process Map

Availability Management: A CA Service Management Process Map TECHNOLOGY brief: AVAILABILITY MANAGEMENT Availability : A CA Process Map Malcolm Ryder ARCHITECT CA SERVICES Table of Contents Executive Summary 1 SECTION 1: CHALLENGE 2 Simplifying ITIL How to Use the

More information

ASAE s Job Task Analysis Strategic Level Competencies

ASAE s Job Task Analysis Strategic Level Competencies ASAE s Job Task Analysis Strategic Level Competencies During 2013, ASAE funded an extensive, psychometrically valid study to document the competencies essential to the practice of association management

More information

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK

GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK SUPERVISORY AND REGULATORY GUIDELINES: PU-0412 Operational Risk 25 th November, 2013 GUIDELINES FOR THE MANAGEMENT OF OPERATIONAL RISK 1. INTRODUCTION 1.1. The Central Bank of The Bahamas ( the Central

More information

BS OHSAS 18001 Occupational Health and Safety Management It s your duty. Your implementation guide

BS OHSAS 18001 Occupational Health and Safety Management It s your duty. Your implementation guide BS OHSAS 18001 Occupational Health and Safety Management It s your duty Your implementation guide BS OHSAS 18001 - Occupational Health and Safety Management Background BS OHSAS 18001 is the globally recognized

More information

Global Technology Audit Guide. Auditing IT Governance

Global Technology Audit Guide. Auditing IT Governance Global Technology Audit Guide Auditing IT Governance Global Technology Audit Guide (GTAG ) 17 Auditing IT Governance July 2012 GTAG Table of Contents Executive Summary... 1 1. Introduction... 2 2. IT

More information

Internal Audit Quality Assessment Framework

Internal Audit Quality Assessment Framework Internal Audit Quality Assessment Framework May 2013 Internal Audit Quality Assessment Framework May 2013 Crown copyright 2013 You may re-use this information (excluding logos) free of charge in any format

More information

WHITE PAPER IT SERVICE MANAGEMENT IT SERVICE DESIGN 101

WHITE PAPER IT SERVICE MANAGEMENT IT SERVICE DESIGN 101 WHITE PAPER IT SERVICE MANAGEMENT IT SERVICE DESIGN 101 Prepared by: Phillip Bailey, Service Management Consultant Steve Ingall, Head of Service Management Consultancy 60 Lombard Street London EC3V 9EA

More information

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

BUSINESS EXCELLENCE FRAMEWORK. Public Sector Interpretation Guide

BUSINESS EXCELLENCE FRAMEWORK. Public Sector Interpretation Guide BUSINESS EXCELLENCE FRAMEWORK Public Sector Interpretation Guide 1 CONTENTS THE BUSINESS EXCELLENCE FRAMEWORK... 3 THE PUBLIC SECTOR TRANSFORMATION... 4 1. LEADERSHIP (120 points)... 6 1.1 Senior Leadership

More information

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION.

ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. ARCHITECTURE SERVICES. G-CLOUD SERVICE DEFINITION. Table of contents 1 Introduction...3 2 Architecture Services...4 2.1 Enterprise Architecture Services...5 2.2 Solution Architecture Services...6 2.3 Service

More information

Business Resilience and Risk Management

Business Resilience and Risk Management Policy Business Resilience and Risk Management Document Number GOV-POL-37 1.0 Policy Statement Stanwell is committed to delivering a business resilience platform across all levels of the business and its

More information

Vendor Management Best Practices

Vendor Management Best Practices 23 rd Annual and One Day Seminar Vendor Management Best Practices Catherine Bruder CPA, CITP, CISA, CISM, CTGA Michigan Texas Florida Insight. Oversight. Foresight. SM Doeren Mayhew Bruder 1 $100 billion

More information