2009 Solvay Brussels School and IT Governance institute

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "2009 Solvay Brussels School and IT Governance institute"

Transcription

1 IT Governance Masterclass Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA International VP, IT Governance Institute Professor, Solvay Business School Managing Partner, ICT Control NV 1

2 Georges Ataya MSCS, PBA, CISA, CISM, CISSP Professor and Academic Director at Solvay Brussels School of Economics and Management in charge of IT Management Education International Vice President of the IT Governance Institute (ITGI.org) Managing Partner ICT Control SA ( Participated in various researches and publications. 2

3 Four education channels (solvay.edu/it) Executive Masters Executive Programmes Professional Seminars Professional Update Sessions 3

4 Forces Driving IT Governance Compliance Strategy and value ROI Service Management Security Project Execution 4

5 Why Does IT needs a Governance Framework? Do any of these conditions sound familiar? Increasing pressure to leverage technology in business strategies Growing complexity of IT environments Fragmented IT infrastructures Demand for technologists outstripping supply Communication gap between business and IT managers IT service levels that are disappointing IT costs perceived to be out of control Marginal ROI/productivity gains on technology investments Impaired organisational flexibility and nimbleness to change User frustration leading to ad hoc solutions IT managers operating like fire fighters 5

6 Without Effective Governance Situation Lack of Strategic Focus Projects are sold on emotional basis -- not selected Reluctance to say no to projects No strong review process Can t kill projects Leads to.. Too many projects Underestimation of risks and costs Quality of execution suffers Results in.. Budget overruns Project delays Business needs not met Benefits not received Increased Complexity Sub-optimal use of resources Finger pointing Overemphasis on Financial ROI No clear strategic criteria for selection Projects not aligned to strategy Lack of confidence (in IT) Source: Fujitsu 6

7 IT Governance Needs a Management Framework Driving Forces Map Onto the IT Governance Focus Areas IT GOVERNANCE Concepts RESOURCE MANAGEMENT 7

8 Definition 8

9 Six IT Governance domains IT Governance Concepts Risk Management Strategic Alignment Resources Management Value Management Performance Measurement 9

10 CGEIT domain 1 IT Governance Concepts IT Governance Concepts From IT Governance to Corporate Governance Establishing accountability Major Governance Frameworks Summary of IT Governance implementation practices Process Improvement and IT Practices Adapting IT practices to Enterprise s needs and culture Translate Business objectives into action Marketing and communication Practices Assurance Practices Governance, Risk and Compliance (GRC) practices 10

11 Governance, Risk & Compliance: GRC Risk is the effect of uncertainty on business objectives; risk management is the coordinated activities to direct and control an organization to realize opportunities while managing negative events. Risk Compliance Governance Compliance is the act of adhering to, and demonstrating adherence to, external laws and regulations as well as corporate policies and procedures. Governance is the culture, policies, processes, laws, and institutions that define the structure by which companies are directed and managed. Source: OCEG (Open Compliance and Ethics Group) 11

12 EDM-based model for IT Governance Corporate Governance of IT Evaluate Direct Plans Policies Proposals Business Processes Monitor Performance Conformance IT Projects IT Operations 12

13 6 Principles of ISO Responsibility 2. Strategy 3. Acquisition 4. Performance 5. Conformance Individuals and groups within the organization understand and accept their responsibilities in respect of both supply of, and demand for IT. Those with responsibility for actions also have the authority to perform those actions. The organization s business strategy takes into account the current and future capabilities of IT; the strategic plans for IT satisfy the current and ongoing needs of the organization s business strategy. IT acquisitions are made for valid reasons, on the basis of appropriate and ongoing analysis, with clear and transparent decision making. There is appropriate balance between benefits, opportunities, costs, and risks, in both the short term and the long term IT is fit for purpose in supporting the organization, providing the services, levels of service and service quality required to meet current and future business requirements. IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented and enforced. 6. Human Behaviour IT policies, practices and decisions demonstrate respect for Human Behaviour, including the current and evolving needs of all the people in the process. For each principle, the draft standard prescribes guidance for adherence in 3 aspects: Evaluate, Direct, and Monitor 13

14 Setting the Direction of IT Governance across the enterprise (in support of the business) Provide Direction Set Objectives IT is aligned with the business IT enables the business & maximises benefits IT resources are used responsibly IT-related risks are managed appr opriately Compare Measure Performance IT Activities Increase automation (make the business effective) Decrease cost (make the enterprise efficient) Manage risks (security, reliability & compliance) Objective: ensure that IT enables, sustains and extends the organisation s strategies and objectives Method: providing direction and exercising control Content: Leadership, organisational structures and processes Responsibility: board of directors and executive management Source: IT Governance Institute 14

15 Setting the Direction of IT Governance across the enterprise (in support of the business) Evaluate performance IT GOVERNANCE Set Objectives IT is aligned with the business IT enables the business and maximises benefits IT resources are used responsibly IT-related risks are managed appropriately Provide direction Measure and report performance Translate strategy into action Increase automation (make the business effective) Decrease cost (make the enterprise efficient) Manage risks (security, reliability & compliance) IT MANAGEMENT Translate direction into strategy Source: EG Consult 15

16 Summary of IT Governance implementation practices Business as Usual A sequence of activities to build and sustain IT governance in the organisation Evaluation Develop IT Governance Organisation Improvement Projects Awareness Need Analysis Gap Analysis A generic road map helps organisations to design the IT governance implementation effort. Nothing Source: IT Governance Institute 16

17 Scope, objectives and benefits of continuous process improvement and use of IT best practices, standards and frameworks to complement each other Source: IT Governance Institute 17

18 CGEIT Domain 2: Strategic Alignment Strategic Alignment Strategic alignment that impact the enterprise Strategic business planning process and techniques Linking enterprise business strategies with related best practices Scope, objectives and benefits of investment programs Portfolio, Program and Project management Enterprise Architecture IT support to key business processes Dynamic business modelling Elements of IT planning Mapping strategy processes and monitor key metrics Benchmarking strategic performance 18

19 Value chain linkage between Enterprise Strategy and IT Enterprise Strategy & Architecture Business Goals for IT IT Goals IT Processes IT Scorecard Business Requirements Governance Requirements deliver Information require Information Services influence IT Processes run Applications imply Information Criteria need Infrastructure & People Source: IT Governance Institute 19

20 Linking Business and IT Goals Source: IT Governance Institute 20

21 Linking IT Goals and IT Processes Source: IT Governance Institute 21

22 CGEIT Domain 3: Value Management Value Management Techniques and frameworks for Enterprise, Information and IT architecture Solution delivery processes and practices (systems development life cycle) IT service delivery processes and practices (IT Service Management) Practices and processes in value governance IT investment processes, funding models and investment lifecycle management Benefits management Cost optimisation Developing and monitoring business cases Portfolio, program and project management practices Managing and reporting the status of IT investments 22

23 Practices and processes in value governance Value Governance elements VALUE Total Benefits Total Costs Strategy Management Portfolio Management Programme Management Project Management A s s e t M g m t A r c h i t e c t u r e M a n a g e m e n t RISK Operations Management Source: IT Governance Institute 23

24 Val IT principles Practices and processes in value governance IT-enabled investments will be managed as a portfolio of investments IT-enabled investments will include the full scope of activities that are required to achieve business value IT-enabled investments will be managed through their full economic life cycle Results CIO Interviews Value delivery practices will recognise that there are different categories of investments that will be evaluated and managed differently Value delivery practices will define and monitor key metrics and will respond quickly to any changes or deviations Value delivery practices will engage all stakeholders and assign appropriate accountability for the delivery of capabilities and the realisation of business benefits Value delivery practices will be continually monitored, evaluated and improved Source: IT Governance Institute 24

25 Cost Optimisation Opportunities and Strategies for Cost Optimisation INFRASTRUCTURE PROCESS PEOPLE HARDW ARE SOFTWARE TELECOMS Mainframes Servers Desktops Laptops/PDAs Applications System software Databases Desktop software Data (LAN) Data (WAN) Voice Internet Procurement (AI5) Financing Policy (PO5) IT Management and Organisation Asset Management Budgeting and Cost Monitoring (PO5 and DS6) Deployment of Human Capital Capacity and Utilisation Warranty and Maintenance Platform and Product Consolidation Software Licensing Capacity and Utilisation Project Portfolio Management (PO10) Programme and Project Management (PO10) Contract/Third-party Service Management (DS2) IT Recruitment Staff Retention Replacement Strategy Platform Standardisation In-house and User Development Legacy/In-house Application Support Acceptable Use Policies Leverage of New Technologies Asset Management (DS9) Operations and Systems Management (DS13) Service Desk and Service Delivery (DS8) Use of IT Contract Staff Training and Staff Development Source: IT Governance Institute 25

26 Developing and monitoring business cases Why the business case? Understanding of what you plan to achieve; how you are going to manage it and who is accountable Basis for comparison and choice Recording all that needs to be tracked (cost, risks, benefits, etc.) Maintain clarity on what you are doing 2. Alignment RESOURCES Business Outcomes Business Capability Operational Capability Technical Capability Solution delivery and monitoring Developing the business case 7. Documentation 1. Fact Sheet 3. Financial Benefits 4. Non-financial Benefits 6. Optimising risk & return 5. Risks 8. Maintenance Source: Fujitsu Consulting, Information Paradox by John Thorp 26

27 Practices and processes in value governance Val IT2 framework domains and processes 3 Domains 22 Processes 74 Key Mgmt. Practices Value Governance (VG) VALUE GOVERNANCE (VG) VG1: Establish informed and committed leadership (5) VG2: Define and implement processes (6) VG3: Define portfolio characteristics (5) VG4: Align and integrate value management with enterprise financial planning (4) VG5: Establish effective governance monitoring (4) VG6: Continuously improve value management practices (1) Portfolio Management (PM) PORTFOLIO MANAGEMENT (PM) PM1: Establish strategic direction and target investment mix (4) PM2: Determine the availability and sources of funds (1) PM3: Manage availability of human resources (10) PM4: Evaluate and select programmes to fund (5) PM5: Monitor and report on portfolio performance (5) PM6: Optimise investment portfolio performance (2) Source: IT Governance Institute Investment Management (IM) INVESTMENT MANAGEMENT (IM) IM1: Develop and evaluate initial programme concept business case (3) IM2: Understand the candidate programme and implementation options (2) IM3: Develop the programme plan (1) IM4: Develop full life cycle costs and benefits (3) IM5: Develop the detailed candidate programme business case (3) IM6: Launch and manage the programme (3) IM7: Update operational IT portfolios (1) IM8: Update the business case (2) IM9: Monitor and report on the programme (3) IM10: Retire the programme (1) 27

28 Portfolio Categorisation Degrees of freedom to allocate funds Portfolio, program and project management practices VENTURE GROWTH DISCRETIONARY ENHANCEMENT S Discretionary Investments Transform the Business Grow the Business Every investment need not follow: The same level of value analysis The same level of control Value Assessment Cost Benefit Analysis Impact Analysis Clarity of connection with desired business outcomes NON DISCRETIONARY CORE Non-Discretionary Costs Run the Business Little Analysis Source: META Group 28

29 Value Governance is based around The Four Ares - continually asking Are we doing the right things? Are we getting the benefits? Are we doing them the right way? Are we getting them done well? Source: Fujitsu Consulting 29

30 CGEIT Domain 4: Risk Management Risk Management Context of risk management at strategic, portfolio, program, project and operations levels Overview of risk management frameworks and standards (COSO ERM, MoR, OCTAVE, ISO 31000, AS/NZ 4360:2004) Establishing the enterprise risk management framework (including risk classification model) in the context of business objectives and the environment both external and internal Mapping business processes to IT processes in a risk context to understand dependencies and root cause Defining the enterprise risk appetite Risk management of enterprise IT resources (application, information, infrastructure, people) Identifying threats, vulnerabilities and opportunities inherent in enterprise use of IT resources, and types of business risks, exposures and threats involved Quantitative and qualitative methods to determine sensitivity, criticality and maturity of IT-related contributions to business success Quantitative and qualitative methods to assess IT risks (including enterprise-specific specific descriptive measurement scales, IT-related asset valuation methods and risk probability, use of both audit and stream data types, and impact and loss expectancy models/techniques) Methods to uncover rare but high-impact impact risk types, such as process analysis techniques Risk mitigation strategies in relation to the use of IT in the enterprise Effective risk management techniques for IT-related activities, including reporting of identified risks 30

31 Risk Management Risk analysis concerned with gathering information about exposure to risk so that the organisation can make appropriate decisions and manage risks appropriately Risk management requires processes to monitor risks, including adequate information about risks and the decision process supported by risk analysis, identification and evaluation 31

32 Risk approaches Dependent on the type of risk and its significance to the business, management and the board may choose to: Mitigate Transfer Accept Implementing controls, e.g., acquire and deploy security technology to protect the IT infrastructure Sharing risk with partners transferring it to insurance coverage or Formally acknowledging that the risk exists and monitoring it 32

33 IT Risk Analysis Approach Risk management of enterprise IT resources (application, information, infrastructure, people) Source: IT Governance Institute 33

34 CGEIT Domain 5: Resources Management Resources Management Corporate business and IT resources (people, applications, infrastructure and information) IT resources acquisition processes (people, application, software, hardware, facilities and outsourced services) Skill and technology mixes required to meet the enterprise s business objectives Human resource management processes and optimization practices needed to meet established technical and business proficiency, competency, and capability requirements Outsourcing and offshoring processes that may be employed to meet investment program and operation and service level agreements The strengths and weaknesses inherent within the enterprise s human and technical business and IT resources and how to identify trainers with the requisite skill sets to maintain work competency and proficiency Business and IT resource planning and strategic and tactical planning methods, techniques and processes Quantitative and qualitative methods used to determine and evaluate business and IT resource utilization and the availability of these resources to effectively meet enterprise objectives Methods for monitoring and reporting on business and IT resource performance 34

35 Corporate business and IT resources The IT resources identified in COBIT can be defined as follows: Applications are the automated user systems and manual procedures that process the information. Information is the data, in all their forms, input, processed and output by the information systems in whatever form is used by the business. Infrastructure is the technology and facilities (i.e., hardware, operating systems, database management systems, networking, multimedia, and the environment that houses and supports them) that enable the processing of the applications. People are the personnel required to plan, organise, acquire, implement, deliver, support, monitor and evaluate the information systems and services. They may be internal, outsourced or contracted as required. 35

36 Establish technical and business proficiency, competency, and capability requirements Resources management requires adequate processes for defining and maintaining: IT Principles IT Architecture IT Infrastructure Business application needs IT Investment and prioritisation 36

37 Does Your IT Architecture Look Like (needed a) blueprint to bring order to spaghetti layer of applications, boxes and wires Toby Redshaw VP of Strategy & Architecture Motorola 37

38 Four architectural views Business View Application View Information View Technology View What are the business strategies and processes that will make us Which successful applications do we need to facilitate the business What information do we need to manage in the process What and technology business manipulate is needed the information to support the information and application needs 38

39 39

40 Outsourcing 40

41 CGEIT Domain 6: Performance Measurement Performance Measurement Enterprise strategy mapping and balanced scorecard principles Leading practices in performance measurement (e.g., maturity models) and effective industry benchmarking techniques Scope, objectives and benefits of commonly used IT maturity models, including their maturity attributes Outcome measures and performance drivers Continuous improvement methodologies Characteristics of, and selection criteria for measures and metrics Tools and techniques that facilitate data collection and measurement, including automated monitoring Role of good communications and organizational change in performance improvement Root cause analysis and lifecycle cost-benefit analysis techniques Evaluating and monitoring IT performance in the context of IT Governance 41

42 Mission: Provide high quality customer satisfaction at optimal cost. Source: Kaplan & Norton Enterprise strategy mapping and balanced scorecard principles Strategic Objectives: premier/preferred service provider industry leader in efficient service delivery Measurement: Balanced Approach Financial Perspective: Is IT delivering products and services cost effectively? Organizational Perspective: Is IT building capability and improving processes? Goals Process Perspective: How effective and efficient are IT processes to deliver products and services? Balanced Scorecard Approach for IT Customer Perspective: What are our customers perceptions of IT services and performance? What is ITs purpose? What does IT need to do to achieve its mission? A mechanism to communicate the objectives and monitor how successfully they are being achieved by recognising four key perspectives of ITs performance 42

43 Enterprise strategy mapping and balanced scorecard principles Cascading Performance Measurement Business Unit Mission and Strategy OBJECTIVES at all levels should fall into the four perspectives Financial Customer Internal Business Processes Learning and Innovation Strategic Objectives and Measures The Process of developing the BSC, and cascading it down the organisation, ensures that everyone understands the business units long-term objectives, as well as Departmental Business Plans Team Business Plans the strategy for achieving them. Individual Performance Measures Source: Balanced Scorecard Collaborative 43

44 Leading practices in performance measurement (e.g. maturity models) and effective industry benchmarking techniques Performance Measurement Where are we going? Vision How do we get there? What do we need to do well? Strategy Critical Success Factors How do we measure how well we are doing? How do we measure process improvement? How do we ensure customer satisfaction? Financial Perspective Key Performance Indicators Customer Perspective Process Perspective Process Performance Metrics Service Level Metrics Organizational Learning Source: Balanced Scorecard Collaborative 44

45 Benchmarking Leading IT process practices maturity in by performance industry sector measurement (e.g. maturity models) and effective industry benchmarking techniques M Po1 Po3 DS Po5 DS10 DS5 DS Po9 Po10 A11 DS1 A12 A16 A15 Finance Other IT Services Public Sector Ret & Manu DS10 DS5 DS11 M Po1 Po Po5 Po9 Po10 DS10 DS5 DS11 M Po1 Po Po5 Po9 Po10 DS10 DS5 DS11 M Po1 Po Po Po Po10 DS4 DS1 A16 A15 Financial Services Public Sector Retail/Manufacturing Source: IT Governance Institute A11 DS4 A12 DS1 A16 A15 A11 DS4 A12 DS1 A16 A15 A11 A12 45

46 Outcome measures and performance drivers Business Goal Maintain enterprise reputation and leadership IT Goal Ensure IT Services can resist and recover from attacks Process Goal Detect and resolve unauthorised access Activity Goal Understand security requirements, vulnerabilities and threats Number of Number of actual Number of actual incidents causing incidents because IT incidents with public of unauthorised business impact embarrassment access Outcome Metric Outcome Metric Outcome Metric Frequency of review of the type of security events to be monitored Outcome Metric Source: IT Governance Institute 46

47 Outcome measures and performance drivers Business Goal Maintain enterprise reputation and leadership leadership IT Goal Ensure IT Services can resist and recover from attacks Process Goal Detect and resolve unauthorised access Number of actual IT incidents with business impact Performance Metric Number of actual incidents because of unauthorised access Performance Metric Frequency of review of the type of security events to be monitored Performance Metric Source: IT Governance Institute 47

48 Governance Frameworks 48

49 Components of an Enterprise Governance framework mapping to some frameworks Source: IT Governance Institute 49

50 Review of major standards and frameworks relevant to IT Governance Add: TOGAF, Strategy Maps, Val IT Add: Val IT, PMBOK Source: Calder-Moir Framework for IT Governance (base) 50

51 IT Governance aspects addressed by CobiT and Val IT Frameworks Business Outcomes Functionality Agility Value Val IT Governance Drivers Return Compliance Comfort Risk Benefits IT Goals CobiT IT Processes Complementary (e.g. ITIL, Pri nce2 etc) IT Operations 51

52 What framework? 52

53 Where Does Frameworks Fit? Drivers PERFORMANCE: Business Goals CONFORMANCE Basel II, Sarbanes- Oxley Act, etc. Enterprise Governance Balanced Scorecard COSO IT Governance COBIT 4.1 Standards Best Practice ISO 9001:2000 ISO ISO Processes and Procedures QA procedures Security Principles ITIL V3 53

54 COBIT COBIT = Control OBjectives for Information and Related Technology Process-oriented oriented framework for IT Governance Focused on business goals and how IT supports their achievement A tool for Business management IT management IT process managers First developed in 1992 Issued by IT Governance Institute Content is managed by the COBIT Steering Committee Accepted globally as the de facto control framework for IT Governance Documents can be downloaded from isaca.org or ITGI.org 54

55 COBIT Framework BUSINESS OBJECTIVES AND GOVERNANCE OBJECTIVES ME1 ME2 ME3 ME4 Monitor and evaluate IT performance. Monitor and evaluate internal control. Ensure compliance with external requirements. Provide IT governance. DS1 Define and manage service levels. DS2 Manage third-party services. DS3 Manage performance and capacity. DS4 Ensure continuous service. DS5 Ensure systems security. DS6 Identify and allocate costs. DS7 Educate and train users. DS8 Manage service desk and incidents. DS9 Manage the configuration. DS10 Manage problems. DS11 Manage data. DS12 Manage the physical environment. DS13 Manage operations. C O B I T F R A M E W O R K MONITOR AND EVALUATE Efficiency Effectiveness Compliance DELIVER AND SUPPORT Reliability INFORMATION IT RESOURCES Applications Information Infrastructure People Integrity Availability Confidentiality ACQUIRE AND IMPLEMENT PLAN AND ORGANISE PO1 Define a strategic IT plan. PO2 Define the information architecture. PO3 Determine technological direction. PO4 Define the IT processes, organisation and relationships. PO5 Manage the IT investment. PO6 Communicate management aims and direction. PO7 Manage IT human resources. PO8 Manage quality. PO9 Assess and manage IT risks. PO10 Manage projects. AI1 AI2 AI3 AI4 AI5 AI6 AI7 Identify automated solutions. Acquire and maintain application software. Acquire and maintain technology infrastructure. Enable operation and use. Procure IT resources. Manage changes. Install and accredit solutions and changes. 55

56 COBIT PC and AC Processes Process Controls PC1 PC2 PC3 PC4 PC5 PC6 Process Goals and Objectives Process Ownership Process Responsibility Roles and Responsibilities Policy, Plans and Procedures Process Performance Improvement Application Controls AC1 AC2 AC3 AC4 AC5 AC6 Source Data Preparation and Authorization Source Data Collection and Entry Accuracy, Completeness and Authenticity Checks Processing Integrity and Validity Output Review, Reconciliation and Error Handling Transmission Authentication and Integrity 56

57 Mapping IT Management Frameworks 57

58 Mapping IT Management Frameworks Organisations will consider and use a variety of IT models, standards and best practices. These must be understood in order to consider how they can be used together. 58

59 59

60 Questions & Answers 60

S11 - Implementing IT Governance An Introduction Debra Mallette

S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Introduction to IT Governance Implementation using COBIT and Val IT Speaker: Debra Mallette, CGEIT, CISA, CSSBB Session Objectives

More information

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA

More information

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA Quality and security in application development Round Table Meeting/Discussion Group Wednesday 23rd May 2007 Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA 1 The International

More information

COBIT 4.1 TABLE OF CONTENTS

COBIT 4.1 TABLE OF CONTENTS COBIT 4.1 TABLE OF CONTENTS Executive Overview....................................................................... 5 COBIT Framework.........................................................................

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre

SITA Service Management Strategy Implementation. Presented by: SITA Service Management Centre SITA Service Management Strategy Implementation Presented by: SITA Service Management Centre Contents What is a Service? What is Service Management? SITA Service Management Strategy Methodology Service

More information

Strategic IT audit. Develop an IT Strategic IT Assurance Plan

Strategic IT audit. Develop an IT Strategic IT Assurance Plan Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized

More information

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell. COBIT 5 for Risk CS 3-7: Monday, July 6 4:00-5:00 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net Disclaimer of Use and Association Note: It is understood that

More information

IT Governance: framework and case study. 22 September 2010

IT Governance: framework and case study. 22 September 2010 IT Governance: framework and case study Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited Presentation topics ERM and IT governance IT governance framework IT

More information

Ann Geyer Tunitas Group. CGEIT Domains

Ann Geyer Tunitas Group. CGEIT Domains 1 CGEIT Exam Prep May 17, 2011 Ann Geyer Tunitas Group CGEIT Domains 2 Job Practice Areas by Domain 25% IT Gov Frameworks 20% Risk Mgmt 15% Strategic Alignment 15% Value Delivery 13% Resource Mgmt 12%

More information

ICTEC. IT Services Issues 3.4.2008. HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen

ICTEC. IT Services Issues 3.4.2008. HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen ICTEC IT Services Issues 3.4.2008 IT Services? IT Services include (for example) Consulting, IT Strategy, IT Architecture, Process, Software Software development, deployment, maintenance, operation, Custom

More information

PwC Luxembourg. Models for the governance of your investments with Portfolio Management September 2009

PwC Luxembourg. Models for the governance of your investments with Portfolio Management September 2009 PwC Luxembourg Models for the governance of your investments with Portfolio Management Agenda Welcome The Portfolio Management Concept Portfolio Management in PMI Portfolio Management in Val IT Portfolio

More information

IT Governance Regulatory. P.K.Patel AGM, MoF

IT Governance Regulatory. P.K.Patel AGM, MoF IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation

More information

Portfolio management. Executive Dilemmas. Our Agenda Today. Compiled by Johann Packendorff. The Context for Portfolio Management

Portfolio management. Executive Dilemmas. Our Agenda Today. Compiled by Johann Packendorff. The Context for Portfolio Management Portfolio management Compiled by Johann Packendorff Our Agenda Today The Context for Portfolio Management What is the business problem we are addressing? Project Portfolio Mgt v Enterprise Portfolio Mgt

More information

COBIT & ITIL usage for SOX current and future

COBIT & ITIL usage for SOX current and future COBIT & ITIL usage for SOX current and future Robert E Stroud International Vice President ISACA Evangelist ITSM & IT Governance CA, Inc. Japan, November 8, 2007 Trademark Notice ITIL is a registered trademark

More information

"Introduction to IT Governance with CobiT4.1 and CobiTQuickstart"

Introduction to IT Governance with CobiT4.1 and CobiTQuickstart "Introduction to Governance with CobiT4.1 and CobiTQuickstart" ISACA Joint Session San Francisco Chapter and Silicon Valley Chapter April 23, 2008 Debra Mallette CISA (Information Systems Audit and Control

More information

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP Presented by Denis Darveau CISM, CISA, CRISC, CISSP Las Vegas ISACA Chapter, February 19, 2013 2 COBIT Definition Control Objectives for Information and Related Technology (COBIT) is an IT governance framework

More information

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010 Dallas IIA Chapter / ISACA N. Texas Chapter Auditing Tuesday, October Project 20, 2009 Management Controls January 7, 2010 Table of Contents Contents Page # Project Management Office Overview 3 Aligning

More information

Certified Information Systems Auditor (CISA)

Certified Information Systems Auditor (CISA) Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the

More information

Revised October 2013

Revised October 2013 Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience

More information

CobiT Strategy and Long Term Vision

CobiT Strategy and Long Term Vision CobiT Strategy and Long Term Vision Urs Fischer VP Head IT Risk Mgmt, Security & ICS SwissLife Seite 2 1 Seite 3 Seite 4 2 Session Objective Provide those interested stakeholders with a clear and single

More information

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3 Outline What is IT Service Management What is ISO 20000 Step by step implementation

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

What s New In ITIL V3?

What s New In ITIL V3? What s New In ITIL V3? George Spalding VP, Global Events Pink Elephant Pink Elephant Leading The Way In IT Management Best Practices The ITIL Books (V2) T h e B u s i n e s s Planning To Implement Service

More information

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security

More information

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview COBIT 5 IACA s new framework for IT Governance, Risk, ecurity and Auditing An overview M. Garsoux COBIT 5 Licensed Training rovider Introduction rinciples rocesses Implementation upporting roducts Questions

More information

ITIL Service Lifecycles and the Project Manager

ITIL Service Lifecycles and the Project Manager 1 ITIL Service Lifecycles and the Project Manager The intersection of IT Service and Project Delivery Presented to: Kansas City Mid-America PMI Chapter Mark Thomas January 17, 2011 1 Agenda 2 Introduction

More information

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015 Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...

More information

Intelligent Customer Function (ICF)

Intelligent Customer Function (ICF) CAPABILITY AUDIT FOR HEIs Higher Education Institutions (HEIs) should organically develop their own to successfully manage the process of strategic sourcing. The capability audit provides an assessment

More information

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT

More information

IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October 2 2008

IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October 2 2008 IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October 2 2008 Jan Duffy, Research Director Industry Insights Agenda About IDC Insights Today s organizational complexities

More information

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30 Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.net

More information

COBIT 5 Introduction. 28 February 2012

COBIT 5 Introduction. 28 February 2012 COBIT 5 Introduction 28 February 2012 COBIT 5 Executive Summary 2012 ISACA. All rights reserved. 2 Information! Information is a key resource for all enterprises. Information is created, used, retained,

More information

ITIL AND COBIT EXPLAINED

ITIL AND COBIT EXPLAINED ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison

More information

ITAG RESEARCH INSTITUTE

ITAG RESEARCH INSTITUTE ITAG RESEARCH INSTITUTE Control and Governance Maturity Survey Establishing a reference benchmark and a self-assessment tool Erik Guldentops Wim Van Grembergen Steven De Haes Control and Governance Maturity

More information

ITIL V3 differences from V2

ITIL V3 differences from V2 ITIL V3 differences from V2 Stuart Rance FISM, CISSP 2006 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Agenda Overall differences Brief

More information

IT Governance and Control: An Analysis of CobIT 4.1. Prepared by: Mark Longo

IT Governance and Control: An Analysis of CobIT 4.1. Prepared by: Mark Longo IT Governance and Control: An Analysis of CobIT 4.1 Prepared by: Mark Longo December 15, 2008 Table of Contents Introduction Page 3 Project Scope Page 3 IT Governance.Page 3 CobIT Framework..Page 4 General

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

Domain 5 Information Security Governance and Risk Management

Domain 5 Information Security Governance and Risk Management Domain 5 Information Security Governance and Risk Management Security Frameworks CobiT (Control Objectives for Information and related Technology), developed by Information Systems Audit and Control Association

More information

CISM ITEM DEVELOPMENT GUIDE

CISM ITEM DEVELOPMENT GUIDE CISM ITEM DEVELOPMENT GUIDE Updated January 2015 TABLE OF CONTENTS Content Page Purpose of the CISM Item Development Guide 3 CISM Exam Structure 3 Writing Quality Items 3 Multiple-Choice Items 4 Steps

More information

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first

More information

Procuring Penetration Testing Services

Procuring Penetration Testing Services Procuring Penetration Testing Services Introduction Organisations like yours have the evolving task of securing complex IT environments whilst delivering their business and brand objectives. The threat

More information

IT Governance Charter

IT Governance Charter Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.co.za 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms

More information

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com COBIT 5 All together now! Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK www.maatconsulting.com 1 Copyright Notice COBIT is 1996, 1998, 2000, 2005 2012 ISACA and IT Governance Institute.

More information

ISSA Guidelines on Master Data Management in Social Security

ISSA Guidelines on Master Data Management in Social Security ISSA GUIDELINES ON INFORMATION AND COMMUNICATION TECHNOLOGY ISSA Guidelines on Master Data Management in Social Security Dr af t ve rsi on v1 Draft version v1 The ISSA Guidelines for Social Security Administration

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Risk Management Policy Record Number D14/79827 Responsible Manager Manager Strategy and Governance Last reviewed 10 March 2015 Adoption reference Council Resolution number 90.5 Previous

More information

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA vandeke@gmail.com 11.16.2013 AGENDA IT s Changing Landscape ISACA s Response Vision and Mission COBIT 5

More information

AN OVERVIEW OF INFORMATION SECURITY STANDARDS

AN OVERVIEW OF INFORMATION SECURITY STANDARDS AN OVERVIEW OF INFORMATION SECURITY STANDARDS February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced

More information

The Importance of IT Controls to Sarbanes-Oxley Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers

More information

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and

More information

Competency Requirements for Executive Director Candidates

Competency Requirements for Executive Director Candidates Competency Requirements for Executive Director Candidates There are nine (9) domains of competency for association executives, based on research conducted by the American Society for Association Executives

More information

JOB DESCRIPTION CONTRACTUAL POSITION

JOB DESCRIPTION CONTRACTUAL POSITION Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical

More information

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH

More information

Information & Asset Protection with SIEM and DLP

Information & Asset Protection with SIEM and DLP Information & Asset Protection with SIEM and DLP Keeping the Good Stuff in and the Bad Stuff Out Professional Services: Doug Crich Practice Leader Infrastructure Protection Solutions What s driving the

More information

1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects

1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects 1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects b) The path to Service Delivery and Service Support for efficient and effective

More information

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014

IT Vendor Due Diligence. Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 IT Vendor Due Diligence Jennifer McGill CIA, CISA, CGEIT IT Audit Director Carolinas HealthCare System December 9, 2014 Carolinas HealthCare System (CHS) Second largest not-for-profit healthcare system

More information

Aligning IT with Business Needs (Why Right-sourcing works)

Aligning IT with Business Needs (Why Right-sourcing works) Aligning IT with Business Needs (Why Right-sourcing works) Mike Ryan Aligning IT with Business Needs (Why Right-sourcing works) Mike Ryan Challanges running IT Keeping IT Running Value Costs Mastering

More information

IT Service Management ITIL, COBIT

IT Service Management ITIL, COBIT IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service

More information

International Diploma in Risk Management Syllabus

International Diploma in Risk Management Syllabus International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.

More information

Global Technology Audit Guide. Auditing IT Governance

Global Technology Audit Guide. Auditing IT Governance Global Technology Audit Guide Auditing IT Governance Global Technology Audit Guide (GTAG ) 17 Auditing IT Governance July 2012 GTAG Table of Contents Executive Summary... 1 1. Introduction... 2 2. IT

More information

The Future of Best Practices in IT Service Management - ITIL Version 3 Explained

The Future of Best Practices in IT Service Management - ITIL Version 3 Explained The Future of Best Practices in IT Service Management - ITIL Version 3 Explained Reg Harbeck CA Monday, August 13, 2007 Session 1455 ITIL V3: The Processes Governance Processes: Service Measurement Service

More information

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway.

Citation for published version (APA): Berthing, H. H. (2014). Vision for IT Audit 2020. Abstract from Nordic ISACA Conference 2014, Oslo, Norway. Aalborg Universitet Vision for IT Audit 2020 Berthing, Hans Henrik Aabenhus Publication date: 2014 Document Version Early version, also known as pre-print Link to publication from Aalborg University Citation

More information

Chayuth Singtongthumrongkul

Chayuth Singtongthumrongkul IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional

More information

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013

IT Risk Management Life Cycle and enabling it with GRC Technology. 21 March 2013 IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends

More information

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services

Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services Specialist Cloud Services Lot 4 Cloud EDRM Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4 3.2 Service description...

More information

Module 6 Essentials of Enterprise Architecture Tools

Module 6 Essentials of Enterprise Architecture Tools Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade

More information

Information Security Governance:

Information Security Governance: Information Security Governance: Designing and Implementing Security Effectively 2 nd Athens International Forum on Security 15 16 Jan 2009 Anestis Demopoulos, CISA, CISSP, CIA President of ISACA Athens

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

The Asset Management Landscape

The Asset Management Landscape The Asset Management Landscape ISBN 978-0-9871799-1-3 Issued November 2011 www.gfmam.org The Asset Management Landscape www.gfmam.org ISBN 978-0-9871799-1-3 Published November 2011 This version replaces

More information

Life Cycle Models, CMMI, Lean, Six Sigma Why use them?

Life Cycle Models, CMMI, Lean, Six Sigma Why use them? Life Cycle Models, CMMI, Lean, Six Sigma Why use them? John Walz IEEE Computer Society, VP for Standards QuEST Forum Best Practices Conference Track 3 What, Where, How & Why Monday, 24-Sep-07, 4:30 5:30

More information

Terms of Reference for an IT Audit of

Terms of Reference for an IT Audit of National Maritime Safety Authority (NMSA) TASK DESCRIPTION PROJECT/TASK TITLE: EXECUTING AGENT: IMPLEMENTING AGENT: PROJECT SPONSOR: PROJECT LOCATION: To engage a professional and qualified IT Auditor

More information

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies

IT Professional Standards. Information Security Discipline. Sub-discipline 605 Information Security Testing and Information Assurance Methodologies IT Professional Standards Information Security Discipline Sub-discipline 605 Information Security Testing and Information Assurance Methodologies December 2012 Draft Version 0.6 DOCUMENT REVIEW Document

More information

TEC Capital Asset Management Standard January 2011

TEC Capital Asset Management Standard January 2011 TEC Capital Asset Management Standard January 2011 TEC Capital Asset Management Standard Tertiary Education Commission January 2011 0 Table of contents Introduction 2 Capital Asset Management 3 Defining

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

Enterprise Security Architecture

Enterprise Security Architecture Enterprise Architecture -driven security April 2012 Agenda Facilities and safety information Introduction Overview of the problem Introducing security architecture The SABSA approach A worked example architecture

More information

IS Management, ITIL, ISO, COBIT...

IS Management, ITIL, ISO, COBIT... IS Management, ITIL, ISO, COBIT... Orsys, with 30 years of experience, is providing high quality, independant State of the Art seminars and hands-on courses corresponding to the needs of IT professionals.

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871

More information

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK INDEX 1 Introduction... 2 Contextual background... 2.1 The CobiT 5 framework (2012)... 2.2 The ISO 27000 series (2005, 2011)... 2.3 The Risk IT

More information

Combine ITIL and COBIT to Meet Business Challenges

Combine ITIL and COBIT to Meet Business Challenges Combine ITIL and COBIT to Meet Business Challenges By Peter Hill, Director, IT Governance Network, and Ken Turbitt, Best Practices Director, BMC Software BEST PRACTICES WHITE PAPER Table of Contents ABSTRACT...

More information

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire

More information

Begin with the end in mind

Begin with the end in mind Begin with the end in mind Is your business vision driving your software purchases? Or is it the other way around? Organisations can be paying 25-35% too much for software, support and maintenance costs.

More information

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University.

Cisco Unified Communications and Collaboration technology is changing the way we go about the business of the University. Data Sheet Cisco Optimization s Optimize Your Solution using Cisco Expertise and Leading Practices Optimizing Your Business Architecture Today, enabling business innovation and agility is about being able

More information

UoD IT Job Description

UoD IT Job Description UoD IT Job Description Role: Projects Portfolio Manager HERA Grade: 8 Responsible to: Director of IT Accountable for: Day to day leadership of team members and assigned workload Key Relationships: Management

More information

How to Make RAM Part of the Business Process

How to Make RAM Part of the Business Process How to Make RAM Part of the Business Process 14th Transport Sector Coordinating Committee (TSCC) Meeting of the Central Asia Regional Economic Cooperation Program 27-30 April 2015 Ulaanbaatar, Mongolia

More information

POSITION DESCRIPTION. Role Purpose. Key Challenges. Key Result Areas

POSITION DESCRIPTION. Role Purpose. Key Challenges. Key Result Areas POSITION DESCRIPTION Position Title Manager, Technical Services Support Position Number Reports to Manager Technology Services Functional Auth HRM Auth Region IT Services Centre Head Office Date Feb 2011

More information

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING

G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING IS AUDITING GUIDELINE G13 USE OF RISK ASSESSMENT IN AUDIT PLANNING The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply

More information

Location of the job: CFO Revenue Assurance

Location of the job: CFO Revenue Assurance JOB PROFILE Title of position: Manager: Revenue Assurance Operations Number of subordinates: 5-10 Location of the job: CFO Revenue Assurance Level: 3 Position Code: Time span: 2-3 years Key Performance

More information

ITIL. Lifecycle. www.alctraining.com.my. ITIL Intermediate: Continual Service Improvement. Service Strategy. Service Design. Service Transition

ITIL. Lifecycle. www.alctraining.com.my. ITIL Intermediate: Continual Service Improvement. Service Strategy. Service Design. Service Transition Take your ITIL skills to the next level ITIL Lifecycle ITIL Intermediate: Part of the complete ITIL Education Program Advance your career Add value to your organisation Gain credits towards ITIL Expert

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

IPMS Insurance Performance Management System

IPMS Insurance Performance Management System What s gets Measured gets Managed IPMS Insurance Performance Management System Our Value Proposition for : Achieving Clarity, Alignment and Accountability Yiannis Charalambous Chairman Gnosis Management

More information

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors Overview for Chief Executive Officers and Boards of Directors In light of the increasing volume and sophistication of cyber threats, the Federal Financial Institutions Examination Council 1 (FFIEC) developed

More information

Information Security Managing The Risk

Information Security Managing The Risk Information Technology Capability Maturity Model Information Security Managing The Risk Introduction Information Security continues to be business critical and is increasingly complex to manage for the

More information

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services

Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Specialist Cloud Services Lot 4 Cloud Printing and Imaging Consultancy Services Page 1 1 Contents 1 Contents... 2 2 Transcend360 Introduction... 3 3 Service overview... 4 3.1 Service introduction... 4

More information

Based on 2008 Survey of 255 Non-IT CEOs/Executives

Based on 2008 Survey of 255 Non-IT CEOs/Executives Based on 2008 Survey of 255 Non-IT CEOs/Executives > 50% Ranked ITG as very important > 75% of businesses consider ITG to be an integral part of enterprise governance, but the overall maturity level is

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

The MSS Approach to BPM

The MSS Approach to BPM The MSS Approach to BPM Ryan McMahon, PMP MSS Management Consulting Agenda BPM defined MSS BPM Offerings and Approach Key BPM Benefits Q&A - Improve the Big Picture - Identify Problem Areas and Bottlenecks

More information