IT Governance: framework and case study. 22 September 2010
|
|
- Antony Hudson
- 8 years ago
- Views:
Transcription
1 IT Governance: framework and case study
2 Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited
3 Presentation topics ERM and IT governance IT governance framework IT governance assessment Case study Implication of IT governance on internal audit We think IT governance needs to be a shared commitment across the business, it s not something that can be left to the CIO and IT departments. Instead, to be effective, it must be understood and the responsibility shared throughout the business. Page 3
4 ERM and IT governance
5 ERM and IT governance ISO9000 ISO38500 CMM ITIL SAS 70/ ISAE 3402 ISO31000 IT Governance Frameworks Confused?? ISO27001 COSO IC/ERM OCEG GRC Balanced Score Card COBIT Page 5
6 IT GRC Drivers & Objectives Most companies have take a very siloed approach to IT risk management which creates multiple redundancies and extensive inconsistency in how IT risks are assessed and managed. An effective IT GRC program will aggregate the evaluation of IT risks and controls to create a convergence of IT Risk activities which results in greater consistency and efficiency across the IT GRC program and the company as a whole. Common Current State Desired Future State External regulators, analysts, investors Board/senior management oversight Audit Risk Other committee committee committees Audit committee Compensation committee Board oversight Risk committees Executive management Other committee CEO CFO CRO General Counsel Inte ernal con ntrol Internal audit Risk management Compliance Internal control Information technology Legal and regulatory External audit Internal audit External audit Aligned mandate and scope Coordinated infrastructure and people Consistent methods and practices Common information and technology Business Business Business Business unit unit unit unit Business Business Business Business unit unit unit unit Page 6
7 ERM and IT governance ERM Page 7
8 IT governance framework
9 IT Governance Defined IT Governance is a set of IT management activities, policies, standards and measures developed to ensure desirable behavior, for the effective, efficient and secure use of technology. Ernst & Young Key IT Governance Decisions IT Governance Determines Evaluation of business initiatives and risk Prioritization of projects Who makes decisions Allocation of resources and budgets Power Performance measurements How they make them Allocation of costs and cost measurement Decision Process/Rights methods Why they make them Tracking and reporting mechanisms Alignment Assessment of value of an IT investment Without proper governance, an organization is at risk of losing its competitive advantage Page 9
10 Why is IT Governance necessary? Fundamentally, it enables a stronger competitive position due to improved performance, efficiency and effectiveness at all levels of the organization Ensures enterprise alignment Ensure effective IT processes and delivery Ensure effective risk management Establishes and deploys the right IT resources and capabilities Enables continuous performance improvement Underpins legal and regulatory compliance Page 10
11 The Enterprise Agenda for IT How does IT impact your business? Value how does IT create value for the enterprise? Cost how does IT help rationalize the overall costs of the business? Risk how does IT help the business manage its overall risk position? IT can be a competitive advantage or a corporate hindrance We believe that for IT to create a positive impact, there are four must do s for the enterprise relative to IT: Align Strategically Govern Effectively Operate Efficiently Measure Performance Op erate Effic ciently Align Strategically Manage Risk Create Value Objectives Rationalize Cost Measure Performance Gove ern Effectiv vely 11 Page 11
12 The ITGI Model Strategic Alignment Strategic Alignment, focuses on ensuring the linkage of business and IT plans; defining, maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations. Performanc nce Measurem ment Strategic Alignment Value Delivery IT Governance Domains Resource Risk Ma anagement Align IT strategy with enterprise strategy Ensure IT delivers against the strategy Co-responsibility of business and IT Direct IT strategy Ensure a culture of openness and collaboration among the business, geographical and functional units of the enterprise Page 12
13 The ITGI Model Value Delivery Value Delivery is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimising costs and proving the intrinsic value of IT. Performanc nce Measurem ment Strategic Alignment Value Delivery IT Governance Domains Resource Risk Ma anagement Appropriate quality, on time and on budget Clarify value, educate, involve stakeholders and manage perceptions Formal tracking of business value of IT (business requirements & process change) Disciplined approach to project management with a larger role for the business Technology standardisation Page 13
14 The ITGI Model Risk Risk requires risk awareness by senior corporate officers, a clear understanding of the enterprise s appetite for risk, understanding of compliance requirements, transparency about the significant risks to the enterprise and embedding of risk management responsibilities into the organisation. Performanc ce Measureme ent Strategic Alignment Value Delivery IT Governance Domains Resource Risk Managemen nt Awareness of IT risks based on proactive and continuous assessment Transparency to all stakeholders Establishing responsibility and embedding risk management into the organisation Risk mitigation can generate costefficiencies Information security Page 14
15 The ITGI Model Resource Resource is about the optimal investment in, and the proper p management of, critical IT resources: applications, information, infrastructure and people. Key issues relate to the optimisation of knowledge and infrastructure. Performanc nce Measurem ment Strategic Alignment Value Delivery IT Governance Domains Resource Risk Ma anagement Inventories of hardware and software Practices to train and retain skilled staff Clear, consistent t and enforced procurement policies Standardised and interoperable infrastructure Service level management Page 15
16 The ITGI Model Performance Measurement Performance Measurement, tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, using, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting. Pe erformance e Measureme ent Strateg tegic Alignment nt Valu alue Delivery IT Governance e a Domains Resource Risk Managemen ent Define and monitor measures IT Balanced Scorecard as emerging reporting system A management reporting system that feeds back into the strategy The most effective means to achieve IT and Business alignment Enabling effective value measurement (ROI, NPV ) Page 16
17 IT governance assessment
18 Assessing IT Governance Initial/ Repeatable Defined Managed Non-existent Ad Hoc but Intuitive process and Measurable Optimised i (Maturity Model - CobiT 4.1 ) 0 - processes are not applied at all. 1 - Processes are ad hoc and disorganised. 2 - Processes follow a regular pattern. 3 - Processes are documented and communicated. 4 - Processes are monitored and measured. 5 - Best practices are followed and automated. Page 18
19 Assessing IT Governance Sample Maturity Model for IT Governance Value Delivery Domain 1. IT Direction i & Planning 2. Enterprise IT Architecture 3. Value Measurement 4. Project Portfolio Mgt 5.3 rd Party Relationship Mgt Non- Existent IT Governance Value Delivery Maturity Model - CobiT 4.1 Initial/ Ad Hoc Repeatable but Intuitive Defined process Managed and Measurable Optimized Legend Current State Interim Target State Target State 0 - Processes are non-existent 1 - Processes are ad hoc & disorganized 2 - Processes are repeatable but intuitive 3 - Processes are defined, documented & communicated 4 - Processes are managed & measured 5 - Processes are optimized Legend Current State Interim Target State Target State Example also in Appendix D (page 48) of Board Briefing on IT Governance booklet Page 19
20 Assessing IT Governance Maturity model ranking Organizational scorecard to ITGI model Gap analysis leading to improvement initiatives Uses a scale of 0 through 5 to measure the maturity level of the area being assessed Do not assume that the desired state is always 5 Critical to perform analysis over time; especially as the business changes (e.g. mergers, integrations, etc.) Page 20
21 Example: IT Governance Maturity Assessment Components IT Governance Framework Strategic Alignment Value Delivery Risk Resource Performance Measurement Program Mission and Framework Program Oversight Communication Strategy Corporate Alignment Role of IT/Definition of IT Value Strategic Direction Business, IT and Operations Alignment Investment Prioritization and Allocation IT Direction and Planning Enterprise IT Architecture Value Measurement Program and Project Third-Party Relationship IT & Business Risk Alignment Integrated IT Risk Framework IT Risk Oversight IT Resource & Asset Infrastructure Technology Lifecycle Knowledge Strategic Sourcing Performance Metrics Performance Monitoring Quality Improvement Continuous Process Improvement Scope of Potential Measurement Maturity Model Scale IT Governance Maturity Score Distribution 5 0 Processes are non-existent 4 1 Processes are ad-hoc and disorganized 3 2 Processes are repeatable but intuitive 3 Processes are defined, documented and intuitive 2 4 Processes are managed and measured 1 5 Processes are optimized 0 ITG SA VD RiM ReM PM Page 21
22 Example: IT Governance Executive Stakeholder Questionnaire Degree of Agreement (Max, Average, Min) Strategic Alignment I am informed of the strategy of the business. 2 I understand the technology strategy of the organization. 3 I agree with how projects and initiatives are prioritized. 4 I understand how budgets are agreed upon. 5 Projects are aligned with organizational strategy. 6 Project alignment is periodically reevaluated. 7 IT stakeholders are brought into the project early in the planning phase of the project. Value Delivery 8 I am realizing the full value of the investment in IT. 9 If and/or when I we upgrade software or infrastructure, I believe I have input into the decision. 10 I am aware of the IT charges (and how the IT charges) are allocated. Strongly Agree Agree Undecided/ Neutral Disagree Strongly Disagree 11 The organization formally recognizes and measures the value delivered from a technology-enabled process. Page 22
23 Case study Implication of IT governance on internal audit
24 Link risk to IT objectives and processes IT objectives and strategies Inherent key IT risks IT processes IT governance and strategy IT development and design IT operations Information security and protection Guidance and oversight Strategic planning Deliver superior systems and applications Technology enablement to achieve business objectives Superior service support and delivery Continuity of services Optimize operating efficiency Protection of information Effectively manage security risk Link ob bjectives to risks ficance of the ris sk to IT objective es Eva aluate the signif IT Process Duplication and Inefficiencies Emerging Technologies Technology Direction System Disruptions Contracts/3rd Party Vendors - Outsourcing Records Retention Regulatory Compliance People Global Sourcing Business Continuity Asset and Portfolio IT Infrastructure Capacity IT Security/Privacy Financial Reporting Link risk ks to IT pro ocesses Evaluate Mana agement and Co ontrol Activities Infrastructure and Asset Change Service Level Production Support Problem and incident management Project/ program management Customer Support Page 24
25 IT Audit (or IT Risk ) can bring more value to the organization Implementing measures for compliance has made organizational change management a key skill of the IT auditor The same skills used to facilitate compliance can now be used to facilitate IT Effectiveness With the focus over the past five years on financial and compliance risk, strategic and operational risk has been largely ignored It is critical for organizations to refresh their IT risk universe to include all IT risks We are seeing a significant shift in the charter of IT auditors and a renewed focus on assessing and reducing strategic and operational risk Page 25
26 What is the role of your IT Audit function? Is IT Audit focused solely on financial and compliance risk? What is needed to take IT Audit to the next level? CGEIT Certification PMI/CMMI Training i ITIL Training Co-sourcing agreement with knowledge transfer How can IT Audit demonstrate more value to the organization? Make sure your IT risk assessment process evaluates the impact of all major IT risks, including operational and strategic risks Measure the before and after impact of initiatives designed to better manage strategic and operational risks Page 26
27 Thank you
28 Ernst & Young Assurance Tax Transactions Advisory About Ernst & Young Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 144,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve potential. For more information, please visit Ernst & Young refers to the global organization ation of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients Ernst & Young Corporate Services Limited. All Rights Reserved.
IT Governance. What is it and how to audit it. 21 April 2009
What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures
More informationGobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI
Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory
More informationIT Governance Regulatory. P.K.Patel AGM, MoF
IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation
More informationIT Charter and IT Governance Framework
IT Charter and IT Governance Framework Status: Custodian: Approved Director: Information Technology Date approved: 2013-12-04 Implementation date: 2013-12-05 Decision number: SAQA 02102/13 Due for review:
More informationIT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE
1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH
More informationEnabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013
Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities
More informationBased on 2008 Survey of 255 Non-IT CEOs/Executives
Based on 2008 Survey of 255 Non-IT CEOs/Executives > 50% Ranked ITG as very important > 75% of businesses consider ITG to be an integral part of enterprise governance, but the overall maturity level is
More informationIT Risk Management Life Cycle and enabling it with GRC Technology
IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?
More informationMapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA
Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT
More informationBeyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist
Beyond Mandates: Getting to Sustainable IT Governance Best Practices Steve Romero PMP, CISSP, CPM IT Governance Evangelist Agenda > IT Governance Definition > IT Governance Principles > IT Governance Decisions
More informationHow To Improve Your Business
IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends
More informationMoving Forward with IT Governance and COBIT
Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around
More informationASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT
Accounting and Management Information Systems Vol. 11, No. 1, pp. 44 55, 2012 ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Pavel NĂSTASE 1 and Simona Felicia UNCHIAŞU
More informationS11 - Implementing IT Governance An Introduction Debra Mallette
S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Introduction to IT Governance Implementation using COBIT and Val IT Speaker: Debra Mallette, CGEIT, CISA, CSSBB Session Objectives
More information2009 Solvay Brussels School and IT Governance institute
IT Governance Masterclass Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA International VP, IT Governance Institute Professor, Solvay Business School Managing Partner, ICT Control NV 1 Georges Ataya
More informationMaximizing Your IT Value with Well-Aligned Governance August 3, 2012
Maximizing Your IT Value with Well-Aligned Governance August 3, 2012 6 th Annual SoCal Excellence in Service Management Conference Your Presenter: Jason Brucker Associate Director within Protiviti's IT
More informationPractical Approaches to Achieving Sustainable IT Governance
Practical Approaches to Achieving Sustainable IT Governance Beyond Mandates: Getting to Sustainable IT Governance Best Practices Agenda IT Governance Definition IT Governance Principles IT Governance Decisions
More informationITIL AND COBIT EXPLAINED
ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationEnhancing IT Governance, Risk and Compliance Management (IT GRC)
Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT
More informationContinuous Controls Monitoring. Virginia ISACA January Meeting 19 January 2010
Continuous Controls Monitoring Virginia ISACA January Meeting 19 January 2010 Today s Agenda What We Are Hearing About Risk Internal Controls Continuous Control Monitoring What is CCM? Framework EY Point
More informationItaly. EY s Global Information Security Survey 2013
Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information
More informationRevised October 2013
Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience
More informationIT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP
IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP 1 An executive view of governance Based on 2009 Survey of 255 Non-IT CEOs/Executives 50% Ranked ITG as very important 75% of
More informationGlobal Technology Audit Guide. Auditing IT Governance
Global Technology Audit Guide Auditing IT Governance Global Technology Audit Guide (GTAG ) 17 Auditing IT Governance July 2012 GTAG Table of Contents Executive Summary... 1 1. Introduction... 2 2. IT
More informationLinking Risk Management to Business Strategy, Processes, Operations and Reporting
Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles
More informationIT Service Management ITIL, COBIT
IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service
More informationEnterprise Risk Management & Information Technology
Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management
More informationGOVERNANCE OF INFORMATION TECHNOLOGY IN HIGHER EDUCATION
GOVERNANCE OF INFORMATION TECHNOLOGY IN HIGHER EDUCATION SPANISH ASSOCIATION OF UNIVERSITY RECTORS CONFERENCIA DE RECTORES DE LAS UNIVERSIDADES ESPAÑOLAS Information Technology (IT) has become critical
More informationIdentity & Access Management new complex so don t start?
IT Advisory Identity & Access Management new complex so don t start? Ing. John A.M. Hermans RE Associate Partner March 2009 ADVISORY Agenda 1 KPMG s view on IAM 2 KPMG s IAM Survey 2008 3 Best approach
More informationMeasuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia
Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia MARIO SPREMIĆ, Ph.D., CGEIT, Full Professor Faculty of Economics and Business Zagreb, University of Zagreb
More informationStrategic IT audit. Develop an IT Strategic IT Assurance Plan
Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized
More informationSoftware Asset Management (SAM) and ITIL Service Management - together driving efficiency
Software Asset Management (SAM) and ITIL Service Management - together driving efficiency Ian Preskett MIET C.Eng. MBCS CITP Software Asset Management Consultant ian.preskett@ipassociatesltd.co.uk Agenda
More informationCOMMUNIQUE. Information Technology (IT) Governance Guidance
COMMUNIQUE 14-COM-002 July 14, 2014 Information Technology (IT) Governance Guidance The Credit Union Prudential Supervisors Association (CUPSA) has established an IT Risk Working Group to focus on IT governance
More informationWhite Paper: AlfaPeople ITSM 2013. This whitepaper discusses how ITIL 3.0 can benefit your business.
White Paper: AlfaPeople ITSM 2013 This whitepaper discusses how ITIL 3.0 can benefit your business. Executive Summary Imagine trying to run a manufacturing business without a comprehensive and detailed
More informationIT risk management discussion 2013 PIAA Leadership Camp May 15, 2013
IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2
More informationXBRL & GRC Future opportunities?
XBRL & GRC Future opportunities? Suzanne Janse Deloitte NL Paul Hulst Deloitte / Said Tabet EMC Presenters Suzanne Janse Deloitte Netherlands Director ERP (SAP, Oracle) Risk Management GRC software Paul
More informationAnn Geyer Tunitas Group. CGEIT Domains
1 CGEIT Exam Prep May 17, 2011 Ann Geyer Tunitas Group CGEIT Domains 2 Job Practice Areas by Domain 25% IT Gov Frameworks 20% Risk Mgmt 15% Strategic Alignment 15% Value Delivery 13% Resource Mgmt 12%
More informationIT Governance Charter
Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.co.za 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms
More informationChayuth Singtongthumrongkul
IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional
More informationOffice of the Chief Information Officer
Office of the Chief Information Officer Business Plan: 2012 2015 Department / Ministère: Executive Council Date: November 15, 2012 1 P a g e This Page Left Intentionally Blank 2 P a g e Contents The Business
More informationCOBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)
COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA
More informationComply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan
Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan You Can Offset the Costs of Compliance! Complexity Drives Cost UP Sarbanes-Oxley HIPAA EPA Basel II M&A
More informationCobiT and IT Governance Elements for building in security. from the top, down and the bottom, up
CobiT and IT Governance Elements for building in security from the top, down and the bottom, up David Kohrell, PMP, CISA, MA, MCRP david.kohrell@tapuniversity.com This presentation was developed using
More informationBRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper
BRIDGE the gaps between IT, cloud service providers, and the business. IT service management for the cloud Business white paper Executive summary Today, with more and more cloud services materializing,
More informationIt s All About Process
It s All About Process A White Paper By Gary Guttridge Principal Change Manage IT Ltd. It s All About Process Page 1 of 10 1. INTRODUCTION As long ago as 1931, the distinguished American economist, William
More informationModule 6 Essentials of Enterprise Architecture Tools
Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade
More informationOffice of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015
Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationVendor Risk Management Financial Organizations
Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current
More informationCOBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process
Proceedings of FIKUSZ 13 Symposium for Young Researchers, 2013, 67-76 pp The Author(s). Conference Proceedings compilation Obuda University Keleti Faculty of Business and Management 2013. Published by
More informationJOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK
JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK INDEX 1 Introduction... 2 Contextual background... 2.1 The CobiT 5 framework (2012)... 2.2 The ISO 27000 series (2005, 2011)... 2.3 The Risk IT
More informationOctober 7, 2011. Presented to. The PMI Washington DC Chapter. Pedro Agosto. Director of Client Services, XA Systems, LLC. pedro.agosto@xasystems.
October 7, 2011 Presented to The PMI Washington DC Chapter By Pedro Agosto Director of Client Services, XA Systems, LLC pedro.agosto@xasystems.com Introduction Re-evaluating IT Services Today s Challenges
More informationIT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma
IT Governance, Risk and Compliance (GRC) : A Strategic Priority Joerg Asma Agenda Introductions An Overview of IT Governance Risk & Compliance (IT-GRC) The Value Proposition Implementing an IT-GRC Program
More informationSolve Your IT Project Funding Challenges
RG Perspective Solve Your IT Project Funding Challenges 11 Canal Center Plaza Alexandria, VA 22314 HQ 703-548-7006 Fax 703-684-5189 www.robbinsgioia.com 2013 Robbins Gioia, Inc. 1. Introduction The struggling
More informationStepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM
Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and
More informationRSA ARCHER OPERATIONAL RISK MANAGEMENT
RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume
More informationMDM and Data Governance
MDM and Data Governance T-86.5161 Janne J. Korhonen Helsinki University of Technology Lecture Contents Master Data Management, lecture (40 min) SOA Characteristics and MDM, group work (60 min) Break (5
More informationS24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma
S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma Governance, Risk, Compliance (GRC) Automation Siamak Razmazma Siamak.razmazma@protiviti.com September 2009 Agenda Introduction to
More informationImpact of New Internal Control Frameworks
Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com
More informationAPPENDIX 50. Enterprise risk management - Risk management overview
APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...
More informationSESSION 709 Wednesday, November 4, 9:00am - 10:00am Track: Strategic View
SESSION 709 Wednesday, November 4, 9:00am - 10:00am Track: Strategic View The Business of IT Provisioning Bill Irvine Transformation Strategist, Accelerate Innovation, VMware billirvine@comcast.net Session
More informationApplying Integrated Risk Management Scenarios for Improving Enterprise Governance
Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used
More informationGovernance SPICE. ISO/IEC 15504 for Internal Financial Controls and IT Management. By János Ivanyos, Memolux Ltd. (H)
Governance SPICE ISO/IEC 15504 for Internal Financial Controls and IT Management By János Ivanyos, Memolux Ltd. (H) 1. Evaluating Internal Controls against Governance Frameworks Corporate Governance is
More information10 Best-Selling Modules For Home Information Technology Professionals
Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich
More informationENTERPRISE RISK MANAGEMENT FOR BANKS
ENTERPRISE RISK MANAGEMENT FOR BANKS Seshagiri Rao Vaidyula, Senior Manager, Governance, Risk and Compliance Jayaprakash Kavala, Consultant, Banking and Financial Services 1 www.wipro.com/industryresearch
More informationInformation Technology Integration Putting IT to work in driving deal success
February 2013 A publication from PwC's Deals M&A Integration practice Information Technology Integration Putting IT to work in driving deal success At a glance Research consistently shows that integrating
More informationInformation Governance 2.0 A DOCULABS WHITE PAPER
Information Governance 2.0 A DOCULABS WHITE PAPER Information governance is the control of an organization s information to meet its regulatory, litigation, and risk objectives. Effectively managing and
More information14 October 2015 ISACA Curaçao Conference By: Paul Helmich
Governance, Risk & Compliance A practical approach 14 October 2015 ISACA Curaçao Conference By: Paul Helmich Topics today What is GRC? How much of all the GRC literature, tools, etc. do I need to study
More informationEVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS
EVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS Carlos Moreno Martínez Information Systems Department, Universidad Europea de Madrid Spain Email: 20839394@live.uem.es
More informationResearch Data Management Framework: Capability Maturity Guide
ANDS Guides Research Data Management Framework: Capability Maturity Guide Introduction The outline set out below shows five levels of attainment or maturity which institutions may achieve in managing their
More informationPrinciples of IT Governance
Principles of IT Governance Governance of enterprise IT focuses on delivering services to support top line growth while moving operational savings to the bottom line. The management of IT services has
More informationBlending Corporate Governance with. Information Security
Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power
More informationTying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation
Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus
More informationPredictive Marketing for Banking
Tony Firmani Predictive Analytics Solution Architect Predictive Marketing for Banking Business Analytics software Session Overview Data Drives Decisions Applying Predictive Analytics Throughout Entire
More informationAn Implementation Roadmap
An Implementation Roadmap The 2nd Abu Dhabi IT s Forum P J Corum, CSQA, CSTE, ITSM Managing Director Quality Assurance Institute Middle East and Africa Dubai, UAE Quality Assurance Institute Middle East
More informationRecommendation for IT Governance Using the COBIT 4.1 Framework
Recommendation for IT Governance Using the COBIT 4.1 Framework William F. Slater, III, MBA, M.S., PMP, CISSP, CISA Week 7 Assignment CYBR 615 Cybersecurity Governance and Compliance January 27, 2013 January
More informationWEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER
WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER MAY 2012 INDEX 1 Introduction... 1 2 Contextual background... 3 2.1 The CobiT 5 framework (2012)... 4 2.2 The ISO 27000 series (2005,
More informationRequest for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll
Request for Proposal Supporting Document 3 of 4 Contract and Relationship December 2007 Table of Contents 1 Introduction 3 2 Governance 4 2.1 Education Governance Board 4 2.2 Education Capability Board
More informationFeature. Developing an Information Security and Risk Management Strategy
Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide
More informationSoftware Asset Management on System z
Software Asset Management on System z Mike Zelle Tivoli WW IT Asset Management Marketing SAM in SHARE Project Manager mzelle@us.ibm.com Agenda Why Software Asset Management (SAM) The Discipline of Software
More informationDatacenter Migration Think, Plan, Execute
Datacenter Migration Think, Plan, Execute Datacenter migration is often regarded as a purely technical, almost trivial side-project, to be delivered by existing IT staff alongside their day jobs. With
More informationDevOps: The Key to Delivering High Quality Application Services Faster
DevOps: The Key to Delivering High Quality Application Services Faster Stephen Elliot Vice President Cloud and IT Infrastructure DevOps Defined DevOps is a methodology that unifies a team including business
More informationWHAT IS GRC AND WHERE IS IT HEADING? A BRIEFING PAPER. www.claytonutz.com
WHAT IS GRC AND WHERE IS IT HEADING? A BRIEFING PAPER www.claytonutz.com BACKGROUND Well established governance, risk and compliance functions have for many years formed a key part of management practice
More informationIRMAC SAS INFORMATION MANAGEMENT, TRANSFORMING AN ANALYTICS CULTURE. Copyright 2012, SAS Institute Inc. All rights reserved.
IRMAC SAS INFORMATION MANAGEMENT, TRANSFORMING AN ANALYTICS CULTURE ABOUT THE PRESENTER Marc has been with SAS for 10 years and leads the information management practice for canada. Marc s area of specialty
More informationIntroduction to Enterprise Risk Management at UVM DRAFT
Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for
More informationInformation Security Management System for Microsoft s Cloud Infrastructure
Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System
More informationInternal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL.
Internal Audit Report on January 2010 2010 January - English - Information Technology - Security Access - FINAL.doc Contents Background...3 Introduction...3 IT Security Architecture,Diagram 1...4 Terms
More informationbuilding a business case for governance, risk and compliance
building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building
More informationGovernance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management
Brochure More information from http://www.researchandmarkets.com/reports/585854/ Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management Description: In recent years, the
More informationUnderstanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher
Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role
More informationDomain 1 The Process of Auditing Information Systems
Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge
More informationInformation Governance & Records Management for Today's World
May 19-22, 2014, Toronto ON Canada Information Governance & Records Management for Today's World Presented by Colin Cahill LI22 5/20/2014 1:15 PM - 2:45 PM The handouts and presentations attached are copyright
More informationImproving Financial Performance, Governance and Compliance
Enterprise Risk Management Improving Financial Performance, Governance and Compliance Through A Structured Approach Experis Finance By: Fred E. Lutzeier National ERM Director Fred.Lutzeier@Experis.Com
More informationThe End of a Cost Centre - Transform Enterprise Printing into Competitive Advantage
The End of a Cost Centre - Transform Enterprise Printing into Competitive Advantage Xerox Event, Riyadh, 14 May 2012 Tobias Kleu Research Manager Imaging and Hardcopy Peripherals, Print Services & Document
More informationWelcome to Modulo Risk Manager Next Generation. Solutions for GRC
Welcome to Modulo Risk Manager Next Generation Solutions for GRC THE COMPLETE SOLUTION FOR GRC MANAGEMENT GRC MANAGEMENT AUTOMATION EASILY IDENTIFY AND ADDRESS RISK AND COMPLIANCE GAPS INTEGRATED GRC SOLUTIONS
More informationCOBIT 4.1 TABLE OF CONTENTS
COBIT 4.1 TABLE OF CONTENTS Executive Overview....................................................................... 5 COBIT Framework.........................................................................
More informationView Point. Lifting the Fog on Cloud
View Point Lifting the Fog on Cloud There s a massive Cloud build-up on the horizon and the forecast promises a rain of benefits for the enterprise. Cloud is no more a buzzword. The enabling power of the
More informationWHITE PAPER December, 2008
INTRODUCTION Key to most IT organization s ongoing success is the leadership team s ability to anticipate, plan for, and adapt to change. With ever changing business/mission requirements, customer/user
More informationSan Francisco Chapter. Cassius Downs Network Edge LLC
Cassius Downs Network Edge LLC ITIL History ITIL Books V3 Objectives Business Benefits of V3 V3 Changes Training & Certification V2 or V3? Summary 2 The 12 Rules 1. EXERCISE Rule #1: Exercise boosts brain
More information