IT Governance: framework and case study. 22 September 2010

Size: px
Start display at page:

Download "IT Governance: framework and case study. 22 September 2010"

Transcription

1 IT Governance: framework and case study

2 Presenter Yaowaluk Chadbunchachai Advisory Services Ernst & Young Corporate Services Limited

3 Presentation topics ERM and IT governance IT governance framework IT governance assessment Case study Implication of IT governance on internal audit We think IT governance needs to be a shared commitment across the business, it s not something that can be left to the CIO and IT departments. Instead, to be effective, it must be understood and the responsibility shared throughout the business. Page 3

4 ERM and IT governance

5 ERM and IT governance ISO9000 ISO38500 CMM ITIL SAS 70/ ISAE 3402 ISO31000 IT Governance Frameworks Confused?? ISO27001 COSO IC/ERM OCEG GRC Balanced Score Card COBIT Page 5

6 IT GRC Drivers & Objectives Most companies have take a very siloed approach to IT risk management which creates multiple redundancies and extensive inconsistency in how IT risks are assessed and managed. An effective IT GRC program will aggregate the evaluation of IT risks and controls to create a convergence of IT Risk activities which results in greater consistency and efficiency across the IT GRC program and the company as a whole. Common Current State Desired Future State External regulators, analysts, investors Board/senior management oversight Audit Risk Other committee committee committees Audit committee Compensation committee Board oversight Risk committees Executive management Other committee CEO CFO CRO General Counsel Inte ernal con ntrol Internal audit Risk management Compliance Internal control Information technology Legal and regulatory External audit Internal audit External audit Aligned mandate and scope Coordinated infrastructure and people Consistent methods and practices Common information and technology Business Business Business Business unit unit unit unit Business Business Business Business unit unit unit unit Page 6

7 ERM and IT governance ERM Page 7

8 IT governance framework

9 IT Governance Defined IT Governance is a set of IT management activities, policies, standards and measures developed to ensure desirable behavior, for the effective, efficient and secure use of technology. Ernst & Young Key IT Governance Decisions IT Governance Determines Evaluation of business initiatives and risk Prioritization of projects Who makes decisions Allocation of resources and budgets Power Performance measurements How they make them Allocation of costs and cost measurement Decision Process/Rights methods Why they make them Tracking and reporting mechanisms Alignment Assessment of value of an IT investment Without proper governance, an organization is at risk of losing its competitive advantage Page 9

10 Why is IT Governance necessary? Fundamentally, it enables a stronger competitive position due to improved performance, efficiency and effectiveness at all levels of the organization Ensures enterprise alignment Ensure effective IT processes and delivery Ensure effective risk management Establishes and deploys the right IT resources and capabilities Enables continuous performance improvement Underpins legal and regulatory compliance Page 10

11 The Enterprise Agenda for IT How does IT impact your business? Value how does IT create value for the enterprise? Cost how does IT help rationalize the overall costs of the business? Risk how does IT help the business manage its overall risk position? IT can be a competitive advantage or a corporate hindrance We believe that for IT to create a positive impact, there are four must do s for the enterprise relative to IT: Align Strategically Govern Effectively Operate Efficiently Measure Performance Op erate Effic ciently Align Strategically Manage Risk Create Value Objectives Rationalize Cost Measure Performance Gove ern Effectiv vely 11 Page 11

12 The ITGI Model Strategic Alignment Strategic Alignment, focuses on ensuring the linkage of business and IT plans; defining, maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations. Performanc nce Measurem ment Strategic Alignment Value Delivery IT Governance Domains Resource Risk Ma anagement Align IT strategy with enterprise strategy Ensure IT delivers against the strategy Co-responsibility of business and IT Direct IT strategy Ensure a culture of openness and collaboration among the business, geographical and functional units of the enterprise Page 12

13 The ITGI Model Value Delivery Value Delivery is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimising costs and proving the intrinsic value of IT. Performanc nce Measurem ment Strategic Alignment Value Delivery IT Governance Domains Resource Risk Ma anagement Appropriate quality, on time and on budget Clarify value, educate, involve stakeholders and manage perceptions Formal tracking of business value of IT (business requirements & process change) Disciplined approach to project management with a larger role for the business Technology standardisation Page 13

14 The ITGI Model Risk Risk requires risk awareness by senior corporate officers, a clear understanding of the enterprise s appetite for risk, understanding of compliance requirements, transparency about the significant risks to the enterprise and embedding of risk management responsibilities into the organisation. Performanc ce Measureme ent Strategic Alignment Value Delivery IT Governance Domains Resource Risk Managemen nt Awareness of IT risks based on proactive and continuous assessment Transparency to all stakeholders Establishing responsibility and embedding risk management into the organisation Risk mitigation can generate costefficiencies Information security Page 14

15 The ITGI Model Resource Resource is about the optimal investment in, and the proper p management of, critical IT resources: applications, information, infrastructure and people. Key issues relate to the optimisation of knowledge and infrastructure. Performanc nce Measurem ment Strategic Alignment Value Delivery IT Governance Domains Resource Risk Ma anagement Inventories of hardware and software Practices to train and retain skilled staff Clear, consistent t and enforced procurement policies Standardised and interoperable infrastructure Service level management Page 15

16 The ITGI Model Performance Measurement Performance Measurement, tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, using, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting. Pe erformance e Measureme ent Strateg tegic Alignment nt Valu alue Delivery IT Governance e a Domains Resource Risk Managemen ent Define and monitor measures IT Balanced Scorecard as emerging reporting system A management reporting system that feeds back into the strategy The most effective means to achieve IT and Business alignment Enabling effective value measurement (ROI, NPV ) Page 16

17 IT governance assessment

18 Assessing IT Governance Initial/ Repeatable Defined Managed Non-existent Ad Hoc but Intuitive process and Measurable Optimised i (Maturity Model - CobiT 4.1 ) 0 - processes are not applied at all. 1 - Processes are ad hoc and disorganised. 2 - Processes follow a regular pattern. 3 - Processes are documented and communicated. 4 - Processes are monitored and measured. 5 - Best practices are followed and automated. Page 18

19 Assessing IT Governance Sample Maturity Model for IT Governance Value Delivery Domain 1. IT Direction i & Planning 2. Enterprise IT Architecture 3. Value Measurement 4. Project Portfolio Mgt 5.3 rd Party Relationship Mgt Non- Existent IT Governance Value Delivery Maturity Model - CobiT 4.1 Initial/ Ad Hoc Repeatable but Intuitive Defined process Managed and Measurable Optimized Legend Current State Interim Target State Target State 0 - Processes are non-existent 1 - Processes are ad hoc & disorganized 2 - Processes are repeatable but intuitive 3 - Processes are defined, documented & communicated 4 - Processes are managed & measured 5 - Processes are optimized Legend Current State Interim Target State Target State Example also in Appendix D (page 48) of Board Briefing on IT Governance booklet Page 19

20 Assessing IT Governance Maturity model ranking Organizational scorecard to ITGI model Gap analysis leading to improvement initiatives Uses a scale of 0 through 5 to measure the maturity level of the area being assessed Do not assume that the desired state is always 5 Critical to perform analysis over time; especially as the business changes (e.g. mergers, integrations, etc.) Page 20

21 Example: IT Governance Maturity Assessment Components IT Governance Framework Strategic Alignment Value Delivery Risk Resource Performance Measurement Program Mission and Framework Program Oversight Communication Strategy Corporate Alignment Role of IT/Definition of IT Value Strategic Direction Business, IT and Operations Alignment Investment Prioritization and Allocation IT Direction and Planning Enterprise IT Architecture Value Measurement Program and Project Third-Party Relationship IT & Business Risk Alignment Integrated IT Risk Framework IT Risk Oversight IT Resource & Asset Infrastructure Technology Lifecycle Knowledge Strategic Sourcing Performance Metrics Performance Monitoring Quality Improvement Continuous Process Improvement Scope of Potential Measurement Maturity Model Scale IT Governance Maturity Score Distribution 5 0 Processes are non-existent 4 1 Processes are ad-hoc and disorganized 3 2 Processes are repeatable but intuitive 3 Processes are defined, documented and intuitive 2 4 Processes are managed and measured 1 5 Processes are optimized 0 ITG SA VD RiM ReM PM Page 21

22 Example: IT Governance Executive Stakeholder Questionnaire Degree of Agreement (Max, Average, Min) Strategic Alignment I am informed of the strategy of the business. 2 I understand the technology strategy of the organization. 3 I agree with how projects and initiatives are prioritized. 4 I understand how budgets are agreed upon. 5 Projects are aligned with organizational strategy. 6 Project alignment is periodically reevaluated. 7 IT stakeholders are brought into the project early in the planning phase of the project. Value Delivery 8 I am realizing the full value of the investment in IT. 9 If and/or when I we upgrade software or infrastructure, I believe I have input into the decision. 10 I am aware of the IT charges (and how the IT charges) are allocated. Strongly Agree Agree Undecided/ Neutral Disagree Strongly Disagree 11 The organization formally recognizes and measures the value delivered from a technology-enabled process. Page 22

23 Case study Implication of IT governance on internal audit

24 Link risk to IT objectives and processes IT objectives and strategies Inherent key IT risks IT processes IT governance and strategy IT development and design IT operations Information security and protection Guidance and oversight Strategic planning Deliver superior systems and applications Technology enablement to achieve business objectives Superior service support and delivery Continuity of services Optimize operating efficiency Protection of information Effectively manage security risk Link ob bjectives to risks ficance of the ris sk to IT objective es Eva aluate the signif IT Process Duplication and Inefficiencies Emerging Technologies Technology Direction System Disruptions Contracts/3rd Party Vendors - Outsourcing Records Retention Regulatory Compliance People Global Sourcing Business Continuity Asset and Portfolio IT Infrastructure Capacity IT Security/Privacy Financial Reporting Link risk ks to IT pro ocesses Evaluate Mana agement and Co ontrol Activities Infrastructure and Asset Change Service Level Production Support Problem and incident management Project/ program management Customer Support Page 24

25 IT Audit (or IT Risk ) can bring more value to the organization Implementing measures for compliance has made organizational change management a key skill of the IT auditor The same skills used to facilitate compliance can now be used to facilitate IT Effectiveness With the focus over the past five years on financial and compliance risk, strategic and operational risk has been largely ignored It is critical for organizations to refresh their IT risk universe to include all IT risks We are seeing a significant shift in the charter of IT auditors and a renewed focus on assessing and reducing strategic and operational risk Page 25

26 What is the role of your IT Audit function? Is IT Audit focused solely on financial and compliance risk? What is needed to take IT Audit to the next level? CGEIT Certification PMI/CMMI Training i ITIL Training Co-sourcing agreement with knowledge transfer How can IT Audit demonstrate more value to the organization? Make sure your IT risk assessment process evaluates the impact of all major IT risks, including operational and strategic risks Measure the before and after impact of initiatives designed to better manage strategic and operational risks Page 26

27 Thank you

28 Ernst & Young Assurance Tax Transactions Advisory About Ernst & Young Ernst & Young is a global leader in assurance, tax, transaction and advisory services. Worldwide, our 144,000 people are united by our shared values and an unwavering commitment to quality. We make a difference by helping our people, our clients and our wider communities achieve potential. For more information, please visit Ernst & Young refers to the global organization ation of member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients Ernst & Young Corporate Services Limited. All Rights Reserved.

IT Governance. What is it and how to audit it. 21 April 2009

IT Governance. What is it and how to audit it. 21 April 2009 What is it and how to audit it 21 April 2009 Agenda Can you define What are the key objectives of How should be structured Roles and responsibilities Key challenges and barriers Auditing Scope Test procedures

More information

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI Gobierno de TI Enfrentando al Reto IT Facing the Challenge Everett C. Johnson, CPA International President ISACA and ITGI 1 Add titles Agenda Agenda IT governance keys IT governance focus areas: theory

More information

IT Governance Regulatory. P.K.Patel AGM, MoF

IT Governance Regulatory. P.K.Patel AGM, MoF IT Governance Regulatory Perspective P.K.Patel AGM, MoF Agenda What is IT Governance? Aspects of IT Governance What banks should consider before implementing these aspects? What banks should do for implementation

More information

IT Charter and IT Governance Framework

IT Charter and IT Governance Framework IT Charter and IT Governance Framework Status: Custodian: Approved Director: Information Technology Date approved: 2013-12-04 Implementation date: 2013-12-05 Decision number: SAQA 02102/13 Due for review:

More information

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH

More information

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013 Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013 Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities

More information

Based on 2008 Survey of 255 Non-IT CEOs/Executives

Based on 2008 Survey of 255 Non-IT CEOs/Executives Based on 2008 Survey of 255 Non-IT CEOs/Executives > 50% Ranked ITG as very important > 75% of businesses consider ITG to be an integral part of enterprise governance, but the overall maturity level is

More information

IT Risk Management Life Cycle and enabling it with GRC Technology

IT Risk Management Life Cycle and enabling it with GRC Technology IT Risk Management Life Cycle and enabling it with GRC Technology Debbie Lew (debbie.lew@ey.com), Senior Manager, E&Y Steven Jones (steven.jones@ey.com), Senior Manager, E&Y Overview 1. What is risk management?

More information

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA Volume 3, July 2014 Come join the discussion! Alberto León Lozano will respond to questions in the discussion area of the COBIT 5 Use It Effectively topic beginning 21 July 2014. Mapping COBIT 5 with IT

More information

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist Beyond Mandates: Getting to Sustainable IT Governance Best Practices Steve Romero PMP, CISSP, CPM IT Governance Evangelist Agenda > IT Governance Definition > IT Governance Principles > IT Governance Decisions

More information

How To Improve Your Business

How To Improve Your Business IT Risk Management Life Cycle and enabling it with GRC Technology 21 March 2013 Overview IT Risk management lifecycle What does technology enablement mean? Industry perspective Business drivers Trends

More information

Moving Forward with IT Governance and COBIT

Moving Forward with IT Governance and COBIT Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around

More information

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Accounting and Management Information Systems Vol. 11, No. 1, pp. 44 55, 2012 ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Pavel NĂSTASE 1 and Simona Felicia UNCHIAŞU

More information

S11 - Implementing IT Governance An Introduction Debra Mallette

S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Introduction to IT Governance Implementation using COBIT and Val IT Speaker: Debra Mallette, CGEIT, CISA, CSSBB Session Objectives

More information

2009 Solvay Brussels School and IT Governance institute

2009 Solvay Brussels School and IT Governance institute IT Governance Masterclass Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA International VP, IT Governance Institute Professor, Solvay Business School Managing Partner, ICT Control NV 1 Georges Ataya

More information

Maximizing Your IT Value with Well-Aligned Governance August 3, 2012

Maximizing Your IT Value with Well-Aligned Governance August 3, 2012 Maximizing Your IT Value with Well-Aligned Governance August 3, 2012 6 th Annual SoCal Excellence in Service Management Conference Your Presenter: Jason Brucker Associate Director within Protiviti's IT

More information

Practical Approaches to Achieving Sustainable IT Governance

Practical Approaches to Achieving Sustainable IT Governance Practical Approaches to Achieving Sustainable IT Governance Beyond Mandates: Getting to Sustainable IT Governance Best Practices Agenda IT Governance Definition IT Governance Principles IT Governance Decisions

More information

ITIL AND COBIT EXPLAINED

ITIL AND COBIT EXPLAINED ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison

More information

Certified Information Security Manager (CISM)

Certified Information Security Manager (CISM) Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security

More information

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enhancing IT Governance, Risk and Compliance Management (IT GRC) Enabling Reliable eservices Tawfiq F. Alrushaid Saudi Aramco Agenda GRC Overview IT GRC Introduction IT Governance IT Risk Management IT

More information

Continuous Controls Monitoring. Virginia ISACA January Meeting 19 January 2010

Continuous Controls Monitoring. Virginia ISACA January Meeting 19 January 2010 Continuous Controls Monitoring Virginia ISACA January Meeting 19 January 2010 Today s Agenda What We Are Hearing About Risk Internal Controls Continuous Control Monitoring What is CCM? Framework EY Point

More information

Italy. EY s Global Information Security Survey 2013

Italy. EY s Global Information Security Survey 2013 Italy EY s Global Information Security Survey 2013 EY s Global Information Security Survey 2013 This year s survey our 16th edition captures the responses of 1,909 C-suite and senior level IT and information

More information

Revised October 2013

Revised October 2013 Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience

More information

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP 1 An executive view of governance Based on 2009 Survey of 255 Non-IT CEOs/Executives 50% Ranked ITG as very important 75% of

More information

Global Technology Audit Guide. Auditing IT Governance

Global Technology Audit Guide. Auditing IT Governance Global Technology Audit Guide Auditing IT Governance Global Technology Audit Guide (GTAG ) 17 Auditing IT Governance July 2012 GTAG Table of Contents Executive Summary... 1 1. Introduction... 2 2. IT

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

IT Service Management ITIL, COBIT

IT Service Management ITIL, COBIT IT Service Management ITIL, COBIT Bülent Ekuklu Business Development Executive IBM Global Services Global Conditions are Changing 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% Agriculture Manufacturing Service

More information

Enterprise Risk Management & Information Technology

Enterprise Risk Management & Information Technology Enterprise Risk Management & Information Technology Presented by Scott Perry and Gary Ross Slalom Consulting, San Francisco Agenda Introductions Session Objectives Overview of Enterprise Risk Management

More information

GOVERNANCE OF INFORMATION TECHNOLOGY IN HIGHER EDUCATION

GOVERNANCE OF INFORMATION TECHNOLOGY IN HIGHER EDUCATION GOVERNANCE OF INFORMATION TECHNOLOGY IN HIGHER EDUCATION SPANISH ASSOCIATION OF UNIVERSITY RECTORS CONFERENCIA DE RECTORES DE LAS UNIVERSIDADES ESPAÑOLAS Information Technology (IT) has become critical

More information

Identity & Access Management new complex so don t start?

Identity & Access Management new complex so don t start? IT Advisory Identity & Access Management new complex so don t start? Ing. John A.M. Hermans RE Associate Partner March 2009 ADVISORY Agenda 1 KPMG s view on IAM 2 KPMG s IAM Survey 2008 3 Best approach

More information

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia MARIO SPREMIĆ, Ph.D., CGEIT, Full Professor Faculty of Economics and Business Zagreb, University of Zagreb

More information

Strategic IT audit. Develop an IT Strategic IT Assurance Plan

Strategic IT audit. Develop an IT Strategic IT Assurance Plan Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized

More information

Software Asset Management (SAM) and ITIL Service Management - together driving efficiency

Software Asset Management (SAM) and ITIL Service Management - together driving efficiency Software Asset Management (SAM) and ITIL Service Management - together driving efficiency Ian Preskett MIET C.Eng. MBCS CITP Software Asset Management Consultant ian.preskett@ipassociatesltd.co.uk Agenda

More information

COMMUNIQUE. Information Technology (IT) Governance Guidance

COMMUNIQUE. Information Technology (IT) Governance Guidance COMMUNIQUE 14-COM-002 July 14, 2014 Information Technology (IT) Governance Guidance The Credit Union Prudential Supervisors Association (CUPSA) has established an IT Risk Working Group to focus on IT governance

More information

White Paper: AlfaPeople ITSM 2013. This whitepaper discusses how ITIL 3.0 can benefit your business.

White Paper: AlfaPeople ITSM 2013. This whitepaper discusses how ITIL 3.0 can benefit your business. White Paper: AlfaPeople ITSM 2013 This whitepaper discusses how ITIL 3.0 can benefit your business. Executive Summary Imagine trying to run a manufacturing business without a comprehensive and detailed

More information

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013

IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 IT risk management discussion 2013 PIAA Leadership Camp May 15, 2013 Debbie Lew Agenda Review what is IT governance Review what is IT risk management A discussion of key IT risks to be aware of Page 2

More information

XBRL & GRC Future opportunities?

XBRL & GRC Future opportunities? XBRL & GRC Future opportunities? Suzanne Janse Deloitte NL Paul Hulst Deloitte / Said Tabet EMC Presenters Suzanne Janse Deloitte Netherlands Director ERP (SAP, Oracle) Risk Management GRC software Paul

More information

Ann Geyer Tunitas Group. CGEIT Domains

Ann Geyer Tunitas Group. CGEIT Domains 1 CGEIT Exam Prep May 17, 2011 Ann Geyer Tunitas Group CGEIT Domains 2 Job Practice Areas by Domain 25% IT Gov Frameworks 20% Risk Mgmt 15% Strategic Alignment 15% Value Delivery 13% Resource Mgmt 12%

More information

IT Governance Charter

IT Governance Charter Version : 1.01 Date : 16 September 2009 IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.co.za 0825588732 IT Governance Network, Copyright 2009 Page 1 1 Terms

More information

Chayuth Singtongthumrongkul

Chayuth Singtongthumrongkul IT is complicated. IT Governance doesn t have to be. Chayuth Singtongthumrongkul CISSP, CISA, ITIL Intermediate, PMP, IRCA ISMS (ISO/IEC 27001) Director of International Academic Alliance, ACIS Professional

More information

Office of the Chief Information Officer

Office of the Chief Information Officer Office of the Chief Information Officer Business Plan: 2012 2015 Department / Ministère: Executive Council Date: November 15, 2012 1 P a g e This Page Left Intentionally Blank 2 P a g e Contents The Business

More information

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) COBIT 5 For Cyber Security Governance and Management Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE) Cybersecurity Governance using COBIT5 Cyber Defence Summit Riyadh, KSA

More information

Comply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan

Comply, Improve, Transform: Regulatory Compliance Management for Software Development. Jim Duggan Comply, Improve, Transform: Regulatory Compliance Management for Software Development Jim Duggan You Can Offset the Costs of Compliance! Complexity Drives Cost UP Sarbanes-Oxley HIPAA EPA Basel II M&A

More information

CobiT and IT Governance Elements for building in security. from the top, down and the bottom, up

CobiT and IT Governance Elements for building in security. from the top, down and the bottom, up CobiT and IT Governance Elements for building in security from the top, down and the bottom, up David Kohrell, PMP, CISA, MA, MCRP david.kohrell@tapuniversity.com This presentation was developed using

More information

BRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper

BRIDGE. the gaps between IT, cloud service providers, and the business. IT service management for the cloud. Business white paper BRIDGE the gaps between IT, cloud service providers, and the business. IT service management for the cloud Business white paper Executive summary Today, with more and more cloud services materializing,

More information

It s All About Process

It s All About Process It s All About Process A White Paper By Gary Guttridge Principal Change Manage IT Ltd. It s All About Process Page 1 of 10 1. INTRODUCTION As long ago as 1931, the distinguished American economist, William

More information

Module 6 Essentials of Enterprise Architecture Tools

Module 6 Essentials of Enterprise Architecture Tools Process-Centric Service-Oriented Module 6 Essentials of Enterprise Architecture Tools Capability-Driven Understand the need and necessity for a EA Tool IASA Global - India Chapter Webinar by Vinu Jade

More information

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015 Office of the Auditor General AUDIT OF IT GOVERNANCE Tabled at Audit Committee March 12, 2015 This page has intentionally been left blank Table of Contents Executive Summary... 1 Introduction... 1 Background...

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

Vendor Risk Management Financial Organizations

Vendor Risk Management Financial Organizations Webinar Series Vendor Risk Management Financial Organizations Bob Justus Chief Security Officer Allgress Randy Potts Managing Consultant FishNet Security Bob Justus Chief Security Officer, Allgress Current

More information

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process Proceedings of FIKUSZ 13 Symposium for Young Researchers, 2013, 67-76 pp The Author(s). Conference Proceedings compilation Obuda University Keleti Faculty of Business and Management 2013. Published by

More information

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK INDEX 1 Introduction... 2 Contextual background... 2.1 The CobiT 5 framework (2012)... 2.2 The ISO 27000 series (2005, 2011)... 2.3 The Risk IT

More information

October 7, 2011. Presented to. The PMI Washington DC Chapter. Pedro Agosto. Director of Client Services, XA Systems, LLC. pedro.agosto@xasystems.

October 7, 2011. Presented to. The PMI Washington DC Chapter. Pedro Agosto. Director of Client Services, XA Systems, LLC. pedro.agosto@xasystems. October 7, 2011 Presented to The PMI Washington DC Chapter By Pedro Agosto Director of Client Services, XA Systems, LLC pedro.agosto@xasystems.com Introduction Re-evaluating IT Services Today s Challenges

More information

IT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma

IT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma IT Governance, Risk and Compliance (GRC) : A Strategic Priority Joerg Asma Agenda Introductions An Overview of IT Governance Risk & Compliance (IT-GRC) The Value Proposition Implementing an IT-GRC Program

More information

Solve Your IT Project Funding Challenges

Solve Your IT Project Funding Challenges RG Perspective Solve Your IT Project Funding Challenges 11 Canal Center Plaza Alexandria, VA 22314 HQ 703-548-7006 Fax 703-684-5189 www.robbinsgioia.com 2013 Robbins Gioia, Inc. 1. Introduction The struggling

More information

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM Stepping Through the Info Security Program Jennifer Bayuk, CISA, CISM Infosec Program How to: compose an InfoSec Program cement a relationship between InfoSec program and IT Governance design roles and

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

MDM and Data Governance

MDM and Data Governance MDM and Data Governance T-86.5161 Janne J. Korhonen Helsinki University of Technology Lecture Contents Master Data Management, lecture (40 min) SOA Characteristics and MDM, group work (60 min) Break (5

More information

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma

S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma S24 - Governance, Risk, and Compliance (GRC) Automation Siamak Razmazma Governance, Risk, Compliance (GRC) Automation Siamak Razmazma Siamak.razmazma@protiviti.com September 2009 Agenda Introduction to

More information

Impact of New Internal Control Frameworks

Impact of New Internal Control Frameworks Impact of New Internal Control Frameworks Webcast: Tuesday, February 25, 2014 CPE Credit: 1 0 With You Today Bob Jacobson Principal, Risk Advisory Services Consulting Leader West Region Bob.Jacobson@mcgladrey.com

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

SESSION 709 Wednesday, November 4, 9:00am - 10:00am Track: Strategic View

SESSION 709 Wednesday, November 4, 9:00am - 10:00am Track: Strategic View SESSION 709 Wednesday, November 4, 9:00am - 10:00am Track: Strategic View The Business of IT Provisioning Bill Irvine Transformation Strategist, Accelerate Innovation, VMware billirvine@comcast.net Session

More information

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used

More information

Governance SPICE. ISO/IEC 15504 for Internal Financial Controls and IT Management. By János Ivanyos, Memolux Ltd. (H)

Governance SPICE. ISO/IEC 15504 for Internal Financial Controls and IT Management. By János Ivanyos, Memolux Ltd. (H) Governance SPICE ISO/IEC 15504 for Internal Financial Controls and IT Management By János Ivanyos, Memolux Ltd. (H) 1. Evaluating Internal Controls against Governance Frameworks Corporate Governance is

More information

10 Best-Selling Modules For Home Information Technology Professionals

10 Best-Selling Modules For Home Information Technology Professionals Integriertes Risk und Compliance Management als Elemente einer umfassenden IT-Governance Strategie Ing. Martin Pscheidl, MBA, MSc cert. IT Service Manager Manager, Technical Sales CA Software Österreich

More information

ENTERPRISE RISK MANAGEMENT FOR BANKS

ENTERPRISE RISK MANAGEMENT FOR BANKS ENTERPRISE RISK MANAGEMENT FOR BANKS Seshagiri Rao Vaidyula, Senior Manager, Governance, Risk and Compliance Jayaprakash Kavala, Consultant, Banking and Financial Services 1 www.wipro.com/industryresearch

More information

Information Technology Integration Putting IT to work in driving deal success

Information Technology Integration Putting IT to work in driving deal success February 2013 A publication from PwC's Deals M&A Integration practice Information Technology Integration Putting IT to work in driving deal success At a glance Research consistently shows that integrating

More information

Information Governance 2.0 A DOCULABS WHITE PAPER

Information Governance 2.0 A DOCULABS WHITE PAPER Information Governance 2.0 A DOCULABS WHITE PAPER Information governance is the control of an organization s information to meet its regulatory, litigation, and risk objectives. Effectively managing and

More information

14 October 2015 ISACA Curaçao Conference By: Paul Helmich

14 October 2015 ISACA Curaçao Conference By: Paul Helmich Governance, Risk & Compliance A practical approach 14 October 2015 ISACA Curaçao Conference By: Paul Helmich Topics today What is GRC? How much of all the GRC literature, tools, etc. do I need to study

More information

EVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS

EVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS EVALUATION FRAMEWORK FOR SERVICE CATALOG MATURITY IN INFORMATION TECHNOLOGY ORGANIZATIONS Carlos Moreno Martínez Information Systems Department, Universidad Europea de Madrid Spain Email: 20839394@live.uem.es

More information

Research Data Management Framework: Capability Maturity Guide

Research Data Management Framework: Capability Maturity Guide ANDS Guides Research Data Management Framework: Capability Maturity Guide Introduction The outline set out below shows five levels of attainment or maturity which institutions may achieve in managing their

More information

Principles of IT Governance

Principles of IT Governance Principles of IT Governance Governance of enterprise IT focuses on delivering services to support top line growth while moving operational savings to the bottom line. The management of IT services has

More information

Blending Corporate Governance with. Information Security

Blending Corporate Governance with. Information Security Blending Corporate Governance with Information Security WHAT IS CORPORATE GOVERNANCE? Governance has proved an issue since people began to organise themselves for a common purpose. How to ensure the power

More information

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation Tying It All Together: Practical ERM Integration Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation November 16, 2007 1 Agenda Basis for ERM Integration ERM Objectives ERM Focus

More information

Predictive Marketing for Banking

Predictive Marketing for Banking Tony Firmani Predictive Analytics Solution Architect Predictive Marketing for Banking Business Analytics software Session Overview Data Drives Decisions Applying Predictive Analytics Throughout Entire

More information

An Implementation Roadmap

An Implementation Roadmap An Implementation Roadmap The 2nd Abu Dhabi IT s Forum P J Corum, CSQA, CSTE, ITSM Managing Director Quality Assurance Institute Middle East and Africa Dubai, UAE Quality Assurance Institute Middle East

More information

Recommendation for IT Governance Using the COBIT 4.1 Framework

Recommendation for IT Governance Using the COBIT 4.1 Framework Recommendation for IT Governance Using the COBIT 4.1 Framework William F. Slater, III, MBA, M.S., PMP, CISSP, CISA Week 7 Assignment CYBR 615 Cybersecurity Governance and Compliance January 27, 2013 January

More information

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER MAY 2012 INDEX 1 Introduction... 1 2 Contextual background... 3 2.1 The CobiT 5 framework (2012)... 4 2.2 The ISO 27000 series (2005,

More information

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll Request for Proposal Supporting Document 3 of 4 Contract and Relationship December 2007 Table of Contents 1 Introduction 3 2 Governance 4 2.1 Education Governance Board 4 2.2 Education Capability Board

More information

Feature. Developing an Information Security and Risk Management Strategy

Feature. Developing an Information Security and Risk Management Strategy Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide

More information

Software Asset Management on System z

Software Asset Management on System z Software Asset Management on System z Mike Zelle Tivoli WW IT Asset Management Marketing SAM in SHARE Project Manager mzelle@us.ibm.com Agenda Why Software Asset Management (SAM) The Discipline of Software

More information

Datacenter Migration Think, Plan, Execute

Datacenter Migration Think, Plan, Execute Datacenter Migration Think, Plan, Execute Datacenter migration is often regarded as a purely technical, almost trivial side-project, to be delivered by existing IT staff alongside their day jobs. With

More information

DevOps: The Key to Delivering High Quality Application Services Faster

DevOps: The Key to Delivering High Quality Application Services Faster DevOps: The Key to Delivering High Quality Application Services Faster Stephen Elliot Vice President Cloud and IT Infrastructure DevOps Defined DevOps is a methodology that unifies a team including business

More information

WHAT IS GRC AND WHERE IS IT HEADING? A BRIEFING PAPER. www.claytonutz.com

WHAT IS GRC AND WHERE IS IT HEADING? A BRIEFING PAPER. www.claytonutz.com WHAT IS GRC AND WHERE IS IT HEADING? A BRIEFING PAPER www.claytonutz.com BACKGROUND Well established governance, risk and compliance functions have for many years formed a key part of management practice

More information

IRMAC SAS INFORMATION MANAGEMENT, TRANSFORMING AN ANALYTICS CULTURE. Copyright 2012, SAS Institute Inc. All rights reserved.

IRMAC SAS INFORMATION MANAGEMENT, TRANSFORMING AN ANALYTICS CULTURE. Copyright 2012, SAS Institute Inc. All rights reserved. IRMAC SAS INFORMATION MANAGEMENT, TRANSFORMING AN ANALYTICS CULTURE ABOUT THE PRESENTER Marc has been with SAS for 10 years and leads the information management practice for canada. Marc s area of specialty

More information

Introduction to Enterprise Risk Management at UVM DRAFT

Introduction to Enterprise Risk Management at UVM DRAFT Introduction to Enterprise Management at UVM 1 Enterprise What is Enterprise Management? Enterprise risk management is a structured, consistent, and continuous process across the whole organization for

More information

Information Security Management System for Microsoft s Cloud Infrastructure

Information Security Management System for Microsoft s Cloud Infrastructure Information Security Management System for Microsoft s Cloud Infrastructure Online Services Security and Compliance Executive summary Contents Executive summary 1 Information Security Management System

More information

Internal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL.

Internal Audit Report on. IT Security Access. January 2010. 2010 January - English - Information Technology - Security Access - FINAL. Internal Audit Report on January 2010 2010 January - English - Information Technology - Security Access - FINAL.doc Contents Background...3 Introduction...3 IT Security Architecture,Diagram 1...4 Terms

More information

building a business case for governance, risk and compliance

building a business case for governance, risk and compliance building a business case for governance, risk and compliance contents introduction...3 assurance: THe last major business function To be integrated...3 current state of grc: THe challenges... 4 building

More information

Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management

Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management Brochure More information from http://www.researchandmarkets.com/reports/585854/ Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management Description: In recent years, the

More information

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role

More information

Domain 1 The Process of Auditing Information Systems

Domain 1 The Process of Auditing Information Systems Certified Information Systems Auditor (CISA ) Certification Course Description Our 5-day ISACA Certified Information Systems Auditor (CISA) training course equips information professionals with the knowledge

More information

Information Governance & Records Management for Today's World

Information Governance & Records Management for Today's World May 19-22, 2014, Toronto ON Canada Information Governance & Records Management for Today's World Presented by Colin Cahill LI22 5/20/2014 1:15 PM - 2:45 PM The handouts and presentations attached are copyright

More information

Improving Financial Performance, Governance and Compliance

Improving Financial Performance, Governance and Compliance Enterprise Risk Management Improving Financial Performance, Governance and Compliance Through A Structured Approach Experis Finance By: Fred E. Lutzeier National ERM Director Fred.Lutzeier@Experis.Com

More information

The End of a Cost Centre - Transform Enterprise Printing into Competitive Advantage

The End of a Cost Centre - Transform Enterprise Printing into Competitive Advantage The End of a Cost Centre - Transform Enterprise Printing into Competitive Advantage Xerox Event, Riyadh, 14 May 2012 Tobias Kleu Research Manager Imaging and Hardcopy Peripherals, Print Services & Document

More information

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC Welcome to Modulo Risk Manager Next Generation Solutions for GRC THE COMPLETE SOLUTION FOR GRC MANAGEMENT GRC MANAGEMENT AUTOMATION EASILY IDENTIFY AND ADDRESS RISK AND COMPLIANCE GAPS INTEGRATED GRC SOLUTIONS

More information

COBIT 4.1 TABLE OF CONTENTS

COBIT 4.1 TABLE OF CONTENTS COBIT 4.1 TABLE OF CONTENTS Executive Overview....................................................................... 5 COBIT Framework.........................................................................

More information

View Point. Lifting the Fog on Cloud

View Point. Lifting the Fog on Cloud View Point Lifting the Fog on Cloud There s a massive Cloud build-up on the horizon and the forecast promises a rain of benefits for the enterprise. Cloud is no more a buzzword. The enabling power of the

More information

WHITE PAPER December, 2008

WHITE PAPER December, 2008 INTRODUCTION Key to most IT organization s ongoing success is the leadership team s ability to anticipate, plan for, and adapt to change. With ever changing business/mission requirements, customer/user

More information

San Francisco Chapter. Cassius Downs Network Edge LLC

San Francisco Chapter. Cassius Downs Network Edge LLC Cassius Downs Network Edge LLC ITIL History ITIL Books V3 Objectives Business Benefits of V3 V3 Changes Training & Certification V2 or V3? Summary 2 The 12 Rules 1. EXERCISE Rule #1: Exercise boosts brain

More information