ITAG RESEARCH INSTITUTE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "ITAG RESEARCH INSTITUTE"

Transcription

1 ITAG RESEARCH INSTITUTE Control and Governance Maturity Survey Establishing a reference benchmark and a self-assessment tool Erik Guldentops Wim Van Grembergen Steven De Haes

2 Control and Governance Maturity Survey 2/8 Introduction The CobiT Framework identifies 34 IT processes within an IT environment. For each process, it provides a high-level control statement and between 3 and 30 detailed control objectives. With CobiT 3 rd edition, a management layer was added called Management Guidelines - providing critical success factors, key performance indicators and maturity models for each of the processes. The maturity levels were defined in a similar manner as SEI s Software Maturity Models (see Table 1): Table Non-existent Management processes are not applied at all 1 Initial Processes are ad hoc and disorganised 2 - Repeatable Processes follow a regular pattern 3 - Defined Processes are documented and communicated 4 - Managed Processes are monitored and measured 5 - Optimised Best practices are followed and automated These Maturity Models provide a method of scoring so that an organisation can grade itself from non-existent to optimised in controlling IT processes. While each process has specific descriptions of maturity, they follow a generic model provided in attachment. The basic principle of such a maturity measurement is that one can only move to a higher maturity when all conditions, described in a certain maturity level, are fulfilled. Management can use this tool to obtain a quick self-assessment or a reference in conjunction with an independent review. It defines the As-Is position of the enterprise relative to IT Control and Governance Maturity, allows to select a To-Be level appropriate for the enterprise and after analysis of the gaps - develop a strategy for improvement. Many ISACA members and COBIT users have requested information on how organisations are doing relative to these Maturity Models as described in the Management Guidelines. In response, ISACA has set up a "Control and Governance Maturity Survey." The purpose of this survey was to provide a self-assessment tool and to establish an actual reference benchmark on the IT control and governance maturity of enterprises and organisations in the public and not-for-profit sector. The results of the survey have now been collected and analysed. The main conclusion of the survey is that, on average, the maturity of enterprises in controlling IT processes hovers generally between the 2 and 2.5, with the financial industry and global companies in the 2.5 to 3.0 bracket. Moreover, further filtering the results by size of enterprises, type of industry and geography reveals some interesting specific differences.

3 Control and Governance Maturity Survey 3/8 Methodology To collect the data, we developed a web-based survey for assessing the average maturity of the 15 most important processes of CobiT (see Table 2). Table 2 PO1 Define a strategic IT plan PO3 Determine technological direction PO5 Manage the IT investment PO9 Assess risks PO10 Manage projects AI1 Identify automated solutions AI2 Acquire and maintain application software AI5 Install and accredit systems AI6 Manage changes DS1 Define and manage service levels DS4 Ensure continuous service DS5 Ensure systems security DS10 Manage problems and incidents DS11 Manage data M1 Monitor the process The first column refers to the domains in which the processes are classified: PO = Planning & Organisation, AI = Acquisition and Implementation, DS = Delivery and Support, M = Monitoring This selection of 15 out of 34 processes was done a year prior to the survey by interviewing a group of some 20 senior experts of the IT and audit industry. For each of the 15 processes, respondents had to give a maturity score from 0 to 5, each time complying with the principles of a maturity measurement. To assist the respondents in doing this, the maturity model descriptions could be very easily consulted by clicking on a link. By the same token, we asked respondents to record driving forces (that push the company to a higher maturity level) or inhibiting forces (that inhibit the company from reaching a higher maturity level). To facilitate this, a group of 5 industry experts identified some of the most common drivers and inhibitors, but respondents could of course identify others as well. Before mailing the final version of the survey, we first created a web-based pilot. This pilot was posted on the internet in December 2001 and we asked several experts to fill in the survey for a real-life situation (their results were also included in the final survey). Based on their comments and suggestions, we made the survey much more user-friendly and accessible. Moreover, together with them, we finalised the list of possible drivers and inhibitors. The final survey was posted in March 2002 and an invitation to participate was sent to the purchasers of CobiT s second and third edition. The survey was closed in June 2002.

4 Control and Governance Maturity Survey 4/8 In total, we received 168 valid responses, distributed over different geographies, sizes and sectors (see Figure 1). Figure 1 Global Asia/Oceania America s Small Large Other Finance Public sector Europa/Middle East/Africa Medium Retail & Manufacturing For the overall results of the maturity levels, we calculated and compared the un-weighted averages per process. We then filtered the results by size, sector and geography and again compared the un-weighted averages. This revealed some interesting differences. Finally, we ranked the driving and inhibiting forces in order of importance, based on the number of times the respondents selected a driving/inhibiting force. Findings Figure 2 represents the un-weighted averages of the maturity scores for each process. Most of the maturity levels fluctuate between the 2 and the 2.5 and the variance between these results is very small. There are five processes with a maturity level higher then 2.5: - DS5: ensure systems security - AI1: identify automated solutions - AI2: acquire and maintain application software - DS10: manage problems and incidents - PO10: manage projects After 11 th of September 2001, security and contingency are certainly more under the attention of management. This explains the high score for DS5 (ensure systems security). Probably, this situation also led to more investments in DS10 DS5 DS4 A16 A15 Incident Response capabilities, which clarifies the high maturity score of DS10 (manage problems and incidents). An explanation for the high maturity level of AI1 (identify automated solutions), AI2 (acquire and maintain software) and PO10 (manage projects) can be found in the economic downturn. A consequence is that the IT department often has to cut costs. This can be realised by, among other, optimising the project management and the selection and implementation of (automated) solutions. The processes with the lowest scores are: - DS1: define and manage service levels - M1: monitor the processes - PO9: assess risks The low scores for DS1 and M1 point out that enterprises should be more formal in the management, control and performance measurement of processes and service levels. PO9 is probably only a priority for very risk-aware enterprises. DS1 M Po1 Po3 A12 Po5 Po9 A11 Figure 2 Po10

5 Control and Governance Maturity Survey 5/8 Filtering these results by size generates Figure 3. As could be expected, this figure shows that smaller companies have on M1 average a lower maturity level compared to DS11 the larger companies. For large companies, the maturity levels of the processes hover DS10 around 3, while for small companies, the maturity level is situated around 2. However, DS5 for the small companies, the results reveal a peak for DS5 (ensure systems security) DS4 compared to its other processes. As already mentioned, September the 11 th 2001 can be DS1 an explanation for this phenomenon. The A16 maturity levels of the medium sized companies lean more towards the overall average. Po Po3 Figure 3 Po5 Po9 Po10 A11 A12 A15 large medium small We also filtered the results by type of industry (sector), as shown in Figure 4. The finance sector has in general a relatively high maturity level compared to the other sectors. This is certainly true DS5 DS10 DS4 DS11 DS1 M1 A Po1 A15 Po3 A12 Po5 A11 Po9 Po10 Figure 4 for DS4 and DS5, i.e. ensure continuous service and ensure systems security. These processes are of course extremely important for the financial institutions. This sector can not afford downtime of their systems. In this comparison, the retail and manufacturing sector score low, with an exception for AI1 and AI2, i.e. identify automated solutions and acquire and maintain application software. Automating business processes by software applications is very important in this sector. This graphic also illustrates a relatively higher maturity in the Public Sector in the Planning domain, probably due to the presence of explicit policies and regulations. Comparing the different continents, as shown in figure 5, indicates that enterprises in Asia and Oceania and global working companies Po1 have a relatively high maturity level M Po3 compared to companies in the America s DS Po5 and in Europe, Middle East and Africa 2.50 (EMEA). This result is quite understandable global 2.00 DS10 Po9 for global working companies. However, the 1.50 asia/oceania high maturity levels in Asia/Oceania are 1.00 more difficult to explain. A reason may be DS5 Po10 emea the fact that the measurement of a americas maturity level is probably dependent on DS4 A11 cultural and historical backgrounds of the DS1 A12 company and the region it is working in. Despite of the clearly described maturity A16 A15 models, these differences can have an impact on the way one measures and scales maturity. Moreover, it should be indicated that the finance public sector ret & manuf.

6 Control and Governance Maturity Survey 6/8 results are the maturity levels that the respondents have given to their own company and from their personal perspective. It is therefore very important that these results are interpreted with the necessary care (overestimations are possible) and that they are positioned in a world-wide context. It was never the purpose of this survey to validate these results by other means. A closer look at the America s reveals a peak for DS5 (ensure systems security). Again, September the 11th can be an explanation. On the other hand, the America s seem to be relatively immature, on M1 (monitor the process) and DS1 (define and manage service levels), compared to other processes. The same conclusion can be made for DS1 in Europe, Middle East and Africa. The other results for Europe, Middle East and Africa lean towards to overall average. As mentioned in the introduction of this article, we identified possible driving and inhibiting forces to reach a higher maturity level and asked respondents to indicate those that were applicable in their situation. Based on the results, we ranked the driving and inhibiting forces in order of importance (starting with the most important), as shown in the Table 3 and 4. Reputation and trust seems to be a very important driving force to move to a higher maturity level, while budget Limitations can inhibit moving up to a higher level. When an enterprise is aiming to move a certain process to a higher maturity level, it is clear that these issues have to be very closely monitored. The given context in which a company operates implies of course that specific driving or inhibiting forces could occur that are not mentioned in this list. The challenge is then to identify them. Some specific drivers that the respondents recorded themselves are corporate governance, acquisitions and size of the organisation. Specific inhibitors were a reactive mindset and again the size of the organisation. Conclusion Table 3 Table 4 Driving forces - Reputation and trust - Legal, regulatory, contract compliance - Performance improvement - Risk reduction - Cost reduction - Mission and goals - Corporate values - Competitive environment - External political/economical environment Inhibiting forces - Budget limitations - Resource priorities - Resource conflicts - Availability of skilled staff - Management awareness - Management commitment - No easy solution - Existing architecture - Lack of ownership - External political/economical environment - Lack of tools This study provides in the first place a reference benchmark and a self-assessment tool. The data collected indicates that the 15 most important processes of the CobiT framework have a maturity level between the 2 and 2.5. Filtering these results by size, geography and type of industry, revealed some interesting differences. For example, large companies, companies in the finance sector or globally operating companies showed a higher maturity level than average (2.5 to 3.0). While being aware of the limitations of self-assessments, the industry, size and geography breakouts of this survey should nevertheless provide many organisations with a benchmark to compare their maturity in IT Control and Governance. There was however one test that gave some confidence for the results. Prior to the survey, 5 industry experts estimated where the different industries should reasonably be. They scored generally 0.5 points higher than the respondents, meaning that respondents have most probably been fair in their judgement, and confirming what we all suspect: There is room for improvement. ISACA wants to thank all those who participated in this survey. We feel certain the information we gained as a result of the efforts of the respondents will be useful and beneficial to all who aspire to more effective IT governance.

7 Control and Governance Maturity Survey 7/8 Attachment 0 Non Existent. Complete lack of any recognisable processes. Organisation has not even recognised that there is an issue to be addressed. 1 Initial. There is evidence that the organisation has recognised that the issues exist and need to be addressed. There are however no standardised processes but instead there are ad hoc approaches that tend to be applied on an individual or case by case basis. The overall approach to management is chaotic. 2 Repeatable. Processes have developed to the stage where similar procedures are followed different people undertaking the same task. There is no formal training or communication of standard procedures and responsibility is left to the individual. There is a high degree of reliance on the knowledge of individuals and therefore errors are likely. 3 Defined. Procedures have been standardised and documented, and communicated through training. It is however left to the individual to follow these processes, and any deviations would be unlikely to be detected. The procedures themselves are not sophisticated but are the formalisation of existing practices. 4 Managed. It is possible to monitor and measure compliance with procedures and to take action where processes appear not to be working effectively. Processes are under constant improvement and provide good practice. Automation and tools are used in a limited or fragmented way. 5 Optimised. Processes have been refined to a level of best practice, based on the results of continuous improvement and maturity modelling with other organisations. IT is used in an integrated way to automate the workflow and provide tools to improve quality and effectiveness.

8 Control and Governance Maturity Survey 8/8 About UAMS UAMS (University Antwerp Management School) has the ambition to be a learning partner in management, by offering a broad range of training programmes for future and current managers in the business world, in public services and socialprofit organizations. The priorities cover optimal quality control, interactive teaching methods, an emphasis on researchbased knowledge and best practice, an international orientation and a continuous adaptation of our programmes to the needs of the market. About ITAG The Information Technology Alignment and Governance (ITAG) Research Institute, was established in within UAMS to host applied research in the domains of IT Governance and business/it alignment. The research centre is an initiative of Prof. dr. Wim Van Grembergen and dr. Steven De Haes. Both have research and practical experience in the IT Governance and Strategic Alignment domains. Recently, this team was reinforced by senior researcher Hilde Van Brempt. Contact UAMS - ITAG Research Institute Sint-Jacobsmarkt 9-13 B-2000 Antwerpen Belgium Wim Van Grembergen, Ph.D. is a professor at the Information Systems Management Department of the University of Antwerp and an executive professor at the University of Antwerp Management School. He is academic director of the Information Technology and Alignment (ITAG) Research Institute and has conducted research in the areas of IT governance, value management and performance management. Over the past years, he has been involved in research and development activities of several COBIT products. He can be contacted at Steven De Haes, Ph.D. is responsible for the information systems management executive programs and research at the University of Antwerp Management School. He is managing director of the Information Technology and Alignment (ITAG) Research Institute and recently finalised a Ph.D. on IT governance and business/it alignment. He has been involved in research and development activities of several COBIT products. He can be contacted at Erik Guldentops is an executive professor at the University of Antwerp Management School (Belgium). He has initiated and provided leadership to the COBIT and Val IT initiatives since their inception.

ITAG RESEARCH INSTITUTE

ITAG RESEARCH INSTITUTE ITAG RESEARCH INSTITUTE Practices in IT Governance and Business/IT Alignment By Steven De Haes, Ph.D., and Wim Van Grembergen, Ph.D. In many organisations, information technology (IT) has become crucial

More information

ITAG RESEARCH INSTITUTE

ITAG RESEARCH INSTITUTE ITAG RESEARCH INSTITUTE Cobit s management guidelines revisited: the s / s cascade 1 Wim Van Grembergen, University of Antwerp (UA) Steven De Haes University Antwerp Management School (UAMS) IT Alignment

More information

ITAG RESEARCH INSTITUTE

ITAG RESEARCH INSTITUTE ITAG RESEARCH INSTITUTE Using CobiT and the Balanced Scorecard as Instruments for Service Level Management Wim Van Grembergen, University of Antwerp (UA), University of Antwerp Management School (UAMS)

More information

ITAG RESEARCH INSTITUTE

ITAG RESEARCH INSTITUTE ITAG RESEARCH INSTITUTE Best Practices in IT governance and alignment Steven De Haes Wim Van Grembergen University of Antwerp Management School IT governance is high on the agenda, but many organizations

More information

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process Proceedings of FIKUSZ 13 Symposium for Young Researchers, 2013, 67-76 pp The Author(s). Conference Proceedings compilation Obuda University Keleti Faculty of Business and Management 2013. Published by

More information

Prioritising and Linking Business and IT Goals in the Financial Sector

Prioritising and Linking Business and IT Goals in the Financial Sector Prioritising and Linking Business and IT Goals in the Financial Sector Wim Van Grembergen, Ph.D. Steven De Haes Hilde Van Brempt University of Antwerp University of Antwerp University of Antwerp Wim.VanGrembergen@ua.ac.be

More information

ITAG RESEARCH INSTITUTE

ITAG RESEARCH INSTITUTE ITAG RESEARCH INSTITUTE Information Technology Governance Best Practices in Belgian Organisations Steven De Haes, University of Antwerp Management School Wim Van Grembergen, Ph.D., University of Antwerp

More information

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT

ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Accounting and Management Information Systems Vol. 11, No. 1, pp. 44 55, 2012 ASSESSMENT OF THE IT GOVERNANCE PERCEPTION WITHIN THE ROMANIAN BUSINESS ENVIRONMENT Pavel NĂSTASE 1 and Simona Felicia UNCHIAŞU

More information

Strategic IT audit. Develop an IT Strategic IT Assurance Plan

Strategic IT audit. Develop an IT Strategic IT Assurance Plan Strategic IT audit Develop an IT Strategic IT Assurance Plan Speaker Biography Hans Henrik Berthing is Partner at Verifica and Senior Advisor & Associated Professor at Aalborg University. He is specialized

More information

ITAG RESEARCH INSTITUTE

ITAG RESEARCH INSTITUTE ITAG RESEARCH INSTITUTE Analysing the Relationship Between IT Governance and Business/IT Alignment Maturity Steven De Haes, University of Antwerp Management School Wim Van Grembergen, University of Antwerp

More information

ITAG RESEARCH INSTITUTE

ITAG RESEARCH INSTITUTE ITAG RESEARCH INSTITUTE Structures, processes and relational mechanisms for Information Technology Governance: Theories and practices Wim Van Grembergen, University of Antwerp & University of Antwep Management

More information

Designing a Data Governance Framework to Enable and Influence IQ Strategy

Designing a Data Governance Framework to Enable and Influence IQ Strategy Designing a Data Governance Framework to Enable and Influence IQ Strategy Elizabeth M. Pierce University of Arkansas at Little Rock PG 135 Overview of Corporate and Key Asset Governance (Reproduced from

More information

Implementing COBIT based Process Assessment Model for Evaluating IT Controls

Implementing COBIT based Process Assessment Model for Evaluating IT Controls Implementing COBIT based Process Assessment Model for Evaluating IT Controls By János Ivanyos, Memolux Ltd. (H) Introduction New generations of governance models referring to either IT or Internal Control

More information

Workshop agenda. Data Quality Metrics and IT Governance. Today s purpose. Icebreaker. Audience Contract. Today s Purpose

Workshop agenda. Data Quality Metrics and IT Governance. Today s purpose. Icebreaker. Audience Contract. Today s Purpose Workshop agenda Strategic Data Quality Management Data Quality Metrics and IT Governance Today s purpose data quality metrics Conclusion Presenter: Micheal Axelsen Director Information Systems Consulting

More information

Revised October 2013

Revised October 2013 Revised October 2013 Version 3.0 (Live) Page 0 Owner: Chief Examiner CONTENTS: 1. Introduction..2 2. Foundation Certificate 2 2.1 The Purpose of the COBIT 5 Foundation Certificate.2 2.2 The Target Audience

More information

Auditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance

Auditors Need to Know June 13th, 2012. ISACA COBIT 5 for Assurance COBIT 5 What s New, What Auditors Need to Know June 13th, 2012 Anthony Noble Viacom Inc. ISACA COBIT 5 for Assurance Task Force Chair Special thanks to Derek Oliver & ISACA for supplying material for this

More information

ITIL AND COBIT EXPLAINED

ITIL AND COBIT EXPLAINED ITIL AND COBIT EXPLAINED 1 AGENDA Overview of Frameworks Similarities and Differences Details on COBIT Framework (based on version 4.1) Details on ITIL Framework, focused mainly on version.2. Comparison

More information

2009 Solvay Brussels School and IT Governance institute

2009 Solvay Brussels School and IT Governance institute IT Governance Masterclass Georges Ataya CISA, CGEIT, CISA, CISSP, MSCS, PBA International VP, IT Governance Institute Professor, Solvay Business School Managing Partner, ICT Control NV 1 Georges Ataya

More information

The Asset Management Landscape

The Asset Management Landscape The Asset Management Landscape ISBN 978-0-9871799-1-3 Issued November 2011 www.gfmam.org The Asset Management Landscape www.gfmam.org ISBN 978-0-9871799-1-3 Published November 2011 This version replaces

More information

In the past few years, open source software (OSS) has

In the past few years, open source software (OSS) has Copyright 2008 Information Systems Audit and Control Association. All rights reserved. www.isaca.org. Using COBIT 4.1 to Guide the Adoption and Implementation of Open Source Software By Kris Ven, Steven

More information

The US Sarbanes-Oxley Act has brought about an

The US Sarbanes-Oxley Act has brought about an Copyright 2005 Information Systems Audit and Control Association. All rights reserved. www.isaca.org. Measuring and Improving IT Governance Through the Balanced Scorecard By Wim Van Grembergen and Steven

More information

ow to use CobiT to assess the security & reliability of Digital Preservation

ow to use CobiT to assess the security & reliability of Digital Preservation ow to use CobiT to assess the security & reliability of Digital Preservation Erpa WORKSHOP Antwerp 14-16 April 2004 Greet Volders Managing Consultant - VOQUALS N.V. Vice President & in charge of Education

More information

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll

Request for Proposal. Supporting Document 3 of 4. Contract and Relationship Management for the Education Service Payroll Request for Proposal Supporting Document 3 of 4 Contract and Relationship December 2007 Table of Contents 1 Introduction 3 2 Governance 4 2.1 Education Governance Board 4 2.2 Education Capability Board

More information

CobiT Strategy and Long Term Vision

CobiT Strategy and Long Term Vision CobiT Strategy and Long Term Vision Urs Fischer VP Head IT Risk Mgmt, Security & ICS SwissLife Seite 2 1 Seite 3 Seite 4 2 Session Objective Provide those interested stakeholders with a clear and single

More information

COBIT 4.1 TABLE OF CONTENTS

COBIT 4.1 TABLE OF CONTENTS COBIT 4.1 TABLE OF CONTENTS Executive Overview....................................................................... 5 COBIT Framework.........................................................................

More information

Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks

Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks Assessing & Managing IT Risks: Using ISACA's CobiT & Risk IT Frameworks 2ο InfoCom Security Conference Anestis Demopoulos, Vice President ISACA Athens Chapter, & Senior Manager, Advisory Services, Ernst

More information

ITAG RESEARCH INSTITUTE

ITAG RESEARCH INSTITUTE ITAG RESEARCH INSTITUTE Using COBIT 4.1 to guide the adoption and implementation of open source software Kris Ven, Wim Van Grembergen, Steven De Haes and Jan Verelst University of Antwerp Abstract Open

More information

Masterclass Cycle on Information Security Management

Masterclass Cycle on Information Security Management Masterclass Cycle on Information Security Management Season 2016 The Masterclass Cycle on Information Security Management is a truly European modular programme, co-created with the CIO community, that

More information

IT Process Architectures for Enterprises Development: A Survey from a Maturity Model Perspective

IT Process Architectures for Enterprises Development: A Survey from a Maturity Model Perspective IT Process Architectures for Enterprises Development: A Survey from a Maturity Model Perspective Roberto Santana Tapia 1 Department of Computer Science University of Twente E-mail: r.santanatapia@utwente.nl

More information

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA Quality and security in application development Round Table Meeting/Discussion Group Wednesday 23rd May 2007 Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA 1 The International

More information

INFORMATION TECHNOLOGY FLASH REPORT

INFORMATION TECHNOLOGY FLASH REPORT INFORMATION TECHNOLOGY FLASH REPORT ISACA Releases COBIT 5: Updated Framework for the Governance and Management of IT May 18, 2012 In April, ISACA released COBIT 5 as a replacement for its current globally

More information

Case Study / A global customer service academy that creates a comprehensive cultural shift

Case Study / A global customer service academy that creates a comprehensive cultural shift Case Study / Sales staff worldwide equipped with the mindset and behaviours to deliver consistently high standards of customer service A global customer service academy that creates a comprehensive cultural

More information

IT service management: resetting priorities for an uncertain economy.

IT service management: resetting priorities for an uncertain economy. Service management IT service management: resetting priorities for an uncertain economy. Smarter management for a dynamic infrastructure Richard Esposito, vice president, IT strategy and architecture services,

More information

Universiteit Leiden ICT in Business

Universiteit Leiden ICT in Business Universiteit Leiden ICT in Business An Exploratory Examination of the Practicability of COBIT framework Name: Student-no: Shengnan (Sophie) Zhang s1124668 Date: 14/03/2013 1st supervisor: Prof. Dr. Hans

More information

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13

Cyber Security Consultancy Standard. Version 0.2 Crown Copyright 2015 All Rights Reserved. Page 1 of 13 Cyber Security Consultancy Standard Version 0.2 Crown Copyright 2015 All Rights Reserved Page 1 of 13 Contents 1. Overview... 3 2. Assessment approach... 4 3. Requirements... 5 3.1 Service description...

More information

CREATING A LEAN BUSINESS SYSTEM

CREATING A LEAN BUSINESS SYSTEM CREATING A LEAN BUSINESS SYSTEM This white paper provides an overview of The Lean Business Model how it was developed and how it can be used by enterprises that have decided to embark on a journey to create

More information

Executive Summary: Internal Audit Report # 11-07 IT Governance April 13, 2011

Executive Summary: Internal Audit Report # 11-07 IT Governance April 13, 2011 Executive Summary: Internal Audit Report # 11-07 IT Governance Organization Impact Audit Objective & Scope Professional auditing standards require internal auditors to periodically review and assess the

More information

ITAG RESEARCH INSTITUTE

ITAG RESEARCH INSTITUTE ITAG RESEARCH INSTITUTE Linking the IT Balanced Scorecard to the Business Objectives at a Major Canadian Financial group Wim Van Grembergen University of Antwerp (UFSIA) Ronald Saull Information Services

More information

AUDIT OF ACCOUNTING INFORMATION SYSTEM USING COBIT 4.1 FOCUS ON DELIVER AND SUPPORT DOMAIN

AUDIT OF ACCOUNTING INFORMATION SYSTEM USING COBIT 4.1 FOCUS ON DELIVER AND SUPPORT DOMAIN AUDIT OF ACCOUNTING INFORMATION SYSTEM USING COBIT 4.1 FOCUS ON DELIVER AND SUPPORT DOMAIN 1 NI PUTU SRI MERTA SURYANI, 2 GUSTI MADE ARYA SASMITA, 3 I KETUT ADI PURNAWAN 1 Under Graduate Student, Department

More information

Recordkeeping maturity model and road map:

Recordkeeping maturity model and road map: Recordkeeping maturity model and road map: Improving recordkeeping in Queensland public authorities Queensland State Archives October 2010 Security classification: Public Department of Science, Information

More information

IT governance is a concept that has suddenly emerged and

IT governance is a concept that has suddenly emerged and Copyright 2004 Information Systems Audit and Control Association. All rights reserved. www.isaca.org. IT Governance and Its Mechanisms By Steven De Haes and Wim Van Grembergen, Ph.D. IT governance is a

More information

S11 - Implementing IT Governance An Introduction Debra Mallette

S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Implementing IT Governance An Introduction Debra Mallette S11 - Introduction to IT Governance Implementation using COBIT and Val IT Speaker: Debra Mallette, CGEIT, CISA, CSSBB Session Objectives

More information

quality, health & safety and environment training and consulting

quality, health & safety and environment training and consulting quality, health & safety and environment training and consulting QUALMS Group QHSE Training & Consulting is a leading business services provider of applied; Quality, Food Safety, Occupational Health &

More information

ITIL Maturity Model. October 2013

ITIL Maturity Model. October 2013 ITIL Maturity Model October 2013 2 ITIL Maturity Model Contents 1 ITIL processes and functions 3 2 Availability 4 3 Maturity levels 4 References 7 Acknowledgements 7 Trade marks 7 ITIL Maturity Model 3

More information

G11 EFFECT OF PERVASIVE IS CONTROLS

G11 EFFECT OF PERVASIVE IS CONTROLS IS AUDITING GUIDELINE G11 EFFECT OF PERVASIVE IS CONTROLS The specialised nature of information systems (IS) auditing and the skills necessary to perform such audits require standards that apply specifically

More information

Information Security Governance:

Information Security Governance: Information Security Governance: Designing and Implementing Security Effectively 2 nd Athens International Forum on Security 15 16 Jan 2009 Anestis Demopoulos, CISA, CISSP, CIA President of ISACA Athens

More information

Leadership, Governance and Management ACUTE HOSPITAL SERVICES. Supporting services to deliver quality healthcare JUNE 2013

Leadership, Governance and Management ACUTE HOSPITAL SERVICES. Supporting services to deliver quality healthcare JUNE 2013 QUALITY ASSESSMENT & IMPROVEMENT ACUTE HOSPITAL SERVICES JUNE 2013 Leadership, Governance and Management Supporting services to deliver quality healthcare Effective Care and Support Safe Care and Support

More information

Benchmark of controls over IT activities. 2011 Report. ABC Ltd

Benchmark of controls over IT activities. 2011 Report. ABC Ltd www.pwc.com/cy Benchmark of controls over IT activities 2011 Report ABC Ltd... 2012 Scope and approach We wish to provide you with our IT Benchmarking report over IT activities at ABC Ltd (the Company)

More information

Global Human Capital Trends 2015 Country report: Luxembourg

Global Human Capital Trends 2015 Country report: Luxembourg Global Human Capital Trends 2015 Country report: Luxembourg Global Human Capital Trends 2015 Country report: Luxembourg 1 Leadership: Why a perennial issue? LEADING Leadership: Why a perennial issue? Companies

More information

An Exploratory Study into IT Governance Implementations and its Impact on Business/IT Alignment

An Exploratory Study into IT Governance Implementations and its Impact on Business/IT Alignment Information Systems Management, 26: 123 137 Copyright Taylor & Francis Group, LLC ISSN: 1058-0530 print/1934-8703 online DOI: 10.1080/10580530902794786 UISM An Eploratory Study into IT Governance Implementations

More information

Masterclass Cycle on Information Security Management

Masterclass Cycle on Information Security Management Masterclass Cycle on Information Security Management The Masterclass Cycle on Information Security Management is a truly European modular programme, co-created with the CIO community, that targets a high

More information

April 20, 2006. Integrating COBIT into the IT Audit Process (Planning, Scope Development, Practices)

April 20, 2006. Integrating COBIT into the IT Audit Process (Planning, Scope Development, Practices) Integrating COBIT into the IT Audit Process (Planning, Scope Development, Practices) April 20, 2006 San Francisco ISACA Chapter Luncheon Seminar Presented By Lance M. Turcato, CISA, CISM, CPA Deputy City

More information

Practical perspectives in advancing data governance to create improved data quality frameworks

Practical perspectives in advancing data governance to create improved data quality frameworks Practical perspectives in advancing data governance to create improved data quality frameworks Presented by: Micheal Axelsen Director Applied Insight Pty Ltd INTRODUCTION About this presentation Purpose

More information

ITIL v3 Service Manager Bridge

ITIL v3 Service Manager Bridge ITIL v3 Service Manager Bridge Course Length: 5 Days Course Overview This 5 day hands on, certification training program enables ITIL Version 2 certified Service Managers to upgrade their Service Manager

More information

STRATEGIC PLAN 2015 2018

STRATEGIC PLAN 2015 2018 STRATEGIC PLAN 2015 2018 Content Strategic plan 2015 2018 International - Impact - Interaction Our Purpose Our Core Resources Our Core Values Our Aspirations Six Must Wins Means to Win Implementation 2

More information

An IT Governance Framework for Universities in Spain

An IT Governance Framework for Universities in Spain An IT Governance Framework for Universities in Spain Antonio Fernández 1 and Faraón Llorens 2 1 Dpto. Lenguajes y Computación, Universidad de Almería, Crta. Sacramento s/n La Cañada de San Urbano, 04120

More information

Audit & Inspection Management. Enterprise Cloud Audit & Inspection Management Solution

Audit & Inspection Management. Enterprise Cloud Audit & Inspection Management Solution Enterprise Cloud Solution is an end-to-end solution for the planning, execution and reporting of corporate external and internal audit and inspections across enterprise risk, safety, security and sustainability.

More information

Aligning IT with Business Needs (Why Right-sourcing works)

Aligning IT with Business Needs (Why Right-sourcing works) Aligning IT with Business Needs (Why Right-sourcing works) Mike Ryan Aligning IT with Business Needs (Why Right-sourcing works) Mike Ryan Challanges running IT Keeping IT Running Value Costs Mastering

More information

D6.1: Service management tools implementation and maturity baseline assessment framework

D6.1: Service management tools implementation and maturity baseline assessment framework D6.1: Service management tools implementation and maturity baseline assessment framework Deliverable Document ID Status Version Author(s) Due FedSM- D6.1 Final 1.1 Tomasz Szepieniec, All M10 (31 June 2013)

More information

AUTHORISATION PROCEDURES FOR BANKS FOREIGN ESTABLISHMENTS 1 (March 1983)

AUTHORISATION PROCEDURES FOR BANKS FOREIGN ESTABLISHMENTS 1 (March 1983) AUTHORISATION PROCEDURES FOR BANKS FOREIGN ESTABLISHMENTS 1 (March 1983) In seeking to promote high banking standards, not only within its member countries but on as wide a basis as possible, the Committee

More information

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide Standard 1 Governance for Safety and Quality in Health Service Organisations Safety and Quality Improvement Guide 1 1 1October 1 2012 ISBN: Print: 978-1-921983-27-6 Electronic: 978-1-921983-28-3 Suggested

More information

opinion piece Meeting the Challenges of Supplier Relations in a Multisourcing Environment

opinion piece Meeting the Challenges of Supplier Relations in a Multisourcing Environment opinion piece Meeting the Challenges of Supplier Relations in a Multisourcing Environment New approaches and skills are required to effectively manage the increased volume and complexity of relationships

More information

HP OpenView Service Desk + Alignability Process Model = ITIL Out of the Box?

HP OpenView Service Desk + Alignability Process Model = ITIL Out of the Box? HP OpenView Service Desk + Alignability Process Model = ITIL Out of the Box? Marc Gumbold, ITC GmbH Tutorial id: fr-0900/4 Imagine the future. Let s make it happen. 2006 Hewlett-Packard Development Company,

More information

Introducing a Capacity Management Maturity Model

Introducing a Capacity Management Maturity Model Introducing a Capacity Management Maturity Model Business units are demanding more services and greater reliability from IT, while also trying to constrain, or even reduce, budgets. In those rare cases

More information

Information Technology Governance Best Practices in Belgian Organisations

Information Technology Governance Best Practices in Belgian Organisations Information Technology Governance Best Practices in Belgian Organisations Steven De Haes University of Antwerp Management School Steven.DeHaes@ua.ac.be Wim Van Grembergen, Ph.D. University of Antwerp Wim.VanGrembergen@ua.ac.be

More information

COMPLIANCE CHARTER 1

COMPLIANCE CHARTER 1 COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management...

More information

Governance SPICE. ISO/IEC 15504 for Internal Financial Controls and IT Management. By János Ivanyos, Memolux Ltd. (H)

Governance SPICE. ISO/IEC 15504 for Internal Financial Controls and IT Management. By János Ivanyos, Memolux Ltd. (H) Governance SPICE ISO/IEC 15504 for Internal Financial Controls and IT Management By János Ivanyos, Memolux Ltd. (H) 1. Evaluating Internal Controls against Governance Frameworks Corporate Governance is

More information

Government leadership in assuring better quality healthcare in South Africa: policy into practice

Government leadership in assuring better quality healthcare in South Africa: policy into practice Government leadership in assuring better quality healthcare in South Africa: policy into practice Authors: Marshall CA (Dr); Msibi EB Office of Standards Compliance, National Department of Health, SOUTH

More information

www.pwc.nl Procurement Transformation: Towards Sourcing & Procurement Excellence

www.pwc.nl Procurement Transformation: Towards Sourcing & Procurement Excellence www.pwc.nl Procurement Transformation: Towards Sourcing & Procurement Excellence PwC firms provide Industry-focused Assurance, Tax and Advisory services to enhance value for their clients. More than 161.000

More information

März 2005. I SA C A A fter H our Seminar - I mplementing I T Governanc e - H err U rs Fis c her. Seite 1

März 2005. I SA C A A fter H our Seminar - I mplementing I T Governanc e - H err U rs Fis c her. Seite 1 Implementing IT Governance using the CobiT Maturity Modell Seite 1 IT Governance Domains Strategic Alignment Value Delivery Resource Management Risk Management Performance Measurement Seite 2 Basis Solvency

More information

IT Governance and Control: An Analysis of CobIT 4.1. Prepared by: Mark Longo

IT Governance and Control: An Analysis of CobIT 4.1. Prepared by: Mark Longo IT Governance and Control: An Analysis of CobIT 4.1 Prepared by: Mark Longo December 15, 2008 Table of Contents Introduction Page 3 Project Scope Page 3 IT Governance.Page 3 CobIT Framework..Page 4 General

More information

The Self-Assessment Methodology - Guidance

The Self-Assessment Methodology - Guidance The Self-Assessment Methodology - Guidance Version 1 June 2014 General Guidance Notes for using the SAM: a Self-Assessment Methodology for use with BSI PAS 55:2008 and ISO 55000/1/2:2014 Copyright The

More information

Integrating CMMI with COBIT and ITIL

Integrating CMMI with COBIT and ITIL Integrating with COBIT and ITIL Dr. Bill Curtis Chief Process Officer 2005 Agenda 1) The IT Space 3 2) and COBIT 7 3) and ITIL 27 C M M IT T I O B C L CMM and are registered with the US Patent and Trademark

More information

Risk & Hazard Management

Risk & Hazard Management Rivo Software Solution Layer provides a rapidly deployable complete set of hazard and risk management functionality from any device, accessible from anywhere through our highly secure cloud platform. Identify,

More information

Protecting Malaysia in the Connected world

Protecting Malaysia in the Connected world Protecting Malaysia in the Connected world cyber Security Company of the Year (Cybersecurity Malaysia, 2014) Most innovative information security company in Malaysia (Cybersecurity Malaysia, 2012) BAE

More information

Card Solutions. More than a system. An entire solution.

Card Solutions. More than a system. An entire solution. More than a system. An entire solution. There are plenty of companies that will offer to improve your card processing by selling you clever software. We re one of them and with our Base2000 application,

More information

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY

CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY CYBER SECURITY DASHBOARD: MONITOR, ANALYSE AND TAKE CONTROL OF CYBER SECURITY INTRODUCTION Information security has evolved. As the landscape of threats increases and cyber security 1 management becomes

More information

Somewhere Today, A Project is Failing

Somewhere Today, A Project is Failing Aligning CobiT and ITIL - The Business Benefit 2007 ISACA All rights reserved www.isaca.org Page - 1 Somewhere Today, A Project is Failing Chapter 1, Peopleware 2nd edition Tom DeMarco 2007 ISACA All rights

More information

FINANCIAL MANAGEMENT MATURITY MODEL

FINANCIAL MANAGEMENT MATURITY MODEL Definition: Financial management is the system by which the resources of an organisation s business are planned, directed, monitored and controlled to enable the organisation s goals to be achieved. Guidance

More information

CHAPTER 8 ASSET MANAGEMENT

CHAPTER 8 ASSET MANAGEMENT CHAPTER 8 ASSET MANAGEMENT 8.1 Introduction An additional task of the WRMP was to educate and engage GWA personnel in the concepts of asset management. Three specific areas of asset management have been

More information

A CobiT Case Study. Drawing on CobiT for the implementation of an Enterprise Risk Management Framework. December 2008

A CobiT Case Study. Drawing on CobiT for the implementation of an Enterprise Risk Management Framework. December 2008 A CobiT Case Study Drawing on CobiT for the implementation of an Enterprise Risk Management Framework December 2008 Presenter: Clive E. Waugh, CISSP C/EH 1 Risk Management Framework Objectives CobiT provided

More information

Australian Computer Society. Policy Statement

Australian Computer Society. Policy Statement Australian Computer Society Policy Statement on SOFTWARE QUALITY ACCREDITATION www.acs.org.au October 2004 ACS POLICY STATEMENT ON SOFTWARE QUALITY ACCREDITATION 2004 CONTENTS Summary of ACS Position...5

More information

IT governance in Brazil:

IT governance in Brazil: Article IT governance in Brazil: does it matter? Authors Prof. Dr. Guilherme Lerch Lunardi, Universidade Federal do Rio Grande (FURG), Brazil. IT governance in Brazil Prof. Dr. Joâo Luiz Becker, Universidade

More information

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE 1 IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE ANSWERS AND PRACTICAL TIPS FROM THE IT GOVERNANCE AUDIT PROFESSIONALS JOHAN LIDROS, PRESIDENT EMINERE GROUP KATE MULLIN, CISO, HEALTH

More information

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire

More information

Request for Information Integrated Portfolio, Project & Management Information System Technical Assistance Unit RFI: TAU/01

Request for Information Integrated Portfolio, Project & Management Information System Technical Assistance Unit RFI: TAU/01 Integrated Portfolio, Project & Management Information System Technical Assistance Unit RFI: TAU/01 TABLE OF CONTENT 1 Disclaimer... 4 2 Purpose... 4 3 Background... 4 4 Specific Objectives of this Document...

More information

Do you know how your grants are being used?

Do you know how your grants are being used? Do you know how your grants are being used? Complying with the law and regulation of churches Stewardship Briefing Paper Stewardship, 1 Lamb s Passage, London EC1Y 8AB t: 020 8502 5600 e: enquiries@stewardship.org.uk

More information

ITAG RESEARCH INSTITUTE

ITAG RESEARCH INSTITUTE ITAG RESEARCH INSTITUTE IT Governance Structures, Processes and Relational Mechanisms Achieving IT/Business Alignment in a Major Belgian Financial Group Steven De Haes, University of Antwerp Management

More information

TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management.

TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA. Colruyt ensures data privacy with Identity & Access Management. TECHNOLOGY BRIEF: PREVENTING UNAUTHORISED ACCESS TO CRITICAL SYSTEMS AND DATA Colruyt ensures data privacy with Identity & Access Management. Table of Contents Executive Summary SECTION 1: CHALLENGE 2

More information

How to gather and evaluate information

How to gather and evaluate information 09 May 2016 How to gather and evaluate information Chartered Institute of Internal Auditors Information is central to the role of an internal auditor. Gathering and evaluating information is the basic

More information

Service delivery Change management Process improvement System upgrades. The perfect storm?

Service delivery Change management Process improvement System upgrades. The perfect storm? Service delivery Change management Process improvement System upgrades The perfect storm? Elspet Garvey Manager Business Process Management Office Process, Change and Continuous Improvement e.garvey@auckland.ac.nz

More information

Research Data Management Framework: Capability Maturity Guide

Research Data Management Framework: Capability Maturity Guide ANDS Guides Research Data Management Framework: Capability Maturity Guide Introduction The outline set out below shows five levels of attainment or maturity which institutions may achieve in managing their

More information

ABB s Supplier Qualification System Registration in Achilles Power & Tech Frequently Asked Questions (FAQs) June 2013

ABB s Supplier Qualification System Registration in Achilles Power & Tech Frequently Asked Questions (FAQs) June 2013 ABB s Supplier Qualification System Registration in Achilles Power & Tech Frequently Asked Questions (FAQs) June 2013 ABB Supplier FAQ Version 2.0 03042014 Page 1 of 16 Contents Overview... 4 Why has ABB

More information

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP Presented by Denis Darveau CISM, CISA, CRISC, CISSP Las Vegas ISACA Chapter, February 19, 2013 2 COBIT Definition Control Objectives for Information and Related Technology (COBIT) is an IT governance framework

More information

Board of Member States ERN implementation strategies

Board of Member States ERN implementation strategies Board of Member States ERN implementation strategies January 2016 As a result of discussions at the Board of Member States (BoMS) meeting in Lisbon on 7 October 2015, the BoMS set up a Strategy Working

More information

Quick Guide: Meeting ISO 55001 Requirements for Asset Management

Quick Guide: Meeting ISO 55001 Requirements for Asset Management Supplement to the IIMM 2011 Quick Guide: Meeting ISO 55001 Requirements for Asset Management Using the International Infrastructure Management Manual (IIMM) ISO 55001: What is required IIMM: How to get

More information

Finance Effectiveness Efficiency

Finance Effectiveness Efficiency Business Unit Finance Effectiveness Efficiency An overview Agenda Page 1 Efficiency - An overview 1 2 Our services 7 3 Case study 14 Section 1 Efficiency - An overview 1 Section 1 Efficiency - An overview

More information

The Challenges to Success for Project/Programme Management Offices

The Challenges to Success for Project/Programme Management Offices The Challenges to Success for Project/Programme Management Offices An ESI International Study +44 (0)20 7017 7100 www.esi-intl.co.uk Key Findings Project/Programme Management Offices (PMO) contribute to

More information

GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001

GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001 1 GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001 Tolga MATARACIOGLU 1 and Sevgi OZKAN 2 1 TUBITAK National Research Institute of Electronics and Cryptology (UEKAE), Department of

More information

PinkVERIFY 2011 IT SERVICE MANAGEMENT TOOL ASSESSMENT. Produced By : Pink Elephant Date : May 2015

PinkVERIFY 2011 IT SERVICE MANAGEMENT TOOL ASSESSMENT. Produced By : Pink Elephant Date : May 2015 PinkVERIFY 2011 IT SERVICE MANAGEMENT TOOL ASSESSMENT Produced By : Pink Elephant Date : May 2015 1 Table Of Contents 1 PinkVERIFY IT Service Management Tool Assessment Service... 3 1.1 Executive Summary...

More information