The Role of ECM in IT Governance

Similar documents
Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

IT Compliance After Hours Seminar September 2007 Zurich. Improving IT Risk & Compliance Management (RCM)

IT governance in Brazil:

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

Practical Approaches to Achieving Sustainable IT Governance

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

CobiT Strategy and Long Term Vision

Challenges & Trends. Differentiate & Innovate the Business Model. Optimize and streamline the Operations

IT Charter and IT Governance Framework

Effectively Using CobiT in IT Service Management

IT Governance: framework and case study. 22 September 2010

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

Mapping COBIT 5 with IT Governance, Risk and Compliance at Ecopetrol S.A. By Alberto León Lozano, CISA, CGEIT, CIA, CRMA

Introduction to ISACA and ITGI By Georges Ataya, International Vice President, ISACA

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL

Applied Agile Practices for Large-scale Organizations

Enaxis Consulting Overview

IT Governance Regulatory. P.K.Patel AGM, MoF

PwC Luxembourg. Models for the governance of your investments with Portfolio Management September 2009

Based on 2008 Survey of 255 Non-IT CEOs/Executives

Balanced Scorecard; a Tool for Measuring and Modifying IT Governance in Healthcare Organizations

Integrated Facility Management in an Industrial Environment. Conference Round table discussion Frankfurt, 30. October 2012

ITIL AND COBIT EXPLAINED

Moving Forward with IT Governance and COBIT

ITIL Foundation Certification Course

Wealth management advisory. Ernst & Young Financial Services Office

Dr. Gad J. Selig, PMP, COP Managing Partner, GPS Group, Inc., Director, Technology Management & Dual Graduate Business Degree Programs & Associate

Cloud Computing and Data Center Consolidation

IT Governance. What is it and how to audit it. 21 April 2009

The Importance of IT Controls to Sarbanes-Oxley Compliance

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

ISO/IEC Part 1 the next edition

SECTION B DEFINITION, PURPOSE, INDEPENDENCE AND NATURE OF WORK OF INTERNAL AUDIT

Cloud Computing in a Regulated Environment

SOA Governance and the Service Lifecycle

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP

Ann Geyer Tunitas Group. CGEIT Domains

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK

IT Governance Dr. Michael Shaw Term Project

The Art of Architecture Transformation. Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Guide to Separately Managed Accounts

Master Data Management for Life Sciences Manufacturers

Master Data Management For Life Sciences Manufacturers

Introduction Auditing Internal Controls in an IT Environment SOx and the COSO Internal Controls Framework Roles and Responsibilities of IT Auditors

CITY OF HOUSTON. Executive Order. Information Technology (IT) Governance

2011 Diploma General Management of small and medium enterprises (60 days), University of St. Gallen

Benchmark of controls over IT activities Report. ABC Ltd

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

Cybersecurity The role of Internal Audit

October 8, User Conference. Ronald Layne Manager, Data Quality and Data Governance

Somewhere Today, A Project is Failing

ITIL v3 Process Cheat Sheets

Software-as-a-Service: Managing Key Concerns and Considerations

Best Practices for Data Governance

Governance, Risk, Compliance and Beyond: The Emergence of Strategic IT Risk Management

Enterprise Architecture at Work

COBIT 5 Implementation Certification Course

Understanding SAS 70 Reports on Internal Control

ISO20000: What it is and how it relates to ITIL v3

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

Information Security Risk Management

Delivering peace of mind in outsourcing

Agenda 3/7/ ERM Symposium March 14 16, Continuous Controls Monitoring. I. Changes In Corporate Environment

Information Technology Governance. Steve Crutchley CEO - Consult2Comply

ISO/IEC Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1

The Role of Tools in IT Infrastructure Outsourcing

10 Best-Selling Modules For Home Information Technology Professionals

Information Technology Governance: Key Success Factors

BEST PRACTICES. March 29, 2005 IT Governance Framework. by Craig Symons. Helping Business Thrive On Technology Change

Executive's Guide to

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015

Outsourcing and Offshoring A Case Study: Zurich Financial Services

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

Maturity Assesment for Processes in IT

Agency for State Technology

IT Governance, Risk and Compliance (GRC) : A Strategic Priority. Joerg Asma

Preparation Guide. EXIN IT Service Management Executive Consultant/Manager based on ISO/IEC 20000

Introducing SOA Governance Suite. Magnus Wettemark, Solution Consultant Manager Software AG

INFORMATION TECHNOLOGY FLASH REPORT

VISION: MISSION: VALUES:

ISO 9001 Quality Management System

SAP Managed Services SAP MANAGED SERVICES. Maximizing Performance and Value, Minimizing Risk and Cost

COBIT Helps Organizations Meet Performance and Compliance Requirements

DESIGNING A DATA GOVERNANCE MODEL BASED ON SOFT SYSTEM METHODOLOGY (SSM) IN ORGANIZATION

Getting Business Value from Customer Engagement. Chet Geschickter, Research Director Gartner Energy & Utilities Industries Research

Transcription:

The Role of ECM in The value of ECM and how to communicate it to Executive Management Dr. Bruno Wildhaber CISA/CISM, Founding member USA Forte Advisors LLC Washington Office 8300 Greensboro Drive Suite 800 Mc Lean, Virginia 22102 Phone +1 703 287 8730 usa@forte-advisors.com Switzerland (Headoffice) Forte Advisors AG Glatt Tower Postfach CH-8301 Glattzentrum Tel +41 44 307 36 84 info@forte-advisors.com Germany Tel +49 69 710 455 417 germany@forte-advisors.com Forte Advisors AG, Zurich, 2007 The role of ECM in Agenda Goals Corporate Governance The Role of ECM Recommendations 1.Goals 2.Corporate Governance 3. 4.The Role of ECM 5.Recommendations

The role of ECM in Goals of this Session Show the contents and Importance of Corporate Governance (CG) Show how to use the Investors perspective as a driving force for CG and (ITG) Explain a new integrated IT Governance model Show the relation between ITG and ECM Give some recommendations on how to communicate ECM topics to management. Steve Francis, Houston Rockets The role of ECM in Corporate Governance (CG) Goals Corporate Governance The Role of ECM Recommendations What is Corporate Governance and why is it important?

The Challenge 5 Conformance Risk optimization Position 1 Value Cost Position 2 Performance Strategic Alignment A definition of CG 6 strategic integrated.. A system, by which companies are strategically directed, integratively managed and holisticaly controlled in an entrepreneurial and ethical way in accordance with a particular context.. Prof. Dr. Martin Hilb, University of St. Gallen, Switzerland controlled situational

The (IT) investors/owners view 7 targeted investment Technology Investment Own Strategic goals Board of directors Supervisory board Owner Executive board Results Technology Investment Apply forced investment Technology investors view: Invest in companies and products Technology users view: Invest in IT to support business process Normative actions 8 Vision and values Strategic goals develop strategy Board of directors Supervisory board Owner Executive board develop strategy

The full challenge 9 Conformance Risk optimization Vision and values Strategic goals Value projects Board of directors Supervisory board Owner Executive board Cost projects Results Verify results & Performance control Strategic Alignment The role of ECM in 10 (ITG) Goals Corporate Governance The Role of ECM Recommendations What are the goals of ITG? What does ITG consist of? How can be built on CG?

Goals 11 IT is strategically aligned aligning with the business and providing collaborative solutions IT resources are managed knowledge, infrastructure and partners Performance Measurement IT delivers value focus on IT expenses and proof of value IT risks are managed safeguarding assets and disaster recovery Source ITGI; www.itgi.org Implementation Jigsaw 12 normative Bottom up = No normative layer No integrated view No priorities No strategic alignment No control = NO GOVERNANCE no interaction strategic Process Control Process Execution (enterprise operational process model defined using Aris, Rational, etc.) CMM CobiT ITIL ISO 15489 Work Instruction 1.... 2. 1.... 2. no interaction 1.... 2. 1.... 2. 1.... 2.

IT vs. Information management 13 Information Management normative Values I-Technology strategic operational Methods Objects IT Typical Stovepipe situation Our Model 14 strategic IT Decision Making IT Leadership & Principles integrated IT Performance & Control normative Portfolio Mgmt. / IT Architecture / Risk Management / Compliance strategic Projects & Routines operational Enabling Processes & Tools controlled situational

Pillars 15! IT Decision Making " Defined and transparent decision making processes " Define decision making style! IT Leadership & Principles " Define the role of information and IT " Define methods to evaluate projects and investments Portfolio Management & Architecture Example: Work with time boxes " Define a method to align business requirements and architecture " Establish Risk Management & Compliance procedures! IT Performance & Controls " Establish measurement systems Establish maturity models to neutralize views on individual situation Define goals and make them measurable (KPI) " Nose in - Hands out The role of ECM in 16 The Role of ECM Goals Corporate Governance The Role of ECM Recommendations What is the role of Information Management in the ITG context? How to communicate the value of ECM to executive management?

Core elements and structure 17 Corporate Governance IT Decision Making IT Leadership & Principles IT Performance & Control ECM? Portfolio Management IT Architecture IT Risk Management Compliance IT Domains What is the value of Information? 6! Is Information Management (IM) a core competency or just a production factor? " What exactly is your IT competence: Design / Build / Operate? " Is it really a core competency or just additional know-how? " Do you need IT at all??! As a production factor IT is a simple resource, thus " Positioning decides over IT importance " Make or buy depends on strategic goals " In most cases, IT functions can be outsourced!... but " Check BP integration! How to find the right direction? 18

Importance of IT: The GLAS Model 19 S Strategic IT is main cash flow driver; typical IT company A Active IT in a central role; supports more than one core business process Defines about importance of IT in board meetings! L Lean IT in a supporting role; support one or more business processes; core business does not depend on IT G General IT in a purely assisting role; no business process support involved ITG based ECM strategy 20 Normative Strategy defines direction! Conformance Risk optimization conservative Value Risk Mitigation Cost BP Support aggressiv Business cases might be in different GLAS domains But: Very agressive and conservative strategies in combination do not work! Performance Strategic Alignment

Risk Management & Diligence 21 diligence level luxury zone 80%? taboo zone 20% cost How could they...?! The role of ECM in 22 Recommendations Goals Corporate Governance The Role of ECM Recommendations How to implement ECM? What is the role of Standards How to communicate with top management?

Hints 23! Look for the strategy behind a project " Identify business driven ECM needs Look for business initiatives! Identify project portfolios and check for positioning of your project! Watch out for Stovepipes " Combine business requirements and technical architecture! Communicate compliance as compliance requirements " Do not try to create a business case which does not make sense! Refrain from concepts like ROSI ( Return on Security Investment )! Use Standards carefully " Do not try to certify if not absolutely necessary " Only optimized practice suits your strategic needs! Development and execution 24 Always start at the top! Vision and values Owner strategy Compliance musts normative Describe company goals Define milestones Define organization strategic Success control Health Check Risk Alert operational Operational management Work as directed

Starting Point & Reality Check 25 Example: Records Management Self Assessment Maturity Levels: 5 Optimized 4 Managed 3 Definde 2 Repeatable 1 Initial 0 Non existent www.aufbewahrung.ch Best Practice 26! Best Practice vs. Optimized Practice " Best Practice always come bottom up " Who defines "Best"?! Standardization is big business! The value of Best Practice " Best Practice can help you build a compliant enterprise " This is important to avoid certain Risk (e.g. Sarbanes-Oxley)! Best Practice does not help you advancing the company, it is not strategic! There is no best practice if you want to become a leading enterprise!

Standards 27 A group of bored Europeans had a few too many Heinekens and decided to play an elaborate prank on the big companies of the world. The prank became known as ISO 9000, so named because of the number of beers that were consumed that night (the phrase 'ISO' is either an unintelligible phrase or possibly one of the four hundred European slang words meaning 'is that my beer?')" Scott Adams, The Dilbert Principle Thank You! Bruno Wildhaber www.forte-advisors.com bruno.wildhaber@forte-advisors.com