Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Similar documents
Maximizing Your IT Value with Well-Aligned Governance August 3, 2012

IT Governance. What is it and how to audit it. 21 April 2009

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

Global Technology Audit Guide. Auditing IT Governance

Know Thy Self: Improving an IT organization s ability to drive business success

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

State of Michigan Department of Technology, Management & Budget

Based on 2008 Survey of 255 Non-IT CEOs/Executives

Practical Approaches to Achieving Sustainable IT Governance

INFORMATION TECHNOLOGY FLASH REPORT

IT Governance (Worthwhile Exercise?) January 10, 2013 Presented by Chad Murphy, CISA

IT Governance: framework and case study. 22 September 2010

Company size matters: Perspectives on IT Governance

Data Governance Overview

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

Revised October 2013

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

Management Update: The Cornerstones of Business Intelligence Excellence

The ICT Strategic plan execution toolbox

Designing a Data Governance Framework to Enable and Influence IQ Strategy

ASAE s Job Task Analysis Strategic Level Competencies

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP

S11 - Implementing IT Governance An Introduction Debra Mallette

IT Governance Regulatory. P.K.Patel AGM, MoF

Domain 1 The Process of Auditing Information Systems

KPMG s Financial Management Practice. kpmg.com

Project Management Office Best Practices

The Value of Vulnerability Management*

Health Data Analytics. Data to Value For Small and Medium Healthcare organizations

Process-Based Business Transformation. Todd Lohr, Practice Director

Moving Forward with IT Governance and COBIT

Leveraging a Maturity Model to Achieve Proactive Compliance

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010

ITSM 101. Patrick Connelly and Sandeep Narang. Gartner.

BEST PRACTICES. March 29, 2005 IT Governance Framework. by Craig Symons. Helping Business Thrive On Technology Change

OPTIMUS SBR. Optimizing Results with Business Intelligence Governance CHOICE TOOLS. PRECISION AIM. BOLD ATTITUDE.

Mobile and BYOD Strategy

SESSION 709 Wednesday, November 4, 9:00am - 10:00am Track: Strategic View

How To Transform It Risk Management

Enterprise Architecture: A Governance Framework

04 Executive Summary. 08 What is a BI Strategy. 10 BI Strategy Overview. 24 Getting Started. 28 How SAP Can Help. 33 More Information

Transforming IT Processes and Culture to Assure Service Quality and Improve IT Operational Efficiency

Payment Card Industry Data Security Standards

State of Minnesota IT Governance Framework

Competency Requirements for Executive Director Candidates

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy

Information Technology Strategic Plan

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

Enterprise Data Governance

Enhancing IT Governance, Risk and Compliance Management (IT GRC)

IT Audit Perspective on Continuous Auditing/ Continuous Monitoring KPMG LLP

Achieving Control: The Four Critical Success Factors of Change Management. Technology Concepts & Business Considerations

Enterprise Data Governance

Office of the Auditor General AUDIT OF IT GOVERNANCE. Tabled at Audit Committee March 12, 2015

How To Use Risk It

Information Technology Auditing for Non-IT Specialist

IT Service Catalog. Awareness Session for. C harles Williams IT Strategy Practice Leader O M

EMC PERSPECTIVE. Information Management Shared Services Framework

Maximizing Business Value Through Effective IT Governance

IT Governance and IT Operations Bizdirect, Mainroad, WeDo, Saphety Lisbon, Portugal October

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia

The expression better, faster, cheaper THE BUSINESS CASE FOR PROJECT PORTFOLIO MANAGEMENT

The Role of ITIL in IT Governance

Sound Transit Internal Audit Report - No

IT GOVERNANCE WITH ROBERT GOODSELL, MANAGING DIRECTOR JOE BRUTSCHE, DIRECTOR

IT Charter and IT Governance Framework

Designing and Implementing Cloud Governance: Cloud, and Cloud Governance, are Emerging Capabilities

Achieving ITSM Excellence Through Availability Management

Improving Financial Performance, Governance and Compliance

GRC Program Best Practices & Lessons Learned

Session 0905 ASUG SBOUC Align your Business and IT with a Solid BI Strategy. Deepa Sankar Pat Saporito

Stepping Through the Info Security Program. Jennifer Bayuk, CISA, CISM

Tying It All Together: Practical ERM Integration. Richard Scanlon Vice President Enterprise Risk Management CIGNA Corporation

TOGAF. TOGAF & Major IT Frameworks, Architecting the Family. by Danny Greefhorst, MSc., Director of ArchiXL. IT Governance and Strategy

Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm

Blending Corporate Governance with. Information Security

Building an Effective Model of EHR Governance and Support

Appendix A-2 Generic Job Titles for respective categories

Assessing Your Information Technology Organization

You Manage What You Measure

An ITIL Perspective for Storage Resource Management

Guide to the Sarbanes-Oxley Act: IT Risks and Controls. Frequently Asked Questions

BI Strategy: Getting to Where You Want to Go with a Business-Driven Strategy

CIOs: How to Become the CEO s Business Partner

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

WHERE S THE ROI? Leveraging Benefits Realization Activities to Optimize Your Organization s Investment in ERP Software

The College of New Jersey Enterprise Risk Management and Higher Education For Discussion Purposes Only January 2012

WHY DO I NEED A PROGRAM MANAGEMENT OFFICE (AND HOW DO I GET ONE)?

Explore the Possibilities

Transcription:

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices April 10, 2013

Today's Agenda: Key Topics Defining IT Governance IT Governance Elements & Responsibilities IT Compliance vs. Governance IT Alignment & Decision-Making IT Performance & Risk Management Assessment & Implementation Considerations 1

IIA Standards for IT Governance Standard 2110-A2: The internal audit activity must assess whether information technology governance of the organization sustains and supports the organizations strategies and objectives. 2

IT Governance Defined: IT Governance Institute (ITGI) IT Governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives. - ITGI 3

IT Governance Defined: ISACA COBIT 5 ISACA s COBIT 5 framework provides objectives that can be broadly applied to IT Governance efforts, including: Create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use. Enable IT to be governed in a holistic manner for the entire enterprise, taking in the full end-to-end business and IT functional areas of responsibility, considering the IT-related interests of internal and external stakeholders. 4

ITGI's Five Areas of IT Governance The ITGI's five IT governance focus areas each present a distinct value proposition: 1 2 3 4 5 Strategic Alignment: Maximize opportunities for the business use of IT while providing transparency and assurance that IT objectives are being achieved. Risk Management: Address legal/regulatory compliance needs and understand/manage key operational risks. Resource Management: Appropriately align IT capabilities with business needs. Performance Management: Utilize real-time data to continuously improve IT delivery. Value Delivery: Optimize return on IT investments. 5

IT Governance Functions IT governance responsibilities primarily reside between: Chief Information Officer (or IT function head) Enterprise IT oversight functions (i.e., steering committee) IT Managers Audit & compliance are stakeholders of IT governance but executive & IT management are the drivers. 6

IT Governance & Business Value According to Sloan (MIT), entities' effective governance can achieve 40% greater returns from IT investment through: Clarified business strategies and the role of IT Measurement of IT spend and value Assignment of accountability Learning from each implementation to become more adept at sharing and reusing IT assets According to the ITGI, fewer than 40% of enterprises feel they have effective IT governance. Implies that over 60% of enterprises fail to realize opportunities for enhanced business success & value. 7

Assessing IT Strategy Alignment & Decision-Making 8

Aligning Strategy & Execution IT governance enables "balanced & predictable" IT delivery IT focus and capability is driven by two dimensions: Strategy and Execution Goal: Maximize time spent in Quadrant II * Based on "The Business Excellence Model", Six Disciplines, 2008, used with permission 9

IT Alignment Challenges What should IT focus on? Without confirming alignment, IT risks becoming fragmented as it moves in multiple directions What is the business strategy? Without clearly articulated business strategy, IT management may not be actively integrated 10

IT Strategic Alignment Benchmarking: Alignment Archetypes The IT Process Institute (ITPI) identified three common IT alignment archetypes: 1 2 3 Utility Providers: Are not proactively engaged with the business; primarily focused on "keep the lights on" services. Process Optimizers: Are more responsive to business needs; focus on business applications and processes as well as "keep the lights on" services. Revenue Enablers: Are well integrated into the business strategy; focus on technology-enabled products as well as business processes and "keep the lights on" services. 11

IT Strategic Alignment Benchmarking: Key Alignment Considerations Identifying the desired strategic alignment archetype is an essential component of IT performance and value. Archetypes: Are additive and can shift over time, but only with careful planning. Performance: Can be achieved with any archetype, but specific practices are required. Assessment: Requires verification the IT archetype fits appropriately with the enterprise strategy. 12

Revenue Enabler Process Optimizer Utility Provider IT Strategic Alignment Benchmarking: Alignment Value Drivers Model Purpose Alignment Value Drivers Provide common infrastructure & capabilities that support basic information & transaction management. 1. Actively identifies opportunities to use emerging technology to meet objectives. 2. Has an effective process & methodology for justifying & prioritizing IT investment decisions. 3. Develops and enforces enterprise infrastructure standards. Provide common services; and Optimize key business functions & processes with a focus on driving competitive advantage. Provide common services; and Optimize key business functions; and Technologically enable products & services to enter new markets. 4. Has a project management office function to provide oversight to businessprioritized IT projects. 1. Actively identifies opportunities to use emerging technology to meet objectives. 2. Develops and enforces enterprise infrastructure standards. 3. Justifies IT investments primarily by business process optimization that enables competitive advantage. 4. Understands business needs, and this understanding is pervasive at the IT executive and VP levels. 1. Proactively educates all IT personnel on business objectives, so that everyone in IT understands how IT adds value to the business. 2. Acts in concert with the business when setting IT strategy and priorities. 3. Has a strong track record of rejecting bad projects. 4. Has a formal, periodic process in the IT organization for identifying what is needed by the business. 5. Includes the IT budget cycle as part of the business unit budgeting process. 13

IT Strategic Alignment Benchmarking: Current State Results Example (Example) Utility Provider 14

IT Strategic Alignment Benchmarking: Future State Results Example (Example) Process Optimizer 15

IT Strategic Alignment Benchmarking: Potential Outcomes Should there be a shift in "IT Leader" reporting structure or reporting level (e.g., CIO/EVP vs. Director/VP)? Should the organization structure include strong set of IT Managers reporting to the IT Leader to oversee IT operations? Does IT need to conduct more technology research and provide external customer-focused recommendations? Do project investments, require additional justification, including business case with cost savings and/or revenue impacts? 16

IT Governance Decision Models Model* Business Monarchy Definition C-level executives individually, or as one or more committees, drive decisions. IT Monarchy One or more IT executives (e.g., CIO, CTO, IT Director, etc.) drive decisions. Federal IT Duopoly Feudal Anarchy C-level, IT executives, and business leads collaborate to make decisions. IT executives work with C-level or individual groups of business leads to make decisions. Business unit leads and/or process owners drive IT decisions. Individual end users drive IT decisions. More Centralization Less *Framework based on IT Governance (Peter Weill/Jeanne Ross), HBS Press 2004 17

IT Decision Making Domains Domain* IT Principles IT Architecture IT Infrastructure Business Applications IT Investments & Priorities Definition High-level statements defining how IT will be used, provide services, and manage risk. Standardization of technical capabilities, core IT processes, organizational structures, and IT performance measures. Strategies for shared IT capability (human & technology) delivered as services. Managing the continuous business needs / requirements for IT applications. Decisions about IT investments including project approvals and justification. *Framework based on IT Governance (Peter Weill/Jeanne Ross), HBS Press 2004 18

IT Decision-Making Analysis: Desired State Gap Analysis Example Defining the desired state for each IT decision domain identifies gaps and helps drive improved governance for IT decisions. Role IT Principles IT Architecture IT Infrastructure Business Application Needs IT Investment & Priorities CEO D I I I D (Example) Functional I I I I D Leadership (Ex: CFO) CIO D D I D D IT Managers I I D D/E D/I Business Staff I I I D I IT Staff I I/E I/E I I Customers I I I I I Decision Model: Duopoly IT Monarchy IT Monarchy Federal Duopoly (D) Decision: Ownership of quality and end results (E) Execution: Correct execution of processes and activities (I) Input: Input of knowledge & information Gap / Change from Current State 19

IT Decision-Making Analysis: Desired State Governance Design Example Specific structures, functions, and decision-making processes are needed to enable IT Governance objectives. Example Governance Structure Input to IT initiatives and decisions Business Process Owners (BPOs) Executive Management Committee IT Steering Committee Define broad IT strategy (Annually) IT Architecture Committee Define &monitor technology standards (Continuous) Analyze portfolio & manage programs (Continuous) IT Portfolio Management Office (PMO) Track metrics across ALL IT & review investments (Monthly) IT Operations IT Service Management Office (SMO) Oversee/evolve IT processes & functions (Continuous) 20

IT Decision-Making Analysis: IT Budgeting & Demand Process Example IT Steering Committee Approval Strategic Output "Enterprise-Wide" - ERP Upgrade - New Cross-Function System - Major Network Investment IT PMO BPOs IT Budget Approval Tactical Output "Function-Specific" -"Siloed" Application -SaaS Application - Minor Enhancements IT Ops. Approval Operational Output "Keep the Lights On" - Windows Upgrade - Desktop / Laptops - Server Patching 21

Assessing IT Performance & Value Delivery 22

IT Performance & Value: A Question of Time & Place Performance targets are not "one-size-fits-all" IT performance requirements will vary based on the state of the organization with multiple considerations that influence IT governance (e.g., cost/risk appetite, strategic alignment model, etc.) as a result, IT governance cannot be static. As organizations evolve, so should their IT governance: Continuously evaluate the current state Identify appropriate target state(s) Identify steps to improvement Continuous monitoring and improvement are key to ensuring IT performance and IT value delivery. 23

IT Performance Benchmarking: Linking Controls to Performance Results ITPI research has identified foundational control sets linked to IT performance: For smaller organizations, three controls predict 45% of performance variation: 1. Unauthorized access detection 2. Unauthorized change consequences 3. Known errors management For larger organizations, nine controls predict 60% of performance variation: 1. Problem root cause analysis 2. Current configuration data availability 3. Thorough change testing 4. Clear IT roles / responsibilities 5. Security log review / resolution 6. Service level consequences 7. Configuration mgmt. process 8. Release testing (pre-production) 9. Configuration mgmt. database 24

IT Performance Benchmarking: ITPI Top Performer Benefits In relation to Low and Medium Performers, Top Performers generally: Authorize and successfully implement 5-14 times more IT changes Increase the number of successful changes by 11% - 25% Support 2.6-6.6 times more software applications per IT staff Support 1.3-1.9 times more servers per System Administrator Increase customer satisfaction by 18% - 30% Automatically detect 12% - 76% more potential security breaches At the same time, Top Performers experience a reduction in: Time spent to repair large IT system outages by 35% 58% The number of "emergency" change requests processed by 29% 55% The number of late projects by 20% - 50% Unplanned IT work by 12% - 37% Repeat audit findings by 39% - 52% 25

IT Performance Benchmarking: Control Analysis Results Example Benchmarking results help identify the current state of IT performance, and when mapped to a desired future state, can help identify quick-wins for control improvements. Ж Small: Low Use / Low Performance Small: Moderate Use / High Performance Large: Moderate Use / Low Performance Large: High Use / Low Maturity / Low Performance Large: High Use / High maturity / High Performance Future State: Small High Performer Current State: X Small Low Performer X X Current State X Future Target 26

Process Maturity Maturity Mapping IT Governance Model Legend: Current State Management Goal Strategic Alignment Risk Management Resource Management Performance Management Value Delivery Realization of Value Proposition Optimized Key Takeaway: "Optimized" is not an appropriate target for most organizations Managed Defined Repeatable Initial / Ad hoc (Example) 27

Final Thoughts & Considerations 28

Audit Effort / Duration IT Governance Assessment: Context & Approach IT governance assessment does not need to follow a "onesize-fits-all" audit program approach. When planning a review, the audit team can decide what context is needed to make the audit more impactful. Common variations include: Enterprise-Level Governance Service / Process Area(s) Outsourced Service Provider Strategic Initiative(s) Decision-Making & Strategy Alignment 29

IT Governance Assessment: Process Perspective Potential process areas for audit consideration include: Strategy Definition & Planning IT Oversight Functions (e.g., steering committee) Program, Project and Portfolio Management Risk Management & Compliance Management Information / Reporting IT Operational Processes (e.g., change / service, continuity, security, etc.) 30

IT Governance Assessment: Key Considerations Strategic Alignment Risk Management Resource Management Performance Measurement Value Delivery Define IT Value Proposition Linkage between Business and IT Plans Deliver Value to Products and Services Increase Managerial Effectiveness Assist in Competitive Positioning Determine Risk Appetite / Tolerance IT Risk Awareness Transparency Identify Risk Exposures Risk Accountability Risk Tracking / Trending Optimize IT Resources (e.g., people, technology) Optimize Investment in Resources Optimize Knowledge (training, career development) Align Capabilities Co-sourcing / Outsourcing Asset Management Measure Strategy Implementation Measure Value Delivery to IT Value Proposition IT SLAs Operational & Strategic Metrics Reporting Communication Board & Executive Awareness Deliver Against Benefits Strategy & ROI Meeting Business Requirements Execute the IT Value Proposition On Time / Within Budget Integrity & Accuracy of Information 31

IT Governance Takeaways Well-designed IT governance practices empower management and enable value across the enterprise. IT governance does not have to be complex: Organizations should leverage established enterprise (business) processes IT governance should integrate and be compatible with corporate governance structures and practices To realize IT governance benefits and enhance IT effectiveness, enterprises need to: Continuously assess their approach to IT governance Determine whether business needs are still being met 32

Confidentiality Statement and Restriction for Use This document contains confidential material proprietary to Protiviti Inc. ("Protiviti"), a wholly-owned subsidiary of Robert Half International Inc. ("RHI"). RHI is a publicly-traded company and as such, the materials, information, ideas, and concepts contained herein are non-public, should be used solely and exclusively to evaluate the capabilities of Protiviti to provide assistance to your Company, and should not be used in any inappropriate manner or in violation of applicable securities laws. The contents are intended for the use of your Company and may not be distributed to third parties.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information