CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK



Similar documents
COBIT 5 Introduction. 28 February 2012

Roles, Activities and Relationships

Chayuth Singtongthumrongkul

COBIT Helps Organizations Meet Performance and Compliance Requirements

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

Revised October 2013

Presented by. Denis Darveau CISM, CISA, CRISC, CISSP

COBIT 5 for Risk. CS 3-7: Monday, July 6 4:00-5:00. Presented by: Nelson Gibbs CIA, CRMA, CISA, CISM, CGEIT, CRISC, CISSP ngibbs@pacbell.

COBIT 5: A New Governance Framework for Managing & Auditing the Technology Environment CS 6-7: Tuesday, July 7 3:30-4:30

for Information Security

How To Use Risk It

DESIGNING A DATA GOVERNANCE MODEL BASED ON SOFT SYSTEM METHODOLOGY (SSM) IN ORGANIZATION

COBIT 5 ISACA s new framework for IT Governance, Risk, Security and Auditing. An overview

Geoff Harmer PhD, CEng, FBCS, CITP, CGEIT Maat Consulting Reading, UK

CLOUD SECURITY THROUGH COBIT, ISO ISMS CONTROLS, ASSURANCE AND COMPLIANCE

White Paper. COBIT 5 & BiSL

IT governance and business organization: some trends about the management of application portfolio

Balanced Scorecard; a Tool for Measuring and Modifying IT Governance in Healthcare Organizations

An IT Governance Framework for Universities in Spain

Quick Guide: Meeting ISO Requirements for Asset Management

INFORMATION TECHNOLOGY FLASH REPORT

ASSESSMENT ON THE IMPLEMENTATION OF INTERNAL QUALITY ASSURANCE AT HIGHER EDUCATION (AN INDONESIAN REPORT)

International Journal of Science and Research (IJSR) ISSN (Online): Index Copernicus Value (2013): 6.14 Impact Factor (2013): 4.

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

ISACA Roundtable. Cobit and 7 september 2015

How To Understand The Role Of Enterprise Architecture In The Context Of Organizational Strategy

COBIT 5 Foundation Workshop. COBIT is a trademark of the Information Systems Audit and Control Association and the IT Governance Institute

Strategy, COBIT and Vision: HOW DO THEY RELATE? Ken Vander Wal, CISA, CPA, Past President, ISACA

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

Understanding COBIT 5. based on ISACA Materials Prepared by: Deb Mallette, CGEIT, CISA, CSSBB, IMG BSMS EPDM, Process Consultant

GOVERNING INFORMATION SECURITY IN CONJUNCTION WITH COBIT AND ISO 27001

AN APPROACH TO DESIGN SERVICES KEY PERFORMANCE INDICATOR USING COBIT5 AND ITIL V3

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

Enabling Information PREVIEW VERSION

Based on 2008 Survey of 255 Non-IT CEOs/Executives

Understanding Principles and Concepts of Quality, Safety and Environmental Management System Graham Caddies

RESEARCH PAPERS FACULTY OF MATERIALS SCIENCE AND TECHNOLOGY IN TRNAVA SLOVAK UNIVERSITY OF TECHNOLOGY IN BRATISLAVA

Risk Management in IT Governance Framework

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia

TOGAF. TOGAF & Major IT Frameworks, Architecting the Family. by Danny Greefhorst, MSc., Director of ArchiXL. IT Governance and Strategy

4 PERFORMANCE MEASURES

WEST COAST DISTRICT MUNICIPALITY IT GOVERNANCE FRAMEWORK IT CHARTER

The Information Security Management System According ISO The Value for Services

What is ISO/IEC 15288? (A Concise Introduction)

The linchpin between Corporate Governance and IT Governance

LUKHANJI MUNICIPALITY PERFORMANCE MANAGEMENT FRAMEWORK

IT Governance isn t one thing, it s everything. Steve Romero PMP, CISSP, CCP

International Workshop Agreement 2 Quality Management Systems Guidelines for the application of ISO 9001:2000 on education.

Auditors Need to Know June 13th, ISACA COBIT 5 for Assurance

HOW COBIT CAN COMPLEMENT ITIL TO ACHIEVE BIT

Table of Contents. Summary of Changes

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

Effectively Using CobiT in IT Service Management

IT Governance Issues in Korean Government Integrated Data Center 1

Sound Transit Internal Audit Report - No

GOVERNANCE OF INFORMATION TECHNOLOGY IN HIGHER EDUCATION

Increasing IT Value and Reducing Risk. More for Less with COBIT5. IT Governance and Strategy

IT governance in Brazil:

The Strategic Operating Plan of The Internet Society. Part I Strategy

Improving global standard to be a key driver of innovation. Colin MacNee. 2012, 2013, 2014 Duncan MacNee Limited.

MODEL FOR IT GOVERNANCE ASSESSMENT IN BANKS BASED ON INTEGRATION OF CONTROL FUNCTIONS

Lecture 8 About Quality and Quality Management Systems

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

ITGovA: Proposition of an IT governance Approach


PRACTICE ADVISORIES FOR INTERNAL AUDIT

HUMAN SERVICES MANAGEMENT COMPETENCIES

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

MISSION VALUES. The guide has been printed by:

ENTERPRISE PROJECT MANAGEMENT OFFICE

Company size matters: Perspectives on IT Governance

Benchmarking Partnerships

quality, health & safety and environment training and consulting

TOGAF TOGAF & Major IT Frameworks, Architecting the Family

IT GOVERNANCE PANEL BRING VALUE BY AUDITING IT GOVERNANCE GET THE

Develop students abilities to serve as Christian leaders in professional nursing roles and to be contributing members of the profession of nursing.

Guidance for Industry. Q10 Pharmaceutical Quality System

A Flexible and Comprehensive Approach to a Cloud Compliance Program

VPQ Level 6 Business, Management and Enterprise

Open Group SOA Governance. San Diego 2009

White Paper. Comparison of ISO/IEC with ASL and BiSL

How do I gain confidence in an Inspection Body? Do they need ISO 9001 certification or ISO/IEC accreditation?

SEARCH PROFILE. Executive Director Energy Technical Services. Alberta Energy. Executive Manager 1

INFORMATION MANAGEMENT STRATEGIC FRAMEWORK GENERAL NAT OVERVIEW

The Asset Management Landscape

QUALITY MANAGEMENT RECOMMENDATIONS FOR VOCATIONAL EDUCATION AND TRAINING

Using COSO Small Business Guidance for Assessing Internal Financial Controls

JOE MOROLONG LOCAL MUNICIPALITY IT GOVERNANCE FRAMEWORK

Selection and use of the ISO 9000 family of standards

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into

AUDIT OF ACCOUNTING INFORMATION SYSTEM USING COBIT 4.1 FOCUS ON DELIVER AND SUPPORT DOMAIN

Transcription:

CONCEPTUAL MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASED ON COBIT 5 FRAMEWORK HERU NUGROHO Telkom University, Telkom Applied Science School, Department of Information Technology, Bandung E-mail: herunugroho@telkomuniversity.ac.id, hro@politekniktelkom.ac.id ABSTRACT Effective governance in an organization does not happen by coincidence. The success of implementing effective governance in an organization associated with the right pattern or fit for the organization so that they can be a complement or supplement of organization's strategic focus. Information technology (IT) governance is not a static concept but rather processes inherent in the organization. Decentralized organizations such as a university need a regular review to renew the IT governance structure to take account of changing business and technological environment. However, the mechanism IT governance in an organization will depend on the characteristics and needs of the organization. ISO/IEC 38500 help the people at the highest levels in the organization to understand and fulfill their legal obligations, regulations and ethics in relation to the use of IT in their organizations by providing key principles. COBIT 5 framework provides guidance how IT governance should be built by taking into account the area of enterprise governance and management of governance areas that both have their roles within the scope of IT governance. Conceptual model of IT governance is built based on the main principles that should exist in the process of governance with COBIT 5 framework guide as a reference how the governance of IT must be organized with attention to area governance and management areas, each rendered in a particular domain so that it will be a guide for higher education for developing IT blueprint that not only seen as supporting the IT aspects of academic and non-academic activities but look at the overall aspects of the scope of university governance. Keywords: ISO/IEC 38500, IT Governance, COBIT 5 Framework, University Governance, key Principles 1. INTRODUCTION As happens in most organizations, information technology become part of a higher education institution. The challenge is how to understand IT governance and implement governance structure that is expected with the potential of IT can be realized. The importance of enterprise governance and IT governance has been recognized based on the results of several studies. Governance, organization, and leadership in the top 10 top IT issues related to the university's strategic success. Enterprise governance is a term that appears to describe a framework that includes corporate governance and business management aspects of an organization. [1]. The achievement of good governance relating to enterprise strategies and the achievement of performance measures, allowing the enterprise focus on what will be the key drivers of the business in the future. Enterprise governance is an overall picture of the aspects of management and governance with the goal is achieved alignment strategic objectives and good management in line with expectations. Figure 1: The enterprise governance framework [1] Scope of enterprise governance is accountability framework across the organization includes two dimensions, conformance or corporate governance and performance or business governance. Compliance or conformance covering issues relating to corporate governance such as the role of 216

CEO, the role and composition of the board of directors, control assurance, and risk management to compliance. Performances include things that will be faced by the enterprise forward with a focus on strategy and value creation. The second dimension indicates that the role of enterprise governance is to provide a unified framework to balance and maintained both of them. It will certainly be obtained through an increased focus on value creation as the driving organization forward and the proper maintenance and adequate control. Organization that is able to maintain stability of performance and compliance have longterm prospects are better [4]. Based on the two dimensions, enterprise governance framework is built and its functions related there, including information technology (IT). It means that IT governance as part of enterprise governance integration can t be separated from the other enterprise functions (finance, marketing, etc.) so that the IT governance must be able to reflect the principles of IT governance not only widely view as part of IT, but also attached overall of the enterprise. This justification has to be one of the triggers why in COBIT 5 framework, IT governance is not only seen as part of the management function but also part of the overall enterprise governance functions. 2. IT GOVERNANCE AND ENTERPRISE GOVERNANCE IT Governance is a part of enterprise governance. Mechanism of IT governance in an organization will depend on the characteristics and needs of the organization. ISO/IEC 38500 help the people at the highest levels in the organization to understand and fulfill their legal obligations, regulations and ethics in relation to the use of IT in their organizations by providing key principles 2.1 IT Governance As the highest educational institution in Indonesia, university is expected to be a role model in the implementation of good university governance. Some of the reasons underlying it is a symbol of the value of higher education as well as the guardian of values. There was nothing the institution or agency that has the resources in this case are very superior knowledge as there is in university, the university portion of the budget in ministry of education and culture of Indonesia is very large achieve 50.7 percent.[13] IT governance is part of corporate governance. IT governance involves an evaluation form and directs the use of IT to support and monitor the use of the organization in order to achieve the expected goal. IT Governance will include strategies and policies for using IT within an organization [6]. IT governance is part of corporate governance and responsibility of the board of directors and executive management which included leadership organizational structure and processes to ensure that the IT organization is able to support and expand the organization's strategies and objectives [9]. IT governance as a framework for decisionmaking and accountability to encourage behavior in the use of information technology is expected [12]. IT governance as an organizational capacity is done by the board, executive management and IT management with the goal of controlling the implementation of the IT strategy with the hope of integration between business and IT [11]. Effective governance in an organization does not happen by coincidence. The success of implementing effective governance in an organization associated with the right pattern or fit for the organization so that they can be a complement or supplement the organizations strategic focus. IT governance is not a static concept but rather the processes inherent in the organization. Decentralized organizations such as universities need a regular review to renew the IT governance structure to take account of changing business and technological environment. However, the mechanism IT Governance in an organization will depend on the characteristics and needs of the organization [5]. 2.2 Conceptual Model for Enterprise Governance of Higher Education Enterprise governance for higher education can be seen as arrangements that include various university assets in order to support the strategy in achieving the goals and objectives of the organization. University asset in this case is the human resource, financial, physical facilities, intellectual property rights, information technology, and collaboration. Information technology is an inseparable part of the effort to implement good university governance. 217

The soundness of university can be seen from how the governance run by universities to achieve the goals and objectives that were defined as part of accommodating the interests of both internal and external stakeholders. The conceptual model for enterprise governance of higher education can be seen in Figure 2. Figure 2: Conceptual Model of Enterprise Governance in Higher Education [3] University establish goals and objectives to be achieved based on the needs of stakeholders. The necessarily goals and objectives should be in line with the vision and mission of university is usually stated in the statute. To achieve the goals and targets, university requires a set of organizational structures that contain specific tasks and functions. To achieve the goals and objectives of the university are usually set strategy outlined in the strategic plan document. Strategy formulated is also expected to encourage functional units and their personnel were included to work in accordance with the strategic direction of management. To ensure that the strategy set produces the desired behavior, it is necessary to control, monitoring, and evaluation functions. Control, monitoring, and evaluation functions designed to ensure the achievement of these processes through several of Tridharma activities (teaching, research, and community service) in an effective and accountable. the game and keep harmonization between the players and coach who provide strategic direction chosen. 2.3 IT Governance in ISO 38500 The objective of ISO 38500 is to provide a structure of principles for directors (including owners, board members, directors, partners and senior executives) to use when evaluating, directing and monitoring the use of IT in their organizations. This standard provides a structure for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory and ethical obligations regarding their organizations use of IT. The scope of the standard is to provide guiding principles for directors of organizations on the effective, efficient and acceptable use of IT within their organizations. It is applicable for all organizations, from the smallest to the largest, regardless of purpose, design or ownership structure [2]. IT is not getting sufficient coverage in the boardroom or at executive meetings. Discussions on IT are viewed as complex and are at the wrong level. There is a need to talk about the use of technology, not the technology itself, e.g., improved productivity as opposed to the latest version of technology. IT governance is also given lip service at higher levels in the organization. Even though the board and executives outwardly support IT governance initiatives [2]. The standard sets out six principles for good corporate governance of IT. The principles express preferred behavior to guide decision making. The statement of each principle refers to what should happen, but does not prescribe how, when or by whom the principles would be implemented; these aspects are dependent on the nature of the organization implementing the principles. It is similar to a capability maturity model description of an ideal state. Each of the principles is then tied into the model to provide a best practice for each principle [2]. The role of IT governance is to provide a framework for all the efforts made by university to achieve the desired goals. As an analogy to a football team, to win in every game, a team not only requires hard work and concentration during the game but also establish the right strategy and the corresponding formation, and choosing the right players to face the characteristics of opponents in 218

3. COBIT 5 FRAMERWORK 3.1. Introduction Information is a key resource for all enterprises, and from the time that information is created to the moment that it is destroyed, technology plays a significant role. Information technology is increasingly advanced and has become pervasive in enterprises and in social, public and business environments. Figure 3: ISO/IEC 38500:2008 Model for Corporate Governance of IT The following are the six principles for enterprise IT governance can be applied to the majority of organizations. These principles indicate that the preferred behavior to aid the decision making process. Statement on each principle refers to what is supposed to happen, but does not include, when or by whom these principles should be implemented. These include the six principles [5] 1. Principle 1: Responsibility 2. Principle 2: Strategy 3. Principle 3: Acquisition 4. Principle 4: Performance 5. Principle 5: Conformance 6. Principle 6: Human Behavior There are three main task of directors in IT governance at the international standard ISO / IEC 38500-2008. 1. Evaluate 2. Direct 3. Monitor The role of top level management is providing guidance in the form of planning and implementing policies in IT-related business processes. Management also evaluates related activities are carried out with the involvement of IT. This evaluation will conclude with performance evaluation and compliance with existing regulations and policies as part of the monitoring process. This process is necessary to ensure that activities are carried out in line with the organization's vision and mission that has been set [6]. Over the past decade, the term governance has moved to the forefront of business thinking in response to examples demonstrating the importance of good governance and, on the other end of the scale, global business mishaps. Successful enterprises have recognized that the board and executives need to embrace IT like any other significant part of doing business. Boards and management both in the business and IT functions must collaborate and work together, so that IT is included within the governance and management approach. In addition, legislation is increasingly being passed and regulations implemented to address this need. COBIT 5 provides a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT. Simply stated, it helps enterprises create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use. COBIT 5 enables IT to be governed and managed in a holistic manner for the entire enterprise, taking in the full end-to-end business and IT functional areas of responsibility, considering the IT-related interests of internal and external stakeholders. COBIT 5 is generic and useful for enterprises of all sizes, whether commercial, not-for-profit or in the public sector [6]. 3.2. COBIT 5 Process Reference Model COBIT 5 is not prescriptive, but it advocates that enterprises implement governance and management processes such that the key areas are covered. An enterprise can organize its processes as it sees fit, as long as all necessary governance and management objectives are covered. Smaller enterprises may have fewer processes; larger and more complex enterprises may have many processes, all to cover the same objectives. 219

Each domain contains a number of processes. Although, as described previously, most of the processes require planning, implementation, execution and monitoring activities within the process or within the specific issue being addressed (e.g., quality, security), they are placed in domains in line with what is generally the most relevant area of activity when looking at IT at the enterprise level [7]. Figure 4: COBIT 5 Governance and Management Key Areas COBIT 5 includes a process reference model, which defines and describes in detail a number of governance and management processes. It represents all of the processes normally found in an enterprise relating to IT activities, providing a common reference model understandable to operational IT and business managers. The proposed process model is a complete, comprehensive model, but it is not the only possible process model. Each enterprise must define its own process set, taking into account its specific situation. Incorporating an operational model and a common language for all parts of the enterprise involved in IT activities is one of the most important and critical steps towards good governance. It also provides a framework for measuring and monitoring IT performance, providing IT assurance, communicating with service providers, and integrating best management practices. The COBIT 5 process reference model divides the governance and management processes of enterprise IT into two main process domains: 1. Governance, contains five governance processes; within each process, evaluate, direct and monitor (EDM) practices are defined. 2. Management, contains four domains, in line with the responsibility areas of plan, build, run and monitor (PBRM), and provides end-to-end coverage of IT. These domains are an evolution of the COBIT 4.1 domain and process structure. The names of the domains are chosen in line with these main area designations, but contain more verbs to describe them: Align, Plan and Organize (APO), Build, Acquire and Implement (BAI), Deliver, Service and Support (DSS), Monitor, Evaluate and Assess (MEA). 4. PURPOSE MODEL OF IT GOVERNANCE FOR HIGHER EDUCATION BASE ON COBIT 5 FRAMEWORK Conceptual model described in the previous section illustrates that enterprise governance at a higher education effort to achieve the goals and objectives (business goal) from the universities. Based on the Law of the Republic of Indonesia Number 12 Year 2012 on Higher Education chapter 5, university as a form of higher education in Indonesia has goal as follows: 1. Development students potential to become a man of faith and fear of God Almighty and noble, healthy, knowledgeable, skilled, creative, independent, skillfully, competent, and cultured for the benefit of the nation. 2. Produce graduates who master branch of Science and or Technology to meet the national interest and increase the nation's competitiveness. 3. Generate Science and Technology through the research that takes into account and apply the Humanities value for the benefit of the nation's progress, and the progress of civilization and human welfare. 4. Realizing Community Service-based reasoning and research works that are useful in promoting the general welfare and national life. From this goal of university that set out in the legislation, basically a university goal cannot be separated from its function to realize the three responsibilities of universities, education and teaching, research, and community service. University governance is basically an effort to maintain the balance of goal relating to conformance and performance that have been directed by the board in the senate and assembly trustee. COBIT 5 framework is used to build models of IT governance in Higher Education provides guidance on how it should be managed to realize the benefits of IT, resource optimization, and risk optimization. 220

Enterprise Governance of Higher Education Corporate Governance Business Governance IT Governance in Higher Education Governance Principles Mangement Governance Area 6 Key Principles Management Area 1. Evaluate 2. Direct 3. Monitor 1. Responsibility 2. Strategy 3. Acquisition 4. Performance 5. Conformance 6. Human Behavior IT Ogranization 1. Plan (APO) 2. Build (BAI) 3. Run (DSS) 4. Monitor (MEA) Costumer Employee Supplier Competitor Figure 5: Purposed Model of IT Governance for Higher Education IT governance is basically constructed based governance principles contained in the document ISO 38500, namely responsibility, strategy, acquisition, performance, conformance, and human behavior. These principles should run well for governance practices or management practices. Governance practices consist process evaluate, direct, monitor (EDM) and management practices consist process plan (APO), build (BAI), run (DSS), and monitor (MEA). Processes contained in the governance or management area must meet six key principles previously described governance and IT organizations in it must complied with the processes that have been established. This proposed model illustrates how IT governance should construct aligned with enterprise governance. It means that IT governance is no longer purely the responsibility of the IT unit but became an integral part of university so that corporate governance relating to conformance can be run with better and business governance relating to performance are also able to produce something useful for university. The implementation of the key principles in the IT governance process will ensure that every step taken in line with the vision and mission of the college stakeholder needs. Governance functions will be translated in the form of evaluate, direct, and monitor the pressure that will accommodate business and stakeholder requirements that can be translated into the development plans in the area management. In the management area, the direction of governance will be translated in the form of planning, development, implementation, and internal evaluation. REFRENCES: [1] Connell. B, Enterprise Governance: Getting the Balance Right, London: CIMA/IFAC, 2004. [2] Sylvester, Delton (2011), ISO 38500 Why Another Standard. COBIT Fokus Volume 2, April 2011. ISACA [3] Direktorat PAK, Ditjen.Dikti (2003) : Buku Pedoman Penjaminan Mutu Pendidikan Tinggi. Direktorat Pembinaan Akademik dan Kemahasiswaan, Ditjen Dikti. Pedoman Penjaminan Mutu (Quality Assurance) Pendidikan Tinggi. Buku X: Tata Kelola. [4] Hamaker, Stacey and Hutton, Austin (2005) : Enterprise Governance and the Role of IT. Information Systems Audit and Control Association. [5] Hicks, Michael; Pervan, Graham; and Perrin, Brian, "A study of the review and improvement of IT governance in Australian universities" (2012). CONF-IRM 2012 Proceedings. Paper 22. [6] International Organization for Standardization (ISO), ISO/IEC 38500:2008, Corporate governance of information technology, Switzerland, 2008. [7] ISACA, COBIT 5 Framework. IL, USA: ISACA, 2012 [8] IInternational Organization for Standardization (ISO), ISO/IEC 38500:2008. (2008). Corporate Governance of Information Technology [9] The IT Governance Institute. (2004) Board Briefing on IT Governance. IT Governance Institute [10] Undang-Undang Republik Indonesia Nomor 12 Tahun 2012 Tentang Pendidikan Tinggi. [11] Van Gembergen, Wim. (2004) Strategies For Information Technology Governance, Idea Grup Inc [12] Weill, P., Ross, J.W. (2004) IT Governance, Harvard Business School Press, Boston- Massachusetts [13] http://kampus.okezone.com 221

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information