©2009 infonomics pty ltd edxn: governance of information technology education across the nation...
Post on 31-Mar-2015
216 Views
Preview:
TRANSCRIPT
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Education Across the Nation
Corporate Governance of Information Technology
Mark ToomeyManaging Director Infonomics Pty Ltd
Chair, Standards Australia Committee IT-030Member, ISO/IEC JTC-1 SC-7 WG1A
Page 10:00
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Education Across the NationThis PowerPoint slideshow is provided ACS
members attending the Education Across the Nation series on Governance of IT, during 2009.
The slideshow is provided for the personal use of ACS members during and after the lecture, for the purpose of their own self-development, and for the purpose of facilitating conversations with their colleagues, including top level management and directors. Permission is hereby given for participants in the Education Across the Nation series on Governance of IT to copy this material for these purposes only.
The Education Across the Nation series on Governance of IT does not necessarily equip its participants with the in-depth knowledge required to enable the participants to act as instructors for classroom delivery of the material.
Page 2
Use of this slideshow and copies thereof for the purpose of group knowledge transfer is restricted to personnel expressly approved by Infonomics and is subject to payment of a license fee.
This material was prepared to provide general guidance and stimulate debate. It should not be construed as providing professional advice and services for any particular or specific situation. As such, it should not be used as a substitute for consultation with expert advisers. Before making any decision or taking any action you should consult with Infonomics Pty Ltd or other competent professionals.
0:00
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
ISO 38500: First GlanceAustralian guidance leads the world…
Page 30:02
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
ISO 3500: First GlanceA Model, and Six Principles
• Responsibility;• Strategy;• Acquisition;• Performance;• Conformance;• Human Behaviour.
Page 4
Business
Pressures
CorporateGovernance
Corporate Management
Evaluate
Pla
ns,
Po
licie
s
P
erf
orm
ance
C
onfo
rmance
Direct Monitor
Pro
posa
ls
ITProjects
ITOperations
Busi
ness
Nee
ds
0:04
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Education Across the Nation
Why do we need a standard?
Page 50:04
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Why do we need a standard?IT keeps going wrong:
Page 6
July 2006October 2005
June 2004July 2003
0:06
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Why do we need a standard?The names and stories keep rolling on…
Page 7
2007. British Sky Broadcasting sued EDS for £709Million, following failure of its Customer Relationship Management (CRM) initiative. BSkyB claims it has lost significant anticipated benefits.
2008. British Gas sued Accenture for £182Million. A failed billing system project resulted loss of a million customers and required 2,500 additional staff for two years.
IT crash hits Virgin Blue: April 17, 2008Cancelled Late St George admits to security
flaw. March 25, 2008
0:08
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Why do we need a standard?Investigations reveal the true cause of problems!
In the case of the ICS, there does not appear to have been an effective structure or process to direct and control the project, nor to make suitable risk decisions.
To fulfil this task, Customs has had at least 10 bodies responsible for different aspects of the management and governance of the ICS, including the interactions with industry…
These bodies overlap in their responsibilities and accountabilities, and overall the program has no single business owner and accountabilities for its delivery are unclear.
Source: The Australian IT (online) and Booz Allan Hamilton Report “Review of the Integrated Cargo System”
We have been unable to locate a clear
and quantified set of outcomes and
benefits expected from the introduction
of the ICS
Some changes have been the cause of
severe disruptions and reduced process
efficiency.
Change Governance
Problemon a
Massive Scale.
Page 80:10
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Why do we need a standard?The problem is not in the process!
Page 9
The Gimli Glider. Seehttp://www.casa.gov.au/wcmswr/_assets/main/fsa/2003/jul/22-27.pdf
0:12
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Why do we need a standard?The Cost of IT Failures • In Australia alone:
– Failed Projects: $1.5b + per annum* – Foregone Benefits: $20b per annum*– Operational Losses: $Incalculable– Reputation damage: $Incalculable.
• But isn’t this the tip of the iceberg?– Competitors respond– Predators descend– Regulators investigate– Lawyers litigate
• Today’s IT failure can have a serious impact on the bottom line, and in the boardroom.
Page 10
* Dr R C Young: What is the ROI for Project Governance? Macquarie University, November 2006.
1% – 3%GDP!
0:14
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
But we’ve already done IT Governance!Effort within IT has not solved the problem!
• Investment ensures that IT is doing its job competently– Rigour– Process– Control– Reporting
• But it’s not just in IT that problems develop:– Use of IT in achieving business goals involves business
change• Process• People• Structure• Context
– And necessarily requires that business leaders engage fully:• Being responsible• Setting direction• Planning and implementing
Polishing INSIDE the Kettle improves supply…
… but does not fully address the problem of use!
ITIL Prince2 CoBIT
CMMI PMBOK
TOGAF
Governance of IT has to deal with how organisations USE IT as well as with how IT departments operate.
Delivery
UseMany issues arise here – outside IT’s sphere of control.
Page 11
Etc.
0:16
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
The pressure for Board Oversight:KPMG Global IT Project Management Survey (Sep 05)
• Traditional measures of success (time and budget) are being superseded:– “Achieving benefits – keeping commitments – is now the key determinant of project
success.”
• Since 2003, performance of projects has improved marginally:– Failure rates are still appalling;– Many organisations do not focus on realising or measuring benefits.
• “The key element (that makes some organisations more successful) appears to be an appropriate governance framework – to complement planning and prioritisation of activities and to help ensure execution controls are in place until benefits are realised.”
• “The board must put in place, through management, a rigorous oversight framework to monitor achievement of budgets, the meeting of timelines and to help ensure that the agreed benefits are realised. To achieve this, the board must receive the right information at the right time”.
Page 12
Those responsible at the top of the organisation must govern…
0:17
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Education Across the NationUnderstanding Corporate
Governance of IT:Four key concepts
Corporate GovernanceBusiness Systems and Change
The Business Cycle: Demand and SupplyThe System for Governing IT
Page 130:18
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Corporate Governance: The System by which
entities are directed and controlled.
(Cadbury)
Corporate Governance:Fundamentals…
Page 14
Adapted from “Corporate Governance – A Working Definition”, Teresa Barger, Director IFC/World Bank Corporate Governance Department
Governance“Protect owners interests”
Management“Develop business capabilities”
“Run business operations”
Ownership“Appoint the Directors”
EstablishStrategy
DirectMonitor
Definition from “Report of the Committee on the Financial Aspects of Corporate Governance” (Chair: Sir Adrian Cadbury), London, 1992
0:20
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Governance“Protect owners interests”
Management“Develop business capabilities”
“Run business operations”
Ownership“Appoint the Directors”
EstablishStrategy
DirectMonitor
Corporate Governance:Fundamentals…
Seam
less
part
icip
ati
on in
all
3 levels
Micro Business
Ow
ner/
Dir
ect
ors
SME Business
Low
dis
creti
on
m
an
ag
em
ent
Sh
are
-hold
ers
Large Business
Ele
cted
dir
ect
ors
Hig
h d
iscr
eti
on
m
an
ag
em
ent
Gov’t Agency
Ele
ctor
sG
overn
men
t or
Board
Hig
h d
iscr
eti
on
m
an
ag
em
ent
Page 150:21
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Corporate Governance:The Information (IT) domain.
Page 16
Governance Domains and SystemsCorporate Governance visibility and control
Management Responsibility
Information (IT) assetsFinancial
assets
Relationship assets
Humanassets
IPassets
Physicalassets
Business
Pressures
CorporateGovernance
Corporate Management
Evaluate
Pla
ns,
Po
licie
s
P
erf
orm
an
ce
C
on
form
an
ce
Direct Monitor
Pro
posa
ls
ITProjects
ITOperations
Bus
ines
sNee
ds
0:23
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Governance Domains and SystemsCorporate Governance visibility and control
Management Responsibility
Information (IT) assetsFinancial
assets
Relationship assets
Humanassets
IPassets
Physicalassets
Corporate Governance of IT.
Page 17
Business
Pressures
CorporateGovernance
Corporate Management
Evaluate
Pla
ns,
Po
licie
s
P
erf
orm
an
ce
C
on
form
an
ce
Direct Monitor
Pro
posa
ls
ITProjects
ITOperations
Bus
ines
sNee
ds
Business
Pressures
CorporateGovernance
Corporate Management
Evaluate
Pla
ns,
Po
licie
s
P
erf
orm
ance
C
onfo
rmance
Direct Monitor
Pro
posa
ls
ITProjects
ITOperations
Busi
ness
Nee
ds
Corporate Governance of IT:The System by which the current and future use of IT is directed and controlled.
0:24
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Business Systems and Change
Page 18
Process Structure
People
Technology
The Business System
The
Busin
ess C
onte
xt
• Operating context of the organisation– External– Internal.
• Four key elements of operating organisations– People – who participate in business events– Process – what business events take place– Structure – where business events happen– Technology – enabling and recording events
• IT intrinsic to day to day operations – Business process specific - Transactions,
Customers, Etc– Generic - Email, Telephony, Information
This model is a variant on H.J. Leavitt’s Model of organisational change, published in 1965.
0:25
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Operating context of the organisation– External– Internal.
• Four key elements of operating organisations– People – who participate in business events– Process – what business events take place– Structure – where business events happen– Technology – enabling and recording events
• IT intrinsic to day to day operations – Business process specific - Transactions,
Customers, Etc– Generic - Email, Telephony, Information
• When IT fails, whole organisations and extended organisations stop
– Citylink Melbourne, Tuesday 20 Sept 2006
Process Structure
People
Technology
The Business System
The
Busin
ess Con
text
Business Systems and Change
Page 19
The Business System
Technology
People
StructureProcess
This model is a variant on H.J. Leavitt’s Model of organisational change, published in 1965.
0:26
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Business Systems and Change
• IT is now a fundamental enabler of change and is leading to new business models and new business practices
– Eg e-Government
• Implementing IT enabled change involves attention to every facet of business models and practices
– Internal and external factors
Page 20
• Governing IT Enabled Change involves much more than governing technology activities.
Process Structure
People
Technology
The Business System
The
Busin
ess C
onte
xt
Process Structure
People
Technology
The Business System
The
Busin
ess C
onte
xt
The Business System
Technology
People
StructureProcess
“Traditional” IT Change Project
Change Program• Business System
• Process• Technology• Structure• People
• Business Context• Process• Technology• Structure• People
ChangedProcess
ChangedStructure
ChangedPeople
ChangedTechnology
Changed Business System
Chang
ed B
usin
ess Con
text
0:28
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Current Use:
Run the Business
Future Use:
Build the Business
Future Use:
Plan the Business
The Business Cycle:Demand and Supply
Page 21
Plan
Build Run
0:29
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Th
e S
yst
em
of
Managem
en
t
Current Use:
Run the Business
Future Use:
Build the Business
Future Use:
Plan the Business
The Business Cycle:Demand and Supply
Page 22
StrategicBusinessFuture
Dem
and
Sup
ply
Effective IT enabled change
Ongoing business
operations
Dem
and
Sup
ply
Reliable IT Service
ITIL, ISO 20000, ISO 27000, CoBiT etc
Business Domain: How IT
is used to enable and operate the
business
IT Domain: How IT is
managed and delivered.
ValIT
0:30
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
The System for Governing IT:An integrated system overseen by the Board
Page 23
Th
e S
yst
em
of
Managem
en
tStrategicBusinessFuture
Dem
and
Sup
ply
Effective IT enabled change
Ongoing business
operations
Dem
and
Sup
ply
Reliable IT Service
ITIL, ISO 20000, ISO 27000, CoBiT etc
Business Domain: How IT
is used to enable and operate the
business
IT Domain: How IT is
managed and delivered.
ValIT
The S
yst
em
of
Managem
ent
Ongoing business operations
StrategicBusinessFuture
Su
pply
Su
pply
Reliable IT ServiceEffective IT
enabled change
Business Domain: How IT is used to enable and operate the business
IT Domain: How IT is managed and
delivered.
ITIL, ISO 20000, ISO 27000, CoBiT etc
Dem
and
Dem
and
ValIT
0:31
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
The S
yst
em
of
Managem
ent
Ongoing business operations
StrategicBusinessFuture
Su
pply
Su
pply
Reliable IT ServiceEffective IT
enabled change
Business Domain: How IT is used to enable and operate the business
IT Domain: How IT is managed and
delivered.
ITIL, ISO 20000, ISO 27000, CoBiT etc
Dem
and
Dem
and
ValIT
CorporateGovernance Oversight
ISO 38500
Rules, Direction,Behaviour
Performance,Conformance
The System for Governing IT:An integrated system overseen by the Board
Page 24
Managem
en
tR
esp
onsi
bili
tyB
oard
overs
igh
t
Th
e S
yst
em
of
Govern
ance
0:32
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Plan
Build
Run
Vision
Strategy
Plans
Initiatives
Operation
The System of GovernanceInside the System
Page 25
Strategy
Portfolio
Program
Project
Operation
En
terp
rise
A
rch
itect
ure
Ass
et
Info
rmati
on
Secu
rity
Info
rmati
on
Secu
rity
Adapted from a model developed by
John Thorp, author of The Information
Paradox.
Plan
Build Run
0:34
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
The System of GovernanceThe System Perspective
Page 26
Vision
Strategy
Plans
Initiatives
Operation
Strategy
Portfolio
Program
Project
Operation
Ente
rpri
se A
rchit
ect
ure
Ass
et
Info
rmati
on
Secu
rity
Info
rmati
on
Secu
rity
Line Management- Implement and Operate
Vision
Strategy
Plans
Initiatives
Operation
Strategy
Portfolio
Program
Project
Operation
Ente
rpri
se
Arc
hit
ect
ure
Ass
et
Info
rmati
on S
ecu
rity
Info
rmati
on S
ecu
rityCorporate Governance
- Evaluate, Direct and MonitorVision
Strategy
Plans
Initiatives
Operation
Strategy
Portfolio
Program
Project
Operation
Ente
rpri
se A
rchit
ect
ure
Ass
et
Info
rmati
on S
ecu
rity
Info
rmati
on S
ecu
rityTop Management
- Plan, Supervise and Realise
Adapted from a model developed by
John Thorp, author of The Information
Paradox.
0:36
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Education Across the Nation
ISO/IEC 38500Core Elements
Page 270:37
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Proposals: plans and suggestions– Vision– Strategy– Detailed plans– Initiatives– Projects (and changes thereto)– BAU Operations (the oft-forgotten
default)
• Current and future use of IT• Supply• Governance
Page 28
Evaluate
Business
Pressures
CorporateGovernance
Corporate Management
Evaluate
Pla
ns,
Po
licie
s
P
erf
orm
ance
Confo
rmance
Direct Monitor
Pro
posa
ls
ITProjects
ITOperations
Busi
ness
Nee
ds
0:39
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Policy to guide management decisions.• Strategy to establish focus and direction.• Progressive allocation of resources.• Clear delegation of authority.• Appropriate incentives and rewards.
Page 29
Direct
Business
Pressures
CorporateGovernance
Corporate Management
Evaluate
Pla
ns,
Po
licie
s
P
erf
orm
ance
Confo
rmance
Direct Monitor
Pro
posa
ls
ITProjects
ITOperations
Busi
ness
Nee
ds
0:41
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Achieving intended results– And taking action if they are at risk
• Assuring conformance– External and internal
•Making adjustments for reality• Ensuring that management is doing its job properly.• Ensuring that the governance system is effective.
Page 30
Monitor
Business
Pressures
CorporateGovernance
Corporate Management
Evaluate
Pla
ns,
Po
licie
s
P
erf
orm
ance
Confo
rmance
Direct Monitor
Pro
posa
ls
ITProjects
ITOperations
Busi
ness
Nee
ds
0:43
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Responsibility• Strategy• Acquisition• Performance• Conformance• Human Behaviour
Page 31
Six principles for good governance of IT Business
Pressures
CorporateGovernance
Corporate Management
Evaluate
Pla
ns,
Po
licie
s
P
erf
orm
ance
Confo
rmance
Direct Monitor
Pro
posa
ls
ITProjects
ITOperations
Busi
ness
Nee
ds
0:45
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Education Across the Nation
Using ISO 38500
Page 320:45
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Using ISO 38500Guide for assessment and improvement
PrinciplesEvaluate Direct Monitor
Responsibility
Strategy
Acquisition
Performance
Conformance
Human Behaviour
Page 33
What does each cell mean?
How do you perform?
What should you seek to improve?
What consequences of improvement should you seek?
0:47
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Using ISO 38500Benchmarking and comparing performance
Page 34
Principles Responsibility Plan Acquire Perform Conform Human Factors
Corporate Governance of ICT - Indicators
Exemplary
Good
Basic
Weak
None
No view
Human Communities:• Who are
they?• How do
they behave?
• What do they need?
• What motivates them?
Principles Responsibility Strategy Acquisition Performance Conformance Human Behaviour
RMIT and Infonomics research 2006-7. Published in “Achieving Business Sustainability” (Infonomics), and “Information Technology Entrepreneurship and Innovation”, edited by Fang Zhao, published by IGI Global, 2008.
0:48
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Using ISO 38500Learning through evaluating patterns
Page 35
I know
noth
ing a
bout
the IT in m
y o
rganis
ati
on…
IT not adequately integrated in corporate strategic thinking?
Focusing on today - Insufficient attention given to the future?
RMIT and Infonomics research 2006-7.
0:49
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Page 36
A Typical Assessment ResultPoor performance in critical areas.
• Responsibility: there is neither clear nor appropriate allocation of responsibility for IT.
• Strategy: there is no effective planning for IT in the context of business strategy and direction.
• Acquisition: decisions to invest in new IT capability are not made in an appropriate framework.
• Performance: demand for IT service are unlikely to be met.
• Conformance: the rules for IT are inadequate.
• Human Behaviour: human issues are given scant attention in IT planning and delivery.
A
cquire 3HumanFactors 3
Perform
2.9
Con
form
2.9
Responsibility2.7
Pla
nn
ing
2.4
1 2 3 4 5 6
0:50
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Using ISO 38500Closing the gaps in contemporary techniques
Page 37
Process Structure
People
Technology
Control and Direct use of IT.Con
trol &
Dire
ct th
e Bus
ines
s
PrinciplesEvaluate
Direct
Monitor
Responsibility
Strategy
Acquisition
Performance
Conformance
Human Behaviour
Council
Chief Executive Officer
Executive Committee
Audit & Risk Committee
Corporate Committee
Advisory CommitteesICT Governance
Committee
Business System Steering Committee
Business Development
Education Programs
Education Services
Corporate Services
ICT Infrastructure Steering Committee
Reports
Participates
Informs
Owns
Legend
CobiTITILPrince2PMBOKGatewayValIT
0:52
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Using ISO 38500 Developing Policy for control of IT
PrinciplesEvaluate Direct Monitor
Responsibility
Strategy
Acquisition
Performance
Conformance
Human Behaviour
Page 38
Usage policies • Rules for how people use the business systems and technology resources• Board role: part of user community.
Strategic Policies• Your posture relative to Principles• Board role: consultation and approval
Your ISO 38500 Framework
Operating policies• Specify how projects and operations are conducted• Board role: awareness
0:53
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
ResponsibilityThe Crucial Strategic Policy
• How is responsibility allocated for:– Allocating responsibility?– Developing business strategy and planning business use of (demand for) IT?– Developing strategies for supply and delivery of IT capability and service?– Making decisions to invest in IT?– Determining targets and measuring business and IT performance?– Ensuring that IT investment initiatives achieve agreed, appropriate success
criteria?– Ensuring that business demand for operational supply of IT service is
satisfied efficiently and effectively?– Understanding conformance requirements, establishing effective
conformance rules, and assuring conformance?– Understanding and ensuring respect for human behaviours?
• What are the responsibilities of each individual in respect of IT demand and supply?
Page 390:54
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Using the StandardFundamental Rules
• Change Management Rule 0 – Engage the right sponsor and involve the right people.
• Change Management Rule 1 – Communicate, Communicate, Communicate.
• Change Management Rule 2 – Measure, adjust, measure.
• Change Management Rule 3 – Start with the fundamentals.
• Change Management Rule 4 – Small steps, with clear objectives.
• Change Management Rule 5 – Keep communicating; keep measuring; keep improving.
Page 400:55
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Education Across the Nation
Self Assessment
When and howBranch feedback
Information Age Article
Page 410:57
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Education Across the Nation
Additional Material
Page 420:59
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Education Across the Nation
Questions
Page 430:60
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Education Across the NationWhat do you have to lose?
Seize the opportunity!
ISO/IEC 38500.
Thank you.
mtoomey@infonomics.com.au
Page 440:70
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Education Across the Nation
Additional Material
Page 45
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
•Who is responsible for what when it comes to current and future use of IT?
• Does everybody understand their responsibility?
• Do those with responsibility deliver?
• If IT is responsible for supply, who is responsible for demand?
• And who is responsible for results?
Page 46
Responsibility
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Planning IT use (demand and supply) to best serve the organisation.•Who should determine the organisations strategy for USE of IT?• How are business strategy and IT strategy related?• How is strategy enacted?• Includes key planning disciplines
– Portfolio– Project– Architecture
Page 47
Strategy (Planning)
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Decisions to invest in IT
• Decisions to continue existing IT initiatives
• Decisions to continue using operational IT
• Decisions on sourcing of IT capabilities
• Decisions on selection of technologies
Page 48
Acquisition
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Current performance– Operational objectives– Investment objectives
• Future performance– Running the business– Delivering capability– Stable base for change– Implementing change
•Wide scope– Systems and infrastructure– People– Management systems
Page 49
Performance
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Understanding the rules
• Formulating the rules
• Communicating the rules
• Enforcing the rules
• Identifying and sanctioning non-conformance
Page 50
Conformance
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Response to change
• Response to pressure
• Professional pride
• Fear of discovery and consequences
• Dedication and commitment
• Partial disclosure
• Good news
Page 51
Human Behaviour
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
Education Across the Nation
Key messages in the standard
Directors should govern the use of Information Technology;Governance and Management are separate concepts;
The standard is applicable to every organisation;The people who should most use the standard are the managers;Good governance of IT is a desirable attribute for stakeholders;
Behaviour is key;Implementation is the responsibility of each organisation.
Page 52
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Delegate their responsibility as appropriate.• Define intended use of IT in business strategy.• Establish policy to guide management decisions.•Monitor conformance and performance of strategy and policy.• Enforce discipline of control and supervision.• Obtain independent advice as and when necessary.
Page 53
Directors should govern the use of Information Technology.
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
•Management is what managers do.• Governance is oversight of management.•Much of what is called “IT Governance” is actually IT Management.• Giving IT Management a new name does not make it more effective.
Page 54
Governance and Management are separate concepts.
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Private and public (government)• Small, medium and large• Listed and unlisted• For-profit and Not-for-profit• Scalable – no prescription of process or structure• Every organisation needs to determine how to adopt.
Page 55
The standard is applicable to every organisation.
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
•Managers advise and support directors.•Managers provide information to directors and implement the direction given by directors.•Managers are the originators of most board decisions including strategy and systems of control.•Managers act on behalf of directors to perform some governance tasks under the board’s delegated authority.
Page 56
The people who should most use the standard are the managers.
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Better strategic use of IT -> better corporate performance• Fewer failures of projects -> better return on investment• Higher reliability in operations -> premium for perceived quality
Page 57
Good governance of IT is a desirable attribute for stakeholders.
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• Behaviour of the organisation• Behaviour of its managers• Doing the right things in respect of decisions about current and future use of IT• Business stepping up to its role in controlling demand• IT limiting itself to the role of supply• Business leaders taking true accountability for business outcomes.
Page 58
Behaviour is key.
©2009 Infonomics Pty Ltd EdXN: Governance of Information Technology
• No specific implementation requirements -> no straight-jackets.• Governance is a system – people, process, structure and technology.•Many frameworks are available – choose what’s best for you.• Build on what you have – assess and improve – don’t just start from scratch.
Implementation is the responsibility of each organisation.
Page 59
top related