Download - 15 - COBIT for GCG
Conference Material
““The Implementation of IT Governance within the Corporation”” Case: Control Objectives for Information and Related Technology Richardus Eko Indrajit [email protected]
Regulatory Compliances for Companies with GCG
1
Table of Content
The Needs of Good Corporate Governance
Issues of Information Technology Governance
Technology Governance in Action
Case: CobiT from the Information Technology Governance Institute
2
Table of Content
The Needs of Good Corporate Governance
Issues of Information Technology Governance
Technology Governance in Action
Case: CobiT from the Information Technology Governance Institute
3
The Drivers
Surviving the economic crisis by maintain existing shareholders value
Perform necessary operational restructuring to ensure adequate controls
Improve corporate image and market perception toward management practices
Answer the requirements of partners and other related parties
Ensuring the alignment of all stakeholder expectations
Encourage multiple entities to perform as their roles and responsibilities
4
Investors Survey Source: McKinsey
5
Financial vs Governance Reporting
““In evaluating Asian companies, how important (in %) is the quality of their corporate governance compared to their financial reports?
33 30 22 20 19 17 24
48
36 4638 44
44
17 2242 34
43 39 33
50
Japan Taiwan Thailand Korea Indonesia Malaysia Total
More
Same
Less
Over 75% of investors in America, Europe and
Asia perceived corporate governance as equally, if not more, important
than financials
Source: McKinsey
6
How Investors Perceived Asia
Japan
Taiwan
Korea
Thailand
Malaysia
Very poor
Indonesia
Very good 1 2 3 4 5
1.7 Investors in U.S. and
Europe
2.0 Investors in Asia
American & European Investors Asian Investors
4 - 4.5 For US companies (estimated)
Investors in America & Europe perceives corp governance practices in Asia lower than their counterparts in Asia, mainly due to:
– Less familiar with the market
– Asian investors getting more used to existing conditions
– Lack of local benchmarks
2.2
2.3
1.8
1.5
1.3
1.1
2.8
2.6
2.2
1.8
1.7
1.1
Source: McKinsey
7
Investors Perception about Corp Governance
American & European Investors Asian Investors Japan
Taiwan
Korea
Thailand
Malaysia
Premium investors are willing to pay %
Indonesia
18% U.S. avg
22% by investors in Asia
26% by investors in U.S. and Europe
High premiums for companies with good corp. governance
Perceptions depend on investor location
Premium decreases if a country’’s corp. governance practices improves
Source: McKinsey
22
24
29
28
26
30
19
18
22
24
24
26
8
GCG in Indonesia
Standards and benchmarks still in their infancy
Code for Good Corporate Governance published by the National Committee, although regulatory reform to support it still needs to be stepped up:
i. State-owned enterprises: rules published ii. Financial services industry: unclear, some even conflicting iii. Publicly-listed companies: getting there
Application of rules, incl. self-assessments, remain compliance-based rather than performance driven
Very few companies openly conduct assessment by independent parties, where worldclass best practice in similar industries can be used as benchmarks
Self assessment results tend to be dominated by majority shareholders and management views
Source: Jos Luhukay
9
General Impediments
Our systems tends to be based on regulations (corporate level), rather than performance & ethics (individual level)
Hence governance and management more compliance-driven than based on performance improvement
1. Voluntary conformity needed to complement regulatory compliance 2. Business ethics need to be regarded as ““must-have”” rather than ““nice-to-have””
The ““cost”” of good governance still regarded as much smaller than its ““benefits””
Companies still preoccupied with survival issues. Unless direct benefits perceived in dealing with creditors and investors, corporate governance will continue to remain on backburner
Source: Jos Luhukay
10
Table of Content
The Needs of Good Corporate Governance
Issues of Information Technology Governance
Technology Governance in Action
Case: CobiT from the Information Technology Governance Institute
11
The Principles
Transparency Accountability Responsibility Independence Fairness
INFORMATION GOVERNANCE
Information-Related Processes
Information System Information Technology
Information Management
12
IT and Corporate Governance
Enterprise Governance
IT Governance and Principles IT
Str
ateg
ic P
lann
ing
Inve
stm
ent M
anag
emen
t
Ente
rpris
e A
rchi
tect
ure
Portfolio Management
Level 1
Level 2
Level 3
Level 4
Level 5
Internal Activities
Internal Processes
External Processes
External Collaboration
Self Correcting
Process Improvement
Complete IT Portfolios
Foundation
Awareness
Strategic Leverage of IT
Fund
ing
Stra
tegy
/Adv
ocac
y
Ann
ual B
udge
ting
Performance Measurement
Ris
k/Va
lue
Man
agem
ent
MMaatt
uurriittyy
Source: BCG
13
Issues on IT
Costs allocated do not justify the benefits
Do not align with business needs and strategy
Slow development and deployment processes
High failure rates on implementation stage
Changing so fast, as new technology emerges
Expensive by default, difficult to get supports
Complex in nature, avoid people to deal with it
14
Issues on IT Governance
?
Values and
Benefits
Costs and
Risks
Pro(s) and Con(s)
15
Table of Content
The Needs of Good Corporate Governance
Issues of Information Technology Governance
Technology Governance in Action
Case: CobiT from the Information Technology Governance Institute
16
Ultimate Values
time
serv
ice
qual
ity
supp
ort
busi
ness
time
serv
ice
cost
time de
liver
y tim
e
time
stakeholder value
Aligned
Better
Cheaper Faster
time
IT ri
sks
Secured Controlled
Source: ITGI
17
Business Value of IT
FINANCIAL CUSTOMERS
GROWTH INTERNAL
Business Value of
Information Technology
Source: Robert Kaplan
18
Value Perspective: FINANCIAL
Expand market share.
Increase revenue.
Return on investment.
Optimise asset utilisation.
Manage business risks.
Source: ITGI
19
Value Perspective: CUSTOMER
Improve customer orientation and service.
Offer competitive products and services.
Service availability.
Agility in responding to changing business needs.
Cost optimisation of service delivery.
Source: ITGI
20
Value Perspective: INTERNAL
Automate and integrate the enterprise value chain.
Improve and maintain business process functionalities.
Lower process costs.
Compliance with external laws and regulations.
Transparency.
Compliance with internal policies.
Improve and maintain operational and staff productivity.
Source: ITGI
21
Value Perspective: GROWTH
Product and business innovation.
Obtain reliable and useful information for strategic decision.
Acquire and maintain skilled and motivated personnel.
Source: ITGI
22
Table of Content
The Needs of Good Corporate Governance
Issues of Information Technology Governance
Technology Governance in Action
Case: CobiT from the Information Technology Governance Institute
23
What is IT Governance Source: ITGI
24
CobiT as Best Practice
COBIT is globally accepted as being the most comprehensive work for IT governance, organisation, as well as IT process and risk management.
COBIT provides good practices for the management of IT processes in a manageable and logical structure, meeting the multiple needs of enterprise management by bridging the gaps between business risks, technical issues, control needs and performance measurement requirements.
Source: ITGI
25
Philosophy of CobiT
In order to provide the information that the organisation needs to achieve its objectives,
IT resources need to be managed by a set of naturally
grouped processes.
COBIT’’s Golden Rule
Source: ITGI
26
IT Governance Paradigm Source: ITGI
27
The Relationship Aspects of IT Governance Source: ITGI
28
Components of IT Processes Source: ITGI
29
The Relationship with Enterprise IT Architecture Source: ITGI
30
IT Process Maturity Level Source: ITGI
31
Measurements and Indicators Relationships Source: ITGI
32
Examples of Maturity Assessment
2.21
1.55
2.141.35
1.55
0.770
1
2
3
4
5PO2
PO7
AI5
DS10
DS5
ME2
Best PracticeStandard Org.Score
33
Process Definition and Control Objectives
Management of IT Security
IT Security Plan
Identity Management
User Account Management
Security Testing, Surveillance and Monitoring
Security Incident Definition
Protection of Security Technology
Cryptographic Key Management
Malicious Software Prevention, Detection and Correction
Network Security
Exchange of Sensitive Data
Source: ITGI
34
Activities and Responsibilities Source: ITGI
35
Performance Measures Source: ITGI
36
The IT Enterprise Architecture Source: Zachman
37
The Holistic IS Model
SCOPE
BUSINESS MODEL
SYSTEM MODEL
TECHNOLOGY MODEL
DETAIL REPRESENTATION
CONTEXT
CONTENT
LOGIC
PHYSICS
ENTITY
MOTIVATION PEOPLE DATA NETWORK FUNCTION TIME
WHY WHO WHAT WHERE HOW WHEN
PEOPLE
TECHNOLOGY
PROCESS
Source: Zachman
38
The Simplistic IS Model
Business
Information
Information System
Information Technology
Architecture
Alignment Security
Governance
5
4
3
2
1
6 7 8 9
10
11
12
Contextual Conceptual
Logical Physical
Transformational
Source: Cap Gemini
39
Go Back to GCG Characteristics
Comprehensive policies, regulatory and legal frameworks to comply with and anticipate changes in regulations
Improved communications and relationships with stakeholders, including the management of their perceptions of the company
Improved corporate image
Transparent and professional business practices
Improved information governance
Implementation of best practices in internal audit and control
Proper risk management
Source: Jos Luhukay
The End