it governance
DESCRIPTION
Presentation on IT Governance delivered for the ISACA Toronto ChapterTRANSCRIPT
IT Governance November, 2013
@CarlosChalicoT #ISACA_ITG
2
IT Governance
@CarlosChalicoT #ISACA_ITG
3
IT Governance
@CarlosChalicoT #ISACA_ITG
4
IT Governance
@CarlosChalicoT #ISACA_ITG
5
IT Governance
@CarlosChalicoT #ISACA_ITG
6
Quote
Robert Frost
“The brain is a wonderful organ; it starts working the moment you get up in the morning and does not stop until you get into the office”
@CarlosChalicoT #ISACA_ITG
Carlos Chalico
CISA, CISSP, CISM, CGEIT, CRISC, ISO27000 LA, PbD Ambassador
Ouest Business Solutions Inc.
Director Eastern Region
7
IT Governance
@CarlosChalicoT #ISACA_ITG
What´s in this for you?
By the end of this session you will:
!
• Understand the concept of governance, IT governance and its difference against IT management
• Know the advantages of defining an effective IT Governance model
• Know some frameworks available to define IT Governance (COBIT, ISO 38500)
8
@CarlosChalicoT #ISACA_ITG
First things first
9
Title: Elephant In The Room Artist: Leah Saulnier The Painting Maniac Medium: Painting - Oil
@CarlosChalicoT #ISACA_ITG
10
Quote
“Management must manage”
Harold S. Geneen
@CarlosChalicoT #ISACA_ITG
So, what does this mean?
Governance
11
@CarlosChalicoT #ISACA_ITG
From WikipediaGovernance is the act of governing. It relates to decisions that define expectations, grant power, or verify performance. It consists of either a separate process or part of decision-making or leadership processes. In modern nation-states, these processes and systems are typically administered by a government.
12
@CarlosChalicoT #ISACA_ITG
From WikipediaGovernance is the act of governing. It relates to decisions that define expectations, grant power, or verify performance. It consists of either a separate process or part of decision-making or leadership processes. In modern nation-states, these processes and systems are typically administered by a government.
13
@CarlosChalicoT #ISACA_ITG
From OECD
14
Corporate governance is one key element in improving economic efficiency and growth as well as enhancing investor confidence. Corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are se, and the means of attaining those objectives and monitoring performance are determined.http://www.oecd.org/corporate/ca/corporategovernanceprinciples/31557724.pdf
@CarlosChalicoT #ISACA_ITG
From OECD
15
Corporate governance is one key element in improving economic efficiency and growth as well as enhancing investor confidence. Corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined.
http://www.oecd.org/corporate/ca/corporategovernanceprinciples/31557724.pdf
@CarlosChalicoT #ISACA_ITG
Other Sources
16
@CarlosChalicoT #ISACA_ITG
Key Points
17
!•Relationships
!•Management •Board •Shareholders •Stakeholders
!•Structure !
•Objectives of the organization !
•Monitoring performance !
•Economic efficiency and growth !
•Confidence
@CarlosChalicoT #ISACA_ITG
18
Quote
Alison Holt
“Organizations with good governance practices in place can be shown to be more successful than organizations without”
@CarlosChalicoT #ISACA_ITG
Turning Risk Into Results
19
@CarlosChalicoT #ISACA_ITG
Turning Risk Into Results
20
@CarlosChalicoT #ISACA_ITG
21
Quote
“Corporate governance is the system by which companies are directed and controlled”
Adrian Cadbury
@CarlosChalicoT #ISACA_ITG
22
So, what does this mean?
IT Governance
@CarlosChalicoT #ISACA_ITG
23
So, what does this mean?
@CarlosChalicoT #ISACA_ITG
24
So, what does this mean?
HBRHarvard Business Review
http://blogs.hbr.org/2013/08/todays-cto-needs-to-become/http://blogs.hbr.org/cs/2013/07/todays_cio_needs_to_be_the_chi.html
CIO CTO
@CarlosChalicoT #ISACA_ITG
So, what does this mean?
CIO Information
Innovation
@CarlosChalicoT #ISACA_ITG
So, what does this mean?
CTO Technology
Transformation
@CarlosChalicoT #ISACA_ITG
27
So, what does this mean?
Innovate Transform
Value
@CarlosChalicoT #ISACA_ITG
28
So, what does this mean?
Know Control Measure
Rely
IT Processes
Infrastructure Elements
@CarlosChalicoT #ISACA_ITG
29
So, what does this mean?
In essence, the governance of IT is the theory that enables an organisation’s principal decision makers to make better decisions around IT and, at the same time, provides guidance for IT managers who are tasked with IT operations and the design, development and implementation of IT solutions.
@CarlosChalicoT #ISACA_ITG
30
So, what does this mean?
• Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives.
• Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives.
@CarlosChalicoT #ISACA_ITG
31
So, what does this mean?The action of the board or governing body to direct IT activities and to build a decision-making model, combined with the action of the IT management teams to develop supporting systems, processes and procedures, result in the development of an IT governance framework.
What to do
How to do it
@CarlosChalicoT #ISACA_ITG
32
Why IT Governance?
• “Due diligence”
• IT is critical to the business (and pervasive)
• IT is strategic to the business
• Expectations and reality don’t match
• IT hasn’t gotten the attention it deserves (yet)
• IT may involve huge investments and large risks
@CarlosChalicoT #ISACA_ITG
33
Why IT Governance?
IT Governance Framework
Cult
ure
Goa
ls
Char
acte
rist
ics
Organization
@CarlosChalicoT #ISACA_ITG
34
Why IT Governance?
@CarlosChalicoT #ISACA_ITG
35
Why IT Governance?
834
@CarlosChalicoT #ISACA_ITG
36
Why IT Governance?
@CarlosChalicoT #ISACA_ITG
37
Why IT Governance?
@CarlosChalicoT #ISACA_ITG
38
Why IT Governance?
@CarlosChalicoT #ISACA_ITG
39
Why IT Governance?
@CarlosChalicoT #ISACA_ITG
40
Why IT Governance?
@CarlosChalicoT #ISACA_ITG
41
Why IT Governance?
@CarlosChalicoT #ISACA_ITG
42
Why IT Governance?
@CarlosChalicoT #ISACA_ITG
43
Why IT Governance?
GEIT
IT value delivery
Mitigation of
• Strategic alignment • Resources availability & Mgt • Monitoring
Objectives
IT-related risks
to the business
@CarlosChalicoT #ISACA_ITG
44
Why IT Governance?
ITGI identifies five focus areas of GEIT:
• Strategic alignment
• Value delivery
• Risk management
• Resource management
• Performance measurement
@CarlosChalicoT #ISACA_ITG
45
Why IT Governance?
@CarlosChalicoT #ISACA_ITG
46
Why IT Governance?
@CarlosChalicoT #ISACA_ITG
Available Frameworks
47
ISO 38500COBIT 5
@CarlosChalicoT #ISACA_ITG
48
Quote
Alison Holt
“A tool is only a tool if it helps you and your business”
IT Governance November, 2013
Break!
@CarlosChalicoT #ISACA_ITG
Why IT Governance?
50
@CarlosChalicoT #ISACA_ITG
51
Quote
Alison Holt
“Where there is poor organisational governance practice in place, it will be difficult to implement good IT and information practice that delivers consistent quality deliverables”
@CarlosChalicoT #ISACA_ITG
What is ISO?
52
• International Organization for Standardization
• World’s largest developer of voluntary standards
• Founded in 1947
• 19,500 standards released
• Members from 164 countries
• Headquartered in Geneva, SwitzerlandThe Boys. 65 delegates from 25 countries. London, 1946.
http://www.iso.org
@CarlosChalicoT #ISACA_ITG
What is a Standard?
53
“A document that provides requirements, specifications, guidelines or characteristics that can be used consistently to ensure that materials, products, processes and services are fit for their purpose.
ISO standards can be purchased from the ISO store or from our members”
Office in La Voie Creuse, Geneva, Switzerland, 2007.http://www.iso.org
@CarlosChalicoT #ISACA_ITG
What are the benefits?
54
“ISO International Standards ensure that products and services are safe, reliable and of good quality. For business, they are strategic tools that reduce costs by minimizing waste and errors, and increasing productivity. They help companies to access new markets, level the playing field for developing countries and facilitate free and fair global trade”
http://www.iso.org
@CarlosChalicoT #ISACA_ITG
ISO/IEC 38500:2008
55
• Provides guiding principles for directors of organizations (owners, board members, partners, senior executives) on the effective, efficient, and acceptable use of IT within their organizations
• Applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization, external service providers, or business units within the organization.
• It also provides guidance to those advising, informing, or assisting directors (this includes IT auditors)
http://www.iso.org
@CarlosChalicoT #ISACA_ITG
ISO/IEC 38500:2008
56
• Based on Australian Standard AS 8015-2005
• Submitted for Fast Track ISO adoption
• Alison Holt
• New Zealand
• Longitude 174
• Co-chaired ISO’s working group for IT Governance Framework standards
http://www.ramin.com.au/itgovernance/as8015.html
@CarlosChalicoT #ISACA_ITG
57
Quote
Alison Holt
“Implementing IT governance is not necessarily a quick process, but it is effective”
@CarlosChalicoT #ISACA_ITG
58
ISO/IEC 38500:2008
@CarlosChalicoT #ISACA_ITG
59
Process 1
Process 2
Process 3
Process n
Information Technology Processes
Pervasiveness
ISO/IEC 38500:2008
GoalISO 38500 Guidelines
Directors
Senior Executives
EffectiveEfficientAcceptable
ICTUse
@CarlosChalicoT #ISACA_ITG
60
Quote
“May the Force be with you”Obi Wan Kenobi
@CarlosChalicoT #ISACA_ITG
IT potential problems
61
• Different areas of the organisation have different relationships with different IT vendors
• IT systems evolve independently with no united direction or strategy
• IT systems under/over-perform
• IT managers don’t understand the operation
• Operational managers don’t understand IT
• No sense of ownership on data, infrastructure and processes
• Users frustrated for, apparently, not having enough resources
• Nobody thinks or wants the CIO, except when there is a problem.
@CarlosChalicoT #ISACA_ITG
62
ISO/IEC 38500:2008
ISO38500
Scope, Application,Objectives
Framework
Guidance
@CarlosChalicoT #ISACA_ITG
Scope, Application, Objectives
63
GoalISO 38500 Guidelines
Directors
Senior Executives
EffectiveEfficientAcceptable
ICTUse
Confidence
Stakeholders
@CarlosChalicoT #ISACA_ITG
64
ISO/IEC 38500:2008
ISO38500
Scope, Application,Objectives
Framework
Guidance
@CarlosChalicoT #ISACA_ITG
Framework
65
ISO38500
Six Principles
ModelIT Governance IT Management
1. Responsibility 2. Strategy 3. Acquisition 4.Performance 5. Conformance 6. Human Behaviour
@CarlosChalicoT #ISACA_ITG
Responsibility
66
• Everyone understands and accepts his or her responsibility
!
• This includes supply of and demand for IT
!
• Those with responsibility for actions also have the authority to perform those actions
@CarlosChalicoT #ISACA_ITG
Responsibility
67
@CarlosChalicoT #ISACA_ITG
Responsibility
68
• The CIO that was not respected, even with an ISSP communicated and authorized
• The “Perfect” Operational Director
• The “jumping” requirements
• The eternal “Yes” CIO
• The 24x7x52xFOREVER HR requirement
@CarlosChalicoT #ISACA_ITG
Strategy
69
• Organisation’s business strategy considers current and future capabilities of IT
!
• Strategic plans for IT satisfy the current and ongoing needs of the organisation
@CarlosChalicoT #ISACA_ITG
Strategy
70
• “With that money I can setup a new branch”
• “Hey, that IT strategy made me think that the operational strategy needs to be re-visited”
@CarlosChalicoT #ISACA_ITG
71
Strategy
?
@CarlosChalicoT #ISACA_ITG
Acquisition
72
• IT acquisitions are made for valid reasons
!
• Appropriate analysis is made to support purchasing decisions
!
• There is a balance among benefits, opportunities, costs and risks in the short and long term
@CarlosChalicoT #ISACA_ITG
Acquisition
73
• Some suggestions:
• Understand required benefits
• Informal chats with vendors
• Define a formal purchasing process
• Visit other organisations that are doing what you want to do
• Understand the “do nothing” option
• Check out references
@CarlosChalicoT #ISACA_ITG
Acquisition
74
Time and budget are important, but…
!
…having the organisation understanding the motives is critical
@CarlosChalicoT #ISACA_ITG
Performance
75
• IT fits the requirements to support the organisation
!
• IT provides services, levels of service and service quality required to meet the organisation’s current and future requirements
@CarlosChalicoT #ISACA_ITG
Performance
76
• Under-Performance Vs. Over-Performance
• We often over-procure for reasons of convenience
• How would you react if your main server starts running out of space?
@CarlosChalicoT #ISACA_ITG
Conformance
77
• IT complies and supports compliance
!
• Policies and practices are clearly defined, implemented and enforced
@CarlosChalicoT #ISACA_ITG
Conformance
78
• How easy has been for your company to configure the systems to comply with laws and regulations?
Compliance onIT Systems Process
Process 2
Process Process
Change
Change
@CarlosChalicoT #ISACA_ITG
Human Behaviour
79
• IT policies, practices and decisions show respect for human behaviour
!
• This includes current and evolving needs of all of the people in the processes
@CarlosChalicoT #ISACA_ITG
Human Behaviour
80
• Have you defined policies to make clear how you want your IT systems to be used?
• How are you balancing personal Vs. professional use of the corporate IT resources?
• Is your management team setting the tone?
• How are you connecting with customers, providers, authority?
@CarlosChalicoT #ISACA_ITG
81
ISO/IEC 38500:2008
ISO38500
Scope, Application,Objectives
Framework
Guidance
@CarlosChalicoT #ISACA_ITG
Guidance
82
• Provides examples for the application of each one of the six principles
@CarlosChalicoT #ISACA_ITG
Guidance
83
• Additional documents:
• Cloud computing
• IT Audit
• Digital forensics
• Interoperability
• Business frameworks
@CarlosChalicoT #ISACA_ITG
84
Quote
“Nothing will work unless you do”Maya Angelou
@CarlosChalicoT #ISACA_ITG
Implementing ISO 38500
85
Implementation
Design and
DefinitionCommunication and awareness
IT controls
Policies and procedures
Plan development
Business processes improvements
Current State Assessment
Cont
inuo
us
Impr
ovem
entAuditing
OperationMonitoring
Third parties considerations
Extended IT governance
IT processes improvements
Problems identification
Training and testing
Adjustments
Monitoring controls
Reporting
Audit guidelines
Responsibility assignment
IT Governance November, 2013
Break!
@CarlosChalicoT #ISACA_ITG
How has COBIT dealt with IT Governance?
87
Source: COBIT® 5, figure 2. © 2012 ISACA® All rights reserved.
@CarlosChalicoT #ISACA_ITG
How has COBIT dealt with IT Governance?
88
• Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritisation and decision making; and monitoring performance, compliance and progress against agreed-on direction and objectives (EDM)
• Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM)
@CarlosChalicoT #ISACA_ITG
How has COBIT dealt with IT Governance?
89
COBIT 5 brings together the five principles that allow the enterprise to build an effective governance and management framework based on a holistic set of seven enablers that optimises information and technology investment and use for the benefit of stakeholders.
@CarlosChalicoT #ISACA_ITG
How has COBIT dealt with IT Governance?
90
IT Governance
COBIT4.0/4.1
Management
COBIT3
Control
COBIT2
A business framework from ISACA, at www.isaca.org/cobit
Audit
COBIT1
2005/720001998
Evo
lutio
n of
sco
pe
1996 2012
Val IT 2.0 (2008)
Risk IT (2009)
© 2012 ISACA® All rights reserved.
@CarlosChalicoT #ISACA_ITG
COBIT Principles
91
• Meeting stakeholder needs
• Covering the enterprise end-to-end
• Applying a single integrated framework
• Enabling a holistic approach
• Separating governance from management
@CarlosChalicoT #ISACA_ITG
Meeting Stakeholder Needs
92
Enterprises exist to create value for their stakeholders.
@CarlosChalicoT #ISACA_ITG
9393
• Enterprises have many stakeholders, and ‘creating value’ means different—and sometimes conflicting—things to each of them.
• Governance is about negotiating and deciding amongst different stakeholders’ value interests.
• The governance system should consider all stakeholders when making benefit, resource and risk assessment decisions.
• For each decision, the following can and should be asked:
• Who receives the benefits?
• Who bears the risk?
• What resources are required?
Meeting Stakeholder Needs
@CarlosChalicoT #ISACA_ITG
9494
Meeting Stakeholder Needs
• Stakeholder needs have to be transformed into an enterprise’s actionable strategy.
• The COBIT 5 goals cascade translates stakeholder needs into specific, actionable and customised goals within the context of the enterprise, IT-related goals and enabler goals.
Source: COBIT® 5, figure 4. © 2012 ISACA® All rights reserved.
@CarlosChalicoT #ISACA_ITG
9595
Meeting Stakeholder Needs• Benefits of the COBIT 5 goals cascade:
• It allows the definition of priorities for implementation, improvement and assurance of enterprise governance of IT based on (strategic) objectives of the enterprise and the related risk.
• In practice, the goals cascade:
• Defines relevant and tangible goals and objectives at various levels of responsibility.
• Filters the knowledge base of COBIT 5, based on enterprise goals to extract relevant guidance for inclusion in specific implementation, improvement or assurance projects.
• Clearly identifies and communicates how (sometimes very operational) enablers are important to achieve enterprise goals.
@CarlosChalicoT #ISACA_ITG
9696
Covering the enterprise ent-to-end
• COBIT 5 addresses the governance and management of information and related technology from an enterprisewide, end-to-end perspective.
• This means that COBIT 5:
• Integrates governance of enterprise IT into enterprise governance, i.e., the governance system for enterprise IT proposed by COBIT 5 integrates seamlessly in any governance system because COBIT 5 aligns with the latest views on governance.
• Covers all functions and processes within the enterprise; COBIT 5 does not focus only on the ‘IT function’, but treats information and related technologies as assets that need to be dealt with just like any other asset by everyone in the enterprise.
@CarlosChalicoT #ISACA_ITG
9797
Covering the enterprise ent-to-end
Key Components of a governance
system
Source: COBIT® 5, figure 9. © 2012 ISACA® All rights reserved.
Source: COBIT® 5, figure 8. © 2012 ISACA® All rights reserved.
@CarlosChalicoT #ISACA_ITG
98
Applying a single integrated framework
• COBIT 5 aligns with the latest relevant other standards and frameworks used by enterprises:
• Enterprise: COSO, COSO ERM, ISO/IEC 9000, ISO/IEC 31000
• IT-related: ISO/IEC 38500, ITIL, ISO/IEC 27000 series, TOGAF, PMBOK/PRINCE2, CMMI
• This allows the enterprise to use COBIT 5 as the overarching governance and management framework integrator.
• ISACA plans a capability to facilitate COBIT user mapping of practices and activities to third-party references.
@CarlosChalicoT #ISACA_ITG
99
Enabling a holistic approach
• COBIT 5 enablers are:
• Factors that, individually and collectively, influence whether something will work—in the case of COBIT, governance and management over enterprise IT
• Driven by the goals cascade, i.e., higher-level IT-related goals define what the different enablers should achieve
• Described by the COBIT 5 framework in seven categories
@CarlosChalicoT #ISACA_ITG
100
Source: COBIT® 5, figure 12. © 2012 ISACA® All rights reserved.
Enabling a holistic approach
@CarlosChalicoT #ISACA_ITG
101
Enabling a holistic approach
• Processes—Describe an organised set of practices and activities to achieve certain objectives and produce a set of outputs in support of achieving overall IT-related goals
• Organizational structures—Are the key decision-making entities in an organization
• Culture, ethics and behavior—Of individuals and of the organization; very often underestimated as a success factor in governance and management activities
@CarlosChalicoT #ISACA_ITG
102
Enabling a holistic approach
• Principles, policies and frameworks—Are the vehicles to translate the desired behaviour into practical guidance for day-to-day management
• Information—Is pervasive throughout any organisation, i.e., deals with all information produced and used by the enterprise. Information is required for keeping the organisation running and well governed, but at the operational level, information is very often the key product of the enterprise itself.
@CarlosChalicoT #ISACA_ITG
103
Enabling a holistic approach
• Services, infrastructure and applications—Include the infrastructure, technology and applications that provide the enterprise with information technology processing and services
• People, skills and competencies—Are linked to people and are required for successful completion of all activities and for making correct decisions and taking corrective actions
@CarlosChalicoT #ISACA_ITG
104
Enabling a holistic approach
• Systemic governance and management through interconnected enablers—To achieve the main objectives of the enterprise, it must always consider an interconnected set of enablers, i.e., each enabler:
• Needs the input of other enablers to be fully effective, e.g., processes need information, organisational structures need skills and behaviour
• Delivers output to the benefit of other enablers, e.g., processes deliver information, skills and behaviour make processes efficient
• This is a KEY principle emerging from the ISACA development work around the Business Model for Information Security (BMIS).
@CarlosChalicoT #ISACA_ITG
105
Enabling a holistic approachCOBIT 5 Enabler Dimensions:
• All enablers have a set of common dimensions. This set of common dimensions:
• Provides a common, simple and structured way to deal with enablers
• Allows an entity to manage its complex interactions
• Facilitates successful outcomes of the enablers
Source: COBIT® 5, figure 13. © 2012 ISACA® All rights reserved.
@CarlosChalicoT #ISACA_ITG
Separating Government from Management
106
• The COBIT 5 framework makes a clear distinction between governance and management.
• These two disciplines:
• Encompass different types of activities
• Require different organisational structures
• Serve different purposes
• Governance—In most enterprises, governance is the responsibility of the board of directors under the leadership of the chairperson.
• Management—In most enterprises, management is the responsibility of the executive management under the leadership of the CEO.
@CarlosChalicoT #ISACA_ITG
Separating Government from Management
107
• Governance ensures that stakeholders needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritisation and decision making; and monitoring performance and compliance against agreed-on direction and objectives (EDM).
• Management plans, builds, runs and monitors activities in alignment with the direction set by the governance body to achieve the enterprise objectives (PBRM).
@CarlosChalicoT #ISACA_ITG
Separating Government from Management
108
COBIT 5 is not prescriptive, but it advocates that organisations implement governance and management processes such that the key areas are covered, as shown.
Source: COBIT® 5, figure 15. © 2012 ISACA® All rights reserved.
@CarlosChalicoT #ISACA_ITG
Separating Government from Management
109
• The COBIT 5 framework describes seven categories of enablers (Principle 4). Processes are one category.
• An enterprise can organise its processes as it sees fit, as long as all necessary governance and management objectives are covered. Smaller enterprises may have fewer processes; larger and more complex enterprises may have many processes, all to cover the same objectives.
• COBIT 5 includes a process reference model (PRM), which defines and describes in detail a number of governance and management processes. The details of this specific enabler model can be found in the COBIT 5: Enabling Processes volume.
@CarlosChalicoT #ISACA_ITG
110
Quote
“It’s a trap!”Admiral Ackbar
@CarlosChalicoT #ISACA_ITG
Implementing GEIT with COBIT
111
@CarlosChalicoT #ISACA_ITG
112
Implementing GEIT with COBIT
Source: COBIT® 5, © 2012 ISACA® All rights reserved.
@CarlosChalicoT #ISACA_ITG
113
Implementing GEIT with COBIT
@CarlosChalicoT #ISACA_ITG
114
• The improvement of the governance of enterprise IT (GEIT) is widely recognized by top management as an essential part of enterprise governance
• Information and the pervasiveness of IT are increasingly part of every aspect of business and public life
• The need to drive more value from IT investments and manage an increasing array of IT-related risk has never been greater
• Increasing regulation and legislation over business use of information is also driving heightened awareness of the importance of a well-governed and managed IT environment
Implementing GEIT with COBIT
@CarlosChalicoT #ISACA_ITG
115
Implementing GEIT with COBIT
• ISACA has developed the COBIT 5 framework to help enterprises implement sound governance enablers. Indeed, implementing good GEIT is almost impossible without engaging an effective governance framework. Best practices and standards are also available to underpin COBIT 5
• Frameworks, best practices and standards are useful only if they are adopted and adapted effectively. There are challenges that need to be overcome and issues that need to be addressed if GEIT is to be implemented successfully.
• COBIT 5: Implementation provides guidance on how to do this
@CarlosChalicoT #ISACA_ITG
116
Implementing GEIT with COBIT
• COBIT 5: Implementation covers the following subjects:
• Positioning GEIT within an enterprise
• Taking the first steps towards improving GEIT
• Implementation challenges and success factors
• Enabling GEIT-related organisational and behavioural change
• Implementing continual improvement that includes change enablement and programme management
• Using COBIT 5 and its components
@CarlosChalicoT #ISACA_ITG
117
Value of GEIT
@CarlosChalicoT #ISACA_ITG
The Value of CGEIT
118
CGEIT recognizes a wide range of professionals for their knowledge and application of enterprise IT governance principles and practices. As a CGEIT certified professional, you demonstrate that you are capable of bringing IT governance into an organization—that you grasp the complex subject holistically, and therefore, enhance value to the enterprise.
http://www.isaca.org/Certification/CGEIT-Certified-in-the-Governance-of-enterprise-it/Pages/default.aspx
@CarlosChalicoT #ISACA_ITG
The Value of CGEIT
119
@CarlosChalicoT #ISACA_ITG
GRC
120
@CarlosChalicoT #ISACA_ITG
GRC Magic Quadrant
121
@CarlosChalicoT #ISACA_ITG
Top 10 GRC challenges
122
1. Management complexity of risk and compliance programs
2. Organisational alignment of risk and compliance metrics and control across functional domains
3. Managing regulatory complexity to reduce the cost of compliance
4. Privacy and intelectual property protection
5. Cybersecurity risks
6. BYOD and mobile strategy
7. Supplyvalue chain risk
8. Building out infrastructure to enable situational awareness and predictive analytics
9. Aligning operational security with risk and compliance programs
10. Aligning business continuity and availability with risk management
@CarlosChalicoT #ISACA_ITG
123
Quote
“The only place success comes before work is in the dictionary”
Vince Lombardi
@CarlosChalicoT #ISACA_ITG
124
Case Study
Please follow instructions to review the Case Study.
@CarlosChalicoT #ISACA_ITG
Conclusions
125
• The world is changing and the IT departments need to get adapted to that
• Governance of Enterprise IT is mandatory, complexity in compliance, value requirements, innovation and transformation needs, support its implementation
• Effective governance requires a committed organisation
• ISO 38500 and COBIT 5 can be the frameworks for implementing this
@CarlosChalicoT #ISACA_ITG
Final Thoughts
126
http://www.slideshare.net/sap/99-facts-on-the-future-of-business
@CarlosChalicoT #ISACA_ITG
Final Thoughts
127
@CarlosChalicoT #ISACA_ITG
Final Thoughts
128
@CarlosChalicoT #ISACA_ITG
Final Thoughts
129
@CarlosChalicoT #ISACA_ITG
Final Thoughts
130
@CarlosChalicoT #ISACA_ITG
Final Thoughts
131
SAP & Vuzix Augmented Reality
@CarlosChalicoT #ISACA_ITG
Final Thoughts
132
@CarlosChalicoT #ISACA_ITG
Final Thoughts
133
@CarlosChalicoT #ISACA_ITG
Final Thoughts
134
@CarlosChalicoT #ISACA_ITG
Questions and Answers
135
Carlos Chalico
CISA, CISSP, CISM, CGEIT, CRISC, ISO27000 LA, PbD Ambassador
Ouest Business Solutions Inc.
(647)6388062
twitter: @CarlosChalicoT
LinkedIn: ca.linkedin.com/in/carloschalico/
IT Governance November, 2013
Thank You!