itpreneurs copyright - not for print

ImplementationMethodology

STUDENT HANDBOOK VERSION 1.0.0

4.1

4.4.4.111

COBIT is a registered trademark of ISACA © Copyright 2010 by ITpreneurs Nederland B.V. All rights reserved.

ITprene

urs C

opyri

ght -

Not for

Prin

t

The information contained in this classroom material is subject to change without notice.

This material contains proprietary information that is protected by copyright.

No part of this material may be photocopied, reproduced, or translated to another language without the prior consent of ITpreneurs Nederland B.V.

© Copyright 2010 by ITpreneurs Nederland B.V. All rights reserved.

COBIT is a registered trademark of ISACA and the IT Governance Institute. The course content is based on ISACA’s “Implementing and Continually Improving IT Governance”.

The language used in this course is US English. Our source or reference for grammar, syntax, and mechanics are the Chicago Manual of Style, The American Heritage Dictionary, and the Microsoft Manual of Style for Technical Publications.

ITprene

urs C

opyri

ght -

Not for

Prin

t

Icons List

Activity Time: Denotes the time allotted for an activity in class

Additional Reading: Includes an information item that is not covered by the instructor in class but helps the student better understand the topic

Brainstorm: An interactivity where students spend some time reflecting on a given question, writing their answers and then discussing their responses

Bull’s Eye: Shows the objectives for the module/topic

Case Study Connect: Demonstrates a connect between the case study and the topic covered

Construct and Brainstorm: An interactivity where students first create a solution for the given situation and then discuss their responses

Critical Thinking: An interactivity where students think on a given question, write their responses and present their views in class

Did You Know: Provides a fact related to the topic covered

Discussion: An interactivity where students first write their thoughts and then discuss their responses

Expert Advice: Provides advice from an expert on a given topic or situationITprene

urs C

opyri

ght -

Not for

Prin

t

Good to Know: An extra piece of information that is not very important but still good to know

Match-the-Following: An interactivity where the students have to match the options in one section to the correct options in another section

RapidFire Quiz: An interactivity where the instructor asks questions to students very rapidly, like in a TV quiz show

Real-World Connect: Connects a concept to real-life situations; this helps students see the connection between what they already know and the content being taught in class

Recall, Describe and List: An interactivity where students first reflect on what they have learned and then list their responses

Remember: An important snippet of information that the student should always keep in mind

Round-Robin: An interactivity where the students first reflect upon what they have learned in previous modules, write their answers and then discuss their responses

Speaking Points: Content that is meant for the instructor to speak in the class

Self-Study: A piece of content that is meant for the student to read on his/her own

ITprene

urs C

opyri

ght -

Not for

Prin

t

Tip: Provides shortcuts or alternative methods for performing a task

Student Props: Articles or objects used by the students during an assignment

Caution: Marks where extra attention is required

Instructor Props: Articles or objects used by the instructor during an assignment

Roles: Denotes different roles being played in a role play

ITprene

urs C

opyri

ght -

Not for

Prin

t

ITprene

urs C

opyri

ght -

Not for

Prin

t

ContentCourse Introduction 1

Student and Instructor Introductions 3

General Information 4

Maintaining Momentum 5

Unique Nature of the Course 6

Course Learning Objectives 10

Course Agenda 11

Module 1: Positioning IT Governance 15

Module Learning Objectives 15

Topics Covered in this Module 16

1.1 What does IT governance do for you? 17

1.1.1: Environmental Factors 18

1.1.2: Definitions 20

1.1.3: Importance 22

1.1.4: Benefits 24

1.1.5: Focus Areas 28

1.2 Leveraging IT Governance Frameworks 31

1.2.1: Frameworks and Best Practices 32

1.2.2: Using ISACA Frameworks 33

1.2.3: Creating Governance Structures 36

1.3 Module Summary 37

Assignment 1: Convincing the CEO and Board to Take Action 39

Module 2: Taking the First Steps 43



2.1 Establishing the Right Environment for IT Governance 45

2.1.1: Role of Executive Management 46

2.1.2: Committees 50

2.1.3: Decision-Making 51

2.2 Adopting a Life-cycle Approach 52

2.2.1: Step-by-Step Improvements 53

2.2.2: Change and Program Management 54

2.2.3: Parallel Streams 55

2.2.4: Seven Phases 56

2.3 Allocating Roles and Responsibilities 58

2.3.1: Internal Stakeholders 60

2.3.2: External Stakeholders 62ITprene

urs C

opyri

ght -

Not for

Prin

t

Content2.3.3: RACI Charts 64

2.4 Recognizing Drivers for Change 65

2.4.1: Identify Needs 66

2.4.2 Pain Points 67

2.4.3: Trigger Events 70


Assignment 2: Developing a High-level Business Case 75

Module 3: Planning the Implementation Life Cycle 85



3.1 Implementation Life Cycle 87

3.1.1: Seven Phases 88

3.1.2: What Are the Drivers? 90

3.1.3: Where Are We Now? 91

3.1.4: Where Do We Want to Be? 93

3.1.5: What Needs to Be Done? 94

3.1.6: How Do We Get There? 95

3.1.7: Did We Get There? 96

3.1.8: How Do We Keep the Momentum Going? 97

3.2 Challenges and Success Factors 98

3.2.1 Implementation Challenges 99

3.2.2 Challenges and Success Factors 100


Assignment 3: Identifying the Success Factors for Implementation 105

Module 4: Enabling Change 111



4.1 Why Do We Need Change Enablement? 113

4.1.1: Why Change Enablement? 114

4.1.2: Barriers to Change 117

4.1.3: What Does It Entail? 119

4.1.4: Laugh and Learn 121

4.2 Managing Change in the IT Governance Life Cycle 122

4.2.1: Change Enablement in the Implementation Life Cycle 124

4.2.2: Establish the Desire to Change 126

4.2.3: Form an Effective Implementation Team 128

4.2.4: Communicate the Desired Vision 129

4.2.5: Empower Role Players and Identify Quick Wins 132

ITprene

urs C

opyri

ght -

Not for

Prin

t

Content4.2.6: Enable Operation and Use 134

4.2.7: Embed New Approaches 136


Assignment 4: Developing a Change Enablement Plan 139

Module 5: Driving the Implementation Life Cycle 149



5.1 Driving the Implementation Life Cycle 151

5.1.1: Team Approach 152

5.1.2: Success Factors 154

5.2 Establishing Key Role Players 156

5.2.1: Important Stakeholders 157

5.2.2: What Are the Drivers? 160

5.2.3: Where Are We Now? 162

5.2.4: Where Do We Want To Be? 165

5.2.5: What Needs to be Done? 168

5.2.6: How Do We Get There? 170

5.2.7: Did We Get There? 173

5.2.8: How Do We Keep the Momentum Going? 176


Assignment 5: Driving Improvements 181

Module 6: Using COBIT®, Val IT and Risk IT Components 199



Module Overview 201

6.1 Relationships Among COBIT, Val IT and Risk IT 202

6.1.1: Links and Focus Areas 203

6.1.2: Integration 204

6.1.3: Focus on IT Governance 205

6.1.4: What to Implement 206

6.2 Goals and Metrics 208

6.2.1: Defining Goals and Metrics 209

6.2.2: Example: PO10 210

6.3 Maturity Models 211

6.3.1: Maturity Models 212

6.3.2: Rankings 213

6.3.3: Attributes 215

6.3.4: Worksheets 216

ITprene

urs C

opyri

ght -

Not for

Prin

t

Content6.4 Control and Management Practices 218

6.5 RACI Charts 220

6.5.1: What Is a RACI Chart? 221

6.5.2: Why RACI Charts? 222

6.5.3: Example 223


Assignment 6: Creating an Improvement Plan 225

Appendix A: Callwick Case Study 235

Appendix B: COBIT PO5 and DS6 241

Appendix C: Answers 251

Appendix D: Zoomed Graphics 283

Feedback 307

ITprene

urs C

opyri

ght -

Not for

Prin

t

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved. 3

Student Handbook | Course Introduction

4.1

Notes

STUDENT AND INSTRUCTOR INTRODUCTIONS

ITprene

urs C

opyri

ght -

Not for

Prin

t

Copyright © 2010, ITpreneurs Nederland B.V. All rights reserved.4

COBIT Implementation Methodology

4.1

Notes

GENERAL INFORMATION

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes For any program, project or activity, it is important that momentum is maintained. Many IT governance improvement projects fail because momentum is lost or because an organization is difficult to change. We will address both of these important aspects during the course.

Let us now move on to the next slide.

MAINTAINING MOMENTUM

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes This course will not be delivered in the traditional mode of “technical training,” where the instructor presents and lectures on slide after slide.

Instead, you will be expected to participate in your learning experience through many discussions and activities and the sharing of practical experiences.

This is to ensure that you internalize the learning to apply your new practical experience back at the workplace.

UNIQUE NATURE OF THE COURSE

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

The student materials consist of the following:

Student Reference Material: Contains the concepts that the instructor covers in class and the classroom presentation slides. Students can use the Reference Material to study each evening, after class. Contains all the activities and assignments students have to do in class. The answers to all activities and assignments are given in Appendix C: Answers in the Reference Material.

This course uses a variety of delivery techniques. Each of these techniques is designed to help you not only learn the material but to also apply the information. The various techniques used are:

y Brainstorm: This promotes collaborative learning, where the group is encouraged to offer up ideas without analysis and to then finalize the solution after brainstorming.

y Real-World Connect: Real-world cases are used to provide context to apply the COBIT framework. These are particularly valuable when the students are developing a consultative view of a situation and selecting what aspect of COBIT will meet the needs of the scenario.

y Lecture: This is a traditional method of instruction but is done from the Instructor Guide, not from the PowerPoint presentation. The students are encouraged to follow along in their Reference Material.

y Discussion: The instructor poses questions to guide the students through complex subjects. The discussion assists the students in comprehending complicated topics.

y Self-Study: This is usually used for supplemental material after a topic has been covered. It is also used to create diversification of teaching techniques for keeping students engaged.

y Round-Robin: This is similar to a discussion, except that the conversation goes from one student to the next, and each student must offer up an idea or a concept.

y Recall, Describe and List: The class lists as many ideas on or the key points of a previously learned topic, either in the Foundation course or through the materials.

y RapidFire Quiz: The instructor fires the question/s very rapidly, like in a TV quiz show. The answers are discussed after the students have given their answers.

y Match-the-Following: The students match options in one section with the correct options on the other section. The instructor displays the correct answers and the students compare their answers with the correct ones.

y Create and Brainstorm: The students first solve the given question in their workbook and then finalize the solution after brainstorming.

y Crossword: The students solve the crossword puzzle. The instructor displays the completed slide and the students compare their answers with the correct ones.

y Role-Play: The instructor assigns a role to every student or a group and gives them a task to perform. The students have to perform per the role assigned and complete the given task.

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

The Callwick Case StudyAssignments in this course are aimed at improving retention of concepts learned. The Callwick case study is used to provide the scenario setting for these assignments.

The assignments are based on the IT governance implementation challenges faced by Callwick. The scenarios establish the real-life connect between IT and business.

The challenges at Callwick are illustrative of the challenges faced by a company looking to expand its business and needing a structured approach to drive more value from IT investments and to manage IT-related risks.

Working through the requirements at Callwick, students will understand the creation of an implementation life cycle and the change management activities and techniques that are necessary to improve IT governance.

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes At the end of this training, you will have gained the knowledge and skills to:

y Understand how to position IT governance. y Learn how to create the right environment for an IT governance

implementation and how to initiate and implement a life-cycle approach. y Understand how to identify key stakeholders. y Understand how to identify the drivers for IT governance based on pain

points and trigger events. y Understand how to enable the organization to change its culture and way

of working to successfully adopt better governance practices. y Understand the implementation life cycle of COBIT in the context of

implementing better IT governance, IT assurance, security, risk or compliance management practices.

y Learn how to best plan and manage implementation phases using effective program management techniques.

y Assess the current IT governance process capability using COBIT maturity models.

y Analyze gaps in maturity and control, and plan improvements using maturity attributes, control objectives and control practices.

y Evaluate and consider practical implementation factors. y Understand how COBIT, Val IT, Risk IT and other standards and best

practices can be integrated and adapted to support IT governance implementations.

COURSE LEARNING OBjECTIVES

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes Course Prerequisite:

y Participants must have obtained their COBIT Foundation certificate.

Note: Reading the Case StudyThe case study used for assignments in this course can be found in Appendix A of the Instructor Guide and the Student Reference Material.

Note: Personal Study Recommendation for StudentsWe would like to recommend that students take time after class each day to read through the sections covered in class on that day. This would refresh their memories and reinforce the concepts learned in class.

COURSE AGENDA

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes

ITprene

urs C

opyri

ght -

Not for

Prin

t

ITprene

urs C

opyri

ght -

Not for

Prin

t

Module 1Positioning IT Governance

Module Learning ObjectivesAt the end of this module, you will be able to:

y Understand the meaning and scope of IT governance and how it relates to enterprise governance.

y Relate IT governance to the environment of your enterprise. y Understand how IT governance-related frameworks and best

practices can be used to guide implementation.

ITprene

urs C

opyri

ght -

Not for

Prin

t

Topics covered in This Module

1.1

What does iT governance do for you

1.1.1 Environmental Factors

1.1.2 Definitions

1.1.3 Importance

1.1.4 Benefits

1.1.5 Focus Areas

1.2

leveraging iT governance frameworks

1.2.1 Frameworks and Best Practices

1.2.2 Using ISACA Frameworks

1.2.3 Creating Governance Structures

1.3

Module summary

ITprene

urs C

opyri

ght -

Not for

Prin

t


Student Handbook | Positioning IT Governance

4.1

Notes This topic will help you understand the context of IT governance in your enterprise. Implementation of IT governance takes place under different conditions and circumstances determined by numerous factors in the internal and external environments.

Topic Learning Roadmap

1.1.1Environmental Factors

1.1.2 Definitions

1.1.3Importance

1.1.4 Benefits

1.1.5Focus Areas

1.1 WHAT DOES IT GOVERNANCE DO FOR YOU?

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes Environmental factors often play a critical role in the implementation of IT governance. They can influence the scope and approach to be followed. As a result, it is important to be aware of such factors when planning to implement IT governance. The environmental factors that influence implementations typically include:

y The community’s and enterprise’s ethics and culture y Ruling laws, regulations and policies, both internal and external y Industry practices y The enterprise’s mission, vision, goals and values y The enterprise’s models for roles and responsibilities y The enterprise’s governance policies and practices y The enterprise’s business plan and strategic intentions y The enterprise’s operating model and level of maturity y The enterprise’s culture and management style y The enterprise’s maturity

1.1.1: Environmental Factors

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes

Activity Time: Critical Thinking

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes The terms governance, enterprise governance and IT governance have no single clear definition.

“Governance” is derived from a Latin word gubernare, which means to direct or to steer.

IT governance is not an isolated discipline but an integral part of enterprise governance. While the need for governance at an enterprise level is driven primarily by demand for transparency across enterprise risks and protection of stakeholder values, the significant costs, risks and opportunities associated with IT call for a dedicated, yet integrated, focus on IT governance.

Let us now understand the definitions of IT governance in the context of the definition of enterprise governance.

1.1.2: Definitions

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes The terms governance, enterprise governance and IT governance might have different meanings to different individuals and enterprises depending on (among others) the organizational context, for example, maturity, industry and regulatory environment, or the individual context, for example, job role, education and experience.

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes IT can be a powerful resource to help enterprises achieve their most important objectives by, for example:

y Being a core driver of cost savings for large transactions, such as mergers, acquisitions and divestitures

y Enabling automation of key processes, such as the supply chain y Being the cornerstone of new business strategies or business models,

consequently increasing competitiveness and enabling innovation such as the digital delivery of products (for example, music being sold and delivered on-line)

y Enabling greater customer intimacy and profitability (for example, by collating and mining data in diverse systems and providing a 360-degree view on customers)

y Being the foundation of the networked economy that cuts through geographic locations and organizational silos to provide new and innovative ways of creating value

1.1.3: Importance

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes As with everything that has its benefits and advantages, IT also does, as we have just seen.

There is no doubt that IT is a strategic asset and an important contributor to the success of any enterprise.

It should not be overlooked, however, that along with being a strategic asset, IT also introduces several risks.

Some of the key risks that IT introduces are:

y Risk 1: Benefit/value risks cover failure to enable the business or produce efficient operations.

y Risk 2: Project risks include quality, relevance (fit for purpose), cost and time.

y Risk 3: Operational service risks include service interruptions, quality, security and compliance.

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes

1.1.4: Benefits

Activity Time: Recall, Describe and List

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes IT governance is concerned with two key benefits or outcomes, based on alignment of IT with the business:

y Delivery of value to the business from the use of IT y Mitigation of IT risks that jeopardize value creation

These outcomes are enabled by the availability and management of adequate resources and the measurement of performance to monitor progress toward desired goals.

Let us look at each of the outcomes in detail.

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes It is interesting to study numbers relating to IT costs. They usually range between one and eight percent of the gross revenue of enterprises.

Given such significant costs, it is obvious enterprises want to ensure the investments are actually paying off. Effective IT governance delivers several key benefits to enterprises, consequently improving Return on Investment (RoI). This is one of the KEY benefits of IT governance and the reason why it is critical for enterprises to implement IT governance.

Effective IT governance helps understand the true cost and expected benefits of IT costs and investments.

It helps manage and oversee business cases for new initiatives often spread across business units, functions and geographies.

Effective IT governance helps ensure funds spent on strategic initiatives deliver expected outcomes.

And importantly, it monitors the efficiency and effectiveness of operational services – for the greatest portion of spending is often on “keeping-the-lights-on” initiatives (postimplementation maintenance and operational costs) as opposed to transformational or innovation initiatives.ITpre

neurs

Cop

yrigh

t - Not

for P

rint



4.1

Notes IT risk is the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise. IT risk consists of IT-related events that could potentially impact the business.

While value delivery focuses on the creation of value, risk management focuses on the preservation of value.

IT governance mitigates IT risks that jeopardize value creation by:

y Clarifying roles and responsibilities for identifying and managing risks y Identifying and prioritizing key risks y Understanding the impact of a risk on the business and the need to monitor

and manage significant risks y Meeting increasingly complex regulatory compliance requirements

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes To recap what we discussed earlier, IT governance is fundamentally concerned with two outcomes: IT value delivery to the business and mitigation of IT-related risks. This is enabled by the strategic alignment of IT with the business, the availability and management of adequate resources and the measurement of performance to monitor progress toward desired goals.

1.1.5: Focus Areas

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes

Self-StudyIT governance can be pictured as focusing primarily on the following five areas:

y Strategic alignment: o Achieving goals and strategies

o A culture of business and IT partnership

o IT’s interest and understanding of the business

o Sharing of technology-related issues and opportunities

o Enabling a collaborative approach to strategy development and a shared focus on high-value IT-enabled investments

y Value delivery: o Creating new value and maintaining and increasing value from existing

IT investments

o Eliminating IT initiatives and assets that are not creating sufficient value for the enterprise

Activity Time: Self-Study (in class)

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

o Delivery of fit-for-purpose services and solutions on time, within budget and generating the intended financial and nonfinancial benefits

o Directly aligning the value that IT delivers with the values on which the business is focused

y Risk management: o Addressing IT-related risks

o Using IT to assist in managing complex business processes and associated risks that are difficult to monitor manually

o IT risk is the business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise

y Resource management: o The right capabilities in place to execute the strategic plan

o Sufficient, appropriate and effective resources provided

o Integrated, economical IT infrastructure

o New technology introduced as required by the business, and obsolete systems updated or replaced

o The importance of people, providing training, promoting retention and ensuring competence of key IT personnel

y Performance measurement: o Tracking the achievement of objectives and compliance with specific external

requirements

o Creation of business-oriented IT scorecards and assessment and assurance activities

o Focus on continual performance improvement

o Monitoring that the required direction is being followed and timely corrective measures are taken

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes Frameworks and best practices help avoid reinventing proven approaches and speed up implementation decisions by providing an acceptable common approach.

Topic Learning Roadmap

1.2.1Frameworks and Best Practices

1.2.2Using ISACA Frameworks

1.2.3Creating Governance Structures

1.2 LEVERAGING IT GOVERNANCE FRAMEWORKS

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes The executive should mandate adoption of an IT governance framework (principles, policy, organizational structures, processes and practices) as an integral part of enterprise governance.

By working within a framework and leveraging good practices, appropriate governance processes can be developed and optimized so that IT governance operates effectively as part of normal business practices and there is a supporting culture, demonstrated by the top management.

The environment should be aligned with and in harmony with (among others) the:

y Enterprise policies, strategies, governance and business plans, and audit reports

y Enterprise risk management framework y Existing governance organization, structures and processes

1.2.1: Frameworks and Best Practices

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes Three IT governance frameworks have been developed by ISACA: COBIT, Val IT and Risk IT.

There are strong links between COBIT, Val IT and Risk IT. Val IT and Risk IT complement and extend the COBIT guidance in the two governance focus areas of value delivery and risk management.

All three frameworks can be used together to help to create a set of end-to-end IT-related processes. This will help integrate all business and IT activities for effective IT governance.

The links between COBIT and Val IT are focused on program and portfolio management and investment management and primarily on the COBIT IT processes that deal with strategy and portfolios (PO1), investment and budgets (PO5), solution delivery (PO10), service management (DS1) and performance reporting (ME1).

The links between COBIT and Risk IT are focused on risks related to strategic choices (PO1), roles and responsibilities for risk-related functions (PO4), risk related policies and frameworks (PO6), risk management (PO9), business continuity (DS4) and various other specific risk related service delivery activities in the DS domain.

1.2.2: Using ISACA Frameworks

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes

Activity Time: Crossword

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes The COBIT, Val IT and Risk IT frameworks include processes and domains that guide the creation of governance structures:

y COBIT Process PO4—Define the IT processes, organization and relationships

y COBIT Process ME4—Provide IT governance y Val IT Domain VG—Value Governance y Risk IT Domain RG—Risk Governance

The IT governance standard ISO/IEC 38500:2008 sets out high-level principles for the governance of IT, covering responsibility, strategy, acquisition, performance, conformance and human behavior. It also recommends a model for how the governing body (for example, board) should govern IT through three main tasks: evaluate the current and future use of IT, direct the preparation and implementation of plans and policies, and monitor conformance to policies and performance against plans. The ISACA publication ITGI Enables IS0/IEC 38500:2008 Adoption explains how COBIT and Val IT support the adoption of this standard.

Enterprises that have adopted COBIT can implement improved IT governance by drawing on other, more-detailed guidance, such as ITIL and ISO 27002. Detailed mappings are available at www.isaca.org, which link COBIT to other guidance as well, for example, Aligning IT Best Practices for Business Benefit v2 and COBIT User Guide for Service Managers.

1.2.3: Creating Governance Structures

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes In this module, we discussed how internal and external environments affect the implementation of IT governance. We also discussed the frameworks and best practices that help avoid reinventing proven approaches and speed up implementation decisions by providing an acceptable common approach. Here is a summary of what we covered in this module:

y The implementation of IT governance is affected by the internal and external environments—there is no “one-size-fits-all” approach.

y IT governance is not an isolated discipline but an integral part of enterprise governance. While the need for governance at an enterprise level is driven primarily by demand for transparency across enterprise risks and protection of stakeholder values, the significant costs, risks and opportunities associated with IT call for a dedicated, yet integrated, focus on IT governance.

y IT governance is important because IT is a strategic asset and an important contributor to enterprise success, but it also introduces many risks.

1.3 MODULE SUMMARY

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

Notes y IT governance mitigates IT risks that jeopardize value creation by: o Clarifying roles and responsibilities

o Identifying and prioritizing key risks

o Understanding the impact of a risk

o Meeting increasingly complex regulatory compliance requirements

y An IT governance framework consists of principles, policies, organizational structures, processes and practices that can be used when designing specific policies, processes and procedures.

y Working within a framework and leveraging best practices ensures: o That IT governance is part of normal business practice

o There is a positive culture demonstrated by the top management

ITprene

urs C

opyri

ght -

Not for

Prin

t


Student Handbook | Convincing the CEO and Board to Take Action

4.1

Assignment y Read the Callwick Case study in Appendix A to identify challenges for Callwick. y Analyze the challenges and discuss among yourselves as a team. y Discuss the reasons why better IT governance is needed. y Identify the benefits of IT governance for Callwick. y Develop the conditions you feel you need to get an IT governance initiative accepted and

off the ground. y Create a succinct presentation to pitch your recommendations to the CEO of Callwick. y You may use flip charts, markers or other tools to make your pitch–but don’t worry about

perfect formats. y You have exactly 30 minutes to create your presentations. And 10 minutes each,

including the CEO’s Q&A, to make your presentations. It is suggested you keep your presentation under 5 minutes, so that the CEO has time to ask questions or comment.

ITprene

urs C

opyri

ght -

Not for

Prin

t



4.1

What are the key issues at Callwick that drive a need for better IT governance? (Make use of the information on Callwick that is provided in the scenario.)

• ..

• ..

• ..

Why are frameworks useful? (Your own experience can be very useful here.)

• …

• …

Why do the board of directors and executive management have to be involved?

• …

• …

What organization structures do I need to put in place to get the right environment to move forward?

• …

• …

• …

ITprene

urs C

opyri

ght -

Not for

Prin

t

itpreneurs copyright - not for print

Documents