Everand Logo

Welcome to Everand!

  • Discover millions of ebooks, audiobooks, and so much more with a free trial

    Only $11.99/month after trial. Cancel anytime.

    IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT
    IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT
    IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT
    Ebook308 pages2 hours

    IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT

    By Alan Calder

    4.5/5

    ()

    Read preview

    About this ebook

    Implementing Frameworks and Standards for the Corporate Governance of IT sets out for managers, executives and IT professionals the practical steps necessary to meet today’s corporate and IT governance requirements.

    It provides practical guidance on how board executives and IT professionals can navigate, integrate and deploy to best corporate and commercial advantage the most widely used of today’s IT management and IT governance frameworks and standards from around the world. 

    LanguageEnglish
    Publisheritgovernance
    Release dateMar 13, 2009
    ISBN9781849281287
    IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT
    Author

    Alan Calder

    Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.

    Read more from Alan Calder

    Related to IT Governance

    Related ebooks

    Business For You

    View More
    View More

    Related podcast episodes

    Related articles

    • Article

      Cyber Security IS A SHARED RESPONSIBILITY AT THE C-LEVEL

      Sep 21, 2016

      Data breaches can have far-reaching repercussions; protecting against them is a companywide mandate

      2 min read

    • Article

      Managing the Risks of Digital Lending

      Feb 18, 2022

      TECHNOLOGY HAS BEEN the crux of the Indian banking system and the advent of Covid-19 has fuelled the shift of business models from ‘physical’ to ‘digital’. The journey of innovation, which started with internet banking and digital means of payments,

      6 min read

    • Article

      Creating And Leading A Future Ready Enterprise

      Apr 3, 2019

      As we head deeper into the year ahead, we strive to highlight the essential strategies and latest research studies that will enlighten and equip companies and their leaders to keep abreast with the advancements and stay ahead of the curve amongst dis

      2 min read

    • Article

      Stay Ahead in Turbulent Times

      Aug 2, 2019

      How do you stay ahead of your competition is a question we strive to answer in each edition of The European Business Review. In today’s fast-changing and hyper-competitive digital age, this question becomes more important than ever before. With the e

      2 min read

    • Article

      The Million Dollar Question

      May 22, 2018

      More than a decade ago, the metaphor “data is the new oil” shook the world and left organisations scrambling for ways on how they could translate it into tangible value for their business. While others already reaped and are reaping the benefits emer

      2 min read

    • Article

      IBM Boss: Big Companies Were Not Prepared For The Pandemic

      Sep 4, 2020

      Sreeram Visvanathan is the new chief executive of IBM UK and Ireland. The 53 year-old is from Bangalore in India and previously led IBM’s global Public Sector team. In the middle of London Tech Week, he talked to the Evening Standard about the future

      4 min read

    • Article

      How Do You Know You Are Okay?

      May 27, 2019

      How Do You Know You Are Okay?
      2 min read

    • Article

      LEADING AND INNOVATING With A Truly Global Mindset

      Jan 31, 2020

      At the beginning of the new decade, it is an opportune time to refresh our perspectives and create long term visions and goals that can take our organisations and career to the new height. With this aim, in the first issue of 2020, we present to you

      2 min read

    • Article

      Digital Trust Is On The Horizon

      Mar 1, 2022

      Digital Trust Is On The Horizon
      11 min read

    • Article

      The Innovation Revolution

      Jun 26, 2019

      The Innovation Revolution
      1 min read

    • Article

      Arnab PANDEY

      Apr 1, 2021

      Arnab PANDEY
      11 min read

    • Article

      No Business As Usual; The Game Has Changed

      Jan 21, 2021

      Among the few books that are interesting and inspirational, Alfred Sloan’s My Years with General Motors lays out his brilliant managerial practices and provides insights into the new consumer economy that he and General Motors created over half a cen

      4 min read

    Related categories

    Reviews for IT Governance

    4.5/5

    3 ratings0 reviews

    What did you think?

    Tap to rate

    Review must be at least 10 words

      Book preview

      IT Governance - Alan Calder

      978-1-849281-28-7

      FOREWORD

      Corporate governance increasingly provides the context within which twenty-first century organisations have to assess and deal with their investments in, and risks to, their corporate information assets and the Information and Communications Technology (ICT, or just IT) infrastructure within which those information assets are collected, manipulated, stored and deployed. But what is corporate governance, and why is it important to the IT professional? Why is IT governance important to the company director, and what do directors of companies— #8212;both quoted and unquoted—need to know?

      This book aims to do two things.

      The first is to set out for managers, executives and IT professionals the practical steps necessary to meet today’s corporate and IT governance requirements.

      The second is to provide practical guidance on how board executives and IT professionals can navigate and deploy to best corporate and commercial advantage the numerous IT management and IT governance frameworks and standards —#8212;particularly ISO/IEC 38500—that have been published over the course of the last 10 years. Each of these standards and frameworks has a potentially valuable role to play in the organisation; the challenge lies in integrating them so that each can deliver what it was designed to do, and do this within the context of an overarching framework (a ‘super framework’, or ‘meta-framework’) that enables each organisation to design IT governance to meet its own needs. The Calder-Moir Framework (which is freely available to download from www.itgovernance.co.uk/calder_moir.aspx) was developed specifically to help organisations manage and govern their IT operations more effectively, and to coordinate the sometimes wide range of overlapping and competing frameworks and standards. It also specifically supports implementation of ISO/IEC 38500, the new international standard for best practice IT governance.

      PREFACE

      This book assembles, restructures and stitches together a number of Alan Calder’s recent articles on aspects of IT governance and is designed to provide a current guide to this subject. It also introduces and contextualises the Calder-Moir Framework, a meta-model for IT governance. This book provides an overview of this framework and some perspectives on its implementation.

      This book should be read alongside Alan’s two other books on this subject: IT Governance: Guidelines for Directors¹ and IT Governance Today: a Practitioner’s Handbook² . Both of these books are available from www.itgovernance.co.uk.

      This book also serves as an effective introduction to the contents of the IT Governance Framework Toolkit³ and, along with the two books mentioned above, provides a comprehensive toolset for the IT governance professional.

      ¹ Alan Calder, IT Governance: Guidelines for Directors (ITGP, 2005). See www.itgovernance.co.uk/products/19 .

      ² Alan Calder, IT Governance Today: a Practitioner’s Handbook (ITGP, 2005). See www.itgovernance.co.uk/products/18 .

      ³ www.itgovernance.co.uk/products/519.

      ABOUT THE AUTHOR

      Alan Calder is a leading author on information security and IT governance issues. He is Chief Executive of IT Governance Limited, the one-stop-shop for books, tools, training and consultancy on governance, risk management and compliance. He is also Chairman of the Board of Directors of CEME, a public-private sector skills partnership.

      Alan is an international authority on IT Governance and, with Steve Moir, originated the innovative Calder-Moir IT Governance Framework. He is also an international expert on ISO27001 (formerly BS7799), the international security standard, about which he wrote with colleague Steve Watkins the definitive compliance guide, IT Governance: A Manager’s Guide to Data Security and BS7799/ISO17799. This work is based on his experience of leading the world’s first successful implementation of BS7799 (with the fourth edition published in May 2008) and is the basis for the UK Open University’s postgraduate course on information security.

      Other books written by Alan include The Case for ISO27001, ISO27001—Nine Steps to Success, IT Governance: Guidelines for Directors, IT Governance Today: a Practitioner’s Handbook and IT Regulatory Compliance in the UK.

      Alan is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.

      Alan was previously CEO of Wide Learning, a supplier of e-learning; of Focus Central London, a training and enterprise council; and of Business Link London City Partners, a government agency focused on helping growing businesses to develop. He was a member of the Information Age Competitiveness Working Group of the UK Government’s Department for Trade and Industry, and was until recently a member of the DNV Certification Services Certification Committee, which certifies compliance with international standards including ISO27001.

      ACKNOWLEDGEMENTS

      While this book was written by Alan Calder, elements of it (including almost all the graphical representations) were contributed by Steve Moir who, with Alan Calder, originated the Calder-Moir IT Governance Framework. Steve Moir created the IT Governance Framework Toolkit, which provides significant and extensive support to organisations implementing IT governance using the Calder-Moir Framework and ISO38500. Some of Alan’s material has also appeared elsewhere, albeit in a slightly different form.

      CONTENTS

      INTRODUCTION: CORPORATE GOVERNANCE CONTEXT

      Corporate governance is a daily newspaper subject and, to one extent or another, all company directors—and the directors of public sector and quasi-autonomous governmental organisations (known in the UK as ‘quangos’)—want to know what corporate governance really means for them. What is good corporate governance practice? To whom does the UK’s Combined Code really apply? Is SOX⁴ important outside the US? Should the directors of privately owned companies pay the same attention to corporate governance as those that are listed on public exchanges?

      In the twenty-first century, corporate governance has become critical for all medium-sized and large organisations. Those without a governance strategy face significant risks; those with one perform measurably better:

      Corporations work within a governance framework which is set first by the law and then by regulations emanating from the regulatory bodies to which they are subject. In addition, publicly quoted companies are subject to their shareholders in general meeting and all companies to the forces of public opinion.

      Background

      The ‘greed is good’ business philosophy of the 1980s and 1990s seemed to give way, at the end of the twentieth

      ⁴ The US Sarbanes-Oxley Act of 2002.

      ⁵ Sir Adrian Cadbury, ‘The future for Governance: the Rules of the Game’ in Journal of General Management, Vol. 24, No. 1, Autumn 1998, pp. 1–14.

      century, to a ‘looting is good’ approach. Catastrophic financial failure is, of course, a characteristic of the business cycle and it is not uncommon for a downturn in the cycle to expose organisations that have been playing fast and loose with their shareholders’ funds. Warren Buffet has long talked about how a receding economic tide exposes those who have been swimming without any clothes on. Looting has happened before: BICC and Maxwell Communications in the UK are good examples. Corporate collapse, originating in a failure of internal control, has happened before: Baring, again in the UK, is one instance.

      The spate of collapses and financial failures at the end of the Internet bubble, though, suggested a systemic weakness, and one whose increasingly worldwide implications had a significant, negative knock-on effect on already problematic pension funds and pensioner assets. Enron, Worldcom, Marconi, Parmalat and many other corporate disasters could be described as the storm damage of unbridled executive authority.

      Governments, already grappling with the challenge of funding the pensions of an inexorably greying population bulge, and unwilling to afford further wanton asset destruction, started applying themselves to rooting out corporate misbehaviour. They did this through a combination of overt regulatory action, and slightly more covert pressure on institutional investors to stand up for their rights as shareholders and exercise more determinedly their de facto responsibility to insist on proper governance from those organisations in which they were invested.

      The concept of governance is a simple one: it ‘is the system by which business corporations are directed and controlled’⁶. The ‘holy trinity’ of good corporate governance has long been seen as shareholder rights, transparency and board accountability.

      The global economy recovered rapidly from the slump that followed the bursting of the Internet bubble. It turns out, though, that this recovery was fuelled to an unsustainable extent by a toxic combination of leverage and incomprehensible financial instruments. The financial crash of 2008 and its subsequent recession arose from significant governance, regulatory and risk-management failures in the financial sector, globally. Well-governed corporations are surviving the economic fall-out and their governance of IT plays a significant role in how effectively they compete to survive.

      Governance

      While corporate governance appears overtly concerned with board structure, executive compensation and shareholder reporting, the underlying assumption is that the board of the corporation is responsible for how the business is managed and for controlling the risks to the organisation’s assets and trading future. Across the OECD⁷, institutions, investors, regulatory bodies and governments have converged around a common understanding of corporate governance⁸ and, in the developing world, corporate governance is increasingly seen as a basic ‘cost of entry’ into the global capital

      OECD Principles of Corporate Governance, 1999.

      ⁷ The Organisation for Economic Co-operation and Development, an international agency which endeavours to do exactly what its title suggests.

      ⁸ See IT Governance: Guidelines for Directors, Alan Calder (IT Governance Publishing, 2005).

      markets. The economic turmoil that began in 2008 has increased the importance of governance; well-governed organisations are able to survive and, in the battle of limited investor funds, have a significant competitive advantage.

      The term ‘Corporate Governance’ first gained prominence when it was used by Robert Tricker⁹. He described corporate governance as being ‘concerned with the way corporate entities are governed, as distinct from the way businesses within

      Enjoying the preview?
      Page 1 of 1