Académique Documents
Professionnel Documents
Culture Documents
Chapter 5
Corporate
and IT
Governance
Information Technology for Managers
George W. Reynolds
Strayer University
Copyright ©2016 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly
accessible website, in whole or in part.
Objectives
• What is IT governance and what are the key
elements of an IT effective governance process?
• How can an effective IT governance program
improve the likelihood of organizational success?
Guide to Microsoft
Copyright ©2016 Virtual
Cengage Learning. All PCMay
Rights Reserved. 2005 and Virtual
not be scanned, copied or duplicated, or posted to a publicly 3
accessible website, in whole or in part.
Corporate Governance
• Processes, customs, rules, procedures, policies,
and traditions
– Determine how to direct and control management
activities
• Key players
– Board of directors, CEO, senior executives, and
shareholders
• Framework that ensures IT decisions are based on
goals and objectives
• Includes defining:
• Decisionmaking process
• Who makes the decisions
• Who is held accountable for results
• How the results of decisions are communicated,
measured, and monitored
• Requires use of good internal controls and
management accountability
• SarbanesOxley Act
– Holds senior management accountable for the
integrity of organization’s financial data and internal
controls
• Internal control
– Fundamental concept involves separation of duties
– Affected by improper conduct of senior managers
and failure to hold the managers accountable
– Offers reasonable assurance for:
• Effectiveness and efficiency of operations
• Reliability of financial reporting
• Compliance with applicable laws and regulations
Guide to Microsoft
Copyright ©2016 Virtual
Cengage Learning. All PCMay
Rights Reserved. 2005 and Virtual
not be scanned, copied or duplicated, or posted to a publicly 14
accessible website, in whole or in part.
Importance of IT Governance for
Managers
• Universal goal for businesses
– Leveraging IT to transform an enterprise and create
valueadded services, increased revenue, and
decreased expenses
• Effective IT governance:
– Aligns and integrates the IT organization with the
business
– Reduces risks and costs
– Helps the company gain a business advantage
Guide to Microsoft
Copyright ©2016 Virtual
Cengage Learning. All PCMay
Rights Reserved. 2005 and Virtual
not be scanned, copied or duplicated, or posted to a publicly 16
accessible website, in whole or in part.
IT Infrastructure Library (ITIL)
• Set of guidelines initially formulated by the UK
government
• Used to standardize, integrate, and manage IT
service delivery
• Provides a proven and practical framework to plan
and deliver IT operational services
• Organized around a fivephase service life cycle
• Levels of training and certification
– Foundation, practitioners, and managers
Guide to Microsoft
Copyright ©2016 Virtual
Cengage Learning. All PCMay
Rights Reserved. 2005 and Virtual
not be scanned, copied or duplicated, or posted to a publicly 25
accessible website, in whole or in part.
Business Continuity Planning
• Defines the people and procedures required to
ensure timely and orderly resumption of an
organization’s processes with minimal interruption
• International Standards Organizational
standard ISO 22301:2012
– Specifies requirements to plan, establish, implement,
operate, monitor, review, maintain, and continually
improve a documented management system
• Due diligence: Effort made by an ordinarily
prudent or reasonable party to avoid harm to
another party
– Failure to make the effort is considered negligence
• Component of the business continuity plan
• Defines the process to recover business
information system assets, in the event of a
disaster
• Focuses on technology recovery
• Identifies the people or teams responsible for
taking action in the event of a disaster
• IT governance is a framework
– Ensures information technology decisions are made,
taking into consideration the goals and objectives of
the business
• IT governance is the responsibility of executive
management
• Five central themes of IT governance
• Use frameworks as a basis to develop their own
governance model
– ITIL and COBIT are best known frameworks
• Business continuity plan, people, and procedures
are required to ensure timely and orderly retrieval
of data in case of a disaster