Enterprise Governance

Enterprise governance is a set of

responsibilities and practices exercised by the board and executive management with the goal of: Providing strategic direction Ensuring that objectives are achieved
www.itgi.org www.itgi.org

Ascertaining that risks are managed appropriately Verifying that the enterprises resources are used responsibly

RESOURCE MANAGEMENT

Leveraging IT Governance Principles for better Technology Management : By Abdulmajid Said : saidabdulmajid@gmail.com

Enterprise Governance Drives IT Governance

Enterprise governance is about:

Performance Improving profitability, efficiency, effectiveness, growth, etc. Conformance Adhering to legislation, internal policies, audit requirements, etc.

Performance

Conformance

Enterprise governance and IT governance require a balance between conformance and performance goals directed by the board.

IT Governance
IT governance is:
The responsibility of the board of directors and executive management An integral part of enterprise governance, consisting of the leadership, organisational structures and processes that ensure that the enterprises IT sustains and extends the organisations strategies and objectives
www.itgi.org www.itgi.org

2011
RESOURCE MANAGEMENT

95 % Doing something about it

5%

2005 2003

64 % Doing something about it

36 %

58 %

42 % Not doing something about it

Source: Surveys by PwC for the IT Governance Institute Sep-Oct 2003 and January 2011

Technology Governance Pillars

How RTA Aligns Technology Strategy with Business Strategy How Technology delivers benefits against RTA Strategy and Objectives

How RTA Measures Technology Performance inline with Strategic Objectives and Value proposition

How RTA embeds Risk Management into Technology Portfolios

RESOURCE MANAGEMENT

How RTA manages its critical Technology resources : (Technology, Applications, Infrastructure and People)

1-Sep-12

Governance Models

1. Centralized 2. Decentralized

3. Federated/Hybrid

1-Sep-12

The Need for IT Governance in RTA

Security Aligning IT with Business

Keeping IT Running Managing Complexity

Value/Cost

Regulatory Compliance

RTA required a structured approach for managing these and other challenges. This will ensure that there are agreed objectives for IT, good management controls in place and effective monitoring of performance to keep on track and avoid unexpected outcomes.

Using COBIT as an IT Governance Framework

The COBIT framework is based on the premise that IT needs to deliver the information that an enterprise requires to achieve its objectives.

for achieving

Business Objectives

i
Information provide IT Resources and Processes

to

Business Processes

The COBIT framework helps align IT with the business by focusing on business information requirements and organising IT resources. COBIT provides the framework and guidance to implement IT governance.

COBIT and Other IT Management Frameworks

Organisations will consider and use a variety of IT models, standards and best practices. These must be understood in order to consider how they can be used together, with COBIT acting as the consolidator (umbrella).
COSO

COBIT
ISO 27001/2 PMI WHAT ISO 9000 HOW

ITIL

SCOPE OF COVERAGE

A Brief on COBIT Framework

C O B I T FRAMEWO R K
BUSINESS OBJECTIVES AND GOVERNANCE OBJECTIVES

ME1 ME2 ME3 ME4

Monitor and evaluate IT performance. Monitor and evaluate internal control. Ensure compliance with external requirements. Provide IT governance.
MONITOR AND EVALUATE

INFORMATION & TECHNOLOGY

Efficiency Effectiveness Compliance Reliability PLAN AND ORGANISE Integrity Availability Confidentiality

PO1 PO2

DS1 DS2 DS3 DS4 DS5 DS6 DS7 DS8 DS9 DS10 DS11 DS12 DS13

Define and manage service levels. Manage third-party services. Manage performance and capacity. Ensure continuous service. Ensure systems security. Identify and allocate costs. Educate and train users. Manage service desk and incidents. Manage the configuration. Manage problems. Manage data. Manage the physical environment. Manage operations.

IT RESOURCES

Define a strategic IT plan. Define the information architecture. PO3 Determine technological direction. PO4 Define the IT processes, organisation and relationships. PO5 Manage the IT investment. PO6 Communicate management aims and direction. PO7 Manage IT human resources. PO8 Manage quality. PO9 Assess and manage IT risks. PO10 Manage projects.

Applications Information Infrastructure People DELIVER AND SUPPORT ACQUIRE AND IMPLEMENT

AI1 AI2 AI3 AI4 AI5 AI6 AI7

Identify automated solutions. Acquire and maintain application software. Acquire and maintain technology infrastructure. Enable operation and use. Procure IT resources. Manage changes. Install and accredit solutions and changes.

Acquiring and Implementation of Systems in RTA

Acquire and Implement (AI)

Objectives: Identifying, developing or acquiring, implementing, and integrating IT solutions

Changes in and maintenance of existing systems

Scope: Are new projects likely to deliver solutions that meet business needs? Are new projects likely to be delivered on time and within budget? Will the new systems work properly when implemented? Will changes be made without upsetting current business operations?

?
New Projects Organisation

Defining the major processes to be applied across RTA Business Entities

Acquire and Implement
Plan and Organise IT Processes Acquire and Implement

Deliver and Support

Monitor and Evaluate

AI1 Identify automated solutions. AI2 Acquire and maintain application software. AI3 Acquire and maintain technology infrastructure. AI4 Enable operation and use. AI5 Procure IT resources. AI6 Manage changes. AI7 Install and accredit solutions and changes.

We may apply Project Management Methodology i.e. PMI Standards for Project Governance by establishing a set of defined processes to guide project implementation. i.e. What kind of PMO is required What PM processes to be used Based on Projects Classification Criteria

Global Trends in Technology Governance

(Based on independent Global Survey by IT Governance Institute and PWC 2011)

Geographic representationA target of 21 countries was set, representing broad geographic coverage. Brazil, Russia, India and China (the BRIC countries) were included as important representatives of newly advanced economic growth. Number of respondentsA target of 730 participants was established, representing at least 20 participants per country. (Including fortune 500 Companies)

1-Sep-12

12

Global Trends in Technology Governance

(Based on independent Global Survey by IT Governance Institute and PWC 2011)

95 % of Companies surveyed have either implemented or are planning to implement Enterprise Technology Governance

1-Sep-12

13

Benefits of Technology Governance- Global Trends

(Based on independent Global Survey by IT Governance Institute and PWC 2011)

1-Sep-12

14

Global Trends in Technology Issues

Based on an independent Global Survey by IT Governance Institute and PWC 2011

1-Sep-12

15

THANK YOU

Prepared by : Abdulmajid Said CISA,CISM, CGEIT ,PMP ,CISSP ISACA member ID : : 341726

Statistics and Cobit Implementation information obtained @ ISACA and IT Governance Institute 1-Sep-12 16