2. Opening Questions and Agenda
• What do you mean by Governance?
• What do you mean by Management?
• What is the difference between Governance and Management?
• What is IT Governance?
• What is Information Security Governance?
From here, we will imply the meaning of Governance in “corporate context” only.
3. Governance
Governance is the system by which an organization is directed
and controlled.
It consists of a set of responsibilities that give strategic
guidance to management to run the organization smoothly.
4. Governance and the “Board”
A Board comprises of typically Directors, management representative (CEO), major
shareholders and other stakeholders. Collectively they constitute Board of Directors.
The Board of Directors is the legal representative of the Governance of the organization.
The Board extends the accountability of all people who are directly involved in “business”.
Information
Security
Corporate Governance
Governance
IT Governance
6. Board Functions
Company
Vision
Company Risk
Values Mitigation
Functions
Protect
of the Optimum
Shareholder
Confidence Board Resource
Utilization
Adhere to Design
compliance Policies and
mandates Procedures
8. Responsibility Governance Management
Sets policy in areas of financial Develops procedures that match board
management, conflict of policy; implementation of the boards’
Policies and interests; reviews procedures, policies on a daily basis
Procedures recommends updates and
changes as needed; monitors
organization’s compliance
Develops and implements a Arranges logistics for planning
board planning process, processes; writes objectives; develops
defines organization’s vision; work plans, timelines; implements work
Planning
develops mission statement; plans; makes progress reports and
sets goals; reviews and submits to Board
approves objectives
Ensures efficient financial Develops and implements financial
policies and procedures and in management procedures as decided by
accordance with the law Board; develops budgets; performs
meeting the requirements of financial management tasks ; submits
Finance
funders; revises and approves regular financial reports to the board;
budgets; reviews financial provides information to the auditor;
reports; selects auditor and submits required reports to funders
reviews audit;
9. Responsibility Governance Management
Prepares agenda for meetings Assists with development of agendas for
of the directors; decides what meetings of the directors; suggest
Board committees are needed to committees or committee members to
Operations accomplish its work; monitors board; sets up meetings, prepares
and evaluates work of meeting minutes
committees
Hires, fires and evaluates the Hires, fires and evaluates the employees.
chief executives. Determine Determines salaries of lower
Personnel salaries of senior level management and employees
management, prepares
succession plan
Develops strategies to acquire Assists with the development of
Resource resources needed to pursue strategies; implements resource
Development organization’s missions and strategies assigned by the Board
objectives
Evaluates chief executive and Evaluates staff; provides directors with
the match between the information they need to evaluate match
Evaluation organization’s vision and between the organization’s vision and
mission and its activities and mission and its accomplishments;
accomplishments; conducts project evaluation
10. IT Governance Corporate Governance
It is a subset of corporate Governance which
addresses issues on how IT is applied across the IT
organization. Governance
IT Governance governs IT assets and resources. That
way, a better understanding of Total Cost of
Ownership (TCO) is achieved for IT assets.
Helps to align IT objectives with business objectives producing significant business value
which is measurable and quantifiable.
It is directly used by Directors on behalf of stakeholders who expect a return on their
investment.
Associated Framework(s)
• Control Objectives for Information and Related Technology (COBIT),
• ISO/IEC 38500: IT Governance
11. How IT Governance is different from IT Management ?
IT Governance IT Management
Directly used by the board members Acts as an execution body which
or directors who function on behalf functions as per the directions and
of stakeholders/shareholders who goals set forward by the board.
have invested their money in the
organization
Makes sure that IT objectives are Involved in implementation such as
aligned with the business objectives budgeting, staffing, organizing and
producing measurable business controlling IT operations and assets. It
value essential for the growth of the is also involved in other aspects such as
organization. change management, software design,
network planning, tech support etc.
Brings in accountability within the Focuses on managing IT assets in
enterprise due to the shared accordance with business needs and
responsibility of both the directors priorities.
and shareholders
12. Information Security Corporate Governance
Governance (ISG) Information Security
It is a subset of corporate Governance which Governance (ISG)
addresses issues on how Information Security is
implemented across the organization.
ISG works in close tandem with IT Governance as well as the Organizational Risk
Management function; it provides effective controls for any leakage of confidential
information from the organization. It keeps businesses engaged in rapidly evolving
technological areas
ISG ensures service continuity and availability. By engaging in regular risk assessments
it provides information about the risk appetite of the organization.
It helps the board to take informed decisions before venturing into investments for
new business areas.
ISG provides a peace of mind to stakeholders and shareholders that their investments
are in "safe" state.
13. Implementing good IS Governance
• Is your IS Governance delivering value?
• Is your IS Governance well planned?
• Is your IS Governance well managed and measurable?
• Is your IS Governance able to properly manage and mitigate risk?