SlideShare uma empresa Scribd logo

IT Governance for Nonprofits

Donny Shimamoto
Donny Shimamoto

A common misconception is that IT Governance is only for big enterprises. Cloud computing and the increasing pervasive use of technology in the workplace requires that smaller organizations take a more strategic and risk-aware approach to managing their technology and business information. Attend this session to learn how to apply IT governance principles and practices to smaller not-for-profit organizations to help develop your IT strategy, manage your IT risk, and enable better business decisions through information.

Negócios
1 de 41
Baixar para ler offline
IT Governance for (smaller) Nonprofits #12NTCITGov Donny C. Shimamoto, CPA/CITP, CGMA
Evaluate This Session! Each entry is a chance to win an NTEN engraved iPad! or Online at www.nten.org/ntc/eval IT Governance for Nonprofits #12NTCITGov
Speaker Biography Donny C. Shimamoto, CPA.CITP, CGMA • Donny is the founder of IntrapriseTechKnowlogies LLC, a CPA firm focused on organizational development and advisory services for the middle market. An active CPA, Certified Information Technology Professional (CITP), and Chartered Global Management Accountant (CGMA), Donny helps many organizations by bridging accounting and IT to strengthen organizational governance and risk management, improve business processes through IT, and increase the effectiveness of decision making through business intelligence. • Donny was recognized as one of 25 Top Thought Leaders in Public Accounting by CPA Practice Advisor in 2012, received the 2009-2010 President’s Award from the Hawaii Society of CPAs, was named to CPA Technology Advisor’s 40 Under 40 list in 2007 & 2009 and was also a Hawaii Top High Tech Leader in 2004. • In the nonprofit world, Donny works with community foundations, social service agencies, community centers, and membership associations. IntrapriseTechKnowlogies LLC Technologies and knowledge for synergizing your intraprise www.intraprisetechknowlogies.com | Hawaii | California
Audience Polls – Demographics • Organization Type/Size • Role in Organization – CPA Firm – Lead Executive – Small Nonprofit – CFO/Controller – Medium Nonprofit – CIO / IT Director – Large Nonprofit – Program Director/Manager – Government – Consultant or Auditor • Part of Organization Choose one from each set of options – Accounting/Finance that best matches how you view – Information Technology your organization and your role at – Programs work. – Consultant or Auditor
IT Governance for (smaller) Nonprofits • Why IT Governance is important for Nonprofits • IT Governance – Defined & Adapted for (smaller) Nonprofits • An IT Governance Framework for (smaller) Nonprofits – How do we align the business and IT? – How do we define and measure [IT] performance? – How do we manage [IT-related] change? – How do we organize [IT] decision rights? – IT Governance in Action – a practical example – What are the costs and benefits of improvement of IT governance? • Call to Action – IT Governance
Why IT Governance is Important • Myth: IT Governance is only for large companies • Effectively managed IT can provide small businesses with a competitive advantage, whereas ineffective management can impair the business as a whole. – ISACA Journal Online, 2009 Vol 4 – http://www.isaca.org/Journal/Past-Issues/2009/Volume- 4/Pages/JOnline-Small-Business-IT-Governance-Implementation.aspx • Nonprofits that use IT as part of their daily operations need IT governance: – To help maximize the benefits of their IT investment, and – Manage the risks that reliance upon IT introduces into their organizations.
Why IT Governance is Important • There are major forces driving the need for IT Governance in Nonprofits – Increased Compliance Requirements: Regulation, Privacy, PCI DSS – Evolving Security Threat Landscape: PCI DSS, EFT Fraud – Economic Unpredictability: IT Value Management – Organizational Agility: Business Continuity, Project Execution • By establishing a clear framework for IT-related decisions that balances benefits, cost, and risk, Nonprofits can ensure better alignment of their IT investments with their missions/business strategy and improve the overall efficiency, effectiveness, and agility of their business processes.
IT Governance – Definition • The IT Governance Institute (ITGI) definition: “the responsibility of executives and the board of directors and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategy and objectives.” Source: ITGI, 2003
IT Governance – Definition Corporate Governance Is part of .. IT Governance Subsumes IT Management Source: Roger Debreceny, Shidler Distinguished Professor of Accounting, University of Hawaii at Manoa, Nov 2010
IT Governance – Definition “the responsibility of executives and the board of directors and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategy and objectives.” Source: ITGI, 2003 • Responsibility: – Executives & Board of Directors • Elements: – Leadership – Organizational Structures – Processes • Objective: – Ensure IT sustains and extends the organization’s mission and strategy
IT Governance – Adapted Definition for Smaller Nonprofits • Definition adapted to smaller Nonprofits: IT Governance is the leadership, structures and processes that a nonprofit’s executives and board of directors put in place to ensure that their organization’s IT sustains and extends their business strategy and objectives in achieving its mission. • IT governance provides the framework to guide how IT-related decisions are made. This is especially important when there is someone who is making technology decisions on behalf of a nonprofit’s management.
IT Governance – Adapted Definition for Smaller Nonprofits Corporate Governance Is part of .. IT Governance binds/guides IT Management IT Service Providers IT Manager Adapted from: Debreceny, Nov 2010
IT Governance – Nonprofit Framework Establish a framework to Business Strategy structure and guide IT decision-making and how IT is alignment Compliance used as part of the organization IT Governance value delivery IT Strategy IT Projects IT Risk Management drives IT Infrastructure Source: IntrapriseTechKnowlogies LLC, 2011
IT Governance – Nonprofit Framework • Establish a framework to structure and guide: – IT decision-making; and – How IT is used as part of the business. • IT decision-making in Nonprofits – IT Manager – usually technically focused – IT Contractor – usually technically focused – Key weakness: narrow perspective & lack of business acumen • IT as part of the business – Increasing pervasiveness of IT supporting business processes – Increasing ease of access to data and applications – Increasing dependence on IT service providers – Key weakness: Lack of risk awareness and mature IT controls
IT Governance – Nonprofit Framework • Consider the following BIG QUESTIONS: – How do we align the mission/business strategy and IT? – How do we define and measure [IT] performance? – How do we manage [IT-related] change? – How do we organize [IT] decision rights? – What are the costs and benefits of improvement of IT governance? Source: Debreceny, Nov 2010 These questions help to ensure greater alignment of IT decision-making with the mission/business strategy, and clear performance and accountability for IT.
How do we align Programs and IT? • The corporate answer: – Strategy Council RACI defined: • Responsible – Business involvement in • Accountable • Strategy planning • Consulted • Program management • Informed • Project management – Clear RACI planning – Outward facing staff from IT to the Business Source: Debreceny, Nov 2010 • These can be overkill in a Nonprofit’s smaller, less complex environment, but the intent and purpose of some of these structures must still be considered—and sometimes reversed.
How do we align the Nonprofit and IT? • Corporate answer: • SMB Nonprofit answer: – Strategy Council – N/A – usually not necessary – Business involvement in – IT Advisor’s involvement in • Strategy planning • Strategic planning • Program management • Program management • Project management • Project management – Clear RACI planning – Clear RACI planning – Outward facing staff from IT – Close relationships between to the Business key IT service providers and business managers • Issues: (1) Business units and IT • Issues: (1) Programs operating with operating in separate silos; (2) IT an absence of IT expertise; (2) function may be centralized or Nonprofit is not highest priority of IT decentralized service provider.
How do we align the Nonprofit and IT? • Nonprofit considerations for programs/IT alignment: – What role does IT play in achieving the mission/business strategy? – Should IT be included in strategic planning? • Does my IT Manager or Service Provider understand my mission? Can they think strategically? • Do I need an independent/objective IT Advisor? – Are any of my programs/projects dependent upon IT? • How will the technology utilized impact my IT environment? • Is the technology utilized in accord with my IT strategy? – Is responsibility for mission/IT alignment clearly defined? • Who is accountable for achieving alignment? • What are the consequences if alignment is not achieved? – Is there clear communication between IT and programs?
How do we align the Nonprofit and IT? • Clear and open communication between Programs and IT is especially important for Nonprofits – Most nonprofit executives and boards don’t have a deep enough understanding of IT to adequately perform alignment • An IT Advisor may need to be engaged to help translate between the programs and IT and facilitate alignment – A majority of IT capabilities is usually outsourced and IT service providers are servicing multiple customers • The Nonprofit may not be a priority for the service provider • The IT service provider is an external party so requires additional effort to coordinate communication/activities – While the risk of a Nonprofit IT failure is usually lower, the impact of failure is often higher due to smaller economic resources to absorb the failure or re-perform the project • Failure could be a non-realization of expected benefits
How do we define and measure [IT] performance? • Part of defining responsibility and accountability is having a clear definition of performance – Availability – it’s available for use when I need it; “uptime” – Accessibility – it’s usable where I need to use it – Functionality – it provides the functionality I need • Accuracy – computations are performed correctly • Integrity – the integrity of my data/files is maintained • Usability – it is easy to use and intuitive • Responsiveness – actions are completed within a reasonable time / within the expected time – Security – data/files are kept secure (including addressing confidentiality and privacy) • Most nonprofit users don’t want to understand the technology, they just want it to work when they need it and as they expect it to
How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Availability – it’s available for use when I need it – During what times do systems need to be available? • What are the organization’s hours of operation? • Are there times when the organization doesn’t operate? • Are there times when certain business functions can be down? – What level of downtime is acceptable? • Remember that most systems need some kind of scheduled maintenance and backup window • Is the impact of downtime offset by the cost of additional availability measures? – Is a business continuity plan in place to mitigate the risk of downtime? Disaster recovery plan, in case of major outage?
How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Accessibility – it’s usable where I need to use it – Do I need access outside of the office? • Traditional solution: VPN • Cloud computing is increasing the accessibility of applications and data beyond the office network – Do users need offline access? (e.g. at client/constituent’s place) – Do users need access on mobile devices? – If client/constituent facing: • How are my clients/constituents accessing the system? • How do clients/constituents expect to access the system? – Are accessibility (security/confidentiality/privacy) risks appropriately mitigated?
How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Functionality – it provides the functionality I need – Accuracy – computations are performed correctly – Integrity – the integrity of my data/files is maintained – Usability – it is easy to use and intuitive – Responsiveness – actions are completed within a reasonable time / within the expected time • Most Nonprofits are used to working with these performance measures – These requirements should be defined and used as the basis for software/vendor selection. Since most Nonprofits are probably not doing custom development, it is important to find the best fit solution—and often it will not be a 100% solution.
How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Security – data/files are kept secure (including addressing confidentiality and privacy) – Are there regulatory or other compliance requirements associated with your data? – Have privacy controls been designed to address both technical and non-technical data/file risks? – If data is stored in the cloud or on a vendor’s systems: • What measures has the vendor taken to ensure security? • Is a Service Organization Controls report (SOC) or SSAE 16 report (if financial-related) available? • Have management controls been mapped to the SOC report and vendor control structure?
How do we define and measure [IT] performance? • Establish responsibility and accountability by clearly defining performance criteria for each application/system used by the business – Availability – it’s available for use when I need it; “uptime” – Accessibility – it’s usable where I need to use it – Functionality – it provides the functionality I need • Accuracy – computations are performed correctly • Integrity – the integrity of my data/files is maintained • Usability – it is easy to use and intuitive • Responsiveness – actions are completed within a reasonable time / within the expected time – Security – data/files are kept secure (including addressing confidentiality and privacy) • Define these in “business” not “technical” terms
How do we manage [IT-related] change? • To ensure that the full benefits of an IT-related initiative can be realized, remember to consider the impact of the change to: – The organization itself – Employees – Clients and Constituents – The organiation’s IT environment and risk posture • In Nonprofits, both executives/program management and IT service providers often forget that while simpler, the Nonprofit environment is also smaller. – A small change can sometimes have a much bigger impact. – A stone in a lake, can cause tidal waves in a puddle.
How do we manage [IT-related] change? • IT-related change can impact the organization and its employees and clients/constituents in many different ways – Changes to business processes and procedures – Different tools / application used to complete a task – Increased / decreased access to data / information • Common staff complaints about IT-related change – Nobody told us it was changing! – Yes, the technology is good, but the impact to our procedures wasn’t considered until the new technology was already here. – We didn’t receive any training for the new technology. – The data is organized differently from the old system. – The computations are performed differently from the old system. – I can’t get the same reports that I used to from the old system.
How do we manage [IT-related] change? • In addition to user-side impacts, consider the impact to the overall IT environment: – Have we increased our reliance upon a system—thereby increasing the potential impact of an availability issue? – Have we increased the accessibility of information? • Do we need to consider any additional mobile device risks? – Has the change in functionality impacted the efficiency, effectiveness, or agility of our business processes? – Does the change introduce any data-related risks? (e.g. privacy, confidentiality, security, backup, recoverability) • How do the changes impact the organization’s overall IT environment risk posture? – Is this an acceptable part of the business strategy? – Do we need to take any additional risk mitigation measures?
How do we manage [IT-related] change? • Every change has risks associated with it – Just because a change has risks, it doesn’t mean that you shouldn’t do it—work to manage risk, not eliminate it • Manage risk by evaluating the risk and taking the appropriate mitigation steps to minimize the negative impact of the change – Balance cost of mitigation with benefits of managing the impact • Sometimes not making a change is a risk in and of itself— consider the cost/impact of not changing – Lack of change and lead to stagnation • Remember to consider the people and process aspects of the change, not only the technology.
How do we organize [IT] decision rights? • There are usually two different approaches to IT decision-making by smaller Nonprofits 1. Minimal Involvement by executive or board • Just wants to know what it will cost and as long as reasonable (i.e. cost doesn’t seem excessive) then will approve • For the most part, decision authority rests with the IT manager or IT service provider 2. High Involvement by executive or board • Wants to understand everything that is being done • Will approve once it makes sense to them and they can validate the cost • Decision authority rests with the executive—IT Manager / IT Service Provider must “convince” the executive of necessity
How do we organize [IT] decision rights? • There are inherent flaws in both approaches 1. Minimal Involvement • Requires a high-level of trust in IT Manager/Service Provider • Requires a highly competent IT Manager/Service Provider • Usually a spend-based decision 2. High Involvement • Executive/Board usually lacks expertise to adequately evaluate options • Cost validation usually doesn’t involve apples-to-apples • Usually a spend-based decision • Both approaches often lack – Consideration of mission/business strategy – Consideration of IT-related business risks – Longer term cost management perspective
How do we organize [IT] decision rights? • The better approach is to identify business-focused parameters that provide a basis for decision-making – Strategic Alignment – IT Performance – IT Risk Management – Change Management – Cost Management • The Board of Directors should identify the key parameters that drive what is considered in evaluating options – IT Manager/Service Provider prepares an analysis of options based on the parameters – CEO/Executive Director is briefed on options based on parameters and recommendation from IT Manager/Service Provider – CEO/Executive Director makes final decision
IT Governance in Action a practical example • Consider the following scenario: A small nonprofit wants to enable its staff of 10 people to have access to their e-mail anytime, anywhere on their laptops and mobile devices • It is considering three solution options: 1. Microsoft Small Business Server (SBS) 2. Microsoft Office 365 3. Google Apps for Nonprofits The business currently uses POP e-mail boxes provided by its Internet Service Provider (ISP) and Microsoft Outlook 2007.
IT Governance in Action a practical example • How do we align the Nonprofit and IT? – Strategic imperative • Enable staff to spend more time with clients/constituents • Be more responsive to client/constituent requests • Business need = anytime, anywhere access across devices – Analysis of current ISP provided POP mail • Provides this at a basic level (e-mail can be accessed anywhere with an Internet connection) • Doesn’t allow for easy synchronization of data across devices — contacts and calendar entries must be entered separately on each device or synced via USB cable – All solutions considered enable synchronization across devices and provide anytime, anywhere access • All align at a high level with the mission/business strategy
IT Governance in Action a practical example • How do we define and measure IT performance? – System availability or “uptime” is a key metric • Clients/constituents are in multiple time zones • Staff has flexible work schedules, so some work at night too – Based on the answer to this question: • SBS is an on-premise solution and the cost of making it highly available would make the cost of SBS far exceed the other two – Office 365 and Google Apps become the two leading options • Google Apps provides a 99.9% uptime guarantee, including maintenance windows • Microsoft Office 365 provides a 99.9% uptime guarantee, excluding maintenance windows • Microsoft Office 365 actually has a lower actual uptime if you adjust it for the maintenance windows
IT Governance in Action a practical example • How do we manage IT-related change? – The organization’s staff is very competent, but they are not all particularly technology-savvy – Switching to a Google Apps solution • Potentially requires the staff to learn a new system • Gmail web interface/functionality very different from traditional POP web mail • Potential incompatibility with historical e-mail / archives – Switching to Microsoft Office 365 or SBS • Staff continue to use Outlook on their computers • Outlook Web Access (web mail) looks like Outlook – Mobile device e-mail functionality will depend on which kind of mobile device is used
IT Governance in Action a practical example • How do we organize IT decision rights? – While this question is really speaking more toward decision-making authority, in this example we can also interpret it as: • What are the criteria for choosing a solution? – Strategy = Google Apps for Nonprofits or Microsoft Office 365 – Uptime = Google Apps for Nonprofits – Change = Microsoft Office 365 – Cost & Cash Flow • Gmail is Free (<3000 users) vs Microsoft Office 365 is $48/user/year – Security / Compliance • Microsoft Office 365 has options that meet ISO 27001, FIPS 140-2, HIPAA, FERPA, ITAR
IT Governance in Action a practical example • What would you purchase? • Each organization’s situation is different – Different business strategies – Different key factors / considerations – Different staff competencies – Different technology platforms – Different IT Manager / service provider competencies – Different cost / cash-flow management situations • An IT Governance framework helps to ensure all of these differences are considered in making an IT decision
What are the costs and benefits of improvement of IT governance? • IT governance doesn’t have to cost a lot – It does involve some up-front time to answer the questions – It does require some heavy thinking to answer them “right” • IT governance helps ensure IT value – Manage the costs of non-compliance – Balance short-term savings with long term value – Manage indirect costs of change – Balance benefits, cost, and risk • IT governance enables strategic advantage – Better alignment of IT with missions/business strategy – Improve the efficiency, effectiveness, and agility of business processes
Call to Action – IT Governance • Nonprofit leaders must guide the decision-making and actions of their IT manager or IT service providers – Establish clear expectations and accountability for IT – Prevent a fragmented IT environment – Mitigate IT-related risks – Manage IT-related costs – Ensure alignment of IT with mission/business strategy • Proper governance of IT maximizes the benefits of your IT investments and helps you better achieve your mission
Thank you for your attention and participation! Donny C. Shimamoto, CPA.CITP, CGMA donny@intraprisetechknowlogies.com (808) 735-8324 voice IntrapriseTechKnowlogies LLC Technologies and knowledge for synergizing your intraprise www.intraprisetechknowlogies.com | Hawaii | California Any Questions?

Recomendados

Digital Türkiye 2030: Economic Impact and Policy Framework
Digital Türkiye 2030: Economic Impact and Policy FrameworkDigital Türkiye 2030: Economic Impact and Policy Framework
Digital Türkiye 2030: Economic Impact and Policy FrameworkPAL Policy Analytics Lab
 
CBAP Business analysis planning and monitoring
CBAP Business analysis planning and monitoringCBAP Business analysis planning and monitoring
CBAP Business analysis planning and monitoringLN Mishra CBAP
 
Using the COSMIC Method to Estimate Agile User Stories
Using the COSMIC Method to Estimate Agile User StoriesUsing the COSMIC Method to Estimate Agile User Stories
Using the COSMIC Method to Estimate Agile User StoriesLuigi Buglione
 
Competitive Intelligence
Competitive IntelligenceCompetitive Intelligence
Competitive IntelligenceElijah Ezendu
 
Role of System Analysis & Design
Role of System Analysis & DesignRole of System Analysis & Design
Role of System Analysis & Designuniversity of education,Lahore
 
Apqc business improvement
Apqc business improvementApqc business improvement
Apqc business improvementHaryo Utomo
 
Chapter 5 data resource management
Chapter 5 data resource managementChapter 5 data resource management
Chapter 5 data resource managementAdvance Saraswati Prakashan Pvt Ltd
 
AI & ML for Supply Chain Optimization
AI & ML for Supply Chain OptimizationAI & ML for Supply Chain Optimization
AI & ML for Supply Chain OptimizationShiSh Shridhar
 

Recomendados

Digital Türkiye 2030: Economic Impact and Policy Framework
Digital Türkiye 2030: Economic Impact and Policy FrameworkDigital Türkiye 2030: Economic Impact and Policy Framework
Digital Türkiye 2030: Economic Impact and Policy FrameworkPAL Policy Analytics Lab
 
CBAP Business analysis planning and monitoring
CBAP Business analysis planning and monitoringCBAP Business analysis planning and monitoring
CBAP Business analysis planning and monitoringLN Mishra CBAP
 
Using the COSMIC Method to Estimate Agile User Stories
Using the COSMIC Method to Estimate Agile User StoriesUsing the COSMIC Method to Estimate Agile User Stories
Using the COSMIC Method to Estimate Agile User StoriesLuigi Buglione
 
Competitive Intelligence
Competitive IntelligenceCompetitive Intelligence
Competitive IntelligenceElijah Ezendu
 
Role of System Analysis & Design
Role of System Analysis & DesignRole of System Analysis & Design
Role of System Analysis & Designuniversity of education,Lahore
 
Apqc business improvement
Apqc business improvementApqc business improvement
Apqc business improvementHaryo Utomo
 
Chapter 5 data resource management
Chapter 5 data resource managementChapter 5 data resource management
Chapter 5 data resource managementAdvance Saraswati Prakashan Pvt Ltd
 
AI & ML for Supply Chain Optimization
AI & ML for Supply Chain OptimizationAI & ML for Supply Chain Optimization
AI & ML for Supply Chain OptimizationShiSh Shridhar
 
Management Information Technology - Chapter 1
Management Information Technology - Chapter 1Management Information Technology - Chapter 1
Management Information Technology - Chapter 1Joel Briza
 
Timesaver ppt jk
Timesaver ppt jkTimesaver ppt jk
Timesaver ppt jkJussi Konkola
 
A History of Oracle Corporation
A History of Oracle CorporationA History of Oracle Corporation
A History of Oracle Corporationdsp
 
Intel SWOT Analysis
Intel SWOT AnalysisIntel SWOT Analysis
Intel SWOT AnalysisAnand Verma
 
Chapter 6 MIS
Chapter 6 MISChapter 6 MIS
Chapter 6 MISAmirul Shafiq Ahmad Zuperi
 
Mis ch01
Mis ch01Mis ch01
Mis ch01Mohammad Mushfiqul Haque Mukit
 
FREE ECBA v3 simulation Questions- set 1
FREE ECBA v3 simulation Questions- set 1FREE ECBA v3 simulation Questions- set 1
FREE ECBA v3 simulation Questions- set 1LN Mishra CBAP
 
BMW Group Co-Creation Lab
BMW Group Co-Creation LabBMW Group Co-Creation Lab
BMW Group Co-Creation LabVolker Bilgram
 
Fundamentals of Business Process Management: A Quick Introduction to Value-Dr...
Fundamentals of Business Process Management: A Quick Introduction to Value-Dr...Fundamentals of Business Process Management: A Quick Introduction to Value-Dr...
Fundamentals of Business Process Management: A Quick Introduction to Value-Dr...Marlon Dumas
 
Business process based analytics
Business process based analyticsBusiness process based analytics
Business process based analyticsKorea Advanced Institute of Science and Technology
 
Enterprise resource planning erp
Enterprise resource planning erpEnterprise resource planning erp
Enterprise resource planning erpgourav kottawar
 
Erp ppt
Erp pptErp ppt
Erp pptSONYGURI
 
Oracle ERP Introduction
Oracle ERP IntroductionOracle ERP Introduction
Oracle ERP IntroductionNitin Maheshwari
 
Information system in business functions unit iv
Information system in business functions unit ivInformation system in business functions unit iv
Information system in business functions unit ivlaiprabhakar
 
Management Information System [Kenneth Laudon]
Management Information System [Kenneth Laudon]Management Information System [Kenneth Laudon]
Management Information System [Kenneth Laudon]mmuser2014
 
Managing Quality and Productivity
Managing Quality and Productivity Managing Quality and Productivity
Managing Quality and Productivity Krishantha Jayasundara
 
Presentation sap
Presentation sapPresentation sap
Presentation sapAayushi Bhandari
 
The digital transformation of retail
The digital transformation of retailThe digital transformation of retail
The digital transformation of retailCloudera, Inc.
 
Requirements Engineering - Quality assurance
Requirements Engineering - Quality assuranceRequirements Engineering - Quality assurance
Requirements Engineering - Quality assuranceBirgit Penzenstadler
 
Introduction to ERP based Enterprise system
Introduction to ERP based Enterprise systemIntroduction to ERP based Enterprise system
Introduction to ERP based Enterprise systemVisualBee.com
 
CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxanthonywanjohi5
 
IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014ArmeniaFED
 

Mais conteúdo relacionado

Mais procurados

Management Information Technology - Chapter 1
Management Information Technology - Chapter 1Management Information Technology - Chapter 1
Management Information Technology - Chapter 1Joel Briza
 
A History of Oracle Corporation
A History of Oracle CorporationA History of Oracle Corporation
A History of Oracle Corporationdsp
 
Intel SWOT Analysis
Intel SWOT AnalysisIntel SWOT Analysis
Intel SWOT AnalysisAnand Verma
 
FREE ECBA v3 simulation Questions- set 1
FREE ECBA v3 simulation Questions- set 1FREE ECBA v3 simulation Questions- set 1
FREE ECBA v3 simulation Questions- set 1LN Mishra CBAP
 
BMW Group Co-Creation Lab
BMW Group Co-Creation LabBMW Group Co-Creation Lab
BMW Group Co-Creation LabVolker Bilgram
 
Fundamentals of Business Process Management: A Quick Introduction to Value-Dr...
Fundamentals of Business Process Management: A Quick Introduction to Value-Dr...Fundamentals of Business Process Management: A Quick Introduction to Value-Dr...
Fundamentals of Business Process Management: A Quick Introduction to Value-Dr...Marlon Dumas
 
Enterprise resource planning erp
Enterprise resource planning erpEnterprise resource planning erp
Enterprise resource planning erpgourav kottawar
 
Information system in business functions unit iv
Information system in business functions unit ivInformation system in business functions unit iv
Information system in business functions unit ivlaiprabhakar
 
Management Information System [Kenneth Laudon]
Management Information System [Kenneth Laudon]Management Information System [Kenneth Laudon]
Management Information System [Kenneth Laudon]mmuser2014
 
The digital transformation of retail
The digital transformation of retailThe digital transformation of retail
The digital transformation of retailCloudera, Inc.
 
Requirements Engineering - Quality assurance
Requirements Engineering - Quality assuranceRequirements Engineering - Quality assurance
Requirements Engineering - Quality assuranceBirgit Penzenstadler
 
Introduction to ERP based Enterprise system
Introduction to ERP based Enterprise systemIntroduction to ERP based Enterprise system
Introduction to ERP based Enterprise systemVisualBee.com
 

Mais procurados (20)

Management Information Technology - Chapter 1
Management Information Technology - Chapter 1Management Information Technology - Chapter 1
Management Information Technology - Chapter 1
 
Timesaver ppt jk
Timesaver ppt jkTimesaver ppt jk
Timesaver ppt jk
 
A History of Oracle Corporation
A History of Oracle CorporationA History of Oracle Corporation
A History of Oracle Corporation
 
Intel SWOT Analysis
Intel SWOT AnalysisIntel SWOT Analysis
Intel SWOT Analysis
 
Chapter 6 MIS
Chapter 6 MISChapter 6 MIS
Chapter 6 MIS
 
Mis ch01
Mis ch01Mis ch01
Mis ch01
 
FREE ECBA v3 simulation Questions- set 1
FREE ECBA v3 simulation Questions- set 1FREE ECBA v3 simulation Questions- set 1
FREE ECBA v3 simulation Questions- set 1
 
BMW Group Co-Creation Lab
BMW Group Co-Creation LabBMW Group Co-Creation Lab
BMW Group Co-Creation Lab
 
Fundamentals of Business Process Management: A Quick Introduction to Value-Dr...
Fundamentals of Business Process Management: A Quick Introduction to Value-Dr...Fundamentals of Business Process Management: A Quick Introduction to Value-Dr...
Fundamentals of Business Process Management: A Quick Introduction to Value-Dr...
 
Business process based analytics
Business process based analyticsBusiness process based analytics
Business process based analytics
 
Enterprise resource planning erp
Enterprise resource planning erpEnterprise resource planning erp
Enterprise resource planning erp
 
Erp ppt
Erp pptErp ppt
Erp ppt
 
Oracle ERP Introduction
Oracle ERP IntroductionOracle ERP Introduction
Oracle ERP Introduction
 
Information system in business functions unit iv
Information system in business functions unit ivInformation system in business functions unit iv
Information system in business functions unit iv
 
Management Information System [Kenneth Laudon]
Management Information System [Kenneth Laudon]Management Information System [Kenneth Laudon]
Management Information System [Kenneth Laudon]
 
Managing Quality and Productivity
Managing Quality and Productivity Managing Quality and Productivity
Managing Quality and Productivity
 
Presentation sap
Presentation sapPresentation sap
Presentation sap
 
The digital transformation of retail
The digital transformation of retailThe digital transformation of retail
The digital transformation of retail
 
Requirements Engineering - Quality assurance
Requirements Engineering - Quality assuranceRequirements Engineering - Quality assurance
Requirements Engineering - Quality assurance
 
Introduction to ERP based Enterprise system
Introduction to ERP based Enterprise systemIntroduction to ERP based Enterprise system
Introduction to ERP based Enterprise system
 

Semelhante a IT Governance for Nonprofits

CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxanthonywanjohi5
 
IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014ArmeniaFED
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training courseIman Baradari
 
High level service v2 slideshare
High level service v2 slideshare High level service v2 slideshare
High level service v2 slideshare phil1i
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCERudy Shoushany
 
Effective it leadership
Effective it leadershipEffective it leadership
Effective it leadershipVioleta Cohen
 
Effective It Leadership
Effective It LeadershipEffective It Leadership
Effective It LeadershipVioleta Cohen
 
Gaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptxGaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptxRobert Sheesley, CBA, CPHIMS
 
IT Governance.ppt
IT Governance.pptIT Governance.ppt
IT Governance.pptInsta13
 
White Paper: The Business Case for IT Governance in the Age of Digital Transf...
White Paper: The Business Case for IT Governance in the Age of Digital Transf...White Paper: The Business Case for IT Governance in the Age of Digital Transf...
White Paper: The Business Case for IT Governance in the Age of Digital Transf...SDI Presence LLC
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaEryk Budi Pratama
 
Journeys in it governance v2
Journeys in it governance v2Journeys in it governance v2
Journeys in it governance v2Ben Perry
 
Capital Planning And Investment Management And Control In Information Technology
Capital Planning And Investment Management And Control In Information TechnologyCapital Planning And Investment Management And Control In Information Technology
Capital Planning And Investment Management And Control In Information TechnologyAlan McSweeney
 
IT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersIT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersWalter Adamson
 
What Is It Governance 24812
What Is It Governance 24812What Is It Governance 24812
What Is It Governance 24812Amr Mustafa
 
IT Alignment Is Not Enough
IT Alignment Is Not EnoughIT Alignment Is Not Enough
IT Alignment Is Not EnoughBIJ MISHRA
 
Crafting Your Accounting Innovation Strategy
Crafting Your Accounting Innovation StrategyCrafting Your Accounting Innovation Strategy
Crafting Your Accounting Innovation StrategyAggregage
 
IT Governance Introduction
IT Governance IntroductionIT Governance Introduction
IT Governance IntroductionKeith Rackley
 

Semelhante a IT Governance for Nonprofits (20)

CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptx
 
IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training course
 
High level service v2 slideshare
High level service v2 slideshare High level service v2 slideshare
High level service v2 slideshare
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCE
 
Effective it leadership
Effective it leadershipEffective it leadership
Effective it leadership
 
Effective It Leadership
Effective It LeadershipEffective It Leadership
Effective It Leadership
 
Gaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptxGaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptx
 
IT Governance.ppt
IT Governance.pptIT Governance.ppt
IT Governance.ppt
 
White Paper: The Business Case for IT Governance in the Age of Digital Transf...
White Paper: The Business Case for IT Governance in the Age of Digital Transf...White Paper: The Business Case for IT Governance in the Age of Digital Transf...
White Paper: The Business Case for IT Governance in the Age of Digital Transf...
 
Business-IT Alignment
Business-IT AlignmentBusiness-IT Alignment
Business-IT Alignment
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL Indonesia
 
Journeys in it governance v2
Journeys in it governance v2Journeys in it governance v2
Journeys in it governance v2
 
Capital Planning And Investment Management And Control In Information Technology
Capital Planning And Investment Management And Control In Information TechnologyCapital Planning And Investment Management And Control In Information Technology
Capital Planning And Investment Management And Control In Information Technology
 
IT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersIT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business Managers
 
What Is It Governance 24812
What Is It Governance 24812What Is It Governance 24812
What Is It Governance 24812
 
What is-it-governance-24812
What is-it-governance-24812What is-it-governance-24812
What is-it-governance-24812
 
IT Alignment Is Not Enough
IT Alignment Is Not EnoughIT Alignment Is Not Enough
IT Alignment Is Not Enough
 
Crafting Your Accounting Innovation Strategy
Crafting Your Accounting Innovation StrategyCrafting Your Accounting Innovation Strategy
Crafting Your Accounting Innovation Strategy
 
IT Governance Introduction
IT Governance IntroductionIT Governance Introduction
IT Governance Introduction
 

Mais de Donny Shimamoto

Managing Information for Impact
Managing Information for ImpactManaging Information for Impact
Managing Information for ImpactDonny Shimamoto
 
Technology Strategy for Impact
Technology Strategy for ImpactTechnology Strategy for Impact
Technology Strategy for ImpactDonny Shimamoto
 
New Horizons for the Accountant v2.0
New Horizons for the Accountant v2.0New Horizons for the Accountant v2.0
New Horizons for the Accountant v2.0Donny Shimamoto
 
Business Ethics and the Accounting Department v1.1
Business Ethics and the Accounting Department v1.1Business Ethics and the Accounting Department v1.1
Business Ethics and the Accounting Department v1.1Donny Shimamoto
 
Planning Your Business Web Site
Planning Your Business Web SitePlanning Your Business Web Site
Planning Your Business Web SiteDonny Shimamoto
 
Ten Ways to Bring IT to the Leadership Table
Ten Ways to Bring IT to the Leadership TableTen Ways to Bring IT to the Leadership Table
Ten Ways to Bring IT to the Leadership TableDonny Shimamoto
 
IT Budgeting for Not-for-Profits
IT Budgeting for Not-for-ProfitsIT Budgeting for Not-for-Profits
IT Budgeting for Not-for-ProfitsDonny Shimamoto
 
Social Media Hands-On Workshop - Sept 2010
Social Media Hands-On Workshop - Sept 2010Social Media Hands-On Workshop - Sept 2010
Social Media Hands-On Workshop - Sept 2010Donny Shimamoto
 
Using Social Media to Support Business Objectives
Using Social Media to Support Business ObjectivesUsing Social Media to Support Business Objectives
Using Social Media to Support Business ObjectivesDonny Shimamoto
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyDonny Shimamoto
 

Mais de Donny Shimamoto (11)

Your Path to Innovation
Your Path to InnovationYour Path to Innovation
Your Path to Innovation
 
Managing Information for Impact
Managing Information for ImpactManaging Information for Impact
Managing Information for Impact
 
Technology Strategy for Impact
Technology Strategy for ImpactTechnology Strategy for Impact
Technology Strategy for Impact
 
New Horizons for the Accountant v2.0
New Horizons for the Accountant v2.0New Horizons for the Accountant v2.0
New Horizons for the Accountant v2.0
 
Business Ethics and the Accounting Department v1.1
Business Ethics and the Accounting Department v1.1Business Ethics and the Accounting Department v1.1
Business Ethics and the Accounting Department v1.1
 
Planning Your Business Web Site
Planning Your Business Web SitePlanning Your Business Web Site
Planning Your Business Web Site
 
Ten Ways to Bring IT to the Leadership Table
Ten Ways to Bring IT to the Leadership TableTen Ways to Bring IT to the Leadership Table
Ten Ways to Bring IT to the Leadership Table
 
IT Budgeting for Not-for-Profits
IT Budgeting for Not-for-ProfitsIT Budgeting for Not-for-Profits
IT Budgeting for Not-for-Profits
 
Social Media Hands-On Workshop - Sept 2010
Social Media Hands-On Workshop - Sept 2010Social Media Hands-On Workshop - Sept 2010
Social Media Hands-On Workshop - Sept 2010
 
Using Social Media to Support Business Objectives
Using Social Media to Support Business ObjectivesUsing Social Media to Support Business Objectives
Using Social Media to Support Business Objectives
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & Privacy
 

Último

Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfpollardmorgan
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfrichard876048
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckHajeJanKamps
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Servicecallgirls2057
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMintel Group
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...ShrutiBose4
 

Último (20)

Intro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdfIntro to BCG's Carbon Emissions Benchmark_vF.pdf
Intro to BCG's Carbon Emissions Benchmark_vF.pdf
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
Innovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdfInnovation Conference 5th March 2024.pdf
Innovation Conference 5th March 2024.pdf
 
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deckPitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
Pitch Deck Teardown: Geodesic.Life's $500k Pre-seed deck
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort ServiceCall US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
Call US-88OO1O2216 Call Girls In Mahipalpur Female Escort Service
 
Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)Japan IT Week 2024 Brochure by 47Billion (English)
Japan IT Week 2024 Brochure by 47Billion (English)
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Corporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information TechnologyCorporate Profile 47Billion Information Technology
Corporate Profile 47Billion Information Technology
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
Market Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 EditionMarket Sizes Sample Report - 2024 Edition
Market Sizes Sample Report - 2024 Edition
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
No-1 Call Girls In Goa 93193 VIP 73153 Escort service In North Goa Panaji, Ca...
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
Ms Motilal Padampat Sugar Mills vs. State of Uttar Pradesh & Ors. - A Milesto...
 

IT Governance for Nonprofits

  • 1. IT Governance for (smaller) Nonprofits #12NTCITGov Donny C. Shimamoto, CPA/CITP, CGMA
  • 2. Evaluate This Session! Each entry is a chance to win an NTEN engraved iPad! or Online at www.nten.org/ntc/eval IT Governance for Nonprofits #12NTCITGov
  • 3. Speaker Biography Donny C. Shimamoto, CPA.CITP, CGMA • Donny is the founder of IntrapriseTechKnowlogies LLC, a CPA firm focused on organizational development and advisory services for the middle market. An active CPA, Certified Information Technology Professional (CITP), and Chartered Global Management Accountant (CGMA), Donny helps many organizations by bridging accounting and IT to strengthen organizational governance and risk management, improve business processes through IT, and increase the effectiveness of decision making through business intelligence. • Donny was recognized as one of 25 Top Thought Leaders in Public Accounting by CPA Practice Advisor in 2012, received the 2009-2010 President’s Award from the Hawaii Society of CPAs, was named to CPA Technology Advisor’s 40 Under 40 list in 2007 & 2009 and was also a Hawaii Top High Tech Leader in 2004. • In the nonprofit world, Donny works with community foundations, social service agencies, community centers, and membership associations. IntrapriseTechKnowlogies LLC Technologies and knowledge for synergizing your intraprise www.intraprisetechknowlogies.com | Hawaii | California
  • 4. Audience Polls – Demographics • Organization Type/Size • Role in Organization – CPA Firm – Lead Executive – Small Nonprofit – CFO/Controller – Medium Nonprofit – CIO / IT Director – Large Nonprofit – Program Director/Manager – Government – Consultant or Auditor • Part of Organization Choose one from each set of options – Accounting/Finance that best matches how you view – Information Technology your organization and your role at – Programs work. – Consultant or Auditor
  • 5. IT Governance for (smaller) Nonprofits • Why IT Governance is important for Nonprofits • IT Governance – Defined & Adapted for (smaller) Nonprofits • An IT Governance Framework for (smaller) Nonprofits – How do we align the business and IT? – How do we define and measure [IT] performance? – How do we manage [IT-related] change? – How do we organize [IT] decision rights? – IT Governance in Action – a practical example – What are the costs and benefits of improvement of IT governance? • Call to Action – IT Governance
  • 6. Why IT Governance is Important • Myth: IT Governance is only for large companies • Effectively managed IT can provide small businesses with a competitive advantage, whereas ineffective management can impair the business as a whole. – ISACA Journal Online, 2009 Vol 4 – http://www.isaca.org/Journal/Past-Issues/2009/Volume- 4/Pages/JOnline-Small-Business-IT-Governance-Implementation.aspx • Nonprofits that use IT as part of their daily operations need IT governance: – To help maximize the benefits of their IT investment, and – Manage the risks that reliance upon IT introduces into their organizations.
  • 7. Why IT Governance is Important • There are major forces driving the need for IT Governance in Nonprofits – Increased Compliance Requirements: Regulation, Privacy, PCI DSS – Evolving Security Threat Landscape: PCI DSS, EFT Fraud – Economic Unpredictability: IT Value Management – Organizational Agility: Business Continuity, Project Execution • By establishing a clear framework for IT-related decisions that balances benefits, cost, and risk, Nonprofits can ensure better alignment of their IT investments with their missions/business strategy and improve the overall efficiency, effectiveness, and agility of their business processes.
  • 8. IT Governance – Definition • The IT Governance Institute (ITGI) definition: “the responsibility of executives and the board of directors and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategy and objectives.” Source: ITGI, 2003
  • 9. IT Governance – Definition Corporate Governance Is part of .. IT Governance Subsumes IT Management Source: Roger Debreceny, Shidler Distinguished Professor of Accounting, University of Hawaii at Manoa, Nov 2010
  • 10. IT Governance – Definition “the responsibility of executives and the board of directors and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategy and objectives.” Source: ITGI, 2003 • Responsibility: – Executives & Board of Directors • Elements: – Leadership – Organizational Structures – Processes • Objective: – Ensure IT sustains and extends the organization’s mission and strategy
  • 11. IT Governance – Adapted Definition for Smaller Nonprofits • Definition adapted to smaller Nonprofits: IT Governance is the leadership, structures and processes that a nonprofit’s executives and board of directors put in place to ensure that their organization’s IT sustains and extends their business strategy and objectives in achieving its mission. • IT governance provides the framework to guide how IT-related decisions are made. This is especially important when there is someone who is making technology decisions on behalf of a nonprofit’s management.
  • 12. IT Governance – Adapted Definition for Smaller Nonprofits Corporate Governance Is part of .. IT Governance binds/guides IT Management IT Service Providers IT Manager Adapted from: Debreceny, Nov 2010
  • 13. IT Governance – Nonprofit Framework Establish a framework to Business Strategy structure and guide IT decision-making and how IT is alignment Compliance used as part of the organization IT Governance value delivery IT Strategy IT Projects IT Risk Management drives IT Infrastructure Source: IntrapriseTechKnowlogies LLC, 2011
  • 14. IT Governance – Nonprofit Framework • Establish a framework to structure and guide: – IT decision-making; and – How IT is used as part of the business. • IT decision-making in Nonprofits – IT Manager – usually technically focused – IT Contractor – usually technically focused – Key weakness: narrow perspective & lack of business acumen • IT as part of the business – Increasing pervasiveness of IT supporting business processes – Increasing ease of access to data and applications – Increasing dependence on IT service providers – Key weakness: Lack of risk awareness and mature IT controls
  • 15. IT Governance – Nonprofit Framework • Consider the following BIG QUESTIONS: – How do we align the mission/business strategy and IT? – How do we define and measure [IT] performance? – How do we manage [IT-related] change? – How do we organize [IT] decision rights? – What are the costs and benefits of improvement of IT governance? Source: Debreceny, Nov 2010 These questions help to ensure greater alignment of IT decision-making with the mission/business strategy, and clear performance and accountability for IT.
  • 16. How do we align Programs and IT? • The corporate answer: – Strategy Council RACI defined: • Responsible – Business involvement in • Accountable • Strategy planning • Consulted • Program management • Informed • Project management – Clear RACI planning – Outward facing staff from IT to the Business Source: Debreceny, Nov 2010 • These can be overkill in a Nonprofit’s smaller, less complex environment, but the intent and purpose of some of these structures must still be considered—and sometimes reversed.
  • 17. How do we align the Nonprofit and IT? • Corporate answer: • SMB Nonprofit answer: – Strategy Council – N/A – usually not necessary – Business involvement in – IT Advisor’s involvement in • Strategy planning • Strategic planning • Program management • Program management • Project management • Project management – Clear RACI planning – Clear RACI planning – Outward facing staff from IT – Close relationships between to the Business key IT service providers and business managers • Issues: (1) Business units and IT • Issues: (1) Programs operating with operating in separate silos; (2) IT an absence of IT expertise; (2) function may be centralized or Nonprofit is not highest priority of IT decentralized service provider.
  • 18. How do we align the Nonprofit and IT? • Nonprofit considerations for programs/IT alignment: – What role does IT play in achieving the mission/business strategy? – Should IT be included in strategic planning? • Does my IT Manager or Service Provider understand my mission? Can they think strategically? • Do I need an independent/objective IT Advisor? – Are any of my programs/projects dependent upon IT? • How will the technology utilized impact my IT environment? • Is the technology utilized in accord with my IT strategy? – Is responsibility for mission/IT alignment clearly defined? • Who is accountable for achieving alignment? • What are the consequences if alignment is not achieved? – Is there clear communication between IT and programs?
  • 19. How do we align the Nonprofit and IT? • Clear and open communication between Programs and IT is especially important for Nonprofits – Most nonprofit executives and boards don’t have a deep enough understanding of IT to adequately perform alignment • An IT Advisor may need to be engaged to help translate between the programs and IT and facilitate alignment – A majority of IT capabilities is usually outsourced and IT service providers are servicing multiple customers • The Nonprofit may not be a priority for the service provider • The IT service provider is an external party so requires additional effort to coordinate communication/activities – While the risk of a Nonprofit IT failure is usually lower, the impact of failure is often higher due to smaller economic resources to absorb the failure or re-perform the project • Failure could be a non-realization of expected benefits
  • 20. How do we define and measure [IT] performance? • Part of defining responsibility and accountability is having a clear definition of performance – Availability – it’s available for use when I need it; “uptime” – Accessibility – it’s usable where I need to use it – Functionality – it provides the functionality I need • Accuracy – computations are performed correctly • Integrity – the integrity of my data/files is maintained • Usability – it is easy to use and intuitive • Responsiveness – actions are completed within a reasonable time / within the expected time – Security – data/files are kept secure (including addressing confidentiality and privacy) • Most nonprofit users don’t want to understand the technology, they just want it to work when they need it and as they expect it to
  • 21. How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Availability – it’s available for use when I need it – During what times do systems need to be available? • What are the organization’s hours of operation? • Are there times when the organization doesn’t operate? • Are there times when certain business functions can be down? – What level of downtime is acceptable? • Remember that most systems need some kind of scheduled maintenance and backup window • Is the impact of downtime offset by the cost of additional availability measures? – Is a business continuity plan in place to mitigate the risk of downtime? Disaster recovery plan, in case of major outage?
  • 22. How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Accessibility – it’s usable where I need to use it – Do I need access outside of the office? • Traditional solution: VPN • Cloud computing is increasing the accessibility of applications and data beyond the office network – Do users need offline access? (e.g. at client/constituent’s place) – Do users need access on mobile devices? – If client/constituent facing: • How are my clients/constituents accessing the system? • How do clients/constituents expect to access the system? – Are accessibility (security/confidentiality/privacy) risks appropriately mitigated?
  • 23. How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Functionality – it provides the functionality I need – Accuracy – computations are performed correctly – Integrity – the integrity of my data/files is maintained – Usability – it is easy to use and intuitive – Responsiveness – actions are completed within a reasonable time / within the expected time • Most Nonprofits are used to working with these performance measures – These requirements should be defined and used as the basis for software/vendor selection. Since most Nonprofits are probably not doing custom development, it is important to find the best fit solution—and often it will not be a 100% solution.
  • 24. How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Security – data/files are kept secure (including addressing confidentiality and privacy) – Are there regulatory or other compliance requirements associated with your data? – Have privacy controls been designed to address both technical and non-technical data/file risks? – If data is stored in the cloud or on a vendor’s systems: • What measures has the vendor taken to ensure security? • Is a Service Organization Controls report (SOC) or SSAE 16 report (if financial-related) available? • Have management controls been mapped to the SOC report and vendor control structure?
  • 25. How do we define and measure [IT] performance? • Establish responsibility and accountability by clearly defining performance criteria for each application/system used by the business – Availability – it’s available for use when I need it; “uptime” – Accessibility – it’s usable where I need to use it – Functionality – it provides the functionality I need • Accuracy – computations are performed correctly • Integrity – the integrity of my data/files is maintained • Usability – it is easy to use and intuitive • Responsiveness – actions are completed within a reasonable time / within the expected time – Security – data/files are kept secure (including addressing confidentiality and privacy) • Define these in “business” not “technical” terms
  • 26. How do we manage [IT-related] change? • To ensure that the full benefits of an IT-related initiative can be realized, remember to consider the impact of the change to: – The organization itself – Employees – Clients and Constituents – The organiation’s IT environment and risk posture • In Nonprofits, both executives/program management and IT service providers often forget that while simpler, the Nonprofit environment is also smaller. – A small change can sometimes have a much bigger impact. – A stone in a lake, can cause tidal waves in a puddle.
  • 27. How do we manage [IT-related] change? • IT-related change can impact the organization and its employees and clients/constituents in many different ways – Changes to business processes and procedures – Different tools / application used to complete a task – Increased / decreased access to data / information • Common staff complaints about IT-related change – Nobody told us it was changing! – Yes, the technology is good, but the impact to our procedures wasn’t considered until the new technology was already here. – We didn’t receive any training for the new technology. – The data is organized differently from the old system. – The computations are performed differently from the old system. – I can’t get the same reports that I used to from the old system.
  • 28. How do we manage [IT-related] change? • In addition to user-side impacts, consider the impact to the overall IT environment: – Have we increased our reliance upon a system—thereby increasing the potential impact of an availability issue? – Have we increased the accessibility of information? • Do we need to consider any additional mobile device risks? – Has the change in functionality impacted the efficiency, effectiveness, or agility of our business processes? – Does the change introduce any data-related risks? (e.g. privacy, confidentiality, security, backup, recoverability) • How do the changes impact the organization’s overall IT environment risk posture? – Is this an acceptable part of the business strategy? – Do we need to take any additional risk mitigation measures?
  • 29. How do we manage [IT-related] change? • Every change has risks associated with it – Just because a change has risks, it doesn’t mean that you shouldn’t do it—work to manage risk, not eliminate it • Manage risk by evaluating the risk and taking the appropriate mitigation steps to minimize the negative impact of the change – Balance cost of mitigation with benefits of managing the impact • Sometimes not making a change is a risk in and of itself— consider the cost/impact of not changing – Lack of change and lead to stagnation • Remember to consider the people and process aspects of the change, not only the technology.
  • 30. How do we organize [IT] decision rights? • There are usually two different approaches to IT decision-making by smaller Nonprofits 1. Minimal Involvement by executive or board • Just wants to know what it will cost and as long as reasonable (i.e. cost doesn’t seem excessive) then will approve • For the most part, decision authority rests with the IT manager or IT service provider 2. High Involvement by executive or board • Wants to understand everything that is being done • Will approve once it makes sense to them and they can validate the cost • Decision authority rests with the executive—IT Manager / IT Service Provider must “convince” the executive of necessity
  • 31. How do we organize [IT] decision rights? • There are inherent flaws in both approaches 1. Minimal Involvement • Requires a high-level of trust in IT Manager/Service Provider • Requires a highly competent IT Manager/Service Provider • Usually a spend-based decision 2. High Involvement • Executive/Board usually lacks expertise to adequately evaluate options • Cost validation usually doesn’t involve apples-to-apples • Usually a spend-based decision • Both approaches often lack – Consideration of mission/business strategy – Consideration of IT-related business risks – Longer term cost management perspective
  • 32. How do we organize [IT] decision rights? • The better approach is to identify business-focused parameters that provide a basis for decision-making – Strategic Alignment – IT Performance – IT Risk Management – Change Management – Cost Management • The Board of Directors should identify the key parameters that drive what is considered in evaluating options – IT Manager/Service Provider prepares an analysis of options based on the parameters – CEO/Executive Director is briefed on options based on parameters and recommendation from IT Manager/Service Provider – CEO/Executive Director makes final decision
  • 33. IT Governance in Action a practical example • Consider the following scenario: A small nonprofit wants to enable its staff of 10 people to have access to their e-mail anytime, anywhere on their laptops and mobile devices • It is considering three solution options: 1. Microsoft Small Business Server (SBS) 2. Microsoft Office 365 3. Google Apps for Nonprofits The business currently uses POP e-mail boxes provided by its Internet Service Provider (ISP) and Microsoft Outlook 2007.
  • 34. IT Governance in Action a practical example • How do we align the Nonprofit and IT? – Strategic imperative • Enable staff to spend more time with clients/constituents • Be more responsive to client/constituent requests • Business need = anytime, anywhere access across devices – Analysis of current ISP provided POP mail • Provides this at a basic level (e-mail can be accessed anywhere with an Internet connection) • Doesn’t allow for easy synchronization of data across devices — contacts and calendar entries must be entered separately on each device or synced via USB cable – All solutions considered enable synchronization across devices and provide anytime, anywhere access • All align at a high level with the mission/business strategy
  • 35. IT Governance in Action a practical example • How do we define and measure IT performance? – System availability or “uptime” is a key metric • Clients/constituents are in multiple time zones • Staff has flexible work schedules, so some work at night too – Based on the answer to this question: • SBS is an on-premise solution and the cost of making it highly available would make the cost of SBS far exceed the other two – Office 365 and Google Apps become the two leading options • Google Apps provides a 99.9% uptime guarantee, including maintenance windows • Microsoft Office 365 provides a 99.9% uptime guarantee, excluding maintenance windows • Microsoft Office 365 actually has a lower actual uptime if you adjust it for the maintenance windows
  • 36. IT Governance in Action a practical example • How do we manage IT-related change? – The organization’s staff is very competent, but they are not all particularly technology-savvy – Switching to a Google Apps solution • Potentially requires the staff to learn a new system • Gmail web interface/functionality very different from traditional POP web mail • Potential incompatibility with historical e-mail / archives – Switching to Microsoft Office 365 or SBS • Staff continue to use Outlook on their computers • Outlook Web Access (web mail) looks like Outlook – Mobile device e-mail functionality will depend on which kind of mobile device is used
  • 37. IT Governance in Action a practical example • How do we organize IT decision rights? – While this question is really speaking more toward decision-making authority, in this example we can also interpret it as: • What are the criteria for choosing a solution? – Strategy = Google Apps for Nonprofits or Microsoft Office 365 – Uptime = Google Apps for Nonprofits – Change = Microsoft Office 365 – Cost & Cash Flow • Gmail is Free (<3000 users) vs Microsoft Office 365 is $48/user/year – Security / Compliance • Microsoft Office 365 has options that meet ISO 27001, FIPS 140-2, HIPAA, FERPA, ITAR
  • 38. IT Governance in Action a practical example • What would you purchase? • Each organization’s situation is different – Different business strategies – Different key factors / considerations – Different staff competencies – Different technology platforms – Different IT Manager / service provider competencies – Different cost / cash-flow management situations • An IT Governance framework helps to ensure all of these differences are considered in making an IT decision
  • 39. What are the costs and benefits of improvement of IT governance? • IT governance doesn’t have to cost a lot – It does involve some up-front time to answer the questions – It does require some heavy thinking to answer them “right” • IT governance helps ensure IT value – Manage the costs of non-compliance – Balance short-term savings with long term value – Manage indirect costs of change – Balance benefits, cost, and risk • IT governance enables strategic advantage – Better alignment of IT with missions/business strategy – Improve the efficiency, effectiveness, and agility of business processes
  • 40. Call to Action – IT Governance • Nonprofit leaders must guide the decision-making and actions of their IT manager or IT service providers – Establish clear expectations and accountability for IT – Prevent a fragmented IT environment – Mitigate IT-related risks – Manage IT-related costs – Ensure alignment of IT with mission/business strategy • Proper governance of IT maximizes the benefits of your IT investments and helps you better achieve your mission
  • 41. Thank you for your attention and participation! Donny C. Shimamoto, CPA.CITP, CGMA donny@intraprisetechknowlogies.com (808) 735-8324 voice IntrapriseTechKnowlogies LLC Technologies and knowledge for synergizing your intraprise www.intraprisetechknowlogies.com | Hawaii | California Any Questions?