SlideShare a Scribd company logo

IT_Governance iia uganda_presentation_ruyooka_2011

Download as PPT, PDF
Ambrose Ruyooka,PMP,CGEIT, CRISC
Ambrose Ruyooka,PMP,CGEIT, CRISC

Issues in Information Technology (IT) Governance for Internal Auditors. Presented at the IIA Uganda National Conference, 2011

TechnologyBusinessEconomy & Finance
1 of 23
“Issues in IT Governance for Internal Auditors” By: Ambrose Ruyooka, PMP® Ag. Commissioner for Information Technology, Ministry of Information and Communications Technology (ICT), Uganda. 14th April 2011, Kampala ambrose.ruyooka@gmail.com 11 IIA Uganda National Conference 2011
IntroductionIntroduction  [Governance] The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives. 22
IntroductionIntroduction  Corporate Governance “Corporate Governance is the system by which business corporations are directed and controlled. Specifies the distribution of rights and responsibilities among different participants (e.g. Board, management, shareholders, stakeholders) and spells out the rules and procedures for making decisions on corporate affairs.” (OCED) 33
IT Governance introductionIT Governance introduction  IT GovernanceIT Governance Discipline of corporate Governance Focus is on IT systems performance and risk management  IT GovernanceIT Governance “System by which IT within enterprises is directed and controlled. IT governance structure specifies the distribution of rights and responsibilities among participants (e.g. Board, business, IT managers) and spells out the rules and procedures for making decisions on IT” (ITSMF) 44
IT Governance DefinedIT Governance Defined  IIA International Professional Practices Framework: [IT Governance] Consists of the leadership, organizational structures and processes that ensure that the enterprise’s information technology sustains and extends the organization’s strategies and objectives. 55
IT Governance Defined…IT Governance Defined…  IT Governance Institute (ITGI):  [IT Governance] is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives. 66
Definitions ctd..Definitions ctd..  According to CobiT. 4.1 framework:  IT Governance is the responsibility of executives and the board of directors, and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategies and objectives. 77
More concepts…More concepts…  [IT Controls] Controls that support business management and governance as well as provide general and technical controls over information technology infrastructures such as applications, information, infrastructure, and people. 88
Motivation for IT GovernanceMotivation for IT Governance  The rising global interest in IT governance is largely due to compliance initiatives.  The recent Legal, Regulatory advancements by Government of Uganda:  Enactment of “Cyber Laws”(The Electronic Transactions law, The Electronic Signatures law and Computer Misuse law )  Enactment of the National Information Technology Authority Act  E-Government Policy Framework 99
Motivation for IT GovernanceMotivation for IT Governance Acknowledging :Acknowledging :  Coupling of IT to business performanceCoupling of IT to business performance  Complexity presented by IT investmentsComplexity presented by IT investments  Need for mitigation of IT-related risksNeed for mitigation of IT-related risks  That IT projects can easily get out ofThat IT projects can easily get out of control and profoundly affect thecontrol and profoundly affect the performance of an organization.performance of an organization. 1010
Development of IT GovernanceDevelopment of IT Governance Contribution of IT to Delivery of Business Strategy IT Informs the Business on New Technologies Source – ITGI Survey IT Governance 2009
IT Governance Development ctd…IT Governance Development ctd… 1212 Accountable for IT Governance Source – ITGI Survey IT Governance 2009
IT Governance DimensionsIT Governance Dimensions 1313 IT Governance Resource Management Strategic Alignm ent Value Delivery Performance Measurement RiskManagement
IT Governance Dimensions  What we do?=> Strategic Alignment  Aligning with Business Goals  Providing collaborative solutions  Why do It?=> Value Delivery  Optimising IT costs  Proof of value delivered  What could go wrong=> Risk Management  Safeguarding assests  Continuity and compliance  Who, What , How? => Resource Management  Assets, infrastructure, knowledge and partners  Was it Done? => Perfomance Measuremet  Metrics, Scorecards and dash boards 1414
IT Governance - ISO38500IT Governance - ISO38500 DIRECT EVALUATE MONITOR Corporate Governance of ICT Business Strategy Risk environment ICT Projects ICT Operations Plans Policies Proposals Performance Original image copyright ISO/IEC 2008 6 principles of good IT governance • Conformance • Human behaviour • Acquisition • Performance • Responsibility • Strategy Directors’ activities Business process
Uncovering IT IssuesUncovering IT Issues  Failure of IT projects to deliver what they promised  Satisfaction of end users with the quality of the IT service  Availability of sufficient IT resources, infrastructure and competencies to meet strategic objectives  Overrun of IT operational budgets  The number and frequency of IT projects going over budget  The amount of IT effort going to firefighting rather than enabling business improvements 1616
Finding Out How Management Addresses the IT Issues  The alignment of enterprise and IT objectives  Measurement of the value delivered by IT  Appropriateness of strategic initiatives taken by executive management to manage IT and the critical relationship to maintenance and growth of the enterprise  Clarity of enterprise positioning relative to technology: pioneer, early adopter, follower or laggard.  Clarity on risk: risk-avoidance or risk-taking  up-to-date inventory of IT risks relevant to the enterprise  Actions taken to address these risks 1717
To Self-assess IT Governance Practices  Regular briefing of the board on IT risks to which the enterprise is exposed  Regular appearance of IT as an item on the agenda of the board addressed in a structured manner  Ability of the board to articulate and communicate the business objectives for IT alignment  Clear view of the board on the major IT investments from a risk and return perspective  The board obtaining regular progress reports on major IT projects by  The board getting independent assurance on the achievement of IT objectives and the containment of IT risks 1818
1919 Key IT Governance Stakeholders Executive Management Set direction for IT, monitor results and insist on corrective measures Defines business requirements for IT and ensures that value is delivered and risks are managed Delivers and improves IT services as required by the business Provides independent assurance to demonstrate that IT delivers what is needed Measures compliance with policies and focuses on alerts to new risks Risk and compliance IT audit IT management Boards
Original slide copyright ISACAOriginal slide copyright ISACA Defined Responsibilities for EachDefined Responsibilities for Each ProcessProcess Link business goals to IT goals. C I A/ R I C Identify critical dependencies and current performance. C C R A/ R C C C C C C Build an IT strategic plan. A C C R I C C C C I C Build IT tactical plans. C I A C C C C C R I Analyse programme portfolios and manage project and service portfolios. C I I A R R C R C C I RACI Chart Activities Functions A RACI chart identifies who is Responsible, Accountable, Consulted and/or Informed.
ConclusionConclusion  IT is an integral part of the business. IT governance is an integral part of enterprise governance.  Need clearly define IT Governance Roles and Responsibilities  Development of an IT Governance Implementation Plan is significant  The Government of Uganda has over the last decade steadily developed a Policy, Legal and Regulatory environment to facilitate uptake of Information Technology Governance. 2121
ReferencesReferences  www.isaca.org/cgeitwww.isaca.org/cgeit  www.itgi.orgwww.itgi.org  www.itsfmi.orgwww.itsfmi.org  www.theiaa.orgwww.theiaa.org  www.oecd.orgwww.oecd.org 2222
2323 Thank you!

Recommended

Using COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk AnalysisUsing COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk Analysis
webmentorman
 
Digital Transformation 101 — How Will It Affect Your Business?
Digital Transformation 101 — How Will It Affect Your Business?Digital Transformation 101 — How Will It Affect Your Business?
Digital Transformation 101 — How Will It Affect Your Business?
PECB
 
Riding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information TechnologyRiding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information Technology
Goutama Bachtiar
 
Orientation in IT Audit
Orientation in IT AuditOrientation in IT Audit
Orientation in IT Audit
Suman Thapaliya
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
IT Governance Ltd
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New Economy
Goutama Bachtiar
 
Information technology controls- David A. Richards, Alan S. Oliphant, Charles...
Information technology controls- David A. Richards, Alan S. Oliphant, Charles...Information technology controls- David A. Richards, Alan S. Oliphant, Charles...
Information technology controls- David A. Richards, Alan S. Oliphant, Charles...
Alejandro Rivera Santander
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
IT Governance Ltd
 

Recommended

Using COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk AnalysisUsing COBIT PO9 to perform Project Risk Analysis
Using COBIT PO9 to perform Project Risk Analysis
webmentorman
 
Digital Transformation 101 — How Will It Affect Your Business?
Digital Transformation 101 — How Will It Affect Your Business?Digital Transformation 101 — How Will It Affect Your Business?
Digital Transformation 101 — How Will It Affect Your Business?
PECB
 
Riding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information TechnologyRiding and Capitalizing the Next Wave of Information Technology
Riding and Capitalizing the Next Wave of Information Technology
Goutama Bachtiar
 
Orientation in IT Audit
Orientation in IT AuditOrientation in IT Audit
Orientation in IT Audit
Suman Thapaliya
 
Business Continuity Management: How to get started
Business Continuity Management: How to get startedBusiness Continuity Management: How to get started
Business Continuity Management: How to get started
IT Governance Ltd
 
IS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New EconomyIS and IT Auditor Roles in Today's New Economy
IS and IT Auditor Roles in Today's New Economy
Goutama Bachtiar
 
Information technology controls- David A. Richards, Alan S. Oliphant, Charles...
Information technology controls- David A. Richards, Alan S. Oliphant, Charles...Information technology controls- David A. Richards, Alan S. Oliphant, Charles...
Information technology controls- David A. Richards, Alan S. Oliphant, Charles...
Alejandro Rivera Santander
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
IT Governance Ltd
 
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
IT Governance Ltd
 
The State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and ChallengesThe State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and Challenges
Goutama Bachtiar
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
IT Governance Ltd
 
The Business of IT - CIO's On Their Priorities Today and Tommorrow
The Business of IT - CIO's On Their Priorities Today and TommorrowThe Business of IT - CIO's On Their Priorities Today and Tommorrow
The Business of IT - CIO's On Their Priorities Today and Tommorrow
Paul Wohlleben
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
IT Governance Ltd
 
Dit yvol4iss32
Dit yvol4iss32Dit yvol4iss32
Dit yvol4iss32
Rick Lemieux
 
IT-AAC Defense IT Reform Report to the Sec 809 Panel
IT-AAC Defense IT Reform Report to the Sec 809 PanelIT-AAC Defense IT Reform Report to the Sec 809 Panel
IT-AAC Defense IT Reform Report to the Sec 809 Panel
John Weiler
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy Presentation
Sarah Cortes
 
Hp It Performance Suite Customer Presentation
Hp It Performance Suite Customer PresentationHp It Performance Suite Customer Presentation
Hp It Performance Suite Customer Presentation
esbosman
 
Impacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT SpendingImpacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT Spending
V-Project Management Consulting, LLC
 
Internal Audit’s Contribution to the Effectiveness of Information Security Ma...
Internal Audit’s Contribution to the Effectiveness of Information Security Ma...Internal Audit’s Contribution to the Effectiveness of Information Security Ma...
Internal Audit’s Contribution to the Effectiveness of Information Security Ma...
Gokhan Polat
 
Building the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyBuilding the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your Company
AIIM International
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Directorate of Information Security | Ditjen Aptika
 
CYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATIONCYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATION
3.com
 
Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...
Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...
Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...
ARMA International
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
Precisely
 
Task 2
Task 2Task 2
Task 2
BIBEKCHAUDHARYBScHon
 
CV KMBundhoo, August 2016
CV KMBundhoo, August 2016CV KMBundhoo, August 2016
CV KMBundhoo, August 2016
Ramesh Bundhoo, PLC Senior, DMS, BSc(Hons), F.MIoD, MBCS
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
Mike Wons
 
Digital identity theft remedial efforts case of uganda_ruyooka
Digital identity theft remedial efforts case of uganda_ruyookaDigital identity theft remedial efforts case of uganda_ruyooka
Digital identity theft remedial efforts case of uganda_ruyooka
Ambrose Ruyooka,PMP,CGEIT, CRISC
 
A Policy Approach to ICT for Development_Uganda Presentation at eLearning Afr...
A Policy Approach to ICT for Development_Uganda Presentation at eLearning Afr...A Policy Approach to ICT for Development_Uganda Presentation at eLearning Afr...
A Policy Approach to ICT for Development_Uganda Presentation at eLearning Afr...
Ambrose Ruyooka,PMP,CGEIT, CRISC
 
Presentation on ict policies to ugandan ambassadors ambrose ruyooka
Presentation on ict policies to ugandan ambassadors ambrose ruyookaPresentation on ict policies to ugandan ambassadors ambrose ruyooka
Presentation on ict policies to ugandan ambassadors ambrose ruyooka
Ambrose Ruyooka,PMP,CGEIT, CRISC
 

More Related Content

What's hot

CYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATIONCYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATION
3.com
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
Precisely
 

What's hot (19)

Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
 
The State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and ChallengesThe State of ERP in Indonesia: Trends, Opportunities and Challenges
The State of ERP in Indonesia: Trends, Opportunities and Challenges
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
 
The Business of IT - CIO's On Their Priorities Today and Tommorrow
The Business of IT - CIO's On Their Priorities Today and TommorrowThe Business of IT - CIO's On Their Priorities Today and Tommorrow
The Business of IT - CIO's On Their Priorities Today and Tommorrow
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
 
Dit yvol4iss32
Dit yvol4iss32Dit yvol4iss32
Dit yvol4iss32
 
IT-AAC Defense IT Reform Report to the Sec 809 Panel
IT-AAC Defense IT Reform Report to the Sec 809 PanelIT-AAC Defense IT Reform Report to the Sec 809 Panel
IT-AAC Defense IT Reform Report to the Sec 809 Panel
 
COBIT and IT Policy Presentation
COBIT and IT Policy PresentationCOBIT and IT Policy Presentation
COBIT and IT Policy Presentation
 
Hp It Performance Suite Customer Presentation
Hp It Performance Suite Customer PresentationHp It Performance Suite Customer Presentation
Hp It Performance Suite Customer Presentation
 
Impacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT SpendingImpacts of FITARA on IT Security & IT Spending
Impacts of FITARA on IT Security & IT Spending
 
Internal Audit’s Contribution to the Effectiveness of Information Security Ma...
Internal Audit’s Contribution to the Effectiveness of Information Security Ma...Internal Audit’s Contribution to the Effectiveness of Information Security Ma...
Internal Audit’s Contribution to the Effectiveness of Information Security Ma...
 
Building the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your CompanyBuilding the Information Governance Business Case Within Your Company
Building the Information Governance Business Case Within Your Company
 
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
Kerangka untuk RPM Information Security Governance: COBIT 5 for Information S...
 
CYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATIONCYBERSECURITY LEGISLATION
CYBERSECURITY LEGISLATION
 
Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...
Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...
Nick Inglis - The Maturing Of An Industry: Information Governance (Opening Ke...
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
Task 2
Task 2Task 2
Task 2
 
CV KMBundhoo, August 2016
CV KMBundhoo, August 2016CV KMBundhoo, August 2016
CV KMBundhoo, August 2016
 
Proactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital DisruptionProactive Risk Management and Compliance in a World of Digital Disruption
Proactive Risk Management and Compliance in a World of Digital Disruption
 

Viewers also liked

Digital identity theft remedial efforts case of uganda_ruyooka
Digital identity theft remedial efforts case of uganda_ruyookaDigital identity theft remedial efforts case of uganda_ruyooka
Digital identity theft remedial efforts case of uganda_ruyooka
Ambrose Ruyooka,PMP,CGEIT, CRISC
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
LinkedIn
 

Viewers also liked (7)

Digital identity theft remedial efforts case of uganda_ruyooka
Digital identity theft remedial efforts case of uganda_ruyookaDigital identity theft remedial efforts case of uganda_ruyooka
Digital identity theft remedial efforts case of uganda_ruyooka
 
A Policy Approach to ICT for Development_Uganda Presentation at eLearning Afr...
A Policy Approach to ICT for Development_Uganda Presentation at eLearning Afr...A Policy Approach to ICT for Development_Uganda Presentation at eLearning Afr...
A Policy Approach to ICT for Development_Uganda Presentation at eLearning Afr...
 
Presentation on ict policies to ugandan ambassadors ambrose ruyooka
Presentation on ict policies to ugandan ambassadors ambrose ruyookaPresentation on ict policies to ugandan ambassadors ambrose ruyooka
Presentation on ict policies to ugandan ambassadors ambrose ruyooka
 
Uganda cyber laws _ isaca workshop_kampala_by Ruyooka
Uganda cyber laws _ isaca workshop_kampala_by RuyookaUganda cyber laws _ isaca workshop_kampala_by Ruyooka
Uganda cyber laws _ isaca workshop_kampala_by Ruyooka
 
E waste management policy draft_presentation_ruyooka
E waste management policy draft_presentation_ruyookaE waste management policy draft_presentation_ruyooka
E waste management policy draft_presentation_ruyooka
 
Hype vs. Reality: The AI Explainer
Hype vs. Reality: The AI ExplainerHype vs. Reality: The AI Explainer
Hype vs. Reality: The AI Explainer
 
Study: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving CarsStudy: The Future of VR, AR and Self-Driving Cars
Study: The Future of VR, AR and Self-Driving Cars
 

Similar to IT_Governance iia uganda_presentation_ruyooka_2011

Report on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_ThangReport on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_Thang
Thang Ta Hoang
 
Whitepaper Practical Information Technology Governance
Whitepaper Practical Information Technology GovernanceWhitepaper Practical Information Technology Governance
Whitepaper Practical Information Technology Governance
Alan McSweeney
 
IT Management Introduction pdf to BLZ (1).pptx
IT Management Introduction pdf to BLZ (1).pptxIT Management Introduction pdf to BLZ (1).pptx
IT Management Introduction pdf to BLZ (1).pptx
Rakesh Nair
 
TechniClick - GWEA & EA Governance
TechniClick - GWEA & EA GovernanceTechniClick - GWEA & EA Governance
TechniClick - GWEA & EA Governance
guestea68b0
 
PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital ValuePwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital Value
Eileen Chan
 
It governance 13 may20102
It governance 13 may20102It governance 13 may20102
It governance 13 may20102
James Sutter
 
Measurand demovalueofit
Measurand demovalueofitMeasurand demovalueofit
Measurand demovalueofit
Vishal Sharma
 

Similar to IT_Governance iia uganda_presentation_ruyooka_2011 (20)

Report on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_ThangReport on IT Auditing and Governance_Ta_Hoang_Thang
Report on IT Auditing and Governance_Ta_Hoang_Thang
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCE
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training course
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketing
 
IT Governances
IT GovernancesIT Governances
IT Governances
 
IT Infrastructure - Importance of IT to Business
IT Infrastructure - Importance of IT to BusinessIT Infrastructure - Importance of IT to Business
IT Infrastructure - Importance of IT to Business
 
Understanding co bit 4.1
Understanding co bit 4.1Understanding co bit 4.1
Understanding co bit 4.1
 
Whitepaper Practical Information Technology Governance
Whitepaper Practical Information Technology GovernanceWhitepaper Practical Information Technology Governance
Whitepaper Practical Information Technology Governance
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1
 
IT Management Introduction pdf to BLZ (1).pptx
IT Management Introduction pdf to BLZ (1).pptxIT Management Introduction pdf to BLZ (1).pptx
IT Management Introduction pdf to BLZ (1).pptx
 
20100529 johnthorp
20100529 johnthorp20100529 johnthorp
20100529 johnthorp
 
TechniClick - GWEA & EA Governance
TechniClick - GWEA & EA GovernanceTechniClick - GWEA & EA Governance
TechniClick - GWEA & EA Governance
 
Sharpening the Lens
Sharpening the LensSharpening the Lens
Sharpening the Lens
 
PwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital ValuePwC Transforming Internal Audit to Drive Digital Value
PwC Transforming Internal Audit to Drive Digital Value
 
What Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT GovernanceWhat Every Executive Needs To Know About IT Governance
What Every Executive Needs To Know About IT Governance
 
Cobit 41 framework
Cobit 41 frameworkCobit 41 framework
Cobit 41 framework
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
 
It governance 13 may20102
It governance 13 may20102It governance 13 may20102
It governance 13 may20102
 
Measurand demovalueofit
Measurand demovalueofitMeasurand demovalueofit
Measurand demovalueofit
 

Recently uploaded

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 

Recently uploaded (20)

From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 

IT_Governance iia uganda_presentation_ruyooka_2011

  • 1. “Issues in IT Governance for Internal Auditors” By: Ambrose Ruyooka, PMP® Ag. Commissioner for Information Technology, Ministry of Information and Communications Technology (ICT), Uganda. 14th April 2011, Kampala ambrose.ruyooka@gmail.com 11 IIA Uganda National Conference 2011
  • 2. IntroductionIntroduction  [Governance] The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives. 22
  • 3. IntroductionIntroduction  Corporate Governance “Corporate Governance is the system by which business corporations are directed and controlled. Specifies the distribution of rights and responsibilities among different participants (e.g. Board, management, shareholders, stakeholders) and spells out the rules and procedures for making decisions on corporate affairs.” (OCED) 33
  • 4. IT Governance introductionIT Governance introduction  IT GovernanceIT Governance Discipline of corporate Governance Focus is on IT systems performance and risk management  IT GovernanceIT Governance “System by which IT within enterprises is directed and controlled. IT governance structure specifies the distribution of rights and responsibilities among participants (e.g. Board, business, IT managers) and spells out the rules and procedures for making decisions on IT” (ITSMF) 44
  • 5. IT Governance DefinedIT Governance Defined  IIA International Professional Practices Framework: [IT Governance] Consists of the leadership, organizational structures and processes that ensure that the enterprise’s information technology sustains and extends the organization’s strategies and objectives. 55
  • 6. IT Governance Defined…IT Governance Defined…  IT Governance Institute (ITGI):  [IT Governance] is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives. 66
  • 7. Definitions ctd..Definitions ctd..  According to CobiT. 4.1 framework:  IT Governance is the responsibility of executives and the board of directors, and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategies and objectives. 77
  • 8. More concepts…More concepts…  [IT Controls] Controls that support business management and governance as well as provide general and technical controls over information technology infrastructures such as applications, information, infrastructure, and people. 88
  • 9. Motivation for IT GovernanceMotivation for IT Governance  The rising global interest in IT governance is largely due to compliance initiatives.  The recent Legal, Regulatory advancements by Government of Uganda:  Enactment of “Cyber Laws”(The Electronic Transactions law, The Electronic Signatures law and Computer Misuse law )  Enactment of the National Information Technology Authority Act  E-Government Policy Framework 99
  • 10. Motivation for IT GovernanceMotivation for IT Governance Acknowledging :Acknowledging :  Coupling of IT to business performanceCoupling of IT to business performance  Complexity presented by IT investmentsComplexity presented by IT investments  Need for mitigation of IT-related risksNeed for mitigation of IT-related risks  That IT projects can easily get out ofThat IT projects can easily get out of control and profoundly affect thecontrol and profoundly affect the performance of an organization.performance of an organization. 1010
  • 11. Development of IT GovernanceDevelopment of IT Governance Contribution of IT to Delivery of Business Strategy IT Informs the Business on New Technologies Source – ITGI Survey IT Governance 2009
  • 12. IT Governance Development ctd…IT Governance Development ctd… 1212 Accountable for IT Governance Source – ITGI Survey IT Governance 2009
  • 13. IT Governance DimensionsIT Governance Dimensions 1313 IT Governance Resource Management Strategic Alignm ent Value Delivery Performance Measurement RiskManagement
  • 14. IT Governance Dimensions  What we do?=> Strategic Alignment  Aligning with Business Goals  Providing collaborative solutions  Why do It?=> Value Delivery  Optimising IT costs  Proof of value delivered  What could go wrong=> Risk Management  Safeguarding assests  Continuity and compliance  Who, What , How? => Resource Management  Assets, infrastructure, knowledge and partners  Was it Done? => Perfomance Measuremet  Metrics, Scorecards and dash boards 1414
  • 15. IT Governance - ISO38500IT Governance - ISO38500 DIRECT EVALUATE MONITOR Corporate Governance of ICT Business Strategy Risk environment ICT Projects ICT Operations Plans Policies Proposals Performance Original image copyright ISO/IEC 2008 6 principles of good IT governance • Conformance • Human behaviour • Acquisition • Performance • Responsibility • Strategy Directors’ activities Business process
  • 16. Uncovering IT IssuesUncovering IT Issues  Failure of IT projects to deliver what they promised  Satisfaction of end users with the quality of the IT service  Availability of sufficient IT resources, infrastructure and competencies to meet strategic objectives  Overrun of IT operational budgets  The number and frequency of IT projects going over budget  The amount of IT effort going to firefighting rather than enabling business improvements 1616
  • 17. Finding Out How Management Addresses the IT Issues  The alignment of enterprise and IT objectives  Measurement of the value delivered by IT  Appropriateness of strategic initiatives taken by executive management to manage IT and the critical relationship to maintenance and growth of the enterprise  Clarity of enterprise positioning relative to technology: pioneer, early adopter, follower or laggard.  Clarity on risk: risk-avoidance or risk-taking  up-to-date inventory of IT risks relevant to the enterprise  Actions taken to address these risks 1717
  • 18. To Self-assess IT Governance Practices  Regular briefing of the board on IT risks to which the enterprise is exposed  Regular appearance of IT as an item on the agenda of the board addressed in a structured manner  Ability of the board to articulate and communicate the business objectives for IT alignment  Clear view of the board on the major IT investments from a risk and return perspective  The board obtaining regular progress reports on major IT projects by  The board getting independent assurance on the achievement of IT objectives and the containment of IT risks 1818
  • 19. 1919 Key IT Governance Stakeholders Executive Management Set direction for IT, monitor results and insist on corrective measures Defines business requirements for IT and ensures that value is delivered and risks are managed Delivers and improves IT services as required by the business Provides independent assurance to demonstrate that IT delivers what is needed Measures compliance with policies and focuses on alerts to new risks Risk and compliance IT audit IT management Boards
  • 20. Original slide copyright ISACAOriginal slide copyright ISACA Defined Responsibilities for EachDefined Responsibilities for Each ProcessProcess Link business goals to IT goals. C I A/ R I C Identify critical dependencies and current performance. C C R A/ R C C C C C C Build an IT strategic plan. A C C R I C C C C I C Build IT tactical plans. C I A C C C C C R I Analyse programme portfolios and manage project and service portfolios. C I I A R R C R C C I RACI Chart Activities Functions A RACI chart identifies who is Responsible, Accountable, Consulted and/or Informed.
  • 21. ConclusionConclusion  IT is an integral part of the business. IT governance is an integral part of enterprise governance.  Need clearly define IT Governance Roles and Responsibilities  Development of an IT Governance Implementation Plan is significant  The Government of Uganda has over the last decade steadily developed a Policy, Legal and Regulatory environment to facilitate uptake of Information Technology Governance. 2121
  • 22. ReferencesReferences  www.isaca.org/cgeitwww.isaca.org/cgeit  www.itgi.orgwww.itgi.org  www.itsfmi.orgwww.itsfmi.org  www.theiaa.orgwww.theiaa.org  www.oecd.orgwww.oecd.org 2222

Editor's Notes

  1. COBIT also provides information on what processes should be delegated and to whom they should be delegated. This helps to ensure that IT processes are being managed at the appropriate level within an enterprise. The ‘RACI’ Chart is defined for each process and indicates who is responsible, accountable, consulted or should be informed about specific tasks within a given process. The roles in the RACI chart are categorised for all processes as: • Chief executive officer (CEO) • Chief financial officer (CFO) • Business executives • Chief information officer (CIO) • Business process owner • Head operations • Chief architect • Head development • Head IT administration (for large enterprises, the head of functions such as human resources, budgeting and internal control) • The project management officer (PMO) or function • Compliance, audit, risk and security (groups with control responsibilities but not operational IT responsibilities)