2. AGENDA
• What is IT Governance
• Elements of IT Governance
• Benefits of IT Governance
• Frameworks for IT Governance
• Auditing IT Governance
• Role of Internal Audit
3. Objectives
• Overview of IT Governance and describe its importance
• An Approach to auditing IT Governance, including key
scope areas, involved parties/stakeholders, key questions
to answer
• Current trends in IT Governance and how they can be
incorporated into IT Governance audits
4.
5. COBIT
• Definition of Control Objectives for Information and Related Technologies.
Control Objectives for Information and Related Technologies, more popularly
known as COBIT, is a framework that aims to help organizations that are looking
to develop, implement, monitor, and improve IT governance and information
management.
• Componets of COBIT : Framework. Organize and categorize IT governance objectives
and good practices by IT domains and processes before associating them with
their respective business requirements.
• Process descriptions. …
• Control objectives. …
• Management guidelines. …
• Maturity models.
7. Elements of IT Governance
• IT Strategic Alignment, such as formalized business
objectives, up to date IT strategy, linkage between business
objectives and IT initiatives;
• Value Delivery: IT tactical plans, clear benefits for each level
of the organization: infra-structure (systems uptime),
applications (degree of automation), operational (productivity),
financial (income);
• Risk Management: defined responsibilities for risk
management, risk analysis methodology, defined strategies for
addressing risks, continuous monitoring of threats,
occurrence and impact;
8. Elements of IT Governance
• Resource Management: sourcing strategies, human
management practices, user manuals, segregation of
duties, time reporting, infra-structure life cycle
management, acceptable usage policies.
• Performance Measurement: relevant and measurable
metrics, continuous monitoring and reporting, follow-up
policies, root cause analysis and problem management,
benchmarking against industry practices and proven
standards or frameworks.
9. Benefits of IT Governance
• Strengthens the relationship between the organization
and IT; Helps ensure limited IT resources are focused on
the right strategic and tactical activities at the right time
• Synergies with Enterprise Risk Management (ERM) and
other risk management activities; Helps ensure the
appropriate IT risk management processes and activities
are in place and operating effectively
10. Benefits of IT Governance
• Enhanced visibility into the IT Function’s ability to achieve
its both tactical and strategic objectives; Key
Performance Indicators (KPIs) for day-to-day activities
and longer-term/strategic initiatives
• Improved adaptability of the IT Function to organizational
and IT environment changes; Formality of Governance
structure, processes and activities enables more efficient
and effective response to change
11. Framework For IT
Governance
• Capability Maturity Modeling Integration (CMMI)- For Process
Improvement
• Information Technology Infrastructure Library (ITIL)- For IT Service
Management.
• Six Sigma- For Process Improvement especially security processes.
• Control Objectives for Information and Related Technology(COBIT)
For information technology (IT) management and IT governance
• The Balanced Score Card (BSC), Balanced Scorecard (BSC) -
method to assess an organization’s performance in different areas.
18. IT Governance Trends
• Cost Efficiencies (Outsourcing / The Cloud)
• Information Privacy and Security
• Virtualization
• Centralization vs. Decentralization