3. What
Transparency
Lack of hidden agendas and conditions,
accompanied by the availability of full
information required for
collaboration, cooperation and
collective decision making.
(Source: businessdictionary.com)
3
5. What
IT Governance
The framework for the leadership, organizational
structures and business processes, standards and
compliance to these standards, which ensures that the
organization's information systems support and
enable the achievement of its strategies and
objectives.
5
6. What
Governance Drivers
Quality
Assurance
Internal Controls & Government Policies
Audit demands & Regulations
Compliance
Drivers
Risk Managing
Mitigation Corporate
Active
Compliance
regulators
Risk
Drivers
6
7. Why
Without IT Governance & Transparency
•Many Failures
•Bad planning •Financial Loses
•Misused budgets and resources. •Bad Reputation
•Closed Business
•Random and Wrong decisions
•Legal Actions
•Misunderstandings 7
8. Why
No Transparency
Avoiding the Hidden Lack of
Blame Agenda Awareness
Require
Many
Tight Control Additional
Restrictions
Effort
Additional
Unnecessary Not Credited Not worthy
hassle
Not in culture … …
8
12. How
Management Engagement
Formal
Committees
Top
Management
Involvements
Active Engagement
Weill, P. & Ross, J.W. (2004)
12
13. How
Solid, Flexible Practical Governance
Limited
Renegade
exceptions Fewer annual
changes
Weill, P. & Ross, J.W. (2004)
13
14. How
Resource Management
Code of Ethics Disclosures
& Work Ethics Training
Suitable Tools
Appropriate Skills
Selection
Clear Objectives
Forming
Define your
required
Performing Storming transparency
Norming Top Down Hierarchy 14
15. How
SMART, focused and Mapped Objectives
Mapped
Focused (i.e. KPIKRI)
Built-in
(i.e. JD)
Performance
SMART Review
“If you want people to pay attention to something, measure them on it,”
Mitchell said. “It sends a serious message.”
15
16. How
Monitoring; the Built-in Assurance
IT Governance Structure
Audit Committee
Audit
(Internal/External)
Assessment (i.e. Risk-based
planning)
Actively monitor and regularly review risks on a constructive, ‘no-blame’ basis.
16
17. How
Automation – i.e. IT Compliance
Query: SIC/NAICS,
Geography…
IT Strategy & Operations C-GRID
Global Regulatory
Information Database
IT Compliance Relevant Relevant
Policies/Procedures Regulations Regulations
Rules
Requirements
Updates
Vendors Users Auditors
Gap Analysis Rules
Other
Regulators
Stake-holders
Goal: Automated Detection of New Regulatory Requirements and
Rule-Based Generation of Policies
17
18. How
Adapting a solid framework
Model General use
COBIT IT Control Objectives
What
Val IT Governance of IT investments
ISO 38500 Corporate Governance of Information and Communication
Technology
ITIL, ISO 20000 IT Service and operations management
ISO 27001, 27002 Information Security Management System
PMBOK, PMMM, PRINCE2 for Project Management
BS 25999 Business Continuity Management (BCM)
Weill and Ross model decision making structure
How
ISO 9001, Six Sigma for Quality improvement
CMMI for System and Software development
People-CMM (P-CMM): for Human Asset Management
Balance Score Card (BSC) control and measurement scheme
E-Souring Capability Model Sourcing management for both service providers and
customers
19. How
Communication & Awareness
Annual IT Review
Forum
General Meetings Annual IT Planning
Surveys
IT Governance
Correspondence Business Demand Direct or Escalated
Feedback Matters
IT Services
Best Practices
Biyearly IT Audit Requirements and
Suggestions
Biyearly Service Survey
19
20. How
Cultural Change
“Rules are made to be broken”
“Tone at the top”
Not only “talk the talk”, but more “walk
the walk”
“The Wisdom of Crowds” and “Mistakes
were made…possibly by me”
Gradual Change
Cultural Audit
20