Contenu connexe
Similaire à Governance Thoughts from ISACA Lead
Similaire à Governance Thoughts from ISACA Lead (20)
Governance Thoughts from ISACA Lead
- 1. Some Thoughts on
Governance
Peter M Salmon, CA
Governance Lead – ISACA Wellington Chapter
Wednesday, 6 October 2010
- 2. Important Notice – please make sure you read
• This notice applies to all materials and information available in this
presentation.
• All information and materials are provided on an 'as is' basis and are not
intended in any way to be comprehensive.
• Any reader making use of this material does so at his/her own risk and
readers are advised to take independent professional advice before acting on
any information or materials found here.
• Neither Peter Salmon, nor Manning Charles & Associates Limited , nor ISACA –
Wellington Chapter accepts any responsibility for, nor do they give any
representations or warranties, express or implied, that any of the information
and materials contained in this document and presentation are complete,
accurate or free from errors or omissions.
© October 2010 Peter M Salmon &
06/10/2010 ISACA Wellington Chapter 2
- 3. Why Governance?
• Cost of IT failure is huge – US$ 6.2 trillion p.a by one
estimate
• 30% to 70% of IT projects – are late, over budget or
don’t meet plan
• Negative impact on services, productivity
• Informed decision making is essential, now more than
ever
• Yet measurement of value is poor
© October 2010 Peter M Salmon & ISACA
06/10/2010 Wellington Chapter
3
- 4. Value Measurement
To what extent does your organisation
measure the value of it’s investments in %
IT?
Don’t know 5
Fully 32
Not at all 10
Partly 53
Total 100
Source: ISACA Nine Country Survey on IT Value – July 2009
© October 2010 Peter M Salmon & ISACA
06/10/2010 Wellington Chapter
4
- 5. So why do we have a problem
• Given what appears to be waste on a massive scale,
why do we keep pouring money into projects in this way?
What stops us from achieving improvement?
• Clearly there is a need for action. To my mind ISO 38500
is a good starting point, especially when allied with
supporting frameworks such as CoBit and ValIT.
• Furthermore, there needs to be a much better
understanding that IT of itself will not solve business
problems, we need effective organisational change and
process management as well. This must be coupled with
a determination to identify, evaluate and monitor benefits
on a continuing basis.
© October 2010 Peter M Salmon & ISACA
06/10/2010 Wellington Chapter
5
- 6. Governance Enables
• Cost reduction, through informed decision making, thus
avoiding the degradation of value resulting from broad-
brush reductions, which are often the kneejerk reaction
to a crisis
• Focusing investment so as to create and maintain value
; enabling mitigating action where risk to value emerges
• Rigorous assessment and delivery of new initiatives, in a
manner based on optimal benefit/value achievement
over the lifecycle, with appropriate risk mitigation when
required
• See as well Thorp: Using governance to navigate through troubled times
© October 2010 Peter M Salmon & ISACA
06/10/2010 Wellington Chapter
6
- 7. Need for Leadership
• Effective Governance requires leadership
• This leadership must , in my strongly held view, be
combined with a sound ethical framework and robust
values of integrity and straight dealing
• Without leadership and values the plethora of acronyms
such as CoBIT, SarBox etc will be worthless
© October 2010 Peter M Salmon & ISACA
06/10/2010 Wellington Chapter
7
- 8. Effective Governance
• Requires leadership, which means as well that leaders and others
must be coached and educated to necessary levels of
understanding
• Means implementing, ideally within a framework such as ISO 38500,
supported by Val IT and CoBIT, appropriate policies, processes and
organisations with unambiguous roles, responsibilities and
accountabilities, and
• Needs to be supported by appropriate performance reporting such
as KPIs, Programme and Project Reviews, Portfolio Management
tools and the like
• Various studies suggest substantial value results (20% +)
• Requires strong senior executive commitment to make it happen
and to embed robust, effective governance in the organisational
culture
• See as well Thorp: Using governance to navigate through troubled times
© October 2010 Peter M Salmon & ISACA
06/10/2010 Wellington Chapter
8
- 9. The Four Ares
Enterprise
Proactive management of
Alignment of process with activities seeking to
business objectives. maximize benefits
Strategy Value
Business Are we doing the right Are we getting the
things? benefits?
Organisation Delivery
Operations Are we doing them Are we getting them
the right way? done well?
Organizational structure and Organizational capability,
process, and the integration resources available and
of programmes within supporting infrastructure needs
Adapted from the ‘Four Ares’ developed by John Thorp in The Information Paradox
© October 2010 Peter M Salmon
06/10/2010 9
& ISACA Wellington Chapter
- 10. Conclusion
• Important to develop a clear view of outcomes required
• Clear focus on the overall perspective is invaluable
• Getting the engagement of all parties is critical
• Building a climate of trust aids resolution of governance
situations, rather than a blame
• When setting up structures and processes, harness
culture and people to them, not in competition or combat
with them
© October 2010 Peter M Salmon
06/10/2010 & ISACA Wellington Chapter
10
- 11. ISACA – who are we?
• History
– ISACA was incorporated in 1969 by a small group of individuals who
recognized a need for a centralized source of information and guidance
in the growing field of auditing controls for computer systems. Today,
ISACA has more than 95,000 members worldwide.
• What We Offer & Who We Serve
– ISACA provides practical guidance, benchmarks and other effective
tools for all enterprises that use information systems. Through its
comprehensive guidance and services, ISACA defines the roles of
information systems governance, security, audit and assurance
professionals worldwide. The COBIT, Val IT and Risk IT governance
frameworks and the CISA, CISM and CGEIT certifications are ISACA
brands respected and used by these professionals for the benefit of
their enterprises.
© October 2010 Peter M Salmon
06/10/2010 & ISACA Wellington Chapter
11
- 12. Some Resources
• Websites
– ISACA
– Taking Governance Forward
– IT Governance Institute
– Center for Information Systems Research
– Some Thoughts – Peter Salmon’s website
– John Thorp
– Infonomics
– Bazpractice
– Michael Krigsman
– OGC Best Management Practice
– Cranfield Information Systems Research Centre
• Books
– IT Savvy - Ross & Weill
– Benefits Management – John Ward & Elizabeth Daniel
– Waltzing with the Elephant – Mark Toomey
– IT Governance – Ross & Weill
© October 2010 Peter M Salmon & ISACA
06/10/2010 Wellington Chapter
12
- 13. Peter Salmon – Principal - Manning Charles & Associates Ltd
• Peter is a senior executive and consultant with an extensive business management,
professional services leadership and delivery background. He combines this with
significant organisational change, business assessment, and resource management
experience. This is complemented by having worked in a number of countries and a varied
range of business sectors.
• Peter's consulting experience includes IT consulting, general consulting, financial
investigations and valuations, and litigation support. His other experience includes
practice development, practice management including service economics and profitability,
quality assurance and resource management.
• This knowledge and expertise is combined with a strong record of achievement. For many
years Peter has worked with CxO level executives, management and staff to provide
business focused outcomes to issues.
Should you wish to contact Peter on this or any other matter, where he might be
able to assist then :-
Web:- Some Thoughts – Peter Salmon’s website
Phone:- +64 21 533651, or
Email:- manning.charles.assoc@gmail.com
Mail:- PO Box 25197, Panama St, Wellington 6146, NZ
© October 2010 Peter M Salmon
06/10/2010 & ISACA Wellington Chapter
13