SlideShare une entreprise Scribd logo

ISO/IEC 38500 Corporate Governance

L
Luxembourg Institute of Science and Technology

This document discusses the development of ISO/IEC 38500, a new international standard on corporate governance of ICT. It provides definitions of ICT governance, outlines the work of the study group developing the standard including liaison with itSMF, and summarizes the interim report. The interim report recommends the standard have a scope applicable to all organizations, and include objectives, 6 principles, and a model for directors to evaluate, direct and monitor ICT use through establishing responsibilities, planning, acquiring validly, ensuring performance and conformity. Future work is needed on lifecycles and interrelations of principles.

1  sur  37
Télécharger pour lire hors ligne
Introducing ISO/IEC 38500: Corporate Governance in ICT Christophe Feltus Member of the ISO JTC1/SC7/WG1A on ICT Governance Public Research Centre Henri Tudor, 29, Rue John F. Kennedy L-1855 Luxembourg christophe.feltus@tudor.lu
Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
Some definitions • AS 8015 – Australian National Standards Corporate Governance of ICT is the system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organization. (Corporate Governance of Information and Communication Technology; January 2005). • OECD Corporate Governance Corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined. Good corporate governance should provide proper incentives for the board and management to pursue objectives that are in the interests of the company and its shareholders and should facilitate effective monitoring. (OECD Code on Corporate Governance)
Some definitions • ITGI (IT Governance Institute) IT Governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives. (Board Briefing, 2nd edition; 2003). • World Bank Definition of Corporate Governance Corporate governance refers to the structures and processes for the direction and control of companies. Corporate governance concerns the relationships among the management, the Board of Directors, the controlling shareholders and other stakeholders. Good corporate governance contributes to sustainable economic development by enhancing the performance of companies and increasing their access to outside capital.
Some definitions • MIT Sloan Center for Information Systems Research : IT Governance is specifying the decision rights and accountability framework to encourage desirable behaviour in the use of IT. (MIT CISR Working Paper No. 326; April 2002). • University of Tasmania The survey of the literature by academics from the University of Tasmania (Webb, Phyl, Pollard, Carol, and Ridley, Gail (2006), Attempting to Define IT Governance: Wisdom or Folly?, Proceedings of the 39th Hawaii International Conference on Systems Sciences) brings out the ‘elements’ that are common to a range of suggested definitions. The elements are: strategic alignment, delivery of business values, performance management, risk management, policies and procedures, and control and accountability. Their resultant definition is : IT Governance is the strategic alignment of IT with the business such that maximum business value is achieved through the development and maintenance of effective IT control and accountability, performance management and risk management.
Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvment – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
Study Group in ISO • JTC1 : Information Technology Standards • JTC1 / SC7 : Software and System Engineering • JTC1 / SC7 / WG25 : IT Operations (service management) • Basically : Study Group in WG25 Study Group Chair : Alison Holt (New Zeland) Co-Chair : Ed Lewis (Australia) Members : Alwyn Smit, South Africa Yoshiyuki Hirano, Japan Melanie Cheong, South Africa K.T. Hwang, Korea Jyrki Lahnalahti, Finland Bill Powell, United States Craig Pattison, itSMFI/New Zealand Dennis Ravenelle, itSMFI Darcie Destito, United States Hella Shrader, United Kingdom Gargi Keeni, India Mark Toomey, Australia Sushil Chatterji, ISACA/ITGI Mikhail Pototsky, Russian Federation/itSMFI Brian Cusack, New Zealand Max Shanahan, ISACA/ITGI Christophe Feltus, Luxembourg Luis Rosa, Spain Jenny Dugmore, UK.
Study Group in ISO • In Seoul (2006) : Reduce – if not remove – the confusion in the professional and the academic literature about the topic Resolutions : - New SG - 1st report - Fast Track • In Moscow (May 2007) :  Preparation of 1st report  Definition of ICT Governance  What is ICT Governance ?
Study Group in ISO • Montreal (November 2007) Fast Track on Australian Standard on ICT Governance – Accepted in July – Resolution of comments on Fast Track : 149 – Canada : 2 – Spain : 1 – France : 5 – Italy : 10 – Japan : 10 – Korea : 1 – Luxembourg : 46 – New Zealand : 6 – UK : 4 – Sweden : 9 – USA : 15 – South Africa : 40 – 1st report – NWI
Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
ISO – itSMF liaison (by WG)
ISO – itSMF liaison (by WG)
Advisory Board Paper The formal description it offers is: “Governance is the collective set of procedures, policies, roles and responsibilities, and organizational structures required to support an effective decision-making process”.
Advisory Board Paper Benefits of Governance : (Key words) – Achieving business objectives by ensuring that each element of the mission and strategy are assigned and managed with a clearly understood and transparent decisions rights and accountability framework. – Defining and encouraging desirable behavior in the use of IT and in the execution of IT outsourcing arrangements. – Implementing and integrating the desired business processes into the organization. – Providing stability and overcoming the limitations of organizational structure. – Improving customer, business and internal relationships and satisfaction, and reducing internal territorial strife by formally integrating the customers, business units, and external IT providers into a holistic IT governance framework. – Enabling effective and strategically aligned decision making for the IT Principles that define the role of IT, IT Architecture, IT Infrastructure, Application Portfolio and Frameworks, Service Portfolio, Information and Competency Portfolios and IT Investment & Prioritization.
Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
Interim Report • A review of national governance activities • The identification of a set of guiding principles for the development of an ICT Governance standard to meet market requirements • The identification of the ICT governance needs to be addressed in the standard • An assessment of where ICT governance sits within JTC1 • A review of elements of ICT governance in existing SC7 standards • Analysis to determine the level of standard required to sit above existing frameworks and methodologies without replacing or displacing existing material. Identification of the sort of “standard” required - TR, code of practice or guidelines • Analysis of what would need to be added to AS 8015 to meet these needs • Analysis of whether a maturity framework could be included from the outset • Liaison Relationships: Contributions requested from existing bodies of knowledge • Call to action dependent on AS 8015 fast tack result (which is now known)
Governance around the world Written and oral reports were presented to the ICT Study Group reviewing the state of different ICT Standards environments within the different jurisdictions. A general movement towards compliance frameworks was reported in terms of legislation, Standards adoption and control framework adoption (eg. CobiT, ITIL, and so on). Several reports noted that regulatory requirements were pending and that there is considerable momentum gathering for comprehensive directives (both explicit and implicit). The importance of ICT Governance and the current opportune moment in time for ICT Governance advancement was reported in each case.
What is ICT Governance ? • The Working Group should establish a Glossary of governance terms. The Glossary especially should include definitions that help to establish the difference between Governance and Management. The definitions must be compatible with those in existing ISO Standards Director Member of the most senior governing body of an organization. Includes owners, board members, partners, senior executives or similar, and officers authorized by legislation or regulation. Management Management is the process of controlling the activities required to achieve the strategic objectives set by the organisation's governing body. Management is subject to the policy guidance and monitoring set through corporate governance.
What is ICT Governance ? • The objective of governance is to determine and cause the desired behavior and results to achieve the strategic impact of IT. – The system in which directors monitor, evaluate and direct IT management to ensure effectiveness, accountability and compliance of IT • The active distribution of decision-making rights and accountabilities among different stakeholders in an organization and the rules and procedures for making and monitoring those decisions to determine and achieve desired behaviors and results . – who makes directing, controlling and executing decisions – how the decisions will be made – what information is required to make the decisions – what decision-making mechanisms should be required – how exceptions will be handled – how the governance results should be reviewed and improved
Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
Scope The objective of this Standard is to provide a framework of principles for Directors to use when evaluating, directing and monitoring the use of information technology (IT) in their organizations.
Scope Governance is distinct from management, and for the avoidance of confusion, the two concepts are clearly defined in the standard. …the members of the governing body may also occupy the key roles in management. It provides guidance to those advising, informing, or assisting directors. They include: • Senior managers. • Members of groups monitoring the resources within the organization. • External business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies. • Vendors of hardware, software, communications and other IT products. • Internal and external service providers (including consultants). • IT auditors. The standard is applicable for all organizations, from the smallest, to the largest, regardless of purpose, design and ownership structure.
Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report • Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
Application This standard is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. The standard is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT.
Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
Objectives The purpose of this Standard is to promote effective, efficient, and acceptable use of IT in all organizations by: • assuring stakeholders (including consumers, shareholders, and employees) that, if the standard is followed, they can have confidence in the organization’s corporate governance of IT; • informing and guiding directors in governing the use of IT in their organization; and • providing a basis for objective evaluation of the corporate governance of IT.
Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
6 principles Principle 1: Establish clearly understood responsibilities for IT Principle 2: Plan IT to best support the organization Principle 3: Acquire IT validly Principle 4: Ensure that IT performs well, whenever required Principle 5: Ensure IT conforms with formal rules Principle 6: Ensure IT use respects human factors
Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
Model for Corporate Governance of ICT Directors should govern ICT through three main tasks: (a) Evaluate the use of ICT. (b) Direct preparation and implementation of plans and policies. (c) Monitor conformance to policies, and performance against the plans.
Evaluate • Directors should examine and make judgement on the current and future use of IT, including strategies, proposals and supply arrangements (whether internal, external, or both). • In evaluating the use of IT, directors should consider the pressures acting upon the business, such as technological change, economic and social trends, and political influences. • Directors should also take account of both current and future business needs — the current and future organizational objectives that they must achieve, such as maintaining competitive advantage, as well as the specific objectives of the strategies and proposals they are evaluating.
Direct • Directors should assign responsibility for, and direct preparation and implementation of plans and policies. Plans should set the direction for investments in IT projects and IT operations. Policies should establish sound behaviour in the use of IT. • Directors should ensure that the transition of projects to operational status is properly planned and managed, taking into account impacts on business and operational practices and existing IT systems and infrastructure. • Directors should encourage a culture of good governance of IT in their organization by requiring managers to provide timely information, to comply with direction and to conform with the six principles of good governance.
Monitor • To complete the cycle, directors should monitor, through appropriate measurement systems, the performance of IT use. They should reassure themselves that performance is in accordance with plans, particularly with regard to business objectives. • They should also make sure that the use of IT conforms with external obligations (regulatory, legislation, common law, contractual) and internal work practices. If necessary, directors should direct the submission of proposals for approval to address identified needs.
Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
Conclusions and Future Works Review the use of the Plan, Do, Check Act (PDCA) lifecycle versus Evaluate, Direct Monitor (EDM). Show mapping of EDM versus PDCA. Incorporate human behavioural aspects to the chosen lifecycle. Produce a diagram demonstrating the inter-relation of principles. Develop derivative material to cover: · Clarification on the risks of poor governance and decision making; · Analysis on the benefits of Governance across the IT lifecycle; and · The explanation of each principle. Development of a TR2 for CIOs and executives to assist them in explaining the rationale and implications (risks and benefits) of the principles. Development of a TR2 for guidelines for the use of the standard by Public Sector organizations
Conclusions and Future Works Determine market requirements and then determine the coverage of future standards for example IT Projects, IT Operations, IT Use or some other frameworks : 3 SGs Digital Forensics, Governance of IT operations, Schedule of Products. Schedule 3 NWIs Guides for the Implementation of 38500 Standard for the Governance of Business Change involving IT investment Standard for the Corporate Governance of business projects involving IT investment

Recommandé

Superior it governance with iso 38500.key
Superior it governance with iso 38500.keySuperior it governance with iso 38500.key
Superior it governance with iso 38500.keyBasta Group BV
 
ISO 27014 et 38500
ISO 27014 et 38500ISO 27014 et 38500
ISO 27014 et 38500Antoine Vigneron
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
 
Initiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsInitiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsPECB
 
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)ISACA Riyadh
 
2012 04 16 Iso38500 Governance V1
2012 04 16 Iso38500 Governance V12012 04 16 Iso38500 Governance V1
2012 04 16 Iso38500 Governance V1Michael Boyle
 
Iso iec 38500 ict governance workbook
Iso iec 38500 ict governance workbookIso iec 38500 ict governance workbook
Iso iec 38500 ict governance workbookHazel Jennings
 
COBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking systemCOBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking systemMark Constable
 

Recommandé

Superior it governance with iso 38500.key
Superior it governance with iso 38500.keySuperior it governance with iso 38500.key
Superior it governance with iso 38500.keyBasta Group BV
 
ISO 27014 et 38500
ISO 27014 et 38500ISO 27014 et 38500
ISO 27014 et 38500Antoine Vigneron
 
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
 
Initiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsInitiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsPECB
 
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)
COBIT 5.0 Vs ISO / IEC 38500 (IT Governance)ISACA Riyadh
 
2012 04 16 Iso38500 Governance V1
2012 04 16 Iso38500 Governance V12012 04 16 Iso38500 Governance V1
2012 04 16 Iso38500 Governance V1Michael Boyle
 
Iso iec 38500 ict governance workbook
Iso iec 38500 ict governance workbookIso iec 38500 ict governance workbook
Iso iec 38500 ict governance workbookHazel Jennings
 
COBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking systemCOBIT 5 as a standard in the Jordanian banking system
COBIT 5 as a standard in the Jordanian banking systemMark Constable
 
Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF aqel aqel
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free TrainingEnterpriseGRC Solutions, Inc.
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveSayyed Zakir Ali Rizwe
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made EasyJerry Bishop
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
What is Cobit
What is CobitWhat is Cobit
What is CobitBen Kalland
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introductionMarkus Yaldu
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic ConceptsSpyros Ktenas
 
IT Governance
IT GovernanceIT Governance
IT GovernanceCarlos Chalico
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An OverviewAnurag Purohit
 
Business IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITILBusiness IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITILAhmad Hafeezi
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...CTE Solutions Inc.
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019Gregor Polančič
 
Cobit5
Cobit5Cobit5
Cobit5ISACA-Istanbul
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information SecuritySeto Joseles
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementChristian F. Nissen
 
How to pass cobit exam
How to pass cobit exam How to pass cobit exam
How to pass cobit exam Egyptian Engineers Association
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001Burcu Pelin TELLİ
 
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready EnterpriseRe-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready EnterpriseDell World
 
Bsi iso27001-mapping-guide
Bsi iso27001-mapping-guideBsi iso27001-mapping-guide
Bsi iso27001-mapping-guidefloora_jj
 

Contenu connexe

Tendances

Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGoutama Bachtiar
 
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF aqel aqel
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made EasyJerry Bishop
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITMark Constable
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing worldPECB
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introductionMarkus Yaldu
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic ConceptsSpyros Ktenas
 
Business IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITILBusiness IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITILAhmad Hafeezi
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...CTE Solutions Inc.
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019Gregor Polančič
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information SecuritySeto Joseles
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementChristian F. Nissen
 

Tendances (20)

Governance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 FrameworkGovernance and Management of Enterprise IT with COBIT 5 Framework
Governance and Management of Enterprise IT with COBIT 5 Framework
 
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
COBIT Approach to Maintain Healthy Cyber Security Status Using NIST - CSF
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
 
IT Governance Made Easy
IT Governance Made EasyIT Governance Made Easy
IT Governance Made Easy
 
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise ITCOBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
COBIT 2019 webinar Use Cases: Tailoring Governance of Your Enterprise IT
 
IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world IT Governance – The missing compass in a technology changing world
IT Governance – The missing compass in a technology changing world
 
What is Cobit
What is CobitWhat is Cobit
What is Cobit
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
COBIT 5 Basic Concepts
COBIT 5 Basic ConceptsCOBIT 5 Basic Concepts
COBIT 5 Basic Concepts
 
IT Governance
IT GovernanceIT Governance
IT Governance
 
Cobit 5 - An Overview
Cobit 5 - An OverviewCobit 5 - An Overview
Cobit 5 - An Overview
 
Business IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITILBusiness IT Management - Intro to CobiT & ITIL
Business IT Management - Intro to CobiT & ITIL
 
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
Business and ITSM on the same page at last! ITIL, TOGAF and COBIT working to...
 
An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019An Introduction to IT Management with COBIT 2019
An Introduction to IT Management with COBIT 2019
 
Cobit5
Cobit5Cobit5
Cobit5
 
Cobit 5 for Information Security
Cobit 5 for Information SecurityCobit 5 for Information Security
Cobit 5 for Information Security
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
 
How to pass cobit exam
How to pass cobit exam How to pass cobit exam
How to pass cobit exam
 
Itil,cobit and ıso27001
Itil,cobit and ıso27001Itil,cobit and ıso27001
Itil,cobit and ıso27001
 

En vedette

Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready EnterpriseRe-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready EnterpriseDell World
 
Bsi iso27001-mapping-guide
Bsi iso27001-mapping-guideBsi iso27001-mapping-guide
Bsi iso27001-mapping-guidefloora_jj
 
Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecurestorm
 
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...VMware Tanzu
 
Manigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureManigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureAndrew Smart
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Andrew Smart
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskAndrew Smart
 
Roles and Responsibilities | RACI
Roles and Responsibilities | RACIRoles and Responsibilities | RACI
Roles and Responsibilities | RACIPatricia Hswe
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTGaffri Johnson
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementAndrew Smart
 
Standardization of IT Processes
Standardization of IT ProcessesStandardization of IT Processes
Standardization of IT ProcessesNatarajan V
 
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational StrategyIntegrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational Strategyhenrytk2
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information securityElkanouni Mohamed
 
Mountainview it governance framework navigator v3.11.3
Mountainview it governance framework navigator v3.11.3Mountainview it governance framework navigator v3.11.3
Mountainview it governance framework navigator v3.11.3Jerry Kopan
 
Enterprise Transformation through Cognizant’s XaaS fabric on AWS (ENT222) | A...
Enterprise Transformation through Cognizant’s XaaS fabric on AWS (ENT222) | A...Enterprise Transformation through Cognizant’s XaaS fabric on AWS (ENT222) | A...
Enterprise Transformation through Cognizant’s XaaS fabric on AWS (ENT222) | A...Amazon Web Services
 

En vedette (17)

Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready EnterpriseRe-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
Re-Architect Your Legacy Environment To Enable An Agile, Future-Ready Enterprise
 
Bsi iso27001-mapping-guide
Bsi iso27001-mapping-guideBsi iso27001-mapping-guide
Bsi iso27001-mapping-guide
 
Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - Checklist
 
20080416 standard iso38500
20080416 standard iso3850020080416 standard iso38500
20080416 standard iso38500
 
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...
Pivotal Digital Transformation Forum: Requirements to Become a Data-Driven En...
 
Manigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And ExposureManigent Aligning Risk Appetite And Exposure
Manigent Aligning Risk Appetite And Exposure
 
Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite Shaping Your Culture via Risk Appetite
Shaping Your Culture via Risk Appetite
 
IT 2.0 Transformation 101
IT 2.0 Transformation 101IT 2.0 Transformation 101
IT 2.0 Transformation 101
 
Governance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational RiskGovernance Culture & Incentives- Fundamentals of Operational Risk
Governance Culture & Incentives- Fundamentals of Operational Risk
 
Roles and Responsibilities | RACI
Roles and Responsibilities | RACIRoles and Responsibilities | RACI
Roles and Responsibilities | RACI
 
ISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENTISO 27001 ISMS MEASUREMENT
ISO 27001 ISMS MEASUREMENT
 
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk ManagementStrategic Planning Society Webinar- Integrating Strategy and Risk Management
Strategic Planning Society Webinar- Integrating Strategy and Risk Management
 
Standardization of IT Processes
Standardization of IT ProcessesStandardization of IT Processes
Standardization of IT Processes
 
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational StrategyIntegrating Enterprise Risk Management (ERM) with Organizational Strategy
Integrating Enterprise Risk Management (ERM) with Organizational Strategy
 
Cobit 5 for information security
Cobit 5 for information securityCobit 5 for information security
Cobit 5 for information security
 
Mountainview it governance framework navigator v3.11.3
Mountainview it governance framework navigator v3.11.3Mountainview it governance framework navigator v3.11.3
Mountainview it governance framework navigator v3.11.3
 
Enterprise Transformation through Cognizant’s XaaS fabric on AWS (ENT222) | A...
Enterprise Transformation through Cognizant’s XaaS fabric on AWS (ENT222) | A...Enterprise Transformation through Cognizant’s XaaS fabric on AWS (ENT222) | A...
Enterprise Transformation through Cognizant’s XaaS fabric on AWS (ENT222) | A...
 

Similaire à ISO/IEC 38500 Corporate Governance

rethinking marketing
rethinking marketingrethinking marketing
rethinking marketingNavneet Singh
 
Chris Vanderweylan
Chris VanderweylanChris Vanderweylan
Chris Vanderweylanozewai
 
IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008ssusera19f45
 
ISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxjojo82637
 
01 integrated management system telkom 2016 opening
01 integrated management system telkom 2016 opening01 integrated management system telkom 2016 opening
01 integrated management system telkom 2016 openingwisnu wardhana, i nyoman
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1Richard Willis
 
InfoTech - IT Governance.pptx
InfoTech - IT Governance.pptxInfoTech - IT Governance.pptx
InfoTech - IT Governance.pptxAjay Gangakhedkar
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxanthonywanjohi5
 
Syzygal cobit5-brc
Syzygal cobit5-brcSyzygal cobit5-brc
Syzygal cobit5-brcSyzygal
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500Ramiro Cid
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)Sam Mandebvu
 

Similaire à ISO/IEC 38500 Corporate Governance (20)

Iso iec 29382 the new standard for ict governance christophe feltus
Iso iec 29382 the new standard for ict governance christophe feltusIso iec 29382 the new standard for ict governance christophe feltus
Iso iec 29382 the new standard for ict governance christophe feltus
 
Eurosec'2008 christophe feltus
Eurosec'2008 christophe feltusEurosec'2008 christophe feltus
Eurosec'2008 christophe feltus
 
rethinking marketing
rethinking marketingrethinking marketing
rethinking marketing
 
Chris Vanderweylan
Chris VanderweylanChris Vanderweylan
Chris Vanderweylan
 
As
As As
As
 
IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008IT Governance Presentation by omaha 2008
IT Governance Presentation by omaha 2008
 
ISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptxISO27001_COBIT_Students.pptx
ISO27001_COBIT_Students.pptx
 
01 integrated management system telkom 2016 opening
01 integrated management system telkom 2016 opening01 integrated management system telkom 2016 opening
01 integrated management system telkom 2016 opening
 
IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1IT Governance Vs IT Management Presentation V0.1
IT Governance Vs IT Management Presentation V0.1
 
Nick Milton - APM Knowledge SIG Conference 2018
Nick Milton - APM Knowledge SIG Conference 2018 Nick Milton - APM Knowledge SIG Conference 2018
Nick Milton - APM Knowledge SIG Conference 2018
 
IT Governance.pptx
IT Governance.pptxIT Governance.pptx
IT Governance.pptx
 
InfoTech - IT Governance.pptx
InfoTech - IT Governance.pptxInfoTech - IT Governance.pptx
InfoTech - IT Governance.pptx
 
standards1.pdf
standards1.pdfstandards1.pdf
standards1.pdf
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptx
 
Syzygal cobit5-brc
Syzygal cobit5-brcSyzygal cobit5-brc
Syzygal cobit5-brc
 
COBIT
COBITCOBIT
COBIT
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500
 
CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)CoBIT 5 (A brief Description)
CoBIT 5 (A brief Description)
 
Sharpening the Lens
Sharpening the LensSharpening the Lens
Sharpening the Lens
 

Plus de Luxembourg Institute of Science and Technology

Plus de Luxembourg Institute of Science and Technology (20)

Smart-X: an Adaptive Multi-Agent Platform for Smart-Topics
Smart-X: an Adaptive Multi-Agent Platform for Smart-TopicsSmart-X: an Adaptive Multi-Agent Platform for Smart-Topics
Smart-X: an Adaptive Multi-Agent Platform for Smart-Topics
 
Joint workshop on security modeling archimate forum and security forum
Joint workshop on security modeling archimate forum and security forumJoint workshop on security modeling archimate forum and security forum
Joint workshop on security modeling archimate forum and security forum
 
Alignment of remmo with rbac to manage access rights in the frame of enterpri...
Alignment of remmo with rbac to manage access rights in the frame of enterpri...Alignment of remmo with rbac to manage access rights in the frame of enterpri...
Alignment of remmo with rbac to manage access rights in the frame of enterpri...
 
Modeling enterprise risk management and secutity with the archi mate language
Modeling enterprise risk management and secutity with the archi mate languageModeling enterprise risk management and secutity with the archi mate language
Modeling enterprise risk management and secutity with the archi mate language
 
Aligning access rights to governance needs with the responsibility meta model...
Aligning access rights to governance needs with the responsibility meta model...Aligning access rights to governance needs with the responsibility meta model...
Aligning access rights to governance needs with the responsibility meta model...
 
Who govern my responsibilities sim a methodology to align business and it pol...
Who govern my responsibilities sim a methodology to align business and it pol...Who govern my responsibilities sim a methodology to align business and it pol...
Who govern my responsibilities sim a methodology to align business and it pol...
 
Towards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk managementTowards an innovative systemic approach of risk management
Towards an innovative systemic approach of risk management
 
Towards a hl7 based metamodeling integration approach for embracing the priva...
Towards a hl7 based metamodeling integration approach for embracing the priva...Towards a hl7 based metamodeling integration approach for embracing the priva...
Towards a hl7 based metamodeling integration approach for embracing the priva...
 
Solution standard de compensation appliquée à une architecture e business séc...
Solution standard de compensation appliquée à une architecture e business séc...Solution standard de compensation appliquée à une architecture e business séc...
Solution standard de compensation appliquée à une architecture e business séc...
 
Strengthening employee’s responsibility to enhance governance of it – cobit r...
Strengthening employee’s responsibility to enhance governance of it – cobit r...Strengthening employee’s responsibility to enhance governance of it – cobit r...
Strengthening employee’s responsibility to enhance governance of it – cobit r...
 
Sim an innovative business oriented approach for a distributed access management
Sim an innovative business oriented approach for a distributed access managementSim an innovative business oriented approach for a distributed access management
Sim an innovative business oriented approach for a distributed access management
 
Service specification and service compliance how to consider the responsibil...
Service specification and service compliance how to consider the responsibil...Service specification and service compliance how to consider the responsibil...
Service specification and service compliance how to consider the responsibil...
 
Responsibility aspects in service engineering for e government
Responsibility aspects in service engineering for e governmentResponsibility aspects in service engineering for e government
Responsibility aspects in service engineering for e government
 
Reputation based dynamic responsibility to agent assignement for critical inf...
Reputation based dynamic responsibility to agent assignement for critical inf...Reputation based dynamic responsibility to agent assignement for critical inf...
Reputation based dynamic responsibility to agent assignement for critical inf...
 
Remola responsibility model language to align access rights with business pro...
Remola responsibility model language to align access rights with business pro...Remola responsibility model language to align access rights with business pro...
Remola responsibility model language to align access rights with business pro...
 
Process assessment for use in very small enterprises the noemi assessment met...
Process assessment for use in very small enterprises the noemi assessment met...Process assessment for use in very small enterprises the noemi assessment met...
Process assessment for use in very small enterprises the noemi assessment met...
 
Preliminary literature review of policy engineering methods
Preliminary literature review of policy engineering methodsPreliminary literature review of policy engineering methods
Preliminary literature review of policy engineering methods
 
Organizational security architecture for critical infrastructure
Organizational security architecture for critical infrastructureOrganizational security architecture for critical infrastructure
Organizational security architecture for critical infrastructure
 
Open sst based clearing mechanism for e business
Open sst based clearing mechanism for e businessOpen sst based clearing mechanism for e business
Open sst based clearing mechanism for e business
 
On designing automatic reaction strategy for critical infrastructure scada sy...
On designing automatic reaction strategy for critical infrastructure scada sy...On designing automatic reaction strategy for critical infrastructure scada sy...
On designing automatic reaction strategy for critical infrastructure scada sy...
 

ISO/IEC 38500 Corporate Governance

  • 1. Introducing ISO/IEC 38500: Corporate Governance in ICT Christophe Feltus Member of the ISO JTC1/SC7/WG1A on ICT Governance Public Research Centre Henri Tudor, 29, Rue John F. Kennedy L-1855 Luxembourg christophe.feltus@tudor.lu
  • 2. Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
  • 3. Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
  • 4. Some definitions • AS 8015 – Australian National Standards Corporate Governance of ICT is the system by which the current and future use of ICT is directed and controlled. It involves evaluating and directing the plans for the use of ICT to support the organization and monitoring this use to achieve plans. It includes the strategy and policies for using ICT within an organization. (Corporate Governance of Information and Communication Technology; January 2005). • OECD Corporate Governance Corporate governance involves a set of relationships between a company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the objectives of the company are set, and the means of attaining those objectives and monitoring performance are determined. Good corporate governance should provide proper incentives for the board and management to pursue objectives that are in the interests of the company and its shareholders and should facilitate effective monitoring. (OECD Code on Corporate Governance)
  • 5. Some definitions • ITGI (IT Governance Institute) IT Governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives. (Board Briefing, 2nd edition; 2003). • World Bank Definition of Corporate Governance Corporate governance refers to the structures and processes for the direction and control of companies. Corporate governance concerns the relationships among the management, the Board of Directors, the controlling shareholders and other stakeholders. Good corporate governance contributes to sustainable economic development by enhancing the performance of companies and increasing their access to outside capital.
  • 6. Some definitions • MIT Sloan Center for Information Systems Research : IT Governance is specifying the decision rights and accountability framework to encourage desirable behaviour in the use of IT. (MIT CISR Working Paper No. 326; April 2002). • University of Tasmania The survey of the literature by academics from the University of Tasmania (Webb, Phyl, Pollard, Carol, and Ridley, Gail (2006), Attempting to Define IT Governance: Wisdom or Folly?, Proceedings of the 39th Hawaii International Conference on Systems Sciences) brings out the ‘elements’ that are common to a range of suggested definitions. The elements are: strategic alignment, delivery of business values, performance management, risk management, policies and procedures, and control and accountability. Their resultant definition is : IT Governance is the strategic alignment of IT with the business such that maximum business value is achieved through the development and maintenance of effective IT control and accountability, performance management and risk management.
  • 7. Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvment – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
  • 8. Study Group in ISO • JTC1 : Information Technology Standards • JTC1 / SC7 : Software and System Engineering • JTC1 / SC7 / WG25 : IT Operations (service management) • Basically : Study Group in WG25 Study Group Chair : Alison Holt (New Zeland) Co-Chair : Ed Lewis (Australia) Members : Alwyn Smit, South Africa Yoshiyuki Hirano, Japan Melanie Cheong, South Africa K.T. Hwang, Korea Jyrki Lahnalahti, Finland Bill Powell, United States Craig Pattison, itSMFI/New Zealand Dennis Ravenelle, itSMFI Darcie Destito, United States Hella Shrader, United Kingdom Gargi Keeni, India Mark Toomey, Australia Sushil Chatterji, ISACA/ITGI Mikhail Pototsky, Russian Federation/itSMFI Brian Cusack, New Zealand Max Shanahan, ISACA/ITGI Christophe Feltus, Luxembourg Luis Rosa, Spain Jenny Dugmore, UK.
  • 9. Study Group in ISO • In Seoul (2006) : Reduce – if not remove – the confusion in the professional and the academic literature about the topic Resolutions : - New SG - 1st report - Fast Track • In Moscow (May 2007) :  Preparation of 1st report  Definition of ICT Governance  What is ICT Governance ?
  • 10. Study Group in ISO • Montreal (November 2007) Fast Track on Australian Standard on ICT Governance – Accepted in July – Resolution of comments on Fast Track : 149 – Canada : 2 – Spain : 1 – France : 5 – Italy : 10 – Japan : 10 – Korea : 1 – Luxembourg : 46 – New Zealand : 6 – UK : 4 – Sweden : 9 – USA : 15 – South Africa : 40 – 1st report – NWI
  • 11. Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
  • 12. ISO – itSMF liaison (by WG)
  • 13. ISO – itSMF liaison (by WG)
  • 14. Advisory Board Paper The formal description it offers is: “Governance is the collective set of procedures, policies, roles and responsibilities, and organizational structures required to support an effective decision-making process”.
  • 15. Advisory Board Paper Benefits of Governance : (Key words) – Achieving business objectives by ensuring that each element of the mission and strategy are assigned and managed with a clearly understood and transparent decisions rights and accountability framework. – Defining and encouraging desirable behavior in the use of IT and in the execution of IT outsourcing arrangements. – Implementing and integrating the desired business processes into the organization. – Providing stability and overcoming the limitations of organizational structure. – Improving customer, business and internal relationships and satisfaction, and reducing internal territorial strife by formally integrating the customers, business units, and external IT providers into a holistic IT governance framework. – Enabling effective and strategically aligned decision making for the IT Principles that define the role of IT, IT Architecture, IT Infrastructure, Application Portfolio and Frameworks, Service Portfolio, Information and Competency Portfolios and IT Investment & Prioritization.
  • 16. Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
  • 17. Interim Report • A review of national governance activities • The identification of a set of guiding principles for the development of an ICT Governance standard to meet market requirements • The identification of the ICT governance needs to be addressed in the standard • An assessment of where ICT governance sits within JTC1 • A review of elements of ICT governance in existing SC7 standards • Analysis to determine the level of standard required to sit above existing frameworks and methodologies without replacing or displacing existing material. Identification of the sort of “standard” required - TR, code of practice or guidelines • Analysis of what would need to be added to AS 8015 to meet these needs • Analysis of whether a maturity framework could be included from the outset • Liaison Relationships: Contributions requested from existing bodies of knowledge • Call to action dependent on AS 8015 fast tack result (which is now known)
  • 18. Governance around the world Written and oral reports were presented to the ICT Study Group reviewing the state of different ICT Standards environments within the different jurisdictions. A general movement towards compliance frameworks was reported in terms of legislation, Standards adoption and control framework adoption (eg. CobiT, ITIL, and so on). Several reports noted that regulatory requirements were pending and that there is considerable momentum gathering for comprehensive directives (both explicit and implicit). The importance of ICT Governance and the current opportune moment in time for ICT Governance advancement was reported in each case.
  • 19. What is ICT Governance ? • The Working Group should establish a Glossary of governance terms. The Glossary especially should include definitions that help to establish the difference between Governance and Management. The definitions must be compatible with those in existing ISO Standards Director Member of the most senior governing body of an organization. Includes owners, board members, partners, senior executives or similar, and officers authorized by legislation or regulation. Management Management is the process of controlling the activities required to achieve the strategic objectives set by the organisation's governing body. Management is subject to the policy guidance and monitoring set through corporate governance.
  • 20. What is ICT Governance ? • The objective of governance is to determine and cause the desired behavior and results to achieve the strategic impact of IT. – The system in which directors monitor, evaluate and direct IT management to ensure effectiveness, accountability and compliance of IT • The active distribution of decision-making rights and accountabilities among different stakeholders in an organization and the rules and procedures for making and monitoring those decisions to determine and achieve desired behaviors and results . – who makes directing, controlling and executing decisions – how the decisions will be made – what information is required to make the decisions – what decision-making mechanisms should be required – how exceptions will be handled – how the governance results should be reviewed and improved
  • 21. Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
  • 22. Scope The objective of this Standard is to provide a framework of principles for Directors to use when evaluating, directing and monitoring the use of information technology (IT) in their organizations.
  • 23. Scope Governance is distinct from management, and for the avoidance of confusion, the two concepts are clearly defined in the standard. …the members of the governing body may also occupy the key roles in management. It provides guidance to those advising, informing, or assisting directors. They include: • Senior managers. • Members of groups monitoring the resources within the organization. • External business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies. • Vendors of hardware, software, communications and other IT products. • Internal and external service providers (including consultants). • IT auditors. The standard is applicable for all organizations, from the smallest, to the largest, regardless of purpose, design and ownership structure.
  • 24. Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report • Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
  • 25. Application This standard is applicable to all organizations, including public and private companies, government entities, and not-for-profit organizations. The standard is applicable to organizations of all sizes from the smallest to the largest, regardless of the extent of their use of IT.
  • 26. Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
  • 27. Objectives The purpose of this Standard is to promote effective, efficient, and acceptable use of IT in all organizations by: • assuring stakeholders (including consumers, shareholders, and employees) that, if the standard is followed, they can have confidence in the organization’s corporate governance of IT; • informing and guiding directors in governing the use of IT in their organization; and • providing a basis for objective evaluation of the corporate governance of IT.
  • 28. Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
  • 29. 6 principles Principle 1: Establish clearly understood responsibilities for IT Principle 2: Plan IT to best support the organization Principle 3: Acquire IT validly Principle 4: Ensure that IT performs well, whenever required Principle 5: Ensure IT conforms with formal rules Principle 6: Ensure IT use respects human factors
  • 30. Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
  • 31. Model for Corporate Governance of ICT Directors should govern ICT through three main tasks: (a) Evaluate the use of ICT. (b) Direct preparation and implementation of plans and policies. (c) Monitor conformance to policies, and performance against the plans.
  • 32. Evaluate • Directors should examine and make judgement on the current and future use of IT, including strategies, proposals and supply arrangements (whether internal, external, or both). • In evaluating the use of IT, directors should consider the pressures acting upon the business, such as technological change, economic and social trends, and political influences. • Directors should also take account of both current and future business needs — the current and future organizational objectives that they must achieve, such as maintaining competitive advantage, as well as the specific objectives of the strategies and proposals they are evaluating.
  • 33. Direct • Directors should assign responsibility for, and direct preparation and implementation of plans and policies. Plans should set the direction for investments in IT projects and IT operations. Policies should establish sound behaviour in the use of IT. • Directors should ensure that the transition of projects to operational status is properly planned and managed, taking into account impacts on business and operational practices and existing IT systems and infrastructure. • Directors should encourage a culture of good governance of IT in their organization by requiring managers to provide timely information, to comply with direction and to conform with the six principles of good governance.
  • 34. Monitor • To complete the cycle, directors should monitor, through appropriate measurement systems, the performance of IT use. They should reassure themselves that performance is in accordance with plans, particularly with regard to business objectives. • They should also make sure that the use of IT conforms with external obligations (regulatory, legislation, common law, contractual) and internal work practices. If necessary, directors should direct the submission of proposals for approval to address identified needs.
  • 35. Outline • ICT Governance definitions • SG on ICT Governance – itSMF involvement – Interim Report – Beyond ISO 38500 • Scope • Application • Objectives • 6 principles • Model for Corporate Governance of ICT • Conclusions
  • 36. Conclusions and Future Works Review the use of the Plan, Do, Check Act (PDCA) lifecycle versus Evaluate, Direct Monitor (EDM). Show mapping of EDM versus PDCA. Incorporate human behavioural aspects to the chosen lifecycle. Produce a diagram demonstrating the inter-relation of principles. Develop derivative material to cover: · Clarification on the risks of poor governance and decision making; · Analysis on the benefits of Governance across the IT lifecycle; and · The explanation of each principle. Development of a TR2 for CIOs and executives to assist them in explaining the rationale and implications (risks and benefits) of the principles. Development of a TR2 for guidelines for the use of the standard by Public Sector organizations
  • 37. Conclusions and Future Works Determine market requirements and then determine the coverage of future standards for example IT Projects, IT Operations, IT Use or some other frameworks : 3 SGs Digital Forensics, Governance of IT operations, Schedule of Products. Schedule 3 NWIs Guides for the Implementation of 38500 Standard for the Governance of Business Change involving IT investment Standard for the Corporate Governance of business projects involving IT investment