3. Contents
• Corporate governance
• Introduction
• Background
• Difference between IT governance and IT management
• IT governance constraints
• Principles of IT governance
• Frameworks
• ISO
• CMM
• COBIT
• Recommendations
4. Corporate governance
Corporate governance is the set of processes,
customs, policies, laws, management practices
and institutions affecting the way an entity is
controlled and managed.
5. Corporate governance of IT
IT Governance is actually a part of the overall
Corporate Governance Strategy of an
organization
Its implementation of processes, structures and
relational mechanisms in the organization that
enable both business and IT people to execute
their responsibilities in support of business/IT
alignment and the creation of business value
from IT-enabled business investments.
6. Introduction
• It highlights the importance of value creation
and accountability for the use of information
and related technology and establishes the
responsibility of the governing body, rather
than the chief information officer or business
management.
7. Primary goals of Corporate
governance IT
Assure that the use of information
and technology generate business
value
Oversee management's
performance
Mitigate the risks associated with
using information and technology
8. Background
• Information technology governance first
emerged in 1993 as a derivative of
corporate governance and deals primarily
with the connection between an
organization's strategic objectives,
business goals and IT management within
an organization.
9. Difference between IT governance
and IT management
• IT management is focused on the effective
and efficient internal supply of IT services and
products and the management of present IT
operations
• Corporate Governance of IT concentrates on
performing and transforming IT to meet
present and future demands of the business
(internal focus) and business customers
(external focus)
10. IT governance constraints
• Senior Management Not Engaging
• Poor Strategic Alignment
• Lack Of Project Ownership
• Poor Risk Management
• Ineffective Resource Management
11. INEFFECTIVE IT GOVERNANCE
• Senior management senses low value from
investments made in IT
• The IT decision-making mechanisms are slow or
contradictory
• Some outsourcing decisions result simply from
frustration with IT.
• The inability to explain how IT is governed in an
organization – especially senior management’s ability
to explain it.
• IT is often a barrier to implementing new strategies.
Instead of being a strategic enabler, it limits the ability
to respond to new opportunities.
13. ISO
• is an international standard for Corporate
governance of information technology
published jointly by the International
Organization for Standardization (ISO) and the
International Electro technical Commission
(IEC).
16. Principles for Good Corporate
Governance of IT
• Responsibility
• Strategy
• Acquisition
• Performance
• Conformance
• Human Behavior
17. CMM
• Capability Maturity Model (CMM) broadly
refers to a process improvement approach
that is based on a process model. The
Capability Maturity Model (CMM) is a way to
develop and refine an organization's
processes.
21. COBIT
• Control Objectives for Information and
Related Technology is a framework created by
ISACA for information technology (IT)
management and IT governance. It is a
supporting toolset that allows managers to
bridge the gap between control requirements,
technical issues and business risks
22. COBIT components
• Framework: Organize IT governance objectives and good practices
by IT domains and processes, and links them to business
requirements
• Process descriptions: A reference process model and common
language for everyone in an organization. The processes map to
responsibility areas of plan, build, run and monitor.
• Control objectives: Provide a complete set of high-level
requirements to be considered by management for effective control
of each IT process.
• Management guidelines: Help assign responsibility, agree on
objectives, measure performance, and illustrate interrelationship
with other processes
• Maturity models: Assess maturity and capability per process and
helps to address gaps.