Falcon Invoice Discounting: The best investment platform in india for investors
IT governance by Erik Guldentops
1. 19-21 September Ghent Belgium
IT Governance
“How to deal with IT Value and IT Risk”
Erik Guldentops
Lecturer
Antwerp Management School
Erik
Guldentops IT Governance Briefing eg_19092012 page 1 of 27
2. Enterprise Governance of IT
Strategic alignment
Defining with the
businsess how to
achieve value while
Five mitigating risk
domains but Performance Mngnt
Measuring how desired
really only value is achieved and
risk contained
two subjects
Resource Mngnt
Acquiring and
maintaining all that is
necessary to achieve
value and contain risk
Erik
Risk and Value
Guldentops IT Governance Briefing eg_19092012 page 2 of 27
3. Erik
Guldentops IT Governance Briefing eg_19092012 page 3 of 27
4. IT Governance vs. IT Management
IT GOVERNANCE
Set Objectives
• IT is aligned with the business
• IT enables the business and maximises benefits
• IT resources are used responsibly
Evaluate • IT-related risks are managed appropriately Provide
performance direction
Measure and Translate
report direction into
performance Translate strategy into action strategy
• Increase automation (make the business
effective)
• Decrease cost (make the enterprise efficient)
• Manage risks (security, reliability & compliance)
IT MANAGEMENT
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 4 of 27
5. Enterprise Governance of IT
Board
Executive
Line
Management
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 5 of 27
6. Implementing Enterprise
Governance of IT
How do we know
Where do we we are What are we
want to be? progressing? doing about it?
•Delivery Performance Portfolio
•Service Quality
• Programmes
Objectives •Resource Utilisation
•Benefits Realisation • Services
•Risk Reduction • Resources
Strategy Scorecards Business Cases
Are the engines of IT Governance
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 6 of 27
7. Implementing Enterprise
Governance of IT
Metrics
Inputs
WHAT
? Outputs
Responsibility &
Goals Activities
Accountability
? Performance
HOW
Metrics
needs a process structure
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 7 of 27
8. Implementing Enterprise Governance of IT
BUSINESS OBJECTIVES AND
GOVERNANCE OBJECTIVES
COBIT
ME1 Monitor and evaluate IT
PO1 Define a strategic IT plan.
performance.
PO2 Define the information
ME2 Monitor and evaluate internal INFORMATION architecture.
control.
PO3 Determine technological direction.
ME3 Ensure compliance with external
requirements. Efficiency Integrity PO4 Define the IT processes,
organization, and relationships.
ME4 Provide IT governance. Effectiveness Availability
PO5 Manage the IT investment.
Compliance Confidentiality
PO6 Communicate management aims
Reliability and direction.
MONITOR PLAN PO7 Manage IT human resources.
AND AND PO8 Manage quality.
EVALUATE ORGANIZE
PO9 Assess and manage IT risks.
DS1 Define and manage service levels.
IT PO10 Manage projects.
DS2 Manage third-party services. RESOURCES
DS3 Manage performance and
capacity.
DS4 Ensure continuous service.
DS5 Ensure systems security.
Applications
DS6 Identify and allocate costs. AI1 Identify automated solutions.
Information
DS7 Educate and train users. Infrastructure AI2 Acquire and maintain application
DS8 Manage the service desk and People software.
incidents. DELIVER AI3 Acquire and maintain technology
ACQUIRE
DS9 Manage the configuration. AND infrastructure.
AND
DS10 Manage problems. SUPPORT IMPLEMENT AI4 Enable operation and use.
DS11 Manage data. AI5 Procure IT resources.
DS12 Manage the physical environment. AI6 Manage changes.
DS13 Manage operations. AI7 Install and accredit solutions and
change.
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 8 of 27
9. Implementing Enterprise
Governance of IT
www.isaca.org
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 9 of 27
10. CobiT can be
overwhelming
Erik
Guldentops IT Governance Briefing eg_19092012 page 10 of 27
11. CobiT can be
overwhelming
Erik
Guldentops IT Governance Briefing eg_19092012 page 11 of 27
12. CobiT QuickStart
for Small and Medium Sized Enterprised
One objective
Four practices
Three critical success factors
Two metrics
Erik
Guldentops IT Governance Briefing A simple progress measure
eg_&9092012 pg 12 of 27
13. Suitability
CobiT QuickStart Assessment
Span of control
Communications path
Applicable to IT Sophistication
IT Strategic Importance
whom? IT Expenditure
Segregation
Sanity
Check
Risk
Liabilities
Compliance
Past Problems
Future Needs
Required Expertise
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 13 of 27
14. What did 70 CISO
CIO’s say about CIO
IT Frameworks ?
IT Governance Service Delivery Information Security
CIONet Survey, Sep 2011 CobiT ITIL ISO27001
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 14 of 27
16. What were the expected and actual benefits?
Improved
EFFICIENCY
enterprise
processes
Extended staff
capabilities
Better service
delivery
EFFECTIVENESS
Faster solution
delivery
Increased
innovation
expected
RISK
Reduced risk
actual
CIONet Survey, Sep 2011
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 16 of 27
18. Relationship IT Governance Practices and Benefits
Clustered Correlations
PROCESS
• Define a strategic IT plan
• Manage the IT investment
• Communicate management aims and direction
IT
• Assess and manage IT risks
• Identify automated solutions
• Acquire & maintain applications and infrastructure
• Portfolio and investment management
• Align the IT strategy to the business strategy
GOAL
• Provide service offerings and service levels in line with business
IT
reqrmnts
• Acquire, develop and maintain IT skills that respond to the IT strategy
• Ensure that IT demonstrates continuous improvement and readiness for
future change
• Cost optimisation of service delivery and business processes
BUSINESS
• Obtain reliable and useful information for strategic decision-making
GOAL
• Improve and maintain business process functionality and operational
productivity
• Enable and manage business change
IT Governance Institue, Sep 2008
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 18 of 27
19. IT Governance Implementation: Lessons Learned
• Common language and common framework
• Higher maturity
• Better organisation
• More useful management information
• “IT really works”
• Complexity
• Less results than expected
• High learning curve managers
• Bogged down in details/paperwork
• High level of senior management support required
CIONet Survey, Sep 2011
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 19 of 27
20. IT Governance Implementation: Lessons Learned
Adoption of frameworks is not a
simple nor self-contained project
with measured costs. It is a gradual
shift and inter-relates with many
other initiatives.
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 20 of 27
21. Some notes on Risk and Value
CIONet Survey, Sep 2012
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 21 of 27
22. Some notes on Risk and Value
For both riskand value, accept uncertainty and deal with it!
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 22 of 27
23. IT Value
Research
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 23 of 27
24. IT Value
Research
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 24 of 27
25. www.isaca.org
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 25 of 27
26. So what is the ROI on IT Governance Practices?
In October 2006 Mc Kinsey and the London School of Economics
measured the increase in productivity from investments in IT
versus investments in management practices in 100 enterprises.
+
Management Practices Score
75th percentile +8% +20%1
and above
25th percentile 0 +2%
and above
- Intensity of IT deployment +
25th percentile 75th percentile
and above and above
Erik
Guldentops IT Governance Briefing eg_&9092012 pg 26 of 27
27. 19-21 September Ghent Belgium
IT Governance
“How to deal with IT Value and IT Risk”
Erik Guldentops
Lecturer
Antwerp Management School
Erik
Guldentops IT Governance Briefing eg_19092012 page 27 of 27