IT Governance for Board Members
•Télécharger en tant que PPTX, PDF•
1 j'aime•481 vues
The document discusses issues for boards of directors to consider regarding information technology (IT). It recommends that boards provide oversight of IT as IT is critical to most organizations and carries risks. It also recommends using formal IT governance frameworks to align IT with business strategy and ensure accountability. The document provides examples of current and emerging IT trends and issues for boards to discuss with management.
Recommandé
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à IT Governance for Board Members
Similaire à IT Governance for Board Members (20)
Dernier
Dernier (20)
IT Governance for Board Members
- 1. Bill Clark Alberta Gaming and Liquor Commission April 25, 2012
- 2. 1. Is IT a Topic for the Board? 2. Current and Emerging IT Trends 3. IT Governance 4. Questions to Ask Your CEO 5. Questions / Comments
- 3. ◦ Technical ◦ Focused on formal governance frameworks ◦ Beyond the scope of any Corporate Director
- 4. Most organizations are highly dependent upon their IT systems Major IT initiatives involve major risks, large capital expenditures, and significant trauma to the organization The pace of technology change continues to be very fast
- 5. “IT Governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.” IT Governance Institute
- 7. What is It? ◦ The demand for IT continues to increase ◦ Colleges are producing fewer IT graduates ◦ “Boomers” are starting to retire Why is it Important? ◦ Supporting legacy applications is becoming more difficult ◦ Recruitment and retention of human resources with the necessary skill sets in new technologies is becoming more difficult
- 8. What is It? ◦ Connectivity of everything to everything ◦ Access 24 / 7 / 365 ◦ SOA [Services Oriented Architecture] Why is it Important? ◦ Internet enabled applications ◦ PCs -> Laptops -> Tablets -> Smart Phones ◦ Security
- 9. What is It? ◦ Browser based applications ◦ Massive data ◦ Centralized control Why is it Important? ◦ Mainframe skills are in short supply ◦ Mainframes are expensive ◦ Sharing [Outsourcing] may be appropriate
- 10. What is it? ◦ Separation of physical and logical storage ◦ Virtual storage (you don’t know where data is stored or on what device) Why is it important? ◦ Reliance upon 3rd parties (good and bad) ◦ Data crossing borders ◦ An answer to continual hardware/software upgrades (?)
- 11. What is it? ◦ FaceBook, Twitter, LinkedIn, YouTube, … ◦ Accessible at any time from anywhere on any device ◦ Instant! Why is it important? ◦ Communication method of choice for a significant portion of the population and growing dramatically
- 12. What is the trend? ◦ From 1.0 (Static Information Presentation) to ◦ 2.0 (Interactive Transaction Processing) to ◦ 3.0 (Smart Applications / Data Intensive) to ◦ 4.0 (???) Why is it important? ◦ The platform for Social Media ◦ Sophisticated [complex] architectures ◦ New skill sets required
- 13. What is it? ◦ Bring Your Own Device ◦ Staff use of personal Smart Phones, Laptops, and Tablets for company business Why is it Important? ◦ Complexity [Support of Multiple Platforms] ◦ Security / Confidentiality ◦ Liability
- 14. What is it? ◦ Separate IT organizations to “Keep the Lights On” vs. Plan and Introduce New Functionality Why is it Important? ◦ Radically different skill sets are required ◦ Dedicated resources are required for both
- 15. What is it? ◦ Use of 3rd party organizations to provide IT services ◦ Can be Hardware / Application Support / Help Desk ◦ Can be local, regional or international Why is it Important? ◦ Can help address IT skill shortages ◦ Can allow the business to focus on its primary mandate ◦ Often gets screwed up
- 16. What is it? ◦ Formal training and certification of Project Managers, Business Analysts, Programmers, Security Specialists, … ◦ Periodic re-certification Why is it important? ◦ Base level competency ◦ Common terminology ◦ The business of IT constantly changes
- 17. What is it? ◦ Use of powerful software tools to sift through massive amounts of data to extract trends ◦ Sophisticated reporting ◦ Includes: Data Cleanup / “Deduping” / Consolidation Why is it Important? ◦ Stability of data over time ◦ Reliability of data – definitional issues ◦ FOIP
- 18. What is it? ◦ A vendor raises the bar by offering everything the competition has plus more - and sometimes for less Why is it Important? ◦ “Best of Breed” is a transient measure ◦ Both IT professionals and IT users often get into “religious wars” concerning what is best ◦ The reality is that the range of technology solutions will change soon
- 19. What is it? ◦ Providing the necessary tools to allow IT personnel and others to work from home ◦ Hardware / network access / security Why is it Important? ◦ Preferred method of working for many ◦ Cost savings? ◦ “Green” ◦ Helps keep young mothers in the workforce
- 21. What is it? ◦ Alignment of IT with Business ◦ Introduction and use of formal frameworks to guide IT investment and use ◦ Identify and mitigate risks ◦ Confirm that value is commensurate with investment Why is it Important? ◦ Places accountability in the right places ◦ Transparency ◦ A baseline to audit against
- 22. How are IT decisions made? Who makes them? Who owns accountability for IT – your IT Dept. or your IT users? Is investment in IT planned and continuous or ad hoc and infrequent? Are major projects given sufficient transparency? Formal approaches exist and require investment
- 24. Is succession planning well in hand? [How old is your IT leadership team?] Are we using a formal IT control methodology such as COBIT or ISO? Do we have PMPs (certified Project Management Professionals) leading all strategic projects? Do we have external oversight on all large and/or strategic projects?
- 25. How many “failed” projects has your PM and team experienced? [Too many should raise a flag. None should also raise a flag. How experienced is your PM? Good PMs tend to get pulled into failing projects.] How long since the last major project? What has changed - Technology platform? Architecture? Key Users? Methodology? Major business transformation? Regulatory rules? The project complexity [risk] increases significantly with each new component.
- 26. Has the primary business user been through a large IT project before? How will the day-to-day responsibilities of users seconded to the project be handled? [“I also have a 9 to 5 job!”] Who is leading the Change Management? [New processes, new job specs., re-training, org. design, communications plan, …] Has this team done it before?
- 27. Who owns the project and is ultimately accountable? Do they have the authority to: ◦ Change dates? ◦ Reallocate user resources? ◦ Reduce or add functionality? ◦ Change the project budget? ◦ Hire external resources?
- 29. The Board does have a role in the oversight of Information Technology The basic questions that need to be addressed are not technical Formal methodologies and models exist and are important Good IT governance requires training and investment