A Practical Approach to An Integrated Technology Governance Framework

Prepared by : Abdulmajid Said CISA,CISM, CGEIT ,PMP ,CISSP ISACA member ID : : 341726 saidabdulmajid@gmail.com

Enterprise Governance

Enterprise governance is a set of

responsibilities and practices exercised by the board and executive management with the goal of: Providing strategic direction Ensuring that objectives are achieved
www.itgi.org www.itgi.org

Ascertaining that risks are managed appropriately Verifying that the enterprises resources are used responsibly

RESOURCE MANAGEMENT

Enterprise Governance Drives IT Governance

Enterprise governance is about:

Performance Improving profitability, efficiency, effectiveness, growth, etc. Conformance Adhering to legislation, internal policies, audit requirements, etc.

Performance

Conformance

Enterprise governance and IT governance require a balance between conformance and performance goals directed by the board.

Technology Governance Pillars

How your Organisation Aligns Technology Strategy with Business Strategy How Technology delivers benefits against your Organisation Strategy and Objectives

How your Organisation Measures Technology Performance inline with Strategic Objectives and Value proposition

How your Organisation embeds Risk Management into Technology Portfolios

RESOURCE MANAGEMENT

How your Organisation manages its critical Technology resources : (Technology, Applications, Infrastructure and People)

1-Sep-12

A Brief on COBIT Framework

C O B I T FRAMEWO R K
BUSINESS OBJECTIVES AND GOVERNANCE OBJECTIVES

ME1 ME2 ME3 ME4

Monitor and evaluate IT performance. Monitor and evaluate internal control. Ensure compliance with external requirements. Provide IT governance.
MONITOR AND EVALUATE

INFORMATION & TECHNOLOGY

Efficiency Effectiveness Compliance Reliability PLAN AND ORGANISE Integrity Availability Confidentiality

PO1 PO2

DS1 DS2 DS3 DS4 DS5 DS6 DS7 DS8 DS9 DS10 DS11 DS12 DS13

Define and manage service levels. Manage third-party services. Manage performance and capacity. Ensure continuous service. Ensure systems security. Identify and allocate costs. Educate and train users. Manage service desk and incidents. Manage the configuration. Manage problems. Manage data. Manage the physical environment. Manage operations.

IT RESOURCES

Define a strategic IT plan. Define the information architecture. PO3 Determine technological direction. PO4 Define the IT processes, organisation and relationships. PO5 Manage the IT investment. PO6 Communicate management aims and direction. PO7 Manage IT human resources. PO8 Manage quality. PO9 Assess and manage IT risks. PO10 Manage projects.

Applications Information Infrastructure People DELIVER AND SUPPORT ACQUIRE AND IMPLEMENT

AI1 AI2 AI3 AI4 AI5 AI6 AI7

Identify automated solutions. Acquire and maintain application software. Acquire and maintain technology infrastructure. Enable operation and use. Procure IT resources. Manage changes. Install and accredit solutions and changes.

COBIT and Other IT Management Frameworks

Organisations will consider and use a variety of IT models, standards and best practices. These must be understood in order to consider how they can be used together, with COBIT acting as the consolidator (umbrella).
COSO

Technical Standards i.e. NIST ISO 27001/2

COBIT

PMI WHAT ITIL HOW

SCOPE OF COVERAGE

Integrated Applications Governance Framework

Applications

Business

Objective
Policies, Procedures, Standards Infrastructure

Integrated Applications Governance Framework

Project Governance

Infrastructure Technical Standards

Software Development

Applications Governance Framework

Methodologies

Service Delivery and Support

Information Security Principles

Global Trends in Technology Governance

(Based on independent Global Survey by IT Governance Institute and PWC 2011)

Geographic representationA target of 21 countries was set, representing broad geographic coverage. Brazil, Russia, India and China (the BRIC countries) were included as important representatives of newly advanced economic growth. Number of respondentsA target of 730 participants was established, representing at least 20 participants per country. (Including fortune 500 Companies)

1-Sep-12

Global Trends in Technology Governance

(Based on independent Global Survey by IT Governance Institute and PWC 2011)

95 % of Companies surveyed have either implemented or are planning to implement Enterprise Technology Governance

1-Sep-12

10

Global Trends in Technology Governance

Based on an independent Global Survey by IT Governance Institute and PWC 2011

1-Sep-12

11

Benefits of Technology Governance- Global Trends

(Based on independent Global Survey by IT Governance Institute and PWC 2011)

1-Sep-12

12