IT Governance versus IT Management what is the difference?

1. START START

2. Tools & Techniques for IT Governance & Management Richard Willis

3. Background Information

5. National Australia Bank

7. COBIT

8. ISO/IEC 38500:2008

9. ISO/IEC 27001

10. CMMI

11. Balanced Scorecard

13. Corporate Governance UTS Centre for Corporate Governance: “Corporate governance is the system by which business corporations are directed and controlled.” Corporate management vs. governance Adapted from Tricker (2009)

14. Information Technology Governance

16. IT governance is about “who has input”

17. IT governance is about: “who is accountable for implementing those decisions”

19. Information Technology Governance Source: Henderson and Venkatraman (1993)

20. IT Governance Vs. IT Management

23. Focused on the effective and efficient internal supply of IT services and products

24. Focused on the management of present IT operations

26. IT Governance & Corporate Governance

30. Why Adopt IT Governance?

31. Why Adopt IT Governance? IT Governance increases profit margins, raises market capitalisation, enhances shareholder returns. Companies with above average IT Governance are 20% more profitable Investors pay 14%-22% more for well-run, well-governed Top-rated Corporate Governance companies return more than triple to investors Problems with IT Governance Often confused with good management practices and IT control frameworks More important to be focused on value and performance than on risk and compliance

33. COBIT

34. ITIL

35. ISO/IEC 27001

36. CMMI

37. TickIT

38. Balanced Scorecard

39. Six Sigma

41. COBIT Control Objectives for Information and Related Technologies A set of best practices (framework) for IT management Created in 1996 by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) Provides a high-level, comprehensive IT governance and control framework COBIT consists of three main parts: Control framework Management guideline Implementation toolset COBIT awareness exceeds 50%; adoption and use is around 30%

42. ISO/IEC 38500:2008 Corporate Governance of Information Technology

43. ISO/IEC 38500:2008 Corporate Governance of Information Technology The ISO/IEC 38500:2008 standard provides a framework, vocabulary and six principles for good ICT governance Responsibility - establish clearly understood responsibilities for ICT management Strategy - plan ICT to best support the organisation’s strategy; Acquisition - acquire ICT for valid reasons Performance - ensure that ICT performs well, whenever required Conformance - ensure ICT conforms with legislation and policies Human behaviour - ensure ICT respects human factors

44. ISO/IEC 38500:2008 Corporate Governance of Information Technology Directors should govern IT through three main tasks Evaluate the current and future use of IT; Direct preparation and implementation of plans and policies Monitor conformance to policies, and performance against the plans

45. ISO/IEC 38500:2008 Corporate Governance of Information Technology Six Sigma can be applied Model for Corporate Governance of IT ISO/IEC 38500:2008

46. ITIL Information Technology Infrastructure Library

47. ITIL Information Technology Infrastructure Library A public framework that describes Best Practice in IT service management Most widely accepted approach to IT service management in the world Key improvement to ITIL V3: Addition of the Continual Service Improvement (CSI) Process

48. ITIL Information Technology Infrastructure Library The 5 processes Continual Service Improvement (CSI) Service Strategy Service Design Service Transition Service Operation Continual Service Improvement (CSI): 3 key processes for effective implementation of continual improvement The 7-Step Improvement Process Service Measurement Service Reporting

49. ITIL Information Technology Infrastructure Library The 7 Steps Step 1 - Define what you should measure Step 2 - Define what you can measure Step 3 - Gather the data Step 4 - Process the data Step 5 - Analyse the data Step 6 - Present and use the Information Step 7- Implement corrective action

50. IT Governance Maturity

51. IT Governance Maturity With formal processes and structures – such as an IT strategy and steering groups – the organisation can better: align IT strategy with the business strategy transform high level strategic goals into actual IT projects establish procedures for prioritising IT projects that are understood and supported by all senior managers

52. IT Governance Maturity Source: Control Objectives for Information and related Technology (COBIT) IT Governance Maturity Levels

53. Governance & Management Tools

54. Governance& Management Tools Many tools can be used separately and together Some tools are more suited to governance, some more to management Requirement is to develop a framework that integrates both IT governance and management into the wider business

55. Conclusions

56. Conclusions IT is now a regular agenda item for corporate boards IT governance is a component of corporate governance Major difference between IT management and governance: IT management is internally and present time focused, IT governance is externally focused and future orientated

57. Conclusions Implications: IT is no longer just a tool, it is an organisation’slife blood Limitations: BSC tends to be broad brush tool for strategy, whereas a surgical tool is needed for IT governance Future directions Develop an IT Governance Maturity Model (ITMM) based on the standard 5 steps of CMMI ITMM would allow the classification of the management tools to determine its position on the life cycle of IT governance Evaluate ITMM across various industry types, sizes and locations to allow organisations to determine their relative maturity when benchmarked against similar entities

58. END OF SHOW START