13. Corporate Governance UTS Centre for Corporate Governance: “Corporate governance is the system by which business corporations are directed and controlled.” Corporate management vs. governance Adapted from Tricker (2009)
31. Why Adopt IT Governance? IT Governance increases profit margins, raises market capitalisation, enhances shareholder returns. Companies with above average IT Governance are 20% more profitable Investors pay 14%-22% more for well-run, well-governed Top-rated Corporate Governance companies return more than triple to investors Problems with IT Governance Often confused with good management practices and IT control frameworks More important to be focused on value and performance than on risk and compliance
41. COBIT Control Objectives for Information and Related Technologies A set of best practices (framework) for IT management Created in 1996 by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI) Provides a high-level, comprehensive IT governance and control framework COBIT consists of three main parts: Control framework Management guideline Implementation toolset COBIT awareness exceeds 50%; adoption and use is around 30%
43. ISO/IEC 38500:2008 Corporate Governance of Information Technology The ISO/IEC 38500:2008 standard provides a framework, vocabulary and six principles for good ICT governance Responsibility - establish clearly understood responsibilities for ICT management Strategy - plan ICT to best support the organisation’s strategy; Acquisition - acquire ICT for valid reasons Performance - ensure that ICT performs well, whenever required Conformance - ensure ICT conforms with legislation and policies Human behaviour - ensure ICT respects human factors
44. ISO/IEC 38500:2008 Corporate Governance of Information Technology Directors should govern IT through three main tasks Evaluate the current and future use of IT; Direct preparation and implementation of plans and policies Monitor conformance to policies, and performance against the plans
45. ISO/IEC 38500:2008 Corporate Governance of Information Technology Six Sigma can be applied Model for Corporate Governance of IT ISO/IEC 38500:2008
47. ITIL Information Technology Infrastructure Library A public framework that describes Best Practice in IT service management Most widely accepted approach to IT service management in the world Key improvement to ITIL V3: Addition of the Continual Service Improvement (CSI) Process
48. ITIL Information Technology Infrastructure Library The 5 processes Continual Service Improvement (CSI) Service Strategy Service Design Service Transition Service Operation Continual Service Improvement (CSI): 3 key processes for effective implementation of continual improvement The 7-Step Improvement Process Service Measurement Service Reporting
49. ITIL Information Technology Infrastructure Library The 7 Steps Step 1 - Define what you should measure Step 2 - Define what you can measure Step 3 - Gather the data Step 4 - Process the data Step 5 - Analyse the data Step 6 - Present and use the Information Step 7- Implement corrective action
51. IT Governance Maturity With formal processes and structures – such as an IT strategy and steering groups – the organisation can better: align IT strategy with the business strategy transform high level strategic goals into actual IT projects establish procedures for prioritising IT projects that are understood and supported by all senior managers
52. IT Governance Maturity Source: Control Objectives for Information and related Technology (COBIT) IT Governance Maturity Levels
54. Governance& Management Tools Many tools can be used separately and together Some tools are more suited to governance, some more to management Requirement is to develop a framework that integrates both IT governance and management into the wider business
56. Conclusions IT is now a regular agenda item for corporate boards IT governance is a component of corporate governance Major difference between IT management and governance: IT management is internally and present time focused, IT governance is externally focused and future orientated
57. Conclusions Implications: IT is no longer just a tool, it is an organisation’slife blood Limitations: BSC tends to be broad brush tool for strategy, whereas a surgical tool is needed for IT governance Future directions Develop an IT Governance Maturity Model (ITMM) based on the standard 5 steps of CMMI ITMM would allow the classification of the management tools to determine its position on the life cycle of IT governance Evaluate ITMM across various industry types, sizes and locations to allow organisations to determine their relative maturity when benchmarked against similar entities