Technology Governance: Smart, Sexy and Simple in Seven Steps

Technology Governance Smart, Sexy, and Simple in Seven Steps 12NTCtechgov

Johan Hammerstrom Community IT Innovators

Evaluate This Session! Each entry is a chance to win an NTEN engraved iPad!

or Online at www.nten.org/ntc/eval

Slide 2 12NTCtechgov

Johan Hammerstrom Vice President Community IT Innovators johan@citidc.com @JohanCITI

Disclaimer

Smart?

I’ll do my best

Sexy?

Don’t count on it

Simple?

That’s my goal

Slide 3 12NTCtechgov

Slide 4 12NTCtechgov

photo: Wikimedia Commons

ISO-9000

ITGI

Alphabet Soup

1. Why business objectives should drive all technology decisions

2. Why user adoption and support is critical to all technology management

3. A usable technology governance outline that can be used within your organization today

Slide 5 12NTCtechgov

Take-aways

the 7 Steps

1. Planning

2. Implementation

3. Deployment

4. Management

5. Support

6. User adoption

7. Training

Slide 6 12NTCtechgov

Process

1. Planning

2. Implementation

3. Deployment

4. Management

5. Support

6. User adoption

7. Training

Slide 7 12NTCtechgov

50,000 foot view

Slide 8 12NTCtechgov

photo: Wikimedia Commons

Organizations exist for a purpose.

MISSION

Slide 9 12NTCtechgov

Purpose

The system by which companies are directed and controlled…

Cadbury Report, 1992

to achieve their purpose.

Slide 10 12NTCtechgov

Corporate Governance

The leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.

ITGI, 2006

Slide 11 12NTCtechgov

IT Governance

The systems d organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and mission.

revised ITGI, 2012

Slide 12 12NTCtechgov

IT Governance redux

1. Leadership

2. Organizational Structures

3. Processes

Slide 13 12NTCtechgov

essentials

Slide 14 12NTCtechgov

Governance Maturity

“none”

“ad-hoc”

“defined”

“managed”

“optimized”

COBIT

Slide 15 12NTCtechgov

Control

Objectives

for IT

source: COBIT 5

Well-planned

well-implemented

well-maintained

Slide 16 12NTCtechgov

Control?

Slide 17 12NTCtechgov

source: COBIT 5

Slide 18 12NTCtechgov

source: COBIT 4.1 Executive Summary

COBIT Principles

Slide 19 12NTCtechgov

Business Goals

IT Goals IT Processes

Information Requirements

source: COBIT 4.1 Executive Summary

Strategic Alignment

Slide 20 12NTCtechgov

Mission

IT Goals IT Processes

Information Requirements

source: COBIT 4.1 Executive Summary

Strategic Alignment

Slide 21 12NTCtechgov

Mission

IT Goals IT Processes

Information

• Outcome measurements • Performance Metrics • Messaging • Website • Files • Databases • Internet Access

Slide 22 12NTCtechgov

Mission

IT Goals IT Processes

Requirements

• Business Continuity • Reporting • Compliance • Automation/efficiency • Remote access • Support

• COST

Slide 23 12NTCtechgov

Business Goals

IT Goals IT Processes

Information Requirements

source: COBIT 4.1 Executive Summary

Strategic Alignment Dialogue

1. Leadership willing and able to have dialogue

2. Organizational Structures that enable the conversation

3. Processes that support it

Slide 24 12NTCtechgov

Strategic Alignment Business

Goals

IT Goals IT Processes

1.Planning

2.Implementation

3.Deployment

4.Management

5.Support

6.User adoption

7.Training

Slide 25 12NTCtechgov

Process Business

Goals

IT Goals IT Processes

Slide 26 12NTCtechgov

source: COBIT 4.1 Executive Summary

Dialogue around…

1. What resources are required?

2. What risks are tolerable?

3. What measurements are needed?

Slide 27 12NTCtechgov

source: COBIT 4.1 Executive Summary

Key Decisions

1. Specific systems

2. Support staff

3. Training

4. Hosting

5. Infrastructure

Slide 28 12NTCtechgov

source: COBIT 4.1 Executive Summary

Required Resources

1. Business Continuity

2. Disaster Recovery

3. RPO

4. RTO

5. Hacking threats

6. Malware

7. Spam

Slide 29 12NTCtechgov

Tolerable Risks

1. Reporting requirements

2. Compliance requirements

3. Management

4. Performance metrics

5. Project status

Slide 30 12NTCtechgov

Measurements Needed

Slide 31 12NTCtechgov

Simple Risk Matrix

Tape Backup

Availability Hosted

RTO 1-2 weeks 1 hr n/a

RPO 1-7 days 15 min 1 day

Retention 6 months 3 months 3 weeks

Reports Custom Custom Limited

Cost $10,000 $20,000 $15,000

Slide 32 12NTCtechgov

Simple Risk Matrix

Tape Backup

Availability Hosted

Down for… 1-2 weeks 1 hr n/a

Lost data… 1-7 days 15 min 1 day

Retention 6 months 3 months 3 weeks

Reports Custom Custom Limited

Cost $10,000 $20,000 $15,000

Slide 33 12NTCtechgov

source: COBIT 4.1 Executive Summary

Accountability

1. Leadership exercising oversight

2. Organizational Structures that enable the accountability

3. Processes that deliver value

Slide 34 12NTCtechgov

Value Delivery Business

Goals

IT Goals IT Processes

1.Planning

2.Implementation

3.Deployment

4.Management

5.Support

6.User adoption

7.Training

Slide 35 12NTCtechgov

Process Business

Goals

IT Goals IT Processes

Slide 36 12NTCtechgov

source: COBIT 4.1 Executive Summary

lifecycle Key Decisions

1. How will leadership know if IT is delivering value?

a) Metrics?

b) Reports?

2. Is responsibility clearly defined?

a) SLA

b) Policy

Slide 37 12NTCtechgov

Accountability

1. Start with Strategic Alignment

2. Create Dialogue around…

a) Resource Management

b) Risk Management

c) Performance Measurement

3. Identify Value Delivery through

a) Accountability

b) Regular reports?

Slide 38 12NTCtechgov

In closing…

• www.isaca.org

• www.citidc.com/ntc2012

• johan@citidc.com

• @JohanCITI

Slide 39 12NTCtechgov

Resources

Evaluate This Session! Each entry is a chance to win an NTEN engraved iPad!

or Online at www.nten.org/ntc/eval