Upload
mary-grace-lim
View
229
Download
1
Embed Size (px)
Citation preview
8/6/2019 Governance It
1/41
WHY IS I.T. IMPORTANT TOWHY IS I.T. IMPORTANT TO
AN ORGANISATIONALAN ORGANISATIONALENTITY?ENTITY?
IT contributes directly to market valueIT contributes directly to market value
IT is essential for the achievement ofIT is essential for the achievement oforganisational goalsorganisational goals
IT involves large investments and operationalIT involves large investments and operationalrisksrisks
8/6/2019 Governance It
2/41
STRATEGIC IMPORTANCE OFSTRATEGIC IMPORTANCE OF
INFORMATION TECHNOLOGYINFORMATION TECHNOLOGY
IT is essential to manage the transactions,IT is essential to manage the transactions,information, and knowledge necessary to initiateinformation, and knowledge necessary to initiateand sustain economic and social activities. Inand sustain economic and social activities. In
most enterprises, IT has become an integral partmost enterprises, IT has become an integral partof the organisation and is fundamental to support,of the organisation and is fundamental to support,sustain, and grow the organisation.sustain, and grow the organisation.
8/6/2019 Governance It
3/41
EXPECTATIONS FROM I.T.EXPECTATIONS FROM I.T.
Those charged with governance and executiveThose charged with governance and executivemanagement generally expect their organisation'smanagement generally expect their organisation'sIT to deliver organisational value, i.e., provideIT to deliver organisational value, i.e., provide
fast, secured, high quality solutions and services;fast, secured, high quality solutions and services;generate reasonable return on investment; andgenerate reasonable return on investment; andmove from efficiency and productivity gainsmove from efficiency and productivity gainstoward value creation and business effectiveness.toward value creation and business effectiveness.
8/6/2019 Governance It
4/41
WHEN EXPECTATIONS ANDWHEN EXPECTATIONS AND
REALITY DO NOT MATCHREALITY DO NOT MATCH
Operational losses, reputational damage, andOperational losses, reputational damage, andweakened competitive positionweakened competitive position
Inability to obtain or measure a return for ITInability to obtain or measure a return for ITinvestmentsinvestments
Failure of IT initiatives to bring the innovationFailure of IT initiatives to bring the innovationand benefits promisedand benefits promised
Inadequate or obsolete technologyInadequate or obsolete technology
Inability to leverage available new technologiesInability to leverage available new technologies
Deadlines that are not met and budgets that areDeadlines that are not met and budgets that areoverrunoverrun
8/6/2019 Governance It
5/41
WHAT SHOULD BE DONE?WHAT SHOULD BE DONE?
Those charged with governance and executiveThose charged with governance and executivemanagement should understand the issues andmanagement should understand the issues andthe strategic importance of IT so that theirthe strategic importance of IT so that their
organisation can sustain operations andorganisation can sustain operations andimplement strategies required to extend activitiesimplement strategies required to extend activitiesinto the future.into the future.
This is the governance of IT that aims at ensuringThis is the governance of IT that aims at ensuringthat expectations from IT are met and IT risks arethat expectations from IT are met and IT risks aremitigated.mitigated.
8/6/2019 Governance It
6/41
WHAT SHOULD BE DONE?WHAT SHOULD BE DONE?
Those charged with governance and executiveThose charged with governance and executivemanagement need to assess their capacity tomanagement need to assess their capacity to
take advantage of IT's enabling capacity for newtake advantage of IT's enabling capacity for newbusiness models and changing business practicesbusiness models and changing business practices
balance IT's increasing costs and information'sbalance IT's increasing costs and information'sincreasing value to obtain an appropriate returnincreasing value to obtain an appropriate returnfrom IT investementsfrom IT investements
manage the risks of transacting in anmanage the risks of transacting in aninterconnected digital world and the dependenceinterconnected digital world and the dependenceon entities beyond the direct control of theon entities beyond the direct control of theorganisationorganisation
8/6/2019 Governance It
7/41
WHAT SHOULD BE DONE?WHAT SHOULD BE DONE?
Those charged with governance and executiveThose charged with governance and executivemanagement need to assess their capacity tomanagement need to assess their capacity to
manage IT's impact on business continuity due tomanage IT's impact on business continuity due toincreasing reliance on information and IT in allincreasing reliance on information and IT in allaspects of the organisationaspects of the organisation
maintain IT's ability to build and maintainmaintain IT's ability to build and maintainknowledge essential to sustain and grow theknowledge essential to sustain and grow the
organisationorganisation avoid the failures of IT, increasingly impactingavoid the failures of IT, increasingly impacting
the organisation's value and reputationthe organisation's value and reputation
8/6/2019 Governance It
8/41
IT GOVERNANCEIT GOVERNANCE
IT governance is the responsibility of thoseIT governance is the responsibility of thosecharged with overall governance and thecharged with overall governance and theexecutive management. It is an integral part ofexecutive management. It is an integral part of
organisational governance and consists of theorganisational governance and consists of theleadership organisational structure and processesleadership organisational structure and processesthat ensure that the organisation's IT sustains andthat ensure that the organisation's IT sustains andextends the organisation's strategies andextends the organisation's strategies andobjectives.objectives.
8/6/2019 Governance It
9/41
OBJECTIVES OF ITOBJECTIVES OF IT
GOVERNANCEGOVERNANCE
Alignment of IT with the organisation andAlignment of IT with the organisation andrealisation of promised benefitsrealisation of promised benefits
Use of IT to enable the organisation byUse of IT to enable the organisation byexploiting opportunities and maximising benefitsexploiting opportunities and maximising benefits
Responsible use of IT resourcesResponsible use of IT resources
Appropriate management of IT related risksAppropriate management of IT related risks
8/6/2019 Governance It
10/41
INTERACTION OFINTERACTION OF
OBJECTIVES AND I.T.OBJECTIVES AND I.T.ACTIVITIESACTIVITIES
8/6/2019 Governance It
11/41
IT GOVERNANCEIT GOVERNANCE
FRAMEWORKFRAMEWORK
8/6/2019 Governance It
12/41
WHY IS I.T. GOVERNANCEWHY IS I.T. GOVERNANCE
IMPORTANT?IMPORTANT?
Because Information Technology is importantBecause Information Technology is important
IT is critical in supporting and enablingIT is critical in supporting and enablingorganisational goalsorganisational goals
IT is strategic to the organisation [growth andIT is strategic to the organisation [growth andinnovation]innovation]
Due diligence is increasingly required relative toDue diligence is increasingly required relative tothe IT implication of mergers and acquisitionthe IT implication of mergers and acquisition
8/6/2019 Governance It
13/41
WHY IS I.T. GOVERNANCEWHY IS I.T. GOVERNANCE
IMPORTANT?IMPORTANT?
Because there was no previous focus on ITBecause there was no previous focus on IT
IT requires more technical insight than do otherIT requires more technical insight than do otherdisciplines to understand how it enables thedisciplines to understand how it enables theorganisation and creates risks and opportunitiesorganisation and creates risks and opportunities
IT has traditionally been treated as an entityIT has traditionally been treated as an entityseparate to the businessseparate to the business
IT is complex, even more so in the extendedIT is complex, even more so in the extended
enterprise operating in a networked economyenterprise operating in a networked economy
8/6/2019 Governance It
14/41
WHY IS I.T. GOVERNANCEWHY IS I.T. GOVERNANCE
IMPORTANT?IMPORTANT?
Because there is a need to align expectations ofBecause there is a need to align expectations ofthose charged with governance from executivethose charged with governance from executivemanagementmanagement
Deliver IT solutions of the right quality, on timeDeliver IT solutions of the right quality, on timeand, within budgetand, within budget
Harness and exploit IT to return valueHarness and exploit IT to return value
Leverage IT to increase efficiency andLeverage IT to increase efficiency and
productivity while managing IT risksproductivity while managing IT risks
8/6/2019 Governance It
15/41
WHY IS I.T. GOVERNANCEWHY IS I.T. GOVERNANCE
IMPORTANTIMPORTANT
Because of the negativities of ineffectiveBecause of the negativities of ineffectivegovernancegovernance
Business losses, damaged reputations orBusiness losses, damaged reputations orweakened competitive positionsweakened competitive positions
Deadlines not met, costs higher than expectedDeadlines not met, costs higher than expectedand quality lower than anticipatedand quality lower than anticipated
Enterprise efficiency and core processesEnterprise efficiency and core processes
negatively impacted by poor quality ITnegatively impacted by poor quality ITdeliverablesdeliverables
Failures of IT initiatives to bring innovation orFailures of IT initiatives to bring innovation ordeliver the promised benefitsdeliver the promised benefits
8/6/2019 Governance It
16/41
WHO SHOULD DO WHAT?WHO SHOULD DO WHAT?
Those charged with governance should take anThose charged with governance should take anactive role in IT strategy or similar committeesactive role in IT strategy or similar committees
CEOs [or their equivalent] should provideCEOs [or their equivalent] should provideorganisational structures to support theorganisational structures to support theimplementation of IT strategyimplementation of IT strategy
CIOs [or their equivalent] must be businessCIOs [or their equivalent] must be businessoriented and provide a bridge between IT and theoriented and provide a bridge between IT and the
businessbusiness All executives should be involved in ITAll executives should be involved in IT
steering or similar committeessteering or similar committees
8/6/2019 Governance It
17/41
WHAT DOES I.T.WHAT DOES I.T.
GOVERNANCE COVER?GOVERNANCE COVER?
IT's delivery of value to the organisationIT's delivery of value to the organisation
Mitigation of IT risksMitigation of IT risks
8/6/2019 Governance It
18/41
FOCUS AREAS OF ITFOCUS AREAS OF IT
GOVERNANCEGOVERNANCE
8/6/2019 Governance It
19/41
EACH ENTERPRISE OPERATESEACH ENTERPRISE OPERATES
IN AN ENVIRONMENT THAT ISIN AN ENVIRONMENT THAT ISINFLUENCED BYINFLUENCED BY
Stakeholder valuesStakeholder values
The mission, vision and values of the enterpriseThe mission, vision and values of the enterprise
The community and company ethics and cultureThe community and company ethics and culture Applicable laws, regulations and policiesApplicable laws, regulations and policies
Industry practicesIndustry practices
8/6/2019 Governance It
20/41
IT GOVERNANCE PROCESSIT GOVERNANCE PROCESS
8/6/2019 Governance It
21/41
I.T. STRATEGIC ALIGNMENTI.T. STRATEGIC ALIGNMENT[focusing on aligning with the business and[focusing on aligning with the business and
collaborative solutions]collaborative solutions]
8/6/2019 Governance It
22/41
IT/ENTERPRISE ALIGNMENTIT/ENTERPRISE ALIGNMENT
8/6/2019 Governance It
23/41
STRATEGIC OPPORTUNITIESSTRATEGIC OPPORTUNITIES
FROM I.T.FROM I.T. Add value to products and servicesAdd value to products and services
Assist in competitive positioningAssist in competitive positioning
Contain costs and improve administrativeContain costs and improve administrativeefficiencyefficiency
Increase managerial effectivenessIncrease managerial effectiveness
8/6/2019 Governance It
24/41
CONSIDERATIONS INCONSIDERATIONS IN
FORMULATING I.T. STRATEGYFORMULATING I.T. STRATEGY Business objectives and the competitiveBusiness objectives and the competitive
environmentenvironment
Current and future technologies and the costs,Current and future technologies and the costs,
risks and benefits they can bring to the businessrisks and benefits they can bring to the business
The capability of the IT organisation andThe capability of the IT organisation andtechnology to deliver current and future levels oftechnology to deliver current and future levels ofservice to the business, and the extent of changeservice to the business, and the extent of change
and investment this might imply for the wholeand investment this might imply for the wholeenterpriseenterprise
Cost of current IT and whether this providesCost of current IT and whether this providessufficient value to the businesssufficient value to the business
The lessons learned from past failures andThe lessons learned from past failures andsuccessessuccesses
8/6/2019 Governance It
25/41
I.T. SUPPORTING STRATEGICI.T. SUPPORTING STRATEGIC
OBJECTIVESOBJECTIVES
8/6/2019 Governance It
26/41
PLANNED AND PURPOSEFULPLANNED AND PURPOSEFUL
MANAGEMENTMANAGEMENT Creating and sustaining awareness of theCreating and sustaining awareness of the
strategic role of IT at top management levelstrategic role of IT at top management level
Clarifying what role IT should play: utility vs.Clarifying what role IT should play: utility vs.
enablerenabler
Creating IT guiding principles from businessCreating IT guiding principles from businessmaxims. For example, develop partnershipsmaxims. For example, develop partnershipswith customers worldwide can lead towith customers worldwide can lead to
consolidate customer database and orderconsolidate customer database and orderprocessing processes.processing processes.
Monitoring the business impact of the ITMonitoring the business impact of the ITinfrastructure and applications portfolioinfrastructure and applications portfolio
Evaluating, postEvaluating, post--implementation, benefitsimplementation, benefitsdelivered by IT projectsdelivered by IT projects
8/6/2019 Governance It
27/41
VALUE DELIVERYVALUE DELIVERY[concentrating on optimising expenses and proving[concentrating on optimising expenses and proving
the value of IT]the value of IT]
8/6/2019 Governance It
28/41
EXPECTATIONS RELATIVE TOEXPECTATIONS RELATIVE TO
CONTENTS OF THE I.T.CONTENTS OF THE I.T.DELIVERABLEDELIVERABLE
Fit for purpose, meeting business requirementsFit for purpose, meeting business requirements
Flexibility to adopt future requirementsFlexibility to adopt future requirements
Throughput and response timesThroughput and response times Ease of use, resiliency and securityEase of use, resiliency and security
Integrity, accuracy and currency of informationIntegrity, accuracy and currency of information
8/6/2019 Governance It
29/41
VIEWS OF I.T. VALUEVIEWS OF I.T. VALUE
[WEILL and BROADBENT][WEILL and BROADBENT]
8/6/2019 Governance It
30/41
DEPENDENCIES OF THEDEPENDENCIES OF THE
CAPACITY TO DELIVERCAPACITY TO DELIVER Timely, usable and reliable information aboutTimely, usable and reliable information about
customers, processes, markets, etc.customers, processes, markets, etc.
Productive and effective practices [performanceProductive and effective practices [performance
measurement, knowledge management, etc.]measurement, knowledge management, etc.]
The ability to integrate technologyThe ability to integrate technology
8/6/2019 Governance It
31/41
RISK MANAGEMENTRISK MANAGEMENT[addressing the safeguarding of IT assets and[addressing the safeguarding of IT assets and
disaster recovery]disaster recovery]
8/6/2019 Governance It
32/41
ENTERPRISE RISKENTERPRISE RISK
MANAGEMENTMANAGEMENT Ascertaining that there is transparency about theAscertaining that there is transparency about the
significant risks to the enterprise and clarifyingsignificant risks to the enterprise and clarifyingthe risk taking or risk avoidance policies of thethe risk taking or risk avoidance policies of the
enterprise [i.e., determining the enterprisesenterprise [i.e., determining the enterprisesappetite for risk]appetite for risk]
Being aware that the final responsibility for riskBeing aware that the final responsibility for riskmanagement rests with the board so, whenmanagement rests with the board so, whendelegating to executive management, makingdelegating to executive management, making
sure the constraints of that delegation aresure the constraints of that delegation arecommunicated and clearly understoodcommunicated and clearly understood
8/6/2019 Governance It
33/41
ENTERPRISE RISKENTERPRISE RISK
MANAGEMENTMANAGEMENT Being conscious that the system of internalBeing conscious that the system of internal
control put in place to manage risks often has thecontrol put in place to manage risks often has thecapacity to generate costcapacity to generate cost--efficiencyefficiency
Considering that a transparent and proactive riskConsidering that a transparent and proactive riskmanagement approach can create competitivemanagement approach can create competitiveadvantage that can be exploitedadvantage that can be exploited
Insisting that risk management be embedded inInsisting that risk management be embedded in
the operation of the enterprise, respond quicklythe operation of the enterprise, respond quicklyto changing risks and report immediately toto changing risks and report immediately toappropriate levels of management, supported byappropriate levels of management, supported byagreed principles of escalation [what to report,agreed principles of escalation [what to report,when, where and how]when, where and how]
8/6/2019 Governance It
34/41
I cannot imagine any condition which could causeI cannot imagine any condition which could causethis ship to founder. I cannot conceive of anythis ship to founder. I cannot conceive of anyvital disaster happening to this vessel.vital disaster happening to this vessel. -- --
Captain of the Titanic, 1912Captain of the Titanic, 1912
8/6/2019 Governance It
35/41
RESOURCE MANAGEMENTRESOURCE MANAGEMENT[optimising knowledge and infrastructure][optimising knowledge and infrastructure]
8/6/2019 Governance It
36/41
ADDRESS APPROPRIATEADDRESS APPROPRIATE
INVESTMENT IN I.T.INVESTMENT IN I.T.By ensuring thatBy ensuring that
The responsibilities with respect to IT systemsThe responsibilities with respect to IT systemsand services procurement are understood andand services procurement are understood and
appliedapplied
Appropriate methods and adequate skills exist toAppropriate methods and adequate skills exist tomanage and support IT projects and systemsmanage and support IT projects and systems
Improved workforce planning and investmentImproved workforce planning and investment
exist to ensure recruitment and, more important,exist to ensure recruitment and, more important,retention of skilled IT staffretention of skilled IT staff
IT education, training and development needs areIT education, training and development needs arefully identified and addressed for all stafffully identified and addressed for all staff
Appropriate facilities are provided and time isAppropriate facilities are provided and time is
8/6/2019 Governance It
37/41
WISE USE OF I.T. RESOURCESWISE USE OF I.T. RESOURCES
Appropriate methods and adequate skills exist inAppropriate methods and adequate skills exist inthe organisation to manage IT projectsthe organisation to manage IT projects
The benefits accruing from any serviceThe benefits accruing from any service
procurement are real and achievableprocurement are real and achievable
8/6/2019 Governance It
38/41
PERFORMANCE MEASUREMENTPERFORMANCE MEASUREMENT[tracking project delivery and monitoring[tracking project delivery and monitoring
IT services]IT services]
8/6/2019 Governance It
39/41
BALANCED SCORECARDBALANCED SCORECARD
DIMENSIONSDIMENSIONS
8/6/2019 Governance It
40/41
CAUSE AND EFFECTCAUSE AND EFFECT
RELATIONSHIPS BETWEENRELATIONSHIPS BETWEEN
BSC DIMENSIONSBSC DIMENSIONS
8/6/2019 Governance It
41/41
SAMPLE IT BSC MEASURESSAMPLE IT BSC MEASURES