Embed Size (px)
Citation preview
Paradigm Shift:Governance & Management of
Information & Related Technology
Paradigm Shift:Governance & Management of
Information & Related Technology
October 2014
To Begin….To Begin….
2
All organizations, public and private,
large or small, are facing a paradigm shift
with respect to the governance and
management of information and related
technology
ContextContext
3
Open Government(1)
Broadcast Communication
Citizen Engagement(1)
Service Delivery(2)
Open Data Open Information
Digital (Web/Social Media) Strategy
Control Framework for Information & Related Technology
Is achieved through:
Which require:
Delivered in part through execution of:
Implemented in the context of:
(1) Appendix B(2) Registration, transactions, advice
Proposition (‘What’)Proposition (‘What’)
Information is a strategic asset
for ALL
organizations – as important as
people and capital
IT is a critical enabler of most organizations
Effective governance &
management on an enterprise basis requires
the active engagement of
executive management
BUT most executive teams remain largely unaware of:
• the potential rewards of effective governance and management of information and related technology
• their responsibilities re: information management and enterprise IT
• the existence of relevant standards and best practices 4
‘So What’‘So What’
• Information and IT investments are often not aligned with the organization’s strategic objectives
• Information and IT-related risks are not appropriately managed
• The enterprise does not optimize the value of its investment in information and related technology
5
The changing role of information and technology requires greater formality in governance and
management
Why? Why?
• We are driving our organizations with data and information – with this comes risks and liabilities:
– In not knowing where data is, or knowing where it is but allowing improper access
– In using conflicting information
– In being unable to prove a number on a report is THE number and is accurate
– In being unable to produce documents (e.g., for discovery)
– In destroying documents too late
6
The SolutionThe Solution
7
“Implementing good IT governance
is almost impossible
without engaging
an effective governance framework.”
- ISACA 2009
Alberta’s AG Weighs In….Alberta’s AG Weighs In….
“Alberta Government needs to better identify and
mitigate IT risks. Government departments as a
whole need to do a better job identifying risks to
their systems and data. Then they need to
implement well-designed, efficient, and effective IT
controls to mitigate these risks and provide secure
services and programs to Albertans.”
– Auditor General, April 2008
8
9
What Success Looks Like…What Success Looks Like…
• Strategic alignment of investment in information and related technology with the organization’s goals
• We will get the right information to the right people at the right time so they can make informed decisions
• Improved value from investment in information and technology
• Effective management of information and technology-related risks
• IT services that meet the needs of the organization
• Protection of information and related IT assets from unauthorized access, use, disclosure, disruption, modification, or destruction
• Protection of stakeholders’ right to privacy and confidentiality
And in terms of Enterprise Information Management we will have:And in terms of Enterprise Information Management we will have:
• An in-depth understanding of what information is used, by whom, to attain specific Ministry
goals and objectives
• An information model which illustrates information flows and dependencies across the
Ministry
• A business case which provides the context and rationale for moving forward with specific
EIM projects
• Process models and process improvement recommendations for key corporate functions
• A catalogue and detailed description of information requirements and metrics
• A listing of the EIM components (e.g., analytics, applications, business intelligence, content
management, data models, master data management, meta data, portals, reporting,
security, standards) required to deliver the information to meet business needs
• A complete list of the EIM principles, policies and standards which need to be developed
• The proposed approach to implementing data governance and ensuring data quality
• A detailed description of EIM functions, roles and responsibilities
• A taxonomy to enable navigation of unstructured content or content management10
11
CONTROL FRAMEWORKSCONTROL FRAMEWORKS
Paradigm Shift: Improving Governance and Management of Information and Related Technology
What is a Control Framework?What is a Control Framework?
• An organized set of controls which, when implemented, supports
effective governance and management of information and related
technology.
• Provides a set of consistent principles that guides the development
of controls and ensures alignment with the strategic direction and
mandates of the organization.
• Assigns accountability and responsibility, influences how the controls
should be structured and maintains a common glossary of terms.
12
13
Types of Controls Types of Controls • Policies - high-level direction for what to do in a particular
situation or set of circumstances; a type of position statement
• Organizational Structure - reveal vertical operational responsibilities and horizontal linkages and may be represented by an organization chart to demonstrate governance
• Standard - A mandatory requirement, code of practice or specification established and approved by authority that is used as a baseline to measure the quality or performance of a process or procedure
• Procedure - The steps people are expected to take and the sequence in which to perform those steps; a set of actions which are the official or accepted way of doing something
• Guideline - A document providing guidance, advice or explanation
BenefitsBenefits
• Helps organizations:
– Better align their IM/IT activities to their business needs
– Ensure that management understands IM/IT’s role and relevance in the organization
– Fulfill their responsibilities for a sound internal control environment & demonstrate progress to regulators, business partners & external stakeholders
– Ensure that Boards/management can meet their quality, fiduciary & security requirements
– Clarify ownership, responsibilities and accountabilities for information and related technology
14
Control AreasControl Areas
Governance & Management
Enterprise Architecture
Privacy, Security &
Identity Management
Information Management
Technology
Management
An Assessment
Tool &
Controls are
developed and
available for
review/adaptation
by
GoA ministries
15
16
WRAPPING UPWRAPPING UP
Paradigm Shift: Improving Governance and Management of Information and Related Technology
17
The “Larger Picture”The “Larger Picture”
Awareness
UnderstandingBuy-in
Leadership
Enterprise View
Alignment
Essential for enterprise-wide
systemic change
18
Critical Success FactorsCritical Success Factors
• Understanding that governance and management of information and related technology is of strategic importance to the organization
• Executive leadership and ongoing involvement
• Enterprise view
• Long-term commitment coupled with short-term, incremental value delivery
• Effective program management
• Realistic assessment of organizational capacity for change
(1) Making EIM Work for Business, John Ladley, 2010
APPENDIX A - IMPLEMENTATIONAPPENDIX A - IMPLEMENTATION
Paradigm Shift: Governance & Management of Information & Related Technology
19
20
Before we get started…..Before we get started…..
(1) “Making EIM Work for Business: A Guide to Understanding Information as an Asset”, John Ladley, Morgan Kaufman 2010
Business transformation is not about retuning or
tweaking or adding functionality; it is
revolutionary. It involves fundamental business
redesign to achieve improvements in client and
stakeholder satisfaction, cost efficiencies and
return on investment, improved risk
management and more transparency and
accountability(1).
21
Implementation Life CycleImplementation Life Cycle
Identify Drivers
Assess Current State
Define Desired
Future State
Develop Plan
Execute Plan
Measure Results
Sustain Momentum
22
High-level ApproachHigh-level Approach
Conduct Organizational
Readiness Assessment
Assess Maturity Level & Set
Target
Assess Compliance with
Control Framework
PrioritizeDevelop
3-Year Plan
Assess
Results
APPENDIX B - DEFINITIONSAPPENDIX B - DEFINITIONS
Paradigm Shift: Governance & Management of Information & Related Technology
23
Open Government(1)Open Government(1)
• Governing doctrine which holds that citizens have the right to access the documents and proceedings of the government to allow for effective public oversight.
• Comprised of 3 strands:– Transparency: that the public understands the workings of their
government;– Public engagement: that the public can influence the workings of their
government by engaging in governmental policy processes and service delivery programs; and
– Accountability: that the public can hold the government to account for its policy and service delivery performance.
24(1)Open Government Partnership http://www.opengovguide.com/glossary/
Citizen Engagement(2)Citizen Engagement(2)
• Involves citizens (individuals, not representatives) in policy or program development, from agenda setting and planning to decision-making, implementation and review
• Requires two way communication regarding policy or program change (interactive and iterative):
– between government and citizens;
– among citizens;
– and among citizens and civil society groups
• Aims to share decision-making power and responsibility for those decisions
• Includes forums and processes through which citizens come to an opinion which is informed and responsible
• Generates innovative ideas and active participation
• Contributes to collective problem solving and prioritization
• Requires that information and process be transparent
• Depends on mutual respect between all participants
25(2) Handbook on Citizen Engagement: Beyond Consultation, Sheedy, 2008
