Upload
ruyooka
View
373
Download
1
Embed Size (px)
DESCRIPTION
Issues in Information Technology (IT) Governance for Internal Auditors. Presented at the IIA Uganda National Conference, 2011
Citation preview
“Issues in IT Governance for Internal Auditors”
By:Ambrose Ruyooka, PMP®
Ag. Commissioner for Information Technology,Ministry of Information and Communications Technology (ICT),
Uganda.
14th April 2011, Kampala
IIA Uganda National Conference 2011
IntroductionIntroduction
[Governance]
The combination of processes and structures implemented by the board to inform, direct, manage, and monitor the activities of the organization toward the achievement of its objectives.
22
IntroductionIntroduction
Corporate Governance“Corporate Governance is the system by which business corporations are directed and controlled. Specifies the distribution of rights and responsibilities among different participants (e.g. Board, management, shareholders, stakeholders) and spells out the rules and procedures for making decisions on corporate affairs.” (OCED)
33
IT Governance introductionIT Governance introduction
IT GovernanceIT GovernanceDiscipline of corporate GovernanceFocus is on IT systems performance and risk
management IT GovernanceIT Governance
“System by which IT within enterprises is directed and controlled. IT governance structure specifies the distribution of rights and responsibilities among participants (e.g. Board, business, IT managers) and spells out the rules and procedures for making decisions on IT” (ITSMF)
44
IT Governance DefinedIT Governance Defined
IIA International Professional Practices Framework: [IT Governance] Consists of the leadership,
organizational structures and processes that ensure that the enterprise’s information technology sustains and extends the organization’s strategies and objectives.
55
IT Governance Defined…IT Governance Defined…
IT Governance Institute (ITGI): [IT Governance] is the responsibility of the
board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.
66
Definitions ctd..Definitions ctd..
According to CobiT. 4.1 framework: IT Governance is the responsibility of executives
and the board of directors, and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategies and objectives.
77
More concepts…More concepts…
[IT Controls] Controls that support business management and governance as well as provide general and technical controls over information technology infrastructures such as applications, information, infrastructure, and people.
88
Motivation for IT GovernanceMotivation for IT Governance
The rising global interest in IT governance is largely due to compliance initiatives.
The recent Legal, Regulatory advancements by Government of Uganda: Enactment of “Cyber Laws”(The Electronic
Transactions law, The Electronic Signatures law and Computer Misuse law )
Enactment of the National Information Technology Authority Act
E-Government Policy Framework
99
Motivation for IT GovernanceMotivation for IT Governance
Acknowledging : Acknowledging : Coupling of IT to business performanceCoupling of IT to business performance Complexity presented by IT investmentsComplexity presented by IT investments Need for mitigation of IT-related risksNeed for mitigation of IT-related risks That IT projects can easily get out of That IT projects can easily get out of
control and profoundly affect the control and profoundly affect the performance of an organization.performance of an organization.
1010
Development of IT GovernanceDevelopment of IT Governance
Contribution of IT to Delivery of Business
Strategy
IT Informs the Business on
New Technologies
Source – ITGI SurveyIT Governance 2009
IT Governance Development ctd…IT Governance Development ctd…
1212
Accountable for IT
Governance
Source – ITGI SurveyIT Governance 2009
IT Governance DimensionsIT Governance Dimensions
1313
IT Governance
ResourceManagement
Strategic
Alignment Value
Delivery
Perform
ance
Measurem
entR
isk
Man
agem
ent
IT Governance Dimensions What we do?=> Strategic Alignment
Aligning with Business Goals Providing collaborative solutions
Why do It?=> Value Delivery Optimising IT costs Proof of value delivered
What could go wrong=> Risk Management Safeguarding assests Continuity and compliance
Who, What , How? => Resource Management Assets, infrastructure, knowledge and partners
Was it Done? => Perfomance Measuremet Metrics, Scorecards and dash boards
1414
IT Governance - ISO38500IT Governance - ISO38500
DIRECT
EVALUATE
MONITOR
CorporateGovernance
of ICT
BusinessStrategy
Riskenvironment
ICT Projects ICT Operations
Plan
sP
olicies
Pro
po
sals
Pe
rform
an
ce
Original image copyright ISO/IEC 2008
6 principles of good IT governance
• Conformance• Human behaviour
• Acquisition• Performance
• Responsibility• Strategy
Dire
ctor
s’ac
tiviti
esB
usin
ess
proc
ess
Uncovering IT IssuesUncovering IT Issues
Failure of IT projects to deliver what they promised Satisfaction of end users with the quality of the IT service Availability of sufficient IT resources, infrastructure and
competencies to meet strategic objectives Overrun of IT operational budgets The number and frequency of IT projects going over
budget The amount of IT effort going to firefighting rather than
enabling business improvements
1616
Finding Out How Management Addresses the IT Issues
The alignment of enterprise and IT objectives Measurement of the value delivered by IT Appropriateness of strategic initiatives taken by executive
management to manage IT and the critical relationship to maintenance and growth of the enterprise
Clarity of enterprise positioning relative to technology: pioneer, early adopter, follower or laggard.
Clarity on risk: risk-avoidance or risk-taking up-to-date inventory of IT risks relevant to the enterprise Actions taken to address these risks
1717
To Self-assess IT Governance Practices
Regular briefing of the board on IT risks to which the enterprise is exposed
Regular appearance of IT as an item on the agenda of the board addressed in a structured manner
Ability of the board to articulate and communicate the business objectives for IT alignment
Clear view of the board on the major IT investments from a risk and return perspective
The board obtaining regular progress reports on major IT projects by
The board getting independent assurance on the achievement of IT objectives and the containment of IT risks
1818
1919
Key IT Governance Stakeholders
Executive Management
Set direction for IT, monitor results and insist on corrective measures
Defines business requirements for IT and ensures that value is delivered and risks are managed
Delivers and improves IT services as required by the business
Provides independent assurance to demonstrate that IT delivers what is needed
Measures compliance with policies and focuses on alerts to new risks
Risk and compliance
IT audit
IT management
Boards
Original slide copyright ISACAOriginal slide copyright ISACA
Defined Responsibilities for Each Defined Responsibilities for Each ProcessProcess
Link business goals to IT goals. C IA/R
I C
Identify critical dependencies and current performance.
C C RA/R
C C C C C C
Build an IT strategic plan. A C C R I C C C C I C
Build IT tactical plans. C I A C C C C C R I
Analyse programme portfolios and manage project and service portfolios.
C I I A R R C R C C I
RACI Chart
Activities Fun
ctio
nsA RACI chart identifies who is Responsible, Accountable, Consulted and/or Informed.
ConclusionConclusion
IT is an integral part of the business. IT governance is an integral part of enterprise governance.
Need clearly define IT Governance Roles and Responsibilities
Development of an IT Governance Implementation Plan is significant
The Government of Uganda has over the last decade steadily developed a Policy, Legal and Regulatory environment to facilitate uptake of Information Technology Governance.
2121
ReferencesReferences
www.isaca.org/cgeit www.itgi.org www.itsfmi.org www.theiaa.org www.oecd.orgwww.oecd.org
2222
2323
Thank you!