It governance
-
Upload
lusungu-mkandawire -
Category
Technology
-
view
85 -
download
1
Transcript of It governance
![Page 1: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/1.jpg)
IT GOVERNANCELUSUNGU MKANDAWIRE
MARCH 11, 2015
IIAM IT AUDIT
ESSENTIALS
WORKSHOP
![Page 2: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/2.jpg)
AGENDA
What is IT Governance
Elements of IT Governance
Benefits of IT Governance
Frameworks for IT Governance
Auditing IT Governance
Role of Internal Audit
![Page 3: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/3.jpg)
OBJECTIVES
Provide an overview of IT Governance and
describe its importance
Describe one approach to auditing IT Governance,
including key scope areas, involved
parties/stakeholders, key questions to answer
Describe current trends in IT Governance and how
they can be incorporated into IT Governance audits
![Page 4: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/4.jpg)
WHAT IS IT GOVERNANCE
IIA Definition :Consists of the leadership,
organizational structures and processes that
ensure that the enterprise’s information technology
supports the organization’s strategies and
objectives.
Mechanisms and structures used to clarify
oversight, accountability, and decision making
frameworks for IT strategy, resources, and control
activities
Provides for effective management of IT operations
and IT projects to ensure alignment with the
institution’s strategic plan
![Page 5: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/5.jpg)
![Page 6: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/6.jpg)
ELEMENTS OF IT GOVERNANCE
According to ITGI, there are 5 areas of focus:
Strategic alignment
Value delivery
Resource management
Risk management
Performance measurement
![Page 7: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/7.jpg)
IT Strategic Alignment, such as formalized business objectives, up to date IT strategy, linkage between business objectives and IT initiatives;
Value Delivery: IT tactical plans, clear benefits for each level of the organization: infra-structure (systems uptime), applications (degree of automation), operational (productivity), financial (income);
Risk Management: defined responsibilities for risk management, risk analysis methodology, defined strategies for addressing risks, continuous monitoring of threats, occurrence and impact;
Resource Management: sourcing strategies, human management practices, user manuals, segregation of duties, time reporting, infra-structure life cycle management, acceptable usage policies.
Performance Measurement: relevant and measurable metrics, continuous monitoring and reporting, follow-up policies, root cause analysis and problem management, benchmarking against industry practices and proven standards or frameworks.
ELEMENTS OF IT GOVERNANCE
![Page 8: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/8.jpg)
BENEFITS OF IT GOVERNANCE
Strengthens the relationship between the
organization and IT; Helps ensure limited IT
resources are focused on the right strategic and
tactical activities at the right time
Synergies with Enterprise Risk Management (ERM)
and other risk management activities; Helps ensure
the appropriate IT risk management processes and
activities are in place and operating effectively
![Page 9: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/9.jpg)
BENEFITS OF IT GOVERNANCE
Enhanced visibility into the IT Function’s ability to
achieve its both tactical and strategic objectives;
Key Performance Indicators (KPIs) for day-to-day
activities and longer-term/strategic initiatives
Improved adaptability of the IT Function to
organizational and IT environment changes;
Formality of Governance structure, processes and
activities enables more efficient and effective
response to change
![Page 10: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/10.jpg)
Capability Maturity Modeling Integration (CMMI)- For Process Improvement
Information Technology Infrastructure Library (ITIL)- For IT Service Management.
Six Sigma- For Process Improvement especially security processes.
Control Objectives for Information and Related Technology (COBIT) - For information technology (IT) management and IT governance
The Balanced Scorecard (BSC) -method to assess an organization’s performance in different areas.
FRAMEWORKS FOR IT GOVERNANCE
![Page 11: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/11.jpg)
IIA STANDARDS
IIA Standard 2110: “The internal audit activity
must assess and make appropriate
recommendations for improving the
governance process”
IIA 2110.A2: “The internal audit activity must
assess whether the [IT] governance of the
organization supports the organization’s
strategies and objectives”
Impacts downstream IT and business
processes and controls by setting a
foundation
![Page 12: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/12.jpg)
AUDITING IT GOVERNANCE
How do we get started?
Scoping
Stakeholder involvement
Areas of focus
Tactical steps
Our Example will be the higher education
institutions
![Page 13: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/13.jpg)
AUDITING IT GOVERNANCE
What should my scope be?
Scoping is always a challenge in higher
education institutions, IT Governance is no
exception
Ideally, even in a decentralized
environment, the IT Governance framework
applies across campuses, schools, and
departments/units/divisions
Realistically, where can we get started
![Page 14: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/14.jpg)
AUDITING IT GOVERNANCE
What should my scope be?
Department/unit/division level
School level
Campus level
Institution-wide level –Ideal
scope!
Smaller and less
complex
Larger and
more complex
![Page 15: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/15.jpg)
AUDITING IT GOVERNANCE
Who are the stakeholders involved? Depends on your scoping, but we will look at it from the
institution-wide view
Potential Stakeholders: Board
President/Chancellor
Provost Deans
Chief Business/Financial Officer Administrative department heads
Chief Information Officer
Information Security/Privacy Officer(s)
Chief Compliance/Risk Officer(s)
Research/Principal Investigators
Students
![Page 16: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/16.jpg)
AUDITING IT GOVERNANCE
What are my areas of focus?
Institutional Governance Structures
Executive Leadership and Support
Strategic and Operational Planning
IT Organization(s) and Risk Management
Service Delivery and Management
![Page 17: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/17.jpg)
AUDITING IT GOVERNANCE
Institutional Governance Structures
![Page 18: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/18.jpg)
AUDITING IT GOVERNANCE
Executive Leadership and Support
![Page 19: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/19.jpg)
AUDITING IT GOVERNANCE
Strategic and Operational Planning
![Page 20: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/20.jpg)
AUDITING IT GOVERNANCE
IT Organization(s) and Risk Management
![Page 21: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/21.jpg)
AUDITING IT GOVERNANCE
Service Delivery and Management
![Page 22: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/22.jpg)
AUDITING IT GOVERNANCE
IT Governance Trends
Cost Efficiencies (Outsourcing / The Cloud)
Information Privacy and Security
Virtualization
Centralization vs. Decentralization
![Page 23: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/23.jpg)
ROLE OF INTERNAL AUDIT
Minimum assurance provided by compliance audit with Standard 2110.A2: Depending on the maturity of the IT Function, governance program, the control environment and the results of the most recent risk assessment, IT Governance audits could be performed on an annual basis or up to two to three years apart.
Consulting; Would likely be the result of findings from compliance review related to Standard 2110.A2.
Remediation assistance
Post audit Follow-up review
Training
Facilitated workshop on IT Governance best practices
![Page 24: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/24.jpg)
ROLE OF INTERNAL AUDIT
Compliance and Consulting; Audit team should
have extensive experience in IT and operational
audit
Important to understand there is no one-size-fits-all
IT Governance model
Process of moving from an ineffective IT
Governance model to an effective, optimal model
takes time, there are generally little to no quick fixes
Full support from the Board and Senior
Management is critical for an organization to have
an effective IT Governance model
![Page 25: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/25.jpg)
SUMMARY
Mandatory nature of the Standards and in particular
2110.A2
IT Governance audits and relationship to external
QARs
Regardless of IIA Standards, performing IT
Governance reviews on a periodic basis are vitally
important due to the tremendous amount of dollars
spent by the IT Function and on technology
![Page 26: It governance](https://reader033.fdocuments.in/reader033/viewer/2022042817/55a677bf1a28abcc758b4708/html5/thumbnails/26.jpg)
Thank You! Lusungu Mkandawire
265999989153www.linkedin.com/pub/lusungu-mkandawire/57/102/283
https://twitter.com/MLusungu