INCLASS exam

nimab8

Lecture05-ITGovernance.pptx

Home >Law homework help >INCLASS exam

ISDS 351 - Information Technology for Managers

Information Technology for Managers IT Governance

Objectives

What is IT governance and what are the key elements of an IT effective governance process?

How can an effective IT governance program improve the likelihood of organizational success?

Information Technology for Managers

IT Governance

Guide to Microsoft Virtual PC 2005 and Virtual Server 2007

Corporate Governance

Processes, customs, rules, procedures, policies, and traditions

Determine how to direct and control management activities

Key players

Board of directors, CEO, senior executives, and shareholders

Information Technology for Managers

Issues Addressed by Corporate Governance

Preparing of the firm’s financial statements

Monitoring the choice of accounting principles and policies

Establishing internal controls

Hiring of external auditors

Nominating and selecting of people to the board of directors

Managing risk

Dividend policy

Information Technology for Managers

IT Governance

Framework that ensures IT decisions are based on goals and objectives

Includes defining:

Decision-making process

Who makes the decisions

Who is held accountable for results

How the results of decisions are communicated, measured, and monitored

Information Technology for Managers

Primary Goals of Effective IT Governance

Ensuring that an organization achieves good value from its investments in IT

Mitigating IT-related risks

Information Technology for Managers

Figure 5.1 - Board of Directors and Various Subcommittees Involved in Governance

Information Technology for Managers

Figure 5.2 - Two Primary Goals of IT Governance

Information Technology for Managers

Ensuring that an Organization Benefits from IT Investments

Efficient governance is needed in the management of IT by business managers

Effective IT strategic planning process ensures close alignment between business and IT project goals and objectives

Involves applying good project management principles

Guide to Microsoft Virtual PC 2005 and Virtual Server 2007

Mitigating IT-Related Risks

Requires use of good internal controls and management accountability

Sarbanes-Oxley Act

Holds senior management accountable for the integrity of organization’s financial data and internal controls

Information Technology for Managers

Mitigating IT-Related Risks

Internal control

Fundamental concept involves separation of duties

Affected by improper conduct of senior managers and failure to hold the managers accountable

Offers reasonable assurance for:

Effectiveness and efficiency of operations

Reliability of financial reporting

Compliance with applicable laws and regulations

Information Technology for Managers

Figure 5.3 - Key Activities Needed for Effective IT Governance

Information Technology for Managers

Why Managers Must Understand IT Governance

Guide to Microsoft Virtual PC 2005 and Virtual Server 2007

Importance of IT Governance for Managers

Universal goal for businesses

Leveraging IT to transform an enterprise and create value-added services, increased revenue, and decreased expenses

Effective IT governance:

Aligns and integrates the IT organization with the business

Reduces risks and costs

Helps the company gain a business advantage

Information Technology for Managers

IT Governance Frameworks

Guide to Microsoft Virtual PC 2005 and Virtual Server 2007

IT Infrastructure Library (ITIL)

Set of guidelines initially formulated by the UK government

Used to standardize, integrate, and manage IT service delivery

Provides a proven and practical framework to plan and deliver IT operational services

Organized around a five-phase service life cycle

Levels of training and certification

Foundation, practitioners, and managers

Information Technology for Managers

Figure 5.4 - Five Phases of ITIL Process Life Cycle

Information Technology for Managers

Source: Ingerstedt, Anders, “ITIL and LEAN in IT Service Management,” Alite International, October 24, 2014,

www.alite-international.com/blog/itil-and-lean-in-it-service-management.

Control Objectives for Information and Related Technology (COBIT)

Set of guidelines

Goal

Aligning IT resources and processes with business objectives, quality standards, monetary controls, and security needs

Issued by the IT Governance Institute

www.isaca.org/COBIT/Pages/default.aspx

Provides guidance for 37 IT-related processes grouped into five major categories and two domains of governance and management

Information Technology for Managers

Table 5.4 - Grouping of COBIT 5.0 Processes

ormation Technology for Managers

Table 5.4 - Grouping of COBIT 5.0 Processes

ormation Technology for Managers

Control Objectives for Information and Related Technology (COBIT)

Maturity level of management processes evaluated on a scale of 0 to 5

Used for each process to evaluate a number of items

Use the information to choose:

Which processes have priority for improvement

Which can be addressed later

Information Technology for Managers

Using PDCA and an IT Governance Framework

Plan-Do-Check-Act (PDCA) model

Proven method

Applied to a specific targeted process

Each step in the model has specific objectives

Plan step

Do step

Check step

Act step

Information Technology for Managers

Figure 5.5 - Process Improvement Using PDCA and COBIT or ITIL

Information Technology for Managers

Business Continuity Planning

Guide to Microsoft Virtual PC 2005 and Virtual Server 2007

Business Continuity Planning

Defines the people and procedures required to ensure timely and orderly resumption of an organization’s processes with minimal interruption

International Standards Organizational standard ISO 22301:2012

Specifies requirements to plan, establish, implement, operate, monitor, review, maintain, and continually improve a documented management system

Information Technology for Managers

Business Continuity Planning

Due diligence: Effort made by an ordinarily prudent or reasonable party to avoid harm to another party

Failure to make the effort is considered negligence

Information Technology for Managers

Disaster Recovery Plan

Component of the business continuity plan

Defines the process to recover business information system assets, in the event of a disaster

Focuses on technology recovery

Identifies the people or teams responsible for taking action in the event of a disaster

Information Technology for Managers

Figure 5.6 - Process to Develop a Business Continuity Plan

Information Technology for Managers

Process for Developing a Disaster Recovery Plan

Identify vital records and data

Determine where and how they are being stored and backed up

Assess the adequacy of the current data storage plan

Offsite backup recommended

Conduct a business impact analysis

Recovery time objective: Time within which a business function must be recovered

Information Technology for Managers

Table 5.8 - Business Function Classification

ormation Technology for Managers

Process for Developing a Disaster Recovery Plan

Define resources and actions required to recover

AAA priority business functions

Document all the resources needed to recover the business function within the recovery time objective

Identify the sequences of steps that must occur to recover from a disaster

Specific features to consider for inclusion in the recovery of a AAA priority business function

Information Technology for Managers

Process for Developing a Disaster Recovery Plan

When all the preceding tasks have been completed for the AAA priority business functions:

Repeat the process for all the AA priority business functions, then for all A priority business functions

Disaster recovery as a service (DRaaS)

Replication and hosting of physical or virtual servers and necessary hardware and software

Hosted by a third-party service provider

Delivers IT services in the event of a disaster

Information Technology for Managers

Process for Developing a Disaster Recovery Plan

Define emergency procedures

Involve establishing the steps to be taken during a disaster and immediately following the steps

Planning and practice:

Minimize loss of life and injuries

Reduce the impact on the business and its operations

Develop plans in conjunction with professional first responders

Computer, data, and equipment backup processes should be triggered automatically

Information Technology for Managers

Process for Developing a Disaster Recovery Plan

Identify and train disaster recovery teams

Disaster recovery teams

Control group

Emergency response team

Business recovery team

Members should be selected based on:

Area of expertise, experience, and ability to function under extreme pressure

Information Technology for Managers

Process for Developing a Disaster Recovery Plan

Train employees

Employees should be trained to recognize and respond to various types of disaster warnings

Identify floor wardens who are responsible for evacuating a given floor or work area

Information Technology for Managers

Process for Developing a Disaster Recovery Plan

Practice and update the plan

Test disaster recovery plan to ensure that it is effective and that people can execute it

Employees are expected to exercise the plan and restore operations within the desired recovery time

Capture problems or issues not addressed by the plan and revise it to incorporate solutions

Plan must be continually updated to account for changes

Information Technology for Managers

Summary

IT governance is a framework

Ensures information technology decisions are made, taking into consideration the goals and objectives of the business

IT governance is the responsibility of executive management

Five central themes of IT governance

Use frameworks as a basis to develop their own governance model

ITIL and COBIT are best known frameworks

Information Technology for Managers

Summary

Business continuity plan, people, and procedures are required to ensure timely and orderly retrieval of data in case of a disaster

Information Technology for Managers