What Is It Governance Information Technology Essay
IT governance is the process for controlling an organisation information technology resource, where these resources are defined to include information and communication systems as well as technology. An organisation management and owners (represented by the board of directors ) share responsibility for governing both enterprise and IT.
Enterprise governance is the process of setting and implementing corporate strategy, making sure the organisation achieve its objectives efficiently, and manage risk. It governance is an increasingly important part of enterprise governance because of organisational dependent on information and communication, the scale of IT investment, potential for IT to create strategic opportunities, and the level of IT risk. IT governance also required controlling the process to ensure that it complies with regulatory, legal and contractual requirements.
Organisation structure
Boards and executive management have long known the need for enterprise and corporate governance. However, most are beginning to realize that there is a need to extend governance to information technology as well, and provide the leadership, organisational structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies andobjectives.
- Strategic alignment focuses on ensuring the linkage of business and IT plans; defining, maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations.
- Value delivery is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimising costs and proving the intrinsic value of IT.
- Resource management is about the optimal investment in, and the proper management of, critical IT resources: applications, information, infrastructure and people. Key issues relate to the optimisation of knowledge and infrastructure.
- Risk management requires risk awareness by senior corporate officers, a clear understanding of the enterprise’s appetite for risk, understanding of compliance requirements, transparency about the significant risks to the enterprise and embedding of risk management responsibilities into the organisation.
- Performance measurement tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, using, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting.
ITGI:
ISACA recognized this shift in emphasis towards IT Governance in 1998, and formed the IT Governance Institute (ITGI) to focus on original research, publications, resources and symposia on IT governance and related topics. In addition to the work carried out by the ITGI, ISACA addresses the topic through a regular column in and occasional dedicated issues of the Information Systems Control Journal, conference sessions and tracks, and education courses.
TheIT Governance Institute (ITGI)exists to assist enterprise leaders in their responsibility to ensure that IT goals align with those of the business, it delivers value, its performance is measured, its resources properly allocated and its risks mitigated. Through original research, symposia and electronic resources, the ITGI helps ensure that boards and executive management have the tools and information they need for IT to deliver against expectations.
ITGI:
ISACA recognized this shift in emphasis towards IT Governance in 1998, and formed the IT Governance Institute (ITGI) to focus on original research, publications, resources and symposia on IT governance and related topics. In addition to the work carried out by the ITGI, ISACA addresses the topic through a regular column in and occasional dedicated issues of the Information Systems Control Journal, conference sessions and tracks, and education courses.
TheIT Governance Institute (ITGI)exists to assist enterprise leaders in their responsibility to ensure that IT goals align with those of the business, it delivers value, its performance is measured, its resources properly allocated and its risks mitigated. Through original research, symposia and electronic resources, the ITGI helps ensure that boards and executive management have the tools and information they need for IT to deliver against expectations.
Publications:
There are two major publications from ISACA in the field of IT Governance.
- COBIT
- VALIT
COBIT:
The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology (IT) management created by the ISACA, and ITGI in 1996. COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company.
COBIT supports IT governance by providing a framework to ensure that:
- IT is aligned with the business
- IT enables the business and maximises benefits
- IT resources are used responsibly
- IT risks are managed appropriately
COBIT Framework and IT Governance Areas:
COBIT Product:
Briefly, the COBIT products include:
- Board Briefing on IT Governance, 2nd Edition—Helps executives understand why IT governance is important, what its issues are and what their responsibility is for managing it.
- Management guidelines/maturity models— Help assign responsibility, measure performance, and benchmark and address gaps in capability
- Frameworks—Organise IT governance objectives and good practices by IT domains and processes, and link them to business requirements
- Control objectives—provide a complete set of high-level requirements to be considered by management for effective control of each IT process
- IT Governance Implementation Guide: Using COBIT ® and Val IT TM, 2nd Edition—provides a generic road map for implementing IT governance using the COBIT and Val ITTM resources
- COBIT® Control Practices: Guidance to Achieve Control Objectives for Successful IT Governance, 2nd edition—Provides guidance on why controls are worth implementing and how to implement them
- IT Assurance Guide: Using COBIT ®—Provides guidance on how COBIT can be used to support a variety of assurance activities together with suggested testing steps for all the IT processes and control
VALIT:
Val IT is a governance framework that consists of a set of guiding principles, and a number of processes conforming to those principles that are further defined as a set of key management practices.
The Val IT framework will be supported by publications and operational tools and provides guidance to:
- Define the relationship between IT and the business and those functions in the organization with governance responsibilities
- Manage an organization’s portfolio of IT-enabled business investments; and
- Maximize the quality of business cases for IT-enabled business investments with particular emphasis on the definition of key financial indicators, the quantification of “soft” benefits and the comprehensive appraisal of the downside risk
Val IT addresses assumptions, costs, risks and outcomes related to a balanced portfolio of IT-enabled business investments. It also provides benchmarking capability and allows enterprises to exchange experiences on best practices for value management.
Certification:
Certified in the Governance of Enterprise Information Technology (CGEIT) is an advanced certification created in 2007 by the ISACA. It is designed for experienced professionals, who can demonstrate 5 or more years of experience, serving in a managing or advisory role focused on the governance and control of IT at an enterprise level.
The certification is intended to:
- support the growing business demands related to IT governance
- increase the awareness and importance of IT governance good practices and issues
- define the roles and responsibilities of the professionals performing IT governance work
Requirements:
To earn the CGEIT credential, an individual must:
- Pass the CGEIT exam (first exam – December 2008)
- Adhere to the ISACA Code of Professional Ethics
- Agree to comply with the CGEIT Continuing Education Policy
- Provide evidence of appropriate IT governance work experience as defined by
the CGEIT Job Practice
IT Governance experience Five (5) years required:
Five (5) or more years of experience managing, serving in an advisory or oversight role, and/or otherwise supporting the governance of the IT-related contribution to an enterprise is required to apply for certification. This experience is defined specifically by the domains and task statements described in the CGEIT Job Practice.
Specifically:
- A minimum of one (1) year of experience relating to the development and/or maintenance of an IT governance framework is required. The type and extent of experience accepted is described in CGEIT domain one (1) (see IT Governance Framework).
- Additional broad experience directly related to any two or more of the remaining CGEIT domains are required. The type and extent of experience accepted is described in CGEIT domains two (2) through six (6). These domains are:
§ Strategic Alignment
§ Value Delivery
§ Risk Management
§ Resource Management
§ Performance Measurement
Individuals can take the CGEIT exam prior to earning the above work experience.
Substitutions for IT governance experience (2 years maximum)
To recognize other management experience and/or the achievement of specific IT governance related credentials, advanced (post-graduate) degrees and certificates, up to two (2) years of the five years of required IT governance experience can be substituted.
Specifically, each of the following will qualify (substitute) for one (1) year of IT governance experience, with a maximum of two years of substitutions being accepted.
Other Management Experience—other management experience that is not specific to IT governance, such as performing consulting, auditing, assurance or security management related duties will qualify for up to one year of substitution.
Specific Credentials, Advanced (Post-graduate) Degrees and Certificates—Credentials (in good standing), advanced (post-graduate) degrees and certificate programs which include an IT governance and/or management component or are specific to one or more of the CGEIT domains will qualify for up to one year of substitution.
These include:
Certified Information Systems Auditor (CISA) issued by ISACA
Certified Information Security Manager (CISM) issued by ISACA
Implementing IT Governance using COBIT and Val IT certificate issued by ISACA (available in 2008)
ITIL Service Manager certification program
Chartered Information Technology Professional (CITP) issued by the British Computer Society
Certified Information Technology Professional (CITP) issued by the American Institute of CPAs
Project Management Professional (PMP) issued by the Project Management Institute
Information Systems Professional (I.S.P.) issued by the Canadian Information Processing Society
Certified Internal Auditor (CIA) issued by the Institute of Internal Auditors
Certified Business Manager (CBM) issued by The Association of Professionals in Business Management
Prince2 – Registered Practitioner certificate from the Office of Government Commerce
Advanced (post-graduate) degree from an accredited university in governance, information technology, information management or business administration (For example: Masters in Corporate Governance, Masters of Business Administration, Masters in Information and Operations Management, Masters of Information Systems Management, Masters in Information Technology)
Exception: Two years as a full-time university instructor teaching IT governance related subjects at an accredited university can be substituted for every one year of IT governance experience.
Applicants who have earned/acquired other credentials, advanced (post-graduate) degrees and/or certificates that include a significant IT governance and/or information management component and are not listed above are welcome to submit them to the CGEIT Certification Board for consideration.
IT Governance Characteristics
Sets direction and oversees compliance and performance
Specifies the decision-making authority and accountability to encourage desirable behaviors in the use of IT
Is a process for managing and controlling the use of technology to create value
Are the rules and regulations under which an IT organization functions
Ensures that everyone is playing by the same rules so that the computing environment works for everyone.
Road Map for Implementing IT Governance
The initial focus for developing an IT Governance Program is identifying needs and governance input rights and decision making based on:
 Current state of IT within and supporting business organization and objectivesÂ
 Internal and external requirements/regulations and applicable best business practices
Business Alignment
IT & Business Executives set the IT Strategy, resolve issues, and shadow IT organizations eliminated
Investment Board sets project priorities, costs, oversees progress, reduced millions $ in costs
Change Management and failures impacting users
Changes managed & actually blocked where not properly vetted or tested
Number of user impact failures reduced from 200+ to <20 per month
Number of unauthorized application and infrastructure changes reduced to 1 or less per month
Emergency changes reduced to less than 3% of total changes
Improved results across the board, accountability built into personal performance evaluations
Projects
Projects on time, on budget increased by 60+%
Improved from 40% SDLC compliance to 100%
Technology
Standards and architecture established and enforced via tech reviews – reduced number of system software tools by over 50%
100% of the equipment on the network identified and none added unless authorized
24 hour server back-ups improved from 95% to 99.9%
Security patches being performed within 24 hours of approval
“System Admin Accounts†reduced by over 50%
Governing Document Framework – SAMPLE
Conclusion:
As we have discussed that in today’s business environment information is the most valuable asset, therefore in order to protect the information we require a profound infrastructure that enables us to not only secure the information we have but to validate that information as well, plus enable the organization towards IT.
Order Now