IT Governance

1
3rd CIO Security Conference and Showcase
2006Proactive Preparation and Collaboration for
Thailand ICT Vision
Se
Platinum Sponsor
Gold Sponsor
Exhibitor
Strategic Alliances
2
IT Governance
Mrs. Suwipa Wannasathop Director, Software Park
Thailand E-mail suwipa_at_swpark.org 27 October 2006
3
What is IT Governance?

• IT Governance is the responsibility of the Board
  of Directors and executive management. It is an
  integral part of enterprise governance and
  consists of leadership and organizational
  structures and processes that ensure that the
  organizations IT sustains and extends the
  organizations strategies and objectives.
  
• Source IT Governance Institute (2001)

4
Management Issues

• Align technology with firm business model and
  management style
• Align IT with business process
• Find out where and how IT is adding value to the
  organization
• Assure that the investments in IT generate
  business value
• Optimize IT investment
• Mitigate the risks that are associated with IT
• Prioritize on IT Governance as critical driver

5
The Need to Control IT
People
Process
Technology
6
IT Governance Focus Areas
Source Board Briefing on ITGovernance,IT
Governance Institute, 2nd edition
7
IT Governance Decisions
8
Business Drivers for Using Governance Software
and Solutions

• Achieve Compliance with Regulations 62
• Better Risk Management 48
• Improve Operational Management 44
• Improve Accountability 41
• Align Strategies for Better Results 26
• Reducing Operating Costs 23

Source The Information Technology Governance
Benchmark Report, Aberdeen Group, July 06
9
Timeline of Companies with IT Governance Plan

• No plans to use 11
• Were planning one 22
• More than 10 years 7
• Between 7-10 years 8
• Between 5-7 years 4
• Between 2-5 years 23
• Less than 2 years 26

Source The Information Technology Governance
Benchmark Report, Aberdeen Group, July 06
10
Challenges in Implementing an IT Governance Plan

• Ineffective communication of policies 49
• Redesigning business processes 44
• Anticipated costs of technology 41
• Dont completely understand all the risks 39
• Difficulty communicating the value of GRC 36
• Lengthy or incomplete integrations 33

Source The Information Technology Governance
Benchmark Report, Aberdeen Group, July 06
11
How is ITG Sustained?

• Link IT governance to overall corporate
  governance and implement common mechanisms
• Proactively design governance at multiple levels,
  taking benefit of available frameworks
• Incentivize and build reward systems for proper
  use of IT to sustain and build IT enabled
  business
• Assign ownership and accountability and treat
  good governance as a competence to be acquired
  and developed
• Strive for a business oriented CIO and treat
  IS/IT department as a business
• Provide mechanisms to communicate IT performance
  in business terms

Source 2005 NUS Institute of Systems Science
12
Software Park Experience with BS 7799
13
Our Benefits

• Better Risk Management
• Improve Operational Management
• Improve Accountability
• Improve Operational Process

14
CIOs Role Balanced IT Leadership

• Weave business and IT strategies
• Understand what is needed to ensure
  organizational and information/ knowledge
  resources are properly managed and controlled
• Understand the risks business, operational,
  legal, compliance, technical
• Design systems, policies and processes (including
  contingency and back-up systems)
• Involve top management, not only IT team
• Maintain relationships with outsourcers
• Empower knowledge workers with the right tools to
  support the cause
• Develop an ITG solution roadmap with milestone

15
Governance is Good government
Implies

• Accountability (rights, duties and powers)
• Transparency, openness
• Truthfulness, accuracy
• Predictability, consistency
• Checks and balances (segregation of duties)
• Constant, symmetric information flow