Professional Documents
Culture Documents
Outline
ICT Governance definitions
SG on ICT Governance
itSMF involvement
Interim Report
Beyond ISO 38500
Scope
Application
Objectives
6 principles
Model for Corporate Governance of ICT
Conclusions
Outline
ICT Governance definitions
SG on ICT Governance
itSMF involvement
Interim Report
Beyond ISO 38500
Scope
Application
Objectives
6 principles
Model for Corporate Governance of ICT
Conclusions
Some definitions
AS 8015 Australian National Standards
Corporate Governance of ICT is the system by which the current and future use
of ICT is directed and controlled. It involves evaluating and directing the plans for
the use of ICT to support the organization and monitoring this use to achieve
plans. It includes the strategy and policies for using ICT within an organization.
(Corporate Governance of Information and Communication Technology; January
2005).
Some definitions
ITGI (IT Governance Institute)
IT Governance is the responsibility of the board of directors and executive
management. It is an integral part of enterprise governance and consists of the
leadership and organisational structures and processes that ensure that the
organisations IT sustains and extends the organisations strategies and
objectives. (Board Briefing, 2nd edition; 2003).
Some definitions
MIT Sloan Center for Information Systems Research :
IT Governance is specifying the decision rights and accountability framework to
encourage desirable behaviour in the use of IT. (MIT CISR Working Paper No. 326;
April 2002).
University of Tasmania
The survey of the literature by academics from the University of Tasmania
(Webb, Phyl, Pollard, Carol, and Ridley, Gail (2006), Attempting to Define IT
Governance: Wisdom or Folly?, Proceedings of the 39th Hawaii International
Conference on Systems Sciences) brings out the elements that are common to a
range of suggested definitions. The elements are: strategic alignment, delivery
of business values, performance management, risk management, policies and
procedures, and control and accountability. Their resultant definition is : IT
Governance is the strategic alignment of IT with the business such that
maximum business value is achieved through the development and
maintenance of effective IT control and accountability, performance
management and risk management.
Outline
ICT Governance definitions
SG on ICT Governance
itSMF involvment
Interim Report
Beyond ISO 38500
Scope
Application
Objectives
6 principles
Model for Corporate Governance of ICT
Conclusions
1st report
NWI
Canada : 2
Spain : 1
France : 5
Italy : 10
Japan : 10
Korea : 1
Luxembourg : 46
New Zealand : 6
UK : 4
Sweden : 9
USA : 15
South Africa : 40
Outline
ICT Governance definitions
SG on ICT Governance
itSMF involvement
Interim Report
Beyond ISO 38500
Scope
Application
Objectives
6 principles
Model for Corporate Governance of ICT
Conclusions
Achieving business objectives by ensuring that each element of the mission and strategy are
assigned and managed with a clearly understood and transparent decisions rights and
accountability framework.
Defining and encouraging desirable behavior in the use of IT and in the execution of IT
outsourcing arrangements.
Implementing and integrating the desired business processes into the organization.
Improving customer, business and internal relationships and satisfaction, and reducing internal
territorial strife by formally integrating the customers, business units, and external IT providers
into a holistic IT governance framework.
Enabling effective and strategically aligned decision making for the IT Principles that define the
role of IT, IT Architecture, IT Infrastructure, Application Portfolio and Frameworks, Service
Portfolio, Information and Competency Portfolios and IT Investment & Prioritization.
Outline
ICT Governance definitions
SG on ICT Governance
itSMF involvement
Interim Report
Beyond ISO 38500
Scope
Application
Objectives
6 principles
Model for Corporate Governance of ICT
Conclusions
Interim Report
Governance
around the world
Written and oral reports were presented to the ICT Study Group reviewing
the state of different ICT Standards environments within the different
jurisdictions.
A general movement towards compliance frameworks was reported in
terms of legislation, Standards adoption and control framework adoption
(eg. CobiT, ITIL, and so on).
Several reports noted that regulatory requirements were pending and that
there is considerable momentum gathering for comprehensive directives
(both explicit and implicit). The importance of ICT Governance and the
current opportune moment in time for ICT Governance advancement was
reported in each case.
The Working Group should establish a Glossary of governance terms. The Glossary
especially should include definitions that help to establish the difference between
Governance and Management. The definitions must be compatible with those in existing
ISO Standards
Director
Member of the most senior governing body of an organization. Includes owners, board
members, partners, senior executives or similar, and officers authorized by legislation or
regulation.
Management
Management is the process of controlling the activities required to achieve the strategic
objectives set by the organisation's governing body. Management is subject to the policy
guidance and monitoring set through corporate governance.
The objective of governance is to determine and cause the desired behavior and
results to achieve the strategic impact of IT.
The system in which directors monitor, evaluate and direct IT management to ensure
effectiveness, accountability and compliance of IT
Outline
ICT Governance definitions
SG on ICT Governance
itSMF involvement
Interim Report
Beyond ISO 38500
Scope
Application
Objectives
6 principles
Model for Corporate Governance of ICT
Conclusions
Scope
The objective of this Standard is to provide a framework of principles for Directors
to use when evaluating, directing and monitoring the use of information
technology (IT) in their organizations.
Scope
Governance is distinct from management, and for the avoidance of confusion, the two
concepts are clearly defined in the standard.
the members of the governing body may also occupy the key roles in management.
It provides guidance to those advising, informing, or assisting directors. They include:
Senior managers.
Members of groups monitoring the resources within the organization.
External business or technical specialists, such as legal or accounting
specialists, retail associations, or professional bodies.
Vendors of hardware, software, communications and other IT products.
Internal and external service providers (including consultants).
IT auditors.
The standard is applicable for all organizations, from the smallest, to the largest, regardless of purpose,
design and ownership structure.
Outline
ICT Governance definitions
SG on ICT Governance
itSMF involvement
Interim Report
Conclusions
Application
This standard is applicable to all organizations, including public and private
companies, government entities, and not-for-profit organizations.
The standard is applicable to organizations of all sizes from the smallest to the
largest, regardless of the extent of their use of IT.
Outline
ICT Governance definitions
SG on ICT Governance
itSMF involvement
Interim Report
Beyond ISO 38500
Scope
Application
Objectives
6 principles
Model for Corporate Governance of ICT
Conclusions
Objectives
The purpose of this Standard is to promote effective, efficient, and acceptable use of
IT in all organizations by:
Outline
ICT Governance definitions
SG on ICT Governance
itSMF involvement
Interim Report
Beyond ISO 38500
Scope
Application
Objectives
6 principles
Model for Corporate Governance of ICT
Conclusions
6 principles
Principle 1: Establish clearly understood responsibilities for IT
Principle 2: Plan IT to best support the organization
Principle 3: Acquire IT validly
Principle 4: Ensure that IT performs well, whenever required
Principle 5: Ensure IT conforms with formal rules
Principle 6: Ensure IT use respects human factors
Outline
ICT Governance definitions
SG on ICT Governance
itSMF involvement
Interim Report
Beyond ISO 38500
Scope
Application
Objectives
6 principles
Model for Corporate Governance of ICT
Conclusions
Evaluate
Directors should examine and make judgement on the current and future use of IT,
including strategies, proposals and supply arrangements (whether internal,
external, or both).
In evaluating the use of IT, directors should consider the pressures acting upon the
business, such as technological change, economic and social trends, and political
influences.
Directors should also take account of both current and future business needs
the current and future organizational objectives that they must achieve, such as
maintaining competitive advantage, as well as the specific objectives of the
strategies and proposals they are evaluating.
Direct
Monitor
They should also make sure that the use of IT conforms with external obligations
(regulatory, legislation, common law, contractual) and internal work practices. If
necessary, directors should direct the submission of proposals for approval to
address identified needs.
Outline
ICT Governance definitions
SG on ICT Governance
itSMF involvement
Interim Report
Beyond ISO 38500
Scope
Application
Objectives
6 principles
Model for Corporate Governance of ICT
Conclusions
Development of a TR2 for CIOs and executives to assist them in explaining the rationale
and implications (risks and benefits) of the principles.
Development of a TR2 for guidelines for the use of the standard by Public Sector
organizations