You are on page 1of 2

CHAPTER 9: STRATEGY AND STANDARDS

Operational Plans – IT strategy needs to be


“The pace of change is increasing in tempo and at the
translated into operational plans. Operational plans will
same time the global economy continues to diminish define the projects that will be initiated and the service
the autonomy and independent stability of local levels expected of IT.
markets.”

IT – become the critical ingredient in business strategies Portfolio Management Processes


as both enabler and enhancer of organization’s goals  Are needed to ensure the effective use of resources
and objectives. and alignment with business objectives. This
includes processes to: initiate projects, design
“Supporting the strategy, architectural standards and solutions, manage resources, provision services,
technology planning ensure that investments in IT lead procure products, and control financial
to efficient maintenance and a secure environment.” investments.
 Ensures that investments are made in alignment
IT PROCESSES
with organizational objectives.
 Strategy and architecture processes from COBIT are
included in the Planning and Organization and Demand Management Process
Delivery Domain.  Help ensure that resources are devoted to projects
that have a strong business case
Planning and Organization Processes  Help ensure that senior management has provided
1. Define a Strategic Plan conceptual approval to the project.
2. Define the Information Architecture  It ensures that a project has business justification
3. Determine Technological Direction  Provide a means to “weed out” nonessential
projects.
Strategic Planning
Project Initiation Process
IT Strategic Plan – a formal vision to guide in the  Determines the total cost and benefit of a project
acquisition, allocation and management of IT by defining high-level business requirements and a
resources to fulfill the organization’s objectives. It conceptual solution.
provides roadmap for operating plans and a framework
for evaluating technology investments. Technical Review Process
Main risk of not having an IT strategic plan: Increased  Helps ensure that the right solution is selected,
cost of technology that it integrates with other components of
technology and that it can be supported with
IT Management – involves combining technology, minimal investments in infrastructure.
people and processes to provide solutions to Technical Steering Committee – provides a control
organizational problems. mechanism for evaluating and approving new
technology solutions.
IT Steering Committee
 Composed of decision makers from the various Architecture and Standards
constituencies in the organization to resolve Architecture group – establishes the standards and
conflicting priorities. blueprint for the organization.
Communication – effective communication is Advantages to Standardizing & Simplifying Systems:
critical to coordinate the efforts of internal and 1. System reuse
external resources to accomplish the organization’s 2. Faster implementation
goals. It should occur at multiple levels. 3. Improved flexibility
Enterprise Architecture – lays out a roadmap between Technology Standards
current and future state of the organization’s  Guide industries and organizations in selecting
infrastructure and application platforms. It provides a hardware and software and developing new
mechanism to communicate the essential elements and applications.
functions of the enterprise within the organization.
Top 3 obstacles with Customer Relationship
The Open Group Architecture Framework Management (CRM)
(TOGAF) – provides a tool to aid in the development of 1. Poor Performance
enterprise architecture. 2. Difficult to navigate and access information
The Enterprise Architecture encompasses the 3. Limited value
Business Architecture, Application Architecture, Data
Architecture and Infrastructure Architecture. COSO defines internal control as a process, influenced
by an entity’s board of directors, management, and
Business Architecture – defines the key other personnel that is designed to provide reasonable
business processes and functions of an organization. assurance in the following categories:
Ex: Customer Relationship Management (CRM),
 Effectiveness and efficiency of operations
Document and Content Management, and Management
 Reliability of financial reporting
Information.
 Compliance with applicable laws and
Application Architecture – defines the
regulations
application framework and common components that
can be used across the organization. It ensures
Components of Internal Control
alignment with organizational strategy and guides in the
1. Control Environment
purchase, configuration, design and development of
2. Risk Assessment
technology.
3. Control Activities
Data Architecture – encompasses the source
4. Information and Communication
and destination of information, formal and informal
5. Monitoring
business rules for using that information, its flow
through the organization, ownership, and mechanisms
for ensuring persistence and security.
Infrastructure Architecture – defines the
hardware and software infrastructure that supports
the applications. It guides in the acquisition and
implementation of facilities and equipment, disaster
recover, capacity planning, office automation,
distributed systems, and network and communications.
1. Client Architecture
2. Server Architecture
3. Network Architecture

The Architecture Function


 Serves as the owner and manager of architecture
processes and standards. It provides leadership
consulting role in decision-making process of
present and future technology initiatives for
strategic business advantage.