Beruflich Dokumente
Kultur Dokumente
IT GOVERNANCE
Essential of IT in todays
business
Challenges and concerns are:
Aligning IT strategy with the business strategy
Cascading strategy and goals down into the
enterprise
Providing organizational structures that
facilitate the implementation of strategy and
goals
Insisting that an IT control framework be
adopted and implemented
Measuring IT's performance
IT without Governance
IT Governance
ITG Structure
IT Steering Committee
Responsibility:
Organizational Structure
Design
structure of IT function is
influenced by cultural, political and
economic forces.
Example:
CEO
VP Foreign
Operations
HR Manager
VP Local
Operations
Finance &
Accounting
VP IT
IT Manager
R&D
IT Organizational Structure
IT Function
Manager
SD Manager
Computer
Operations
Manager
Computer
Security
Manager
User Services
Manager
-System
Analysis
- Computer
Programming
-DBA
-QC
-Data Input
-Info
Processing
-Info Output
-Continuity of
Operations
-SW Security
-Info Security
-Network
Security
-Physical
Security
-Technical
Support
-Application
Support
- User Training
- Help Desk
IT Strategy
IT Strategy
IT Function should
Develop Strategic IT Plan.
Articulate information architecture.
Find optimal fit between IT and companys
strategy
Maximize IT investment
Communicate IT policies to user
Conduct IT risk assessment
Incorporate sound project management
techniques.
Organizational IT Policies,
Standards and Procedures
Procedures
Step by step instruction, detailed documents
tied to specific technologies and devices.
How policy should be carried out. Eg. DCRP
More dynamic than policy to stay relevant
with changes in processes, equipment etc.
Auditors part?
- Review relevant procedures and map to
employee behavior through observation or
interview.
- Misalignment? No procedure / not effective /
lack of training on procedures.
mandatory requirements to be
adhere. Eg. E-mails encryption, password
length.
Guidelines
statement in policy or
procedure to determine a course of
action.
Best practices
Not mandatory
Reviewing Documentation
To
Potential Problems
Excessive
costs
Budget overruns
Late projects / aborted projects
Unsupported HW changes
Lack /outdated documentation
Employees unaware about
documentation
PERFORMANCE MEASUREMENT
Performance Review
Performance
Level 0
Level
Level 1
Level
Level 2
Level
Level 3
Level
Level 4
Level
4 = Managed Management
can use precise measurement
criteria to control the processes
and identify ways to adjust the results.
Processes at level 4 are predictable by
quantitative measure.
Level 5
IT Resource Investment
Funding
IT Operations
Acquiring IT Resources
Staffing IT Function
- Hiring
- Rewarding
- Terminating
RISK MANAGEMENT
Risk
Management Team
Asset Identification
Threat Identification
Risk Analysis Method
- Quantitative
- Qualitative
Controls
Backup Controls
Data Backup
Hardware Backup
Disaster Recovery Controls
CONCLUSION