What Is It Governance Information Technology Essay

✅ Paper Type: Free Essay	✅ Subject: Information Technology
✅ Wordcount: 2634 words	✅ Published: 1st Jan 2015

Reference this

Share this: Facebook Twitter Reddit LinkedIn WhatsApp

IT governance is the process for controlling an organisation information technology resource, where these resources are defined to include information and communication systems as well as technology. An organisation management and owners (represented by the board of directors ) share responsibility for governing both enterprise and IT.

Enterprise governance is the process of setting and implementing corporate strategy, making sure the organisation achieve its objectives efficiently, and manage risk. It governance is an increasingly important part of enterprise governance because of organisational dependent on information and communication, the scale of IT investment, potential for IT to create strategic opportunities, and the level of IT risk. IT governance also required controlling the process to ensure that it complies with regulatory, legal and contractual requirements.

Get Help With Your Essay

If you need assistance with writing your essay, our professional essay writing service is here to help!

Essay Writing Service

Organisation structure

Boards and executive management have long known the need for enterprise and corporate governance. However, most are beginning to realize that there is a need to extend governance to information technology as well, and provide the leadership, organisational structures and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies andobjectives.

Strategic alignment focuses on ensuring the linkage of business and IT plans; defining, maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations.
Value delivery is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimising costs and proving the intrinsic value of IT.
Resource management is about the optimal investment in, and the proper management of, critical IT resources: applications, information, infrastructure and people. Key issues relate to the optimisation of knowledge and infrastructure.
Risk management requires risk awareness by senior corporate officers, a clear understanding of the enterprise’s appetite for risk, understanding of compliance requirements, transparency about the significant risks to the enterprise and embedding of risk management responsibilities into the organisation.
Performance measurement tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, using, for example, balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting.

ITGI:

ISACA recognized this shift in emphasis towards IT Governance in 1998, and formed the IT Governance Institute (ITGI) to focus on original research, publications, resources and symposia on IT governance and related topics. In addition to the work carried out by the ITGI, ISACA addresses the topic through a regular column in and occasional dedicated issues of the Information Systems Control Journal, conference sessions and tracks, and education courses.

TheIT Governance Institute (ITGI)exists to assist enterprise leaders in their responsibility to ensure that IT goals align with those of the business, it delivers value, its performance is measured, its resources properly allocated and its risks mitigated. Through original research, symposia and electronic resources, the ITGI helps ensure that boards and executive management have the tools and information they need for IT to deliver against expectations.

ITGI:

Publications:

There are two major publications from ISACA in the field of IT Governance.

COBIT
VALIT

COBIT:

The Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology (IT) management created by the ISACA, and ITGI in 1996. COBIT provides managers, auditors, and IT users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company.

COBIT supports IT governance by providing a framework to ensure that:

IT is aligned with the business
IT enables the business and maximises benefits
IT resources are used responsibly
IT risks are managed appropriately

COBIT Framework and IT Governance Areas:

COBIT Product:

Briefly, the COBIT products include:

Board Briefing on IT Governance, 2nd Edition—Helps executives understand why IT governance is important, what its issues are and what their responsibility is for managing it.
Management guidelines/maturity models— Help assign responsibility, measure performance, and benchmark and address gaps in capability
Frameworks—Organise IT governance objectives and good practices by IT domains and processes, and link them to business requirements
Control objectives—provide a complete set of high-level requirements to be considered by management for effective control of each IT process
IT Governance Implementation Guide: Using COBIT ® and Val IT TM, 2nd Edition—provides a generic road map for implementing IT governance using the COBIT and Val ITTM resources
COBIT® Control Practices: Guidance to Achieve Control Objectives for Successful IT Governance, 2nd edition—Provides guidance on why controls are worth implementing and how to implement them
IT Assurance Guide: Using COBIT ®—Provides guidance on how COBIT can be used to support a variety of assurance activities together with suggested testing steps for all the IT processes and control

VALIT:

Val IT is a governance framework that consists of a set of guiding principles, and a number of processes conforming to those principles that are further defined as a set of key management practices.

The Val IT framework will be supported by publications and operational tools and provides guidance to:

Define the relationship between IT and the business and those functions in the organization with governance responsibilities
Manage an organization’s portfolio of IT-enabled business investments; and
Maximize the quality of business cases for IT-enabled business investments with particular emphasis on the definition of key financial indicators, the quantification of “soft” benefits and the comprehensive appraisal of the downside risk

Val IT addresses assumptions, costs, risks and outcomes related to a balanced portfolio of IT-enabled business investments. It also provides benchmarking capability and allows enterprises to exchange experiences on best practices for value management.

Certification:

Certified in the Governance of Enterprise Information Technology (CGEIT) is an advanced certification created in 2007 by the ISACA. It is designed for experienced professionals, who can demonstrate 5 or more years of experience, serving in a managing or advisory role focused on the governance and control of IT at an enterprise level.

The certification is intended to:

support the growing business demands related to IT governance
increase the awareness and importance of IT governance good practices and issues
define the roles and responsibilities of the professionals performing IT governance work

Requirements:

To earn the CGEIT credential, an individual must:

Pass the CGEIT exam (first exam – December 2008)
Adhere to the ISACA Code of Professional Ethics
Agree to comply with the CGEIT Continuing Education Policy
Provide evidence of appropriate IT governance work experience as defined by
the CGEIT Job Practice

IT Governance experience Five (5) years required:

Five (5) or more years of experience managing, serving in an advisory or oversight role, and/or otherwise supporting the governance of the IT-related contribution to an enterprise is required to apply for certification. This experience is defined specifically by the domains and task statements described in the CGEIT Job Practice.

Specifically:

A minimum of one (1) year of experience relating to the development and/or maintenance of an IT governance framework is required. The type and extent of experience accepted is described in CGEIT domain one (1) (see IT Governance Framework).
Additional broad experience directly related to any two or more of the remaining CGEIT domains are required. The type and extent of experience accepted is described in CGEIT domains two (2) through six (6). These domains are:

§ Strategic Alignment

§ Value Delivery

§ Risk Management

§ Resource Management

§ Performance Measurement

Individuals can take the CGEIT exam prior to earning the above work experience.

Substitutions for IT governance experience (2 years maximum)

To recognize other management experience and/or the achievement of specific IT governance related credentials, advanced (post-graduate) degrees and certificates, up to two (2) years of the five years of required IT governance experience can be substituted.

Specifically, each of the following will qualify (substitute) for one (1) year of IT governance experience, with a maximum of two years of substitutions being accepted.

Other Management Experience—other management experience that is not specific to IT governance, such as performing consulting, auditing, assurance or security management related duties will qualify for up to one year of substitution.

Specific Credentials, Advanced (Post-graduate) Degrees and Certificates—Credentials (in good standing), advanced (post-graduate) degrees and certificate programs which include an IT governance and/or management component or are specific to one or more of the CGEIT domains will qualify for up to one year of substitution.

These include:

Certified Information Systems Auditor (CISA) issued by ISACA

Certified Information Security Manager (CISM) issued by ISACA

Implementing IT Governance using COBIT and Val IT certificate issued by ISACA (available in 2008)

ITIL Service Manager certification program

Chartered Information Technology Professional (CITP) issued by the British Computer Society

Certified Information Technology Professional (CITP) issued by the American Institute of CPAs

Project Management Professional (PMP) issued by the Project Management Institute

Information Systems Professional (I.S.P.) issued by the Canadian Information Processing Society

Certified Internal Auditor (CIA) issued by the Institute of Internal Auditors

Certified Business Manager (CBM) issued by The Association of Professionals in Business Management

Prince2 – Registered Practitioner certificate from the Office of Government Commerce

Advanced (post-graduate) degree from an accredited university in governance, information technology, information management or business administration (For example: Masters in Corporate Governance, Masters of Business Administration, Masters in Information and Operations Management, Masters of Information Systems Management, Masters in Information Technology)

Exception: Two years as a full-time university instructor teaching IT governance related subjects at an accredited university can be substituted for every one year of IT governance experience.

Applicants who have earned/acquired other credentials, advanced (post-graduate) degrees and/or certificates that include a significant IT governance and/or information management component and are not listed above are welcome to submit them to the CGEIT Certification Board for consideration.

IT Governance Characteristics

Sets direction and oversees compliance and performance

Specifies the decision-making authority and accountability to encourage desirable behaviors in the use of IT

Is a process for managing and controlling the use of technology to create value

Are the rules and regulations under which an IT organization functions

Ensures that everyone is playing by the same rules so that the computing environment works for everyone.

Road Map for Implementing IT Governance

The initial focus for developing an IT Governance Program is identifying needs and governance input rights and decision making based on:

Current state of IT within and supporting business organization and objectives

Internal and external requirements/regulations and applicable best business practices

Business Alignment

IT & Business Executives set the IT Strategy, resolve issues, and shadow IT organizations eliminated

Investment Board sets project priorities, costs, oversees progress, reduced millions $ in costs

Change Management and failures impacting users

Changes managed & actually blocked where not properly vetted or tested

Number of user impact failures reduced from 200+ to <20 per month

Number of unauthorized application and infrastructure changes reduced to 1 or less per month

Emergency changes reduced to less than 3% of total changes

Improved results across the board, accountability built into personal performance evaluations

Projects

Projects on time, on budget increased by 60+%

Improved from 40% SDLC compliance to 100%

Technology

Standards and architecture established and enforced via tech reviews – reduced number of system software tools by over 50%

100% of the equipment on the network identified and none added unless authorized

24 hour server back-ups improved from 95% to 99.9%

Security patches being performed within 24 hours of approval

“System Admin Accounts” reduced by over 50%

Governing Document Framework – SAMPLE

Conclusion:

As we have discussed that in today’s business environment information is the most valuable asset, therefore in order to protect the information we require a profound infrastructure that enables us to not only secure the information we have but to validate that information as well, plus enable the organization towards IT.