.

Tuesday, April 28, 2015

IT Governance

IT Governance

 Corporate Governance 
Corporate governance should promote ethical issues and decision making practices within an organization. 

 Corporate Governance can be defined "the system by which business corporations are directed and controlled"
Image result for corporate governance
Corporate Governance is set of responsibilities and practices to: 

  • Provide Strategic Direction
  • Ensuring that goals are achievable
  • Risks are properly addressed
  • Organisational Resources are Properly utlized 
The framework of corporate governance should:
  • be established to manage reports on risks
  • require that there is  an internal control system that monitors risks.
  • be a platform for the protection of stakeholders by dividing responsibilities to the Board of Directors.
  • Corporate Governance can help strike a balance between the objectives of exploiting available oppertunities to business value while also keeping within the limits of regulatory requirements.
Corporate Governance Framework is expanding into different countries where goal is to reduce inaccurate financial reporting while giving greater transparency and accountability.

 IT Governance
IT Governance is part of overall Corporate Governance that should address how IT is applied inside the organization. It importance is increased because:

 - Organizations are now more relying on IT
- One of the key objective of IT Governance is to align business and IT in order to increase business value. 

IT Governance focus on delivering secure and reliable information that is critical to success of the organization. The other benefit of IT governance is that the delivery of this information achives the successes of being more economical, efficient and effective. 

 There are two major issues that IT Governance Focuses on:
  1. - Strategic Alignment of IT with the Business
  2. - Embedding accountability into enterprise


 IT Monitoring and Assurance Practices for Board and Senior Management
  • It is important that all stakeholders, which would include the board and senior managment provide input into the decision making process about IT governance.
  • IT Governance is not just a good management practices and a framework of IT controls, but it is a management system that is about stewardship of the IT resources on behalf of the stakeholders.
  • Governance should be focused on delivering value and measuring performance. 
  • IT Governance can be considered as the shared management.
  • It ensures alignment of IT with the organization's objectives.
  • It should enable an enterprise to exploit new oppertunities and maximise benefits. 
  • IT governance framwork should be aligned with accepted best practices. 

 IT Governance Framework

 Following are key requisites of an IT Governance Framework:
  • IT resource management: Focuses on the inventory of the resources as well as the risks involved in those resources.
  • Performance Measurement: Ensures that IT resources are performing as expected as well as, delivering benefit to the organization.
  • Compliance Management: Ensures that IT processes are as per all applicable regulations. 

IT Governance focuses on:
  • Risk Management: Making sure that all are aware of the risks involved with IT, as well as knowing the organization acceptance of risk.
  • Resource Management: Having the right investment in the propoer management of the Critical IT Resources which would include the infrastructure and its people.
  • Performance Measurement: A strategy to track and monitor projects, resource usage, process performance and delivery.

Some Important IT Governance Frameworks:

    • COBIT: It was developed by ISACA to support. IT Governance best practices to provide guidance to organizations. 
    • ISO / IEC  27001: A series of standards and best practices to provide guidance to organizations. 
    • ITIL: IT Infrastructure Liabrary (ITIL) is a detailed framework with handson information on how to achieve successful service management of IT.
    • ISO / IEC 38500: It gives a framework for effective IT Governance for those of the highest level of management to understand and fulfill their legal and regulatory obligations. 

Information Security Governance 

Security is focused around three areas which are confidentiality, integrity and availability. 

Security is no longer bound to to the boundries of the organization due to the large growth of technologies such as cloud computing. Protection of information is key component of information security. 

The task of providing the necessary protection for information resources must now be raised to a broad level activity as well as other governance functions.

Benefits of good Information Security Governance are:
  • Providing assurance of policy and standard compliance.
  • Providing a structure and framework to optimize limited security awareness

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)