SlideShare ist ein Scribd-Unternehmen logo

IT Governance for Nonprofits

Donny Shimamoto
Donny Shimamoto

A common misconception is that IT Governance is only for big enterprises. Cloud computing and the increasing pervasive use of technology in the workplace requires that smaller organizations take a more strategic and risk-aware approach to managing their technology and business information. Attend this session to learn how to apply IT governance principles and practices to smaller not-for-profit organizations to help develop your IT strategy, manage your IT risk, and enable better business decisions through information.

Business
1 von 41
Downloaden Sie, um offline zu lesen
IT Governance for (smaller) Nonprofits #12NTCITGov Donny C. Shimamoto, CPA/CITP, CGMA
Evaluate This Session! Each entry is a chance to win an NTEN engraved iPad! or Online at www.nten.org/ntc/eval IT Governance for Nonprofits #12NTCITGov
Speaker Biography Donny C. Shimamoto, CPA.CITP, CGMA • Donny is the founder of IntrapriseTechKnowlogies LLC, a CPA firm focused on organizational development and advisory services for the middle market. An active CPA, Certified Information Technology Professional (CITP), and Chartered Global Management Accountant (CGMA), Donny helps many organizations by bridging accounting and IT to strengthen organizational governance and risk management, improve business processes through IT, and increase the effectiveness of decision making through business intelligence. • Donny was recognized as one of 25 Top Thought Leaders in Public Accounting by CPA Practice Advisor in 2012, received the 2009-2010 President’s Award from the Hawaii Society of CPAs, was named to CPA Technology Advisor’s 40 Under 40 list in 2007 & 2009 and was also a Hawaii Top High Tech Leader in 2004. • In the nonprofit world, Donny works with community foundations, social service agencies, community centers, and membership associations. IntrapriseTechKnowlogies LLC Technologies and knowledge for synergizing your intraprise www.intraprisetechknowlogies.com | Hawaii | California
Audience Polls – Demographics • Organization Type/Size • Role in Organization – CPA Firm – Lead Executive – Small Nonprofit – CFO/Controller – Medium Nonprofit – CIO / IT Director – Large Nonprofit – Program Director/Manager – Government – Consultant or Auditor • Part of Organization Choose one from each set of options – Accounting/Finance that best matches how you view – Information Technology your organization and your role at – Programs work. – Consultant or Auditor
IT Governance for (smaller) Nonprofits • Why IT Governance is important for Nonprofits • IT Governance – Defined & Adapted for (smaller) Nonprofits • An IT Governance Framework for (smaller) Nonprofits – How do we align the business and IT? – How do we define and measure [IT] performance? – How do we manage [IT-related] change? – How do we organize [IT] decision rights? – IT Governance in Action – a practical example – What are the costs and benefits of improvement of IT governance? • Call to Action – IT Governance
Why IT Governance is Important • Myth: IT Governance is only for large companies • Effectively managed IT can provide small businesses with a competitive advantage, whereas ineffective management can impair the business as a whole. – ISACA Journal Online, 2009 Vol 4 – http://www.isaca.org/Journal/Past-Issues/2009/Volume- 4/Pages/JOnline-Small-Business-IT-Governance-Implementation.aspx • Nonprofits that use IT as part of their daily operations need IT governance: – To help maximize the benefits of their IT investment, and – Manage the risks that reliance upon IT introduces into their organizations.
Why IT Governance is Important • There are major forces driving the need for IT Governance in Nonprofits – Increased Compliance Requirements: Regulation, Privacy, PCI DSS – Evolving Security Threat Landscape: PCI DSS, EFT Fraud – Economic Unpredictability: IT Value Management – Organizational Agility: Business Continuity, Project Execution • By establishing a clear framework for IT-related decisions that balances benefits, cost, and risk, Nonprofits can ensure better alignment of their IT investments with their missions/business strategy and improve the overall efficiency, effectiveness, and agility of their business processes.
IT Governance – Definition • The IT Governance Institute (ITGI) definition: “the responsibility of executives and the board of directors and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategy and objectives.” Source: ITGI, 2003
IT Governance – Definition Corporate Governance Is part of .. IT Governance Subsumes IT Management Source: Roger Debreceny, Shidler Distinguished Professor of Accounting, University of Hawaii at Manoa, Nov 2010
IT Governance – Definition “the responsibility of executives and the board of directors and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategy and objectives.” Source: ITGI, 2003 • Responsibility: – Executives & Board of Directors • Elements: – Leadership – Organizational Structures – Processes • Objective: – Ensure IT sustains and extends the organization’s mission and strategy
IT Governance – Adapted Definition for Smaller Nonprofits • Definition adapted to smaller Nonprofits: IT Governance is the leadership, structures and processes that a nonprofit’s executives and board of directors put in place to ensure that their organization’s IT sustains and extends their business strategy and objectives in achieving its mission. • IT governance provides the framework to guide how IT-related decisions are made. This is especially important when there is someone who is making technology decisions on behalf of a nonprofit’s management.
IT Governance – Adapted Definition for Smaller Nonprofits Corporate Governance Is part of .. IT Governance binds/guides IT Management IT Service Providers IT Manager Adapted from: Debreceny, Nov 2010
IT Governance – Nonprofit Framework Establish a framework to Business Strategy structure and guide IT decision-making and how IT is alignment Compliance used as part of the organization IT Governance value delivery IT Strategy IT Projects IT Risk Management drives IT Infrastructure Source: IntrapriseTechKnowlogies LLC, 2011
IT Governance – Nonprofit Framework • Establish a framework to structure and guide: – IT decision-making; and – How IT is used as part of the business. • IT decision-making in Nonprofits – IT Manager – usually technically focused – IT Contractor – usually technically focused – Key weakness: narrow perspective & lack of business acumen • IT as part of the business – Increasing pervasiveness of IT supporting business processes – Increasing ease of access to data and applications – Increasing dependence on IT service providers – Key weakness: Lack of risk awareness and mature IT controls
IT Governance – Nonprofit Framework • Consider the following BIG QUESTIONS: – How do we align the mission/business strategy and IT? – How do we define and measure [IT] performance? – How do we manage [IT-related] change? – How do we organize [IT] decision rights? – What are the costs and benefits of improvement of IT governance? Source: Debreceny, Nov 2010 These questions help to ensure greater alignment of IT decision-making with the mission/business strategy, and clear performance and accountability for IT.
How do we align Programs and IT? • The corporate answer: – Strategy Council RACI defined: • Responsible – Business involvement in • Accountable • Strategy planning • Consulted • Program management • Informed • Project management – Clear RACI planning – Outward facing staff from IT to the Business Source: Debreceny, Nov 2010 • These can be overkill in a Nonprofit’s smaller, less complex environment, but the intent and purpose of some of these structures must still be considered—and sometimes reversed.
How do we align the Nonprofit and IT? • Corporate answer: • SMB Nonprofit answer: – Strategy Council – N/A – usually not necessary – Business involvement in – IT Advisor’s involvement in • Strategy planning • Strategic planning • Program management • Program management • Project management • Project management – Clear RACI planning – Clear RACI planning – Outward facing staff from IT – Close relationships between to the Business key IT service providers and business managers • Issues: (1) Business units and IT • Issues: (1) Programs operating with operating in separate silos; (2) IT an absence of IT expertise; (2) function may be centralized or Nonprofit is not highest priority of IT decentralized service provider.
How do we align the Nonprofit and IT? • Nonprofit considerations for programs/IT alignment: – What role does IT play in achieving the mission/business strategy? – Should IT be included in strategic planning? • Does my IT Manager or Service Provider understand my mission? Can they think strategically? • Do I need an independent/objective IT Advisor? – Are any of my programs/projects dependent upon IT? • How will the technology utilized impact my IT environment? • Is the technology utilized in accord with my IT strategy? – Is responsibility for mission/IT alignment clearly defined? • Who is accountable for achieving alignment? • What are the consequences if alignment is not achieved? – Is there clear communication between IT and programs?
How do we align the Nonprofit and IT? • Clear and open communication between Programs and IT is especially important for Nonprofits – Most nonprofit executives and boards don’t have a deep enough understanding of IT to adequately perform alignment • An IT Advisor may need to be engaged to help translate between the programs and IT and facilitate alignment – A majority of IT capabilities is usually outsourced and IT service providers are servicing multiple customers • The Nonprofit may not be a priority for the service provider • The IT service provider is an external party so requires additional effort to coordinate communication/activities – While the risk of a Nonprofit IT failure is usually lower, the impact of failure is often higher due to smaller economic resources to absorb the failure or re-perform the project • Failure could be a non-realization of expected benefits
How do we define and measure [IT] performance? • Part of defining responsibility and accountability is having a clear definition of performance – Availability – it’s available for use when I need it; “uptime” – Accessibility – it’s usable where I need to use it – Functionality – it provides the functionality I need • Accuracy – computations are performed correctly • Integrity – the integrity of my data/files is maintained • Usability – it is easy to use and intuitive • Responsiveness – actions are completed within a reasonable time / within the expected time – Security – data/files are kept secure (including addressing confidentiality and privacy) • Most nonprofit users don’t want to understand the technology, they just want it to work when they need it and as they expect it to
How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Availability – it’s available for use when I need it – During what times do systems need to be available? • What are the organization’s hours of operation? • Are there times when the organization doesn’t operate? • Are there times when certain business functions can be down? – What level of downtime is acceptable? • Remember that most systems need some kind of scheduled maintenance and backup window • Is the impact of downtime offset by the cost of additional availability measures? – Is a business continuity plan in place to mitigate the risk of downtime? Disaster recovery plan, in case of major outage?
How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Accessibility – it’s usable where I need to use it – Do I need access outside of the office? • Traditional solution: VPN • Cloud computing is increasing the accessibility of applications and data beyond the office network – Do users need offline access? (e.g. at client/constituent’s place) – Do users need access on mobile devices? – If client/constituent facing: • How are my clients/constituents accessing the system? • How do clients/constituents expect to access the system? – Are accessibility (security/confidentiality/privacy) risks appropriately mitigated?
How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Functionality – it provides the functionality I need – Accuracy – computations are performed correctly – Integrity – the integrity of my data/files is maintained – Usability – it is easy to use and intuitive – Responsiveness – actions are completed within a reasonable time / within the expected time • Most Nonprofits are used to working with these performance measures – These requirements should be defined and used as the basis for software/vendor selection. Since most Nonprofits are probably not doing custom development, it is important to find the best fit solution—and often it will not be a 100% solution.
How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Security – data/files are kept secure (including addressing confidentiality and privacy) – Are there regulatory or other compliance requirements associated with your data? – Have privacy controls been designed to address both technical and non-technical data/file risks? – If data is stored in the cloud or on a vendor’s systems: • What measures has the vendor taken to ensure security? • Is a Service Organization Controls report (SOC) or SSAE 16 report (if financial-related) available? • Have management controls been mapped to the SOC report and vendor control structure?
How do we define and measure [IT] performance? • Establish responsibility and accountability by clearly defining performance criteria for each application/system used by the business – Availability – it’s available for use when I need it; “uptime” – Accessibility – it’s usable where I need to use it – Functionality – it provides the functionality I need • Accuracy – computations are performed correctly • Integrity – the integrity of my data/files is maintained • Usability – it is easy to use and intuitive • Responsiveness – actions are completed within a reasonable time / within the expected time – Security – data/files are kept secure (including addressing confidentiality and privacy) • Define these in “business” not “technical” terms
How do we manage [IT-related] change? • To ensure that the full benefits of an IT-related initiative can be realized, remember to consider the impact of the change to: – The organization itself – Employees – Clients and Constituents – The organiation’s IT environment and risk posture • In Nonprofits, both executives/program management and IT service providers often forget that while simpler, the Nonprofit environment is also smaller. – A small change can sometimes have a much bigger impact. – A stone in a lake, can cause tidal waves in a puddle.
How do we manage [IT-related] change? • IT-related change can impact the organization and its employees and clients/constituents in many different ways – Changes to business processes and procedures – Different tools / application used to complete a task – Increased / decreased access to data / information • Common staff complaints about IT-related change – Nobody told us it was changing! – Yes, the technology is good, but the impact to our procedures wasn’t considered until the new technology was already here. – We didn’t receive any training for the new technology. – The data is organized differently from the old system. – The computations are performed differently from the old system. – I can’t get the same reports that I used to from the old system.
How do we manage [IT-related] change? • In addition to user-side impacts, consider the impact to the overall IT environment: – Have we increased our reliance upon a system—thereby increasing the potential impact of an availability issue? – Have we increased the accessibility of information? • Do we need to consider any additional mobile device risks? – Has the change in functionality impacted the efficiency, effectiveness, or agility of our business processes? – Does the change introduce any data-related risks? (e.g. privacy, confidentiality, security, backup, recoverability) • How do the changes impact the organization’s overall IT environment risk posture? – Is this an acceptable part of the business strategy? – Do we need to take any additional risk mitigation measures?
How do we manage [IT-related] change? • Every change has risks associated with it – Just because a change has risks, it doesn’t mean that you shouldn’t do it—work to manage risk, not eliminate it • Manage risk by evaluating the risk and taking the appropriate mitigation steps to minimize the negative impact of the change – Balance cost of mitigation with benefits of managing the impact • Sometimes not making a change is a risk in and of itself— consider the cost/impact of not changing – Lack of change and lead to stagnation • Remember to consider the people and process aspects of the change, not only the technology.
How do we organize [IT] decision rights? • There are usually two different approaches to IT decision-making by smaller Nonprofits 1. Minimal Involvement by executive or board • Just wants to know what it will cost and as long as reasonable (i.e. cost doesn’t seem excessive) then will approve • For the most part, decision authority rests with the IT manager or IT service provider 2. High Involvement by executive or board • Wants to understand everything that is being done • Will approve once it makes sense to them and they can validate the cost • Decision authority rests with the executive—IT Manager / IT Service Provider must “convince” the executive of necessity
How do we organize [IT] decision rights? • There are inherent flaws in both approaches 1. Minimal Involvement • Requires a high-level of trust in IT Manager/Service Provider • Requires a highly competent IT Manager/Service Provider • Usually a spend-based decision 2. High Involvement • Executive/Board usually lacks expertise to adequately evaluate options • Cost validation usually doesn’t involve apples-to-apples • Usually a spend-based decision • Both approaches often lack – Consideration of mission/business strategy – Consideration of IT-related business risks – Longer term cost management perspective
How do we organize [IT] decision rights? • The better approach is to identify business-focused parameters that provide a basis for decision-making – Strategic Alignment – IT Performance – IT Risk Management – Change Management – Cost Management • The Board of Directors should identify the key parameters that drive what is considered in evaluating options – IT Manager/Service Provider prepares an analysis of options based on the parameters – CEO/Executive Director is briefed on options based on parameters and recommendation from IT Manager/Service Provider – CEO/Executive Director makes final decision
IT Governance in Action a practical example • Consider the following scenario: A small nonprofit wants to enable its staff of 10 people to have access to their e-mail anytime, anywhere on their laptops and mobile devices • It is considering three solution options: 1. Microsoft Small Business Server (SBS) 2. Microsoft Office 365 3. Google Apps for Nonprofits The business currently uses POP e-mail boxes provided by its Internet Service Provider (ISP) and Microsoft Outlook 2007.
IT Governance in Action a practical example • How do we align the Nonprofit and IT? – Strategic imperative • Enable staff to spend more time with clients/constituents • Be more responsive to client/constituent requests • Business need = anytime, anywhere access across devices – Analysis of current ISP provided POP mail • Provides this at a basic level (e-mail can be accessed anywhere with an Internet connection) • Doesn’t allow for easy synchronization of data across devices — contacts and calendar entries must be entered separately on each device or synced via USB cable – All solutions considered enable synchronization across devices and provide anytime, anywhere access • All align at a high level with the mission/business strategy
IT Governance in Action a practical example • How do we define and measure IT performance? – System availability or “uptime” is a key metric • Clients/constituents are in multiple time zones • Staff has flexible work schedules, so some work at night too – Based on the answer to this question: • SBS is an on-premise solution and the cost of making it highly available would make the cost of SBS far exceed the other two – Office 365 and Google Apps become the two leading options • Google Apps provides a 99.9% uptime guarantee, including maintenance windows • Microsoft Office 365 provides a 99.9% uptime guarantee, excluding maintenance windows • Microsoft Office 365 actually has a lower actual uptime if you adjust it for the maintenance windows
IT Governance in Action a practical example • How do we manage IT-related change? – The organization’s staff is very competent, but they are not all particularly technology-savvy – Switching to a Google Apps solution • Potentially requires the staff to learn a new system • Gmail web interface/functionality very different from traditional POP web mail • Potential incompatibility with historical e-mail / archives – Switching to Microsoft Office 365 or SBS • Staff continue to use Outlook on their computers • Outlook Web Access (web mail) looks like Outlook – Mobile device e-mail functionality will depend on which kind of mobile device is used
IT Governance in Action a practical example • How do we organize IT decision rights? – While this question is really speaking more toward decision-making authority, in this example we can also interpret it as: • What are the criteria for choosing a solution? – Strategy = Google Apps for Nonprofits or Microsoft Office 365 – Uptime = Google Apps for Nonprofits – Change = Microsoft Office 365 – Cost & Cash Flow • Gmail is Free (<3000 users) vs Microsoft Office 365 is $48/user/year – Security / Compliance • Microsoft Office 365 has options that meet ISO 27001, FIPS 140-2, HIPAA, FERPA, ITAR
IT Governance in Action a practical example • What would you purchase? • Each organization’s situation is different – Different business strategies – Different key factors / considerations – Different staff competencies – Different technology platforms – Different IT Manager / service provider competencies – Different cost / cash-flow management situations • An IT Governance framework helps to ensure all of these differences are considered in making an IT decision
What are the costs and benefits of improvement of IT governance? • IT governance doesn’t have to cost a lot – It does involve some up-front time to answer the questions – It does require some heavy thinking to answer them “right” • IT governance helps ensure IT value – Manage the costs of non-compliance – Balance short-term savings with long term value – Manage indirect costs of change – Balance benefits, cost, and risk • IT governance enables strategic advantage – Better alignment of IT with missions/business strategy – Improve the efficiency, effectiveness, and agility of business processes
Call to Action – IT Governance • Nonprofit leaders must guide the decision-making and actions of their IT manager or IT service providers – Establish clear expectations and accountability for IT – Prevent a fragmented IT environment – Mitigate IT-related risks – Manage IT-related costs – Ensure alignment of IT with mission/business strategy • Proper governance of IT maximizes the benefits of your IT investments and helps you better achieve your mission
Thank you for your attention and participation! Donny C. Shimamoto, CPA.CITP, CGMA donny@intraprisetechknowlogies.com (808) 735-8324 voice IntrapriseTechKnowlogies LLC Technologies and knowledge for synergizing your intraprise www.intraprisetechknowlogies.com | Hawaii | California Any Questions?

Empfohlen

Bab 9 forecasting
Bab 9 forecastingBab 9 forecasting
Bab 9 forecastingBagus Rio Prasetya Wardhana Soerodjo
 
Pengendalian sistem informasi berdasarkan komputer ppt sia ii
Pengendalian sistem informasi berdasarkan komputer ppt sia iiPengendalian sistem informasi berdasarkan komputer ppt sia ii
Pengendalian sistem informasi berdasarkan komputer ppt sia iiFergieta Prahasdhika
 
[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic Planning[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic PlanningAriantoMuditomo
 
SPIP DAN AKUNTABILITAS KEUANGAN MENUJU GOOD GOVERNANCE
SPIP DAN AKUNTABILITAS KEUANGAN MENUJU GOOD GOVERNANCESPIP DAN AKUNTABILITAS KEUANGAN MENUJU GOOD GOVERNANCE
SPIP DAN AKUNTABILITAS KEUANGAN MENUJU GOOD GOVERNANCE INFORMASI DAN HUMAS KEMENAG PROV. JABAR (Nadzier Wiriadinata)
 
Analisa SWOT Pada Sektor Publik
Analisa SWOT Pada Sektor PublikAnalisa SWOT Pada Sektor Publik
Analisa SWOT Pada Sektor PublikDeddy Supriady Bratakusumah
 
Stress testing banks
Stress testing banksStress testing banks
Stress testing banksDr. Emmanuel Moore Abolo
 
Pemahaman sakip & penyusunan lakip paparan 29 okt2012
Pemahaman sakip & penyusunan lakip paparan 29 okt2012Pemahaman sakip & penyusunan lakip paparan 29 okt2012
Pemahaman sakip & penyusunan lakip paparan 29 okt2012Angga Kurniawan
 
Teori akuntansi
Teori akuntansiTeori akuntansi
Teori akuntansiMaya Rusli
 

Empfohlen

Bab 9 forecasting
Bab 9 forecastingBab 9 forecasting
Bab 9 forecastingBagus Rio Prasetya Wardhana Soerodjo
 
Pengendalian sistem informasi berdasarkan komputer ppt sia ii
Pengendalian sistem informasi berdasarkan komputer ppt sia iiPengendalian sistem informasi berdasarkan komputer ppt sia ii
Pengendalian sistem informasi berdasarkan komputer ppt sia iiFergieta Prahasdhika
 
[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic Planning[MU630] 002. IT Strategic Planning
[MU630] 002. IT Strategic PlanningAriantoMuditomo
 
SPIP DAN AKUNTABILITAS KEUANGAN MENUJU GOOD GOVERNANCE
SPIP DAN AKUNTABILITAS KEUANGAN MENUJU GOOD GOVERNANCESPIP DAN AKUNTABILITAS KEUANGAN MENUJU GOOD GOVERNANCE
SPIP DAN AKUNTABILITAS KEUANGAN MENUJU GOOD GOVERNANCE INFORMASI DAN HUMAS KEMENAG PROV. JABAR (Nadzier Wiriadinata)
 
Analisa SWOT Pada Sektor Publik
Analisa SWOT Pada Sektor PublikAnalisa SWOT Pada Sektor Publik
Analisa SWOT Pada Sektor PublikDeddy Supriady Bratakusumah
 
Stress testing banks
Stress testing banksStress testing banks
Stress testing banksDr. Emmanuel Moore Abolo
 
Pemahaman sakip & penyusunan lakip paparan 29 okt2012
Pemahaman sakip & penyusunan lakip paparan 29 okt2012Pemahaman sakip & penyusunan lakip paparan 29 okt2012
Pemahaman sakip & penyusunan lakip paparan 29 okt2012Angga Kurniawan
 
Teori akuntansi
Teori akuntansiTeori akuntansi
Teori akuntansiMaya Rusli
 
Inovasi Dalam Tata Kelola Pemerintahan Daerah
Inovasi Dalam Tata Kelola Pemerintahan DaerahInovasi Dalam Tata Kelola Pemerintahan Daerah
Inovasi Dalam Tata Kelola Pemerintahan DaerahTri Widodo W. UTOMO
 
1 prinsip akuntansi dan pelaksanaannya
1 prinsip akuntansi dan pelaksanaannya1 prinsip akuntansi dan pelaksanaannya
1 prinsip akuntansi dan pelaksanaannyaHamzah Robbani
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentEryk Budi Pratama
 
Permendagri no. 35 tahun 2012 tentang analisis jabatan
Permendagri no. 35 tahun 2012 tentang analisis jabatanPermendagri no. 35 tahun 2012 tentang analisis jabatan
Permendagri no. 35 tahun 2012 tentang analisis jabatanTresna Juhanda
 
Kajian penerapan manajemen risiko di bpkp a heri s dan dimas
Kajian penerapan manajemen risiko di bpkp a heri s dan dimasKajian penerapan manajemen risiko di bpkp a heri s dan dimas
Kajian penerapan manajemen risiko di bpkp a heri s dan dimasAgustinus Heri Setiawan, Ak., M.Ec.Dev.
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Proses Penyusunan RKPD dan KUA-PPAS
Proses Penyusunan RKPD dan KUA-PPASProses Penyusunan RKPD dan KUA-PPAS
Proses Penyusunan RKPD dan KUA-PPASBappeda Kabupaten Subang
 
Permenpan RB Nomor 1 Tahun 2020.pdf
Permenpan RB Nomor 1 Tahun 2020.pdfPermenpan RB Nomor 1 Tahun 2020.pdf
Permenpan RB Nomor 1 Tahun 2020.pdfperencanaan20201
 
Sistem Perencanaan Pembangunan Nasional dan Pelaksanaannya
Sistem Perencanaan Pembangunan Nasional dan PelaksanaannyaSistem Perencanaan Pembangunan Nasional dan Pelaksanaannya
Sistem Perencanaan Pembangunan Nasional dan PelaksanaannyaDadang Solihin
 
Fraud Dan Korupsi
Fraud Dan KorupsiFraud Dan Korupsi
Fraud Dan KorupsiLinda Grace Loupatty, FEB Universitas Pattimura
 
LAKIP & RENSTRA
LAKIP & RENSTRALAKIP & RENSTRA
LAKIP & RENSTRA93220872
 
Merchant banking in india jatin garg 11107027
Merchant banking in india jatin garg 11107027Merchant banking in india jatin garg 11107027
Merchant banking in india jatin garg 11107027Jatin Garg
 
NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Processtimmcguinness
 
PELAPORAN_KEUANGAN_DESA (1).ppt
PELAPORAN_KEUANGAN_DESA (1).pptPELAPORAN_KEUANGAN_DESA (1).ppt
PELAPORAN_KEUANGAN_DESA (1).pptMAHMUN SYARIF
 
Penyusunan renstra skpd
Penyusunan renstra skpdPenyusunan renstra skpd
Penyusunan renstra skpdMohammad Ramadhan
 
LAKIP SAKIP AKIP
LAKIP SAKIP AKIPLAKIP SAKIP AKIP
LAKIP SAKIP AKIPnanipalawa
 
Teori Akuntansi
Teori AkuntansiTeori Akuntansi
Teori AkuntansiRahmisni Rehmadhani
 
Risk management basel ii
Risk management basel iiRisk management basel ii
Risk management basel iiUjjwal 'Shanu'
 
Bab 9
Bab 9Bab 9
Bab 9iikabungo
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
 
CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxanthonywanjohi5
 
IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014ArmeniaFED
 

Weitere ähnliche Inhalte

Was ist angesagt?

Inovasi Dalam Tata Kelola Pemerintahan Daerah
Inovasi Dalam Tata Kelola Pemerintahan DaerahInovasi Dalam Tata Kelola Pemerintahan Daerah
Inovasi Dalam Tata Kelola Pemerintahan DaerahTri Widodo W. UTOMO
 
1 prinsip akuntansi dan pelaksanaannya
1 prinsip akuntansi dan pelaksanaannya1 prinsip akuntansi dan pelaksanaannya
1 prinsip akuntansi dan pelaksanaannyaHamzah Robbani
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentEryk Budi Pratama
 
Permendagri no. 35 tahun 2012 tentang analisis jabatan
Permendagri no. 35 tahun 2012 tentang analisis jabatanPermendagri no. 35 tahun 2012 tentang analisis jabatan
Permendagri no. 35 tahun 2012 tentang analisis jabatanTresna Juhanda
 
Permenpan RB Nomor 1 Tahun 2020.pdf
Permenpan RB Nomor 1 Tahun 2020.pdfPermenpan RB Nomor 1 Tahun 2020.pdf
Permenpan RB Nomor 1 Tahun 2020.pdfperencanaan20201
 
Sistem Perencanaan Pembangunan Nasional dan Pelaksanaannya
Sistem Perencanaan Pembangunan Nasional dan PelaksanaannyaSistem Perencanaan Pembangunan Nasional dan Pelaksanaannya
Sistem Perencanaan Pembangunan Nasional dan PelaksanaannyaDadang Solihin
 
LAKIP & RENSTRA
LAKIP & RENSTRALAKIP & RENSTRA
LAKIP & RENSTRA93220872
 
Merchant banking in india jatin garg 11107027
Merchant banking in india jatin garg 11107027Merchant banking in india jatin garg 11107027
Merchant banking in india jatin garg 11107027Jatin Garg
 
NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Processtimmcguinness
 
PELAPORAN_KEUANGAN_DESA (1).ppt
PELAPORAN_KEUANGAN_DESA (1).pptPELAPORAN_KEUANGAN_DESA (1).ppt
PELAPORAN_KEUANGAN_DESA (1).pptMAHMUN SYARIF
 
LAKIP SAKIP AKIP
LAKIP SAKIP AKIPLAKIP SAKIP AKIP
LAKIP SAKIP AKIPnanipalawa
 
Risk management basel ii
Risk management basel iiRisk management basel ii
Risk management basel iiUjjwal 'Shanu'
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?PECB
 

Was ist angesagt? (20)

Inovasi Dalam Tata Kelola Pemerintahan Daerah
Inovasi Dalam Tata Kelola Pemerintahan DaerahInovasi Dalam Tata Kelola Pemerintahan Daerah
Inovasi Dalam Tata Kelola Pemerintahan Daerah
 
1 prinsip akuntansi dan pelaksanaannya
1 prinsip akuntansi dan pelaksanaannya1 prinsip akuntansi dan pelaksanaannya
1 prinsip akuntansi dan pelaksanaannya
 
IT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability AssessmentIT Governance - COBIT 5 Capability Assessment
IT Governance - COBIT 5 Capability Assessment
 
Permendagri no. 35 tahun 2012 tentang analisis jabatan
Permendagri no. 35 tahun 2012 tentang analisis jabatanPermendagri no. 35 tahun 2012 tentang analisis jabatan
Permendagri no. 35 tahun 2012 tentang analisis jabatan
 
Kajian penerapan manajemen risiko di bpkp a heri s dan dimas
Kajian penerapan manajemen risiko di bpkp a heri s dan dimasKajian penerapan manajemen risiko di bpkp a heri s dan dimas
Kajian penerapan manajemen risiko di bpkp a heri s dan dimas
 
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdfISO 27001 How to use the ISMS Implementation Toolkit.pdf
ISO 27001 How to use the ISMS Implementation Toolkit.pdf
 
Proses Penyusunan RKPD dan KUA-PPAS
Proses Penyusunan RKPD dan KUA-PPASProses Penyusunan RKPD dan KUA-PPAS
Proses Penyusunan RKPD dan KUA-PPAS
 
Permenpan RB Nomor 1 Tahun 2020.pdf
Permenpan RB Nomor 1 Tahun 2020.pdfPermenpan RB Nomor 1 Tahun 2020.pdf
Permenpan RB Nomor 1 Tahun 2020.pdf
 
Sistem Perencanaan Pembangunan Nasional dan Pelaksanaannya
Sistem Perencanaan Pembangunan Nasional dan PelaksanaannyaSistem Perencanaan Pembangunan Nasional dan Pelaksanaannya
Sistem Perencanaan Pembangunan Nasional dan Pelaksanaannya
 
Fraud Dan Korupsi
Fraud Dan KorupsiFraud Dan Korupsi
Fraud Dan Korupsi
 
LAKIP & RENSTRA
LAKIP & RENSTRALAKIP & RENSTRA
LAKIP & RENSTRA
 
Merchant banking in india jatin garg 11107027
Merchant banking in india jatin garg 11107027Merchant banking in india jatin garg 11107027
Merchant banking in india jatin garg 11107027
 
NIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation ProcessNIST 800-37 Certification & Accreditation Process
NIST 800-37 Certification & Accreditation Process
 
PELAPORAN_KEUANGAN_DESA (1).ppt
PELAPORAN_KEUANGAN_DESA (1).pptPELAPORAN_KEUANGAN_DESA (1).ppt
PELAPORAN_KEUANGAN_DESA (1).ppt
 
Penyusunan renstra skpd
Penyusunan renstra skpdPenyusunan renstra skpd
Penyusunan renstra skpd
 
LAKIP SAKIP AKIP
LAKIP SAKIP AKIPLAKIP SAKIP AKIP
LAKIP SAKIP AKIP
 
Teori Akuntansi
Teori AkuntansiTeori Akuntansi
Teori Akuntansi
 
Risk management basel ii
Risk management basel iiRisk management basel ii
Risk management basel ii
 
Bab 9
Bab 9Bab 9
Bab 9
 
Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?Business Continuity, Data Privacy, and Information Security: How do they link?
Business Continuity, Data Privacy, and Information Security: How do they link?
 

Ähnlich wie IT Governance for Nonprofits

CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxanthonywanjohi5
 
IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014ArmeniaFED
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training courseIman Baradari
 
High level service v2 slideshare
High level service v2 slideshare High level service v2 slideshare
High level service v2 slideshare phil1i
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCERudy Shoushany
 
Effective it leadership
Effective it leadershipEffective it leadership
Effective it leadershipVioleta Cohen
 
Effective It Leadership
Effective It LeadershipEffective It Leadership
Effective It LeadershipVioleta Cohen
 
Gaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptxGaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptxRobert Sheesley, CBA, CPHIMS
 
IT Governance.ppt
IT Governance.pptIT Governance.ppt
IT Governance.pptInsta13
 
White Paper: The Business Case for IT Governance in the Age of Digital Transf...
White Paper: The Business Case for IT Governance in the Age of Digital Transf...White Paper: The Business Case for IT Governance in the Age of Digital Transf...
White Paper: The Business Case for IT Governance in the Age of Digital Transf...SDI Presence LLC
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaEryk Budi Pratama
 
Journeys in it governance v2
Journeys in it governance v2Journeys in it governance v2
Journeys in it governance v2Ben Perry
 
Capital Planning And Investment Management And Control In Information Technology
Capital Planning And Investment Management And Control In Information TechnologyCapital Planning And Investment Management And Control In Information Technology
Capital Planning And Investment Management And Control In Information TechnologyAlan McSweeney
 
IT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersIT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersWalter Adamson
 
What Is It Governance 24812
What Is It Governance 24812What Is It Governance 24812
What Is It Governance 24812Amr Mustafa
 
IT Alignment Is Not Enough
IT Alignment Is Not EnoughIT Alignment Is Not Enough
IT Alignment Is Not EnoughBIJ MISHRA
 
Crafting Your Accounting Innovation Strategy
Crafting Your Accounting Innovation StrategyCrafting Your Accounting Innovation Strategy
Crafting Your Accounting Innovation StrategyAggregage
 
IT Governance Introduction
IT Governance IntroductionIT Governance Introduction
IT Governance IntroductionKeith Rackley
 

Ähnlich wie IT Governance for Nonprofits (20)

CIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptxCIT 3122 IS Governance Lecture 3.pptx
CIT 3122 IS Governance Lecture 3.pptx
 
IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014IT Governance in Banks, May, 2014
IT Governance in Banks, May, 2014
 
Cobit Training course
Cobit Training courseCobit Training course
Cobit Training course
 
High level service v2 slideshare
High level service v2 slideshare High level service v2 slideshare
High level service v2 slideshare
 
MAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCEMAKING SENSE OF IT GOVERNANCE
MAKING SENSE OF IT GOVERNANCE
 
Effective it leadership
Effective it leadershipEffective it leadership
Effective it leadership
 
Effective It Leadership
Effective It LeadershipEffective It Leadership
Effective It Leadership
 
Gaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptxGaining and Maintaining IT & Business Alignment.pptx
Gaining and Maintaining IT & Business Alignment.pptx
 
IT Governance.ppt
IT Governance.pptIT Governance.ppt
IT Governance.ppt
 
White Paper: The Business Case for IT Governance in the Age of Digital Transf...
White Paper: The Business Case for IT Governance in the Age of Digital Transf...White Paper: The Business Case for IT Governance in the Age of Digital Transf...
White Paper: The Business Case for IT Governance in the Age of Digital Transf...
 
Business-IT Alignment
Business-IT AlignmentBusiness-IT Alignment
Business-IT Alignment
 
Modern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL IndonesiaModern IT Service Management Transformation - ITIL Indonesia
Modern IT Service Management Transformation - ITIL Indonesia
 
Journeys in it governance v2
Journeys in it governance v2Journeys in it governance v2
Journeys in it governance v2
 
Capital Planning And Investment Management And Control In Information Technology
Capital Planning And Investment Management And Control In Information TechnologyCapital Planning And Investment Management And Control In Information Technology
Capital Planning And Investment Management And Control In Information Technology
 
IT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business ManagersIT Governance - Core Concepts for Business Managers
IT Governance - Core Concepts for Business Managers
 
What Is It Governance 24812
What Is It Governance 24812What Is It Governance 24812
What Is It Governance 24812
 
What is-it-governance-24812
What is-it-governance-24812What is-it-governance-24812
What is-it-governance-24812
 
IT Alignment Is Not Enough
IT Alignment Is Not EnoughIT Alignment Is Not Enough
IT Alignment Is Not Enough
 
Crafting Your Accounting Innovation Strategy
Crafting Your Accounting Innovation StrategyCrafting Your Accounting Innovation Strategy
Crafting Your Accounting Innovation Strategy
 
IT Governance Introduction
IT Governance IntroductionIT Governance Introduction
IT Governance Introduction
 

Mehr von Donny Shimamoto

Managing Information for Impact
Managing Information for ImpactManaging Information for Impact
Managing Information for ImpactDonny Shimamoto
 
Technology Strategy for Impact
Technology Strategy for ImpactTechnology Strategy for Impact
Technology Strategy for ImpactDonny Shimamoto
 
New Horizons for the Accountant v2.0
New Horizons for the Accountant v2.0New Horizons for the Accountant v2.0
New Horizons for the Accountant v2.0Donny Shimamoto
 
Business Ethics and the Accounting Department v1.1
Business Ethics and the Accounting Department v1.1Business Ethics and the Accounting Department v1.1
Business Ethics and the Accounting Department v1.1Donny Shimamoto
 
Planning Your Business Web Site
Planning Your Business Web SitePlanning Your Business Web Site
Planning Your Business Web SiteDonny Shimamoto
 
Ten Ways to Bring IT to the Leadership Table
Ten Ways to Bring IT to the Leadership TableTen Ways to Bring IT to the Leadership Table
Ten Ways to Bring IT to the Leadership TableDonny Shimamoto
 
IT Budgeting for Not-for-Profits
IT Budgeting for Not-for-ProfitsIT Budgeting for Not-for-Profits
IT Budgeting for Not-for-ProfitsDonny Shimamoto
 
Social Media Hands-On Workshop - Sept 2010
Social Media Hands-On Workshop - Sept 2010Social Media Hands-On Workshop - Sept 2010
Social Media Hands-On Workshop - Sept 2010Donny Shimamoto
 
Using Social Media to Support Business Objectives
Using Social Media to Support Business ObjectivesUsing Social Media to Support Business Objectives
Using Social Media to Support Business ObjectivesDonny Shimamoto
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyDonny Shimamoto
 

Mehr von Donny Shimamoto (11)

Your Path to Innovation
Your Path to InnovationYour Path to Innovation
Your Path to Innovation
 
Managing Information for Impact
Managing Information for ImpactManaging Information for Impact
Managing Information for Impact
 
Technology Strategy for Impact
Technology Strategy for ImpactTechnology Strategy for Impact
Technology Strategy for Impact
 
New Horizons for the Accountant v2.0
New Horizons for the Accountant v2.0New Horizons for the Accountant v2.0
New Horizons for the Accountant v2.0
 
Business Ethics and the Accounting Department v1.1
Business Ethics and the Accounting Department v1.1Business Ethics and the Accounting Department v1.1
Business Ethics and the Accounting Department v1.1
 
Planning Your Business Web Site
Planning Your Business Web SitePlanning Your Business Web Site
Planning Your Business Web Site
 
Ten Ways to Bring IT to the Leadership Table
Ten Ways to Bring IT to the Leadership TableTen Ways to Bring IT to the Leadership Table
Ten Ways to Bring IT to the Leadership Table
 
IT Budgeting for Not-for-Profits
IT Budgeting for Not-for-ProfitsIT Budgeting for Not-for-Profits
IT Budgeting for Not-for-Profits
 
Social Media Hands-On Workshop - Sept 2010
Social Media Hands-On Workshop - Sept 2010Social Media Hands-On Workshop - Sept 2010
Social Media Hands-On Workshop - Sept 2010
 
Using Social Media to Support Business Objectives
Using Social Media to Support Business ObjectivesUsing Social Media to Support Business Objectives
Using Social Media to Support Business Objectives
 
Leading Practices in Information Security & Privacy
Leading Practices in Information Security & PrivacyLeading Practices in Information Security & Privacy
Leading Practices in Information Security & Privacy
 

Kürzlich hochgeladen

Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in managementchhavia330
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMRavindra Nath Shukla
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsApsara Of India
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...noida100girls
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRavindra Nath Shukla
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetDenis Gagné
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLSeo
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageMatteo Carbone
 

Kürzlich hochgeladen (20)

Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
GD Birla and his contribution in management
GD Birla and his contribution in managementGD Birla and his contribution in management
GD Birla and his contribution in management
 
Monte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSMMonte Carlo simulation : Simulation using MCSM
Monte Carlo simulation : Simulation using MCSM
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call GirlsCash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
 
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
BEST ✨ Call Girls In Indirapuram Ghaziabad ✔️ 9871031762 ✔️ Escorts Service...
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear RegressionRegression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
 
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature SetCreating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
Creating Low-Code Loan Applications using the Trisotech Mortgage Feature Set
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Insurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usageInsurers' journeys to build a mastery in the IoT usage
Insurers' journeys to build a mastery in the IoT usage
 

IT Governance for Nonprofits

  • 1. IT Governance for (smaller) Nonprofits #12NTCITGov Donny C. Shimamoto, CPA/CITP, CGMA
  • 2. Evaluate This Session! Each entry is a chance to win an NTEN engraved iPad! or Online at www.nten.org/ntc/eval IT Governance for Nonprofits #12NTCITGov
  • 3. Speaker Biography Donny C. Shimamoto, CPA.CITP, CGMA • Donny is the founder of IntrapriseTechKnowlogies LLC, a CPA firm focused on organizational development and advisory services for the middle market. An active CPA, Certified Information Technology Professional (CITP), and Chartered Global Management Accountant (CGMA), Donny helps many organizations by bridging accounting and IT to strengthen organizational governance and risk management, improve business processes through IT, and increase the effectiveness of decision making through business intelligence. • Donny was recognized as one of 25 Top Thought Leaders in Public Accounting by CPA Practice Advisor in 2012, received the 2009-2010 President’s Award from the Hawaii Society of CPAs, was named to CPA Technology Advisor’s 40 Under 40 list in 2007 & 2009 and was also a Hawaii Top High Tech Leader in 2004. • In the nonprofit world, Donny works with community foundations, social service agencies, community centers, and membership associations. IntrapriseTechKnowlogies LLC Technologies and knowledge for synergizing your intraprise www.intraprisetechknowlogies.com | Hawaii | California
  • 4. Audience Polls – Demographics • Organization Type/Size • Role in Organization – CPA Firm – Lead Executive – Small Nonprofit – CFO/Controller – Medium Nonprofit – CIO / IT Director – Large Nonprofit – Program Director/Manager – Government – Consultant or Auditor • Part of Organization Choose one from each set of options – Accounting/Finance that best matches how you view – Information Technology your organization and your role at – Programs work. – Consultant or Auditor
  • 5. IT Governance for (smaller) Nonprofits • Why IT Governance is important for Nonprofits • IT Governance – Defined & Adapted for (smaller) Nonprofits • An IT Governance Framework for (smaller) Nonprofits – How do we align the business and IT? – How do we define and measure [IT] performance? – How do we manage [IT-related] change? – How do we organize [IT] decision rights? – IT Governance in Action – a practical example – What are the costs and benefits of improvement of IT governance? • Call to Action – IT Governance
  • 6. Why IT Governance is Important • Myth: IT Governance is only for large companies • Effectively managed IT can provide small businesses with a competitive advantage, whereas ineffective management can impair the business as a whole. – ISACA Journal Online, 2009 Vol 4 – http://www.isaca.org/Journal/Past-Issues/2009/Volume- 4/Pages/JOnline-Small-Business-IT-Governance-Implementation.aspx • Nonprofits that use IT as part of their daily operations need IT governance: – To help maximize the benefits of their IT investment, and – Manage the risks that reliance upon IT introduces into their organizations.
  • 7. Why IT Governance is Important • There are major forces driving the need for IT Governance in Nonprofits – Increased Compliance Requirements: Regulation, Privacy, PCI DSS – Evolving Security Threat Landscape: PCI DSS, EFT Fraud – Economic Unpredictability: IT Value Management – Organizational Agility: Business Continuity, Project Execution • By establishing a clear framework for IT-related decisions that balances benefits, cost, and risk, Nonprofits can ensure better alignment of their IT investments with their missions/business strategy and improve the overall efficiency, effectiveness, and agility of their business processes.
  • 8. IT Governance – Definition • The IT Governance Institute (ITGI) definition: “the responsibility of executives and the board of directors and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategy and objectives.” Source: ITGI, 2003
  • 9. IT Governance – Definition Corporate Governance Is part of .. IT Governance Subsumes IT Management Source: Roger Debreceny, Shidler Distinguished Professor of Accounting, University of Hawaii at Manoa, Nov 2010
  • 10. IT Governance – Definition “the responsibility of executives and the board of directors and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization’s strategy and objectives.” Source: ITGI, 2003 • Responsibility: – Executives & Board of Directors • Elements: – Leadership – Organizational Structures – Processes • Objective: – Ensure IT sustains and extends the organization’s mission and strategy
  • 11. IT Governance – Adapted Definition for Smaller Nonprofits • Definition adapted to smaller Nonprofits: IT Governance is the leadership, structures and processes that a nonprofit’s executives and board of directors put in place to ensure that their organization’s IT sustains and extends their business strategy and objectives in achieving its mission. • IT governance provides the framework to guide how IT-related decisions are made. This is especially important when there is someone who is making technology decisions on behalf of a nonprofit’s management.
  • 12. IT Governance – Adapted Definition for Smaller Nonprofits Corporate Governance Is part of .. IT Governance binds/guides IT Management IT Service Providers IT Manager Adapted from: Debreceny, Nov 2010
  • 13. IT Governance – Nonprofit Framework Establish a framework to Business Strategy structure and guide IT decision-making and how IT is alignment Compliance used as part of the organization IT Governance value delivery IT Strategy IT Projects IT Risk Management drives IT Infrastructure Source: IntrapriseTechKnowlogies LLC, 2011
  • 14. IT Governance – Nonprofit Framework • Establish a framework to structure and guide: – IT decision-making; and – How IT is used as part of the business. • IT decision-making in Nonprofits – IT Manager – usually technically focused – IT Contractor – usually technically focused – Key weakness: narrow perspective & lack of business acumen • IT as part of the business – Increasing pervasiveness of IT supporting business processes – Increasing ease of access to data and applications – Increasing dependence on IT service providers – Key weakness: Lack of risk awareness and mature IT controls
  • 15. IT Governance – Nonprofit Framework • Consider the following BIG QUESTIONS: – How do we align the mission/business strategy and IT? – How do we define and measure [IT] performance? – How do we manage [IT-related] change? – How do we organize [IT] decision rights? – What are the costs and benefits of improvement of IT governance? Source: Debreceny, Nov 2010 These questions help to ensure greater alignment of IT decision-making with the mission/business strategy, and clear performance and accountability for IT.
  • 16. How do we align Programs and IT? • The corporate answer: – Strategy Council RACI defined: • Responsible – Business involvement in • Accountable • Strategy planning • Consulted • Program management • Informed • Project management – Clear RACI planning – Outward facing staff from IT to the Business Source: Debreceny, Nov 2010 • These can be overkill in a Nonprofit’s smaller, less complex environment, but the intent and purpose of some of these structures must still be considered—and sometimes reversed.
  • 17. How do we align the Nonprofit and IT? • Corporate answer: • SMB Nonprofit answer: – Strategy Council – N/A – usually not necessary – Business involvement in – IT Advisor’s involvement in • Strategy planning • Strategic planning • Program management • Program management • Project management • Project management – Clear RACI planning – Clear RACI planning – Outward facing staff from IT – Close relationships between to the Business key IT service providers and business managers • Issues: (1) Business units and IT • Issues: (1) Programs operating with operating in separate silos; (2) IT an absence of IT expertise; (2) function may be centralized or Nonprofit is not highest priority of IT decentralized service provider.
  • 18. How do we align the Nonprofit and IT? • Nonprofit considerations for programs/IT alignment: – What role does IT play in achieving the mission/business strategy? – Should IT be included in strategic planning? • Does my IT Manager or Service Provider understand my mission? Can they think strategically? • Do I need an independent/objective IT Advisor? – Are any of my programs/projects dependent upon IT? • How will the technology utilized impact my IT environment? • Is the technology utilized in accord with my IT strategy? – Is responsibility for mission/IT alignment clearly defined? • Who is accountable for achieving alignment? • What are the consequences if alignment is not achieved? – Is there clear communication between IT and programs?
  • 19. How do we align the Nonprofit and IT? • Clear and open communication between Programs and IT is especially important for Nonprofits – Most nonprofit executives and boards don’t have a deep enough understanding of IT to adequately perform alignment • An IT Advisor may need to be engaged to help translate between the programs and IT and facilitate alignment – A majority of IT capabilities is usually outsourced and IT service providers are servicing multiple customers • The Nonprofit may not be a priority for the service provider • The IT service provider is an external party so requires additional effort to coordinate communication/activities – While the risk of a Nonprofit IT failure is usually lower, the impact of failure is often higher due to smaller economic resources to absorb the failure or re-perform the project • Failure could be a non-realization of expected benefits
  • 20. How do we define and measure [IT] performance? • Part of defining responsibility and accountability is having a clear definition of performance – Availability – it’s available for use when I need it; “uptime” – Accessibility – it’s usable where I need to use it – Functionality – it provides the functionality I need • Accuracy – computations are performed correctly • Integrity – the integrity of my data/files is maintained • Usability – it is easy to use and intuitive • Responsiveness – actions are completed within a reasonable time / within the expected time – Security – data/files are kept secure (including addressing confidentiality and privacy) • Most nonprofit users don’t want to understand the technology, they just want it to work when they need it and as they expect it to
  • 21. How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Availability – it’s available for use when I need it – During what times do systems need to be available? • What are the organization’s hours of operation? • Are there times when the organization doesn’t operate? • Are there times when certain business functions can be down? – What level of downtime is acceptable? • Remember that most systems need some kind of scheduled maintenance and backup window • Is the impact of downtime offset by the cost of additional availability measures? – Is a business continuity plan in place to mitigate the risk of downtime? Disaster recovery plan, in case of major outage?
  • 22. How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Accessibility – it’s usable where I need to use it – Do I need access outside of the office? • Traditional solution: VPN • Cloud computing is increasing the accessibility of applications and data beyond the office network – Do users need offline access? (e.g. at client/constituent’s place) – Do users need access on mobile devices? – If client/constituent facing: • How are my clients/constituents accessing the system? • How do clients/constituents expect to access the system? – Are accessibility (security/confidentiality/privacy) risks appropriately mitigated?
  • 23. How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Functionality – it provides the functionality I need – Accuracy – computations are performed correctly – Integrity – the integrity of my data/files is maintained – Usability – it is easy to use and intuitive – Responsiveness – actions are completed within a reasonable time / within the expected time • Most Nonprofits are used to working with these performance measures – These requirements should be defined and used as the basis for software/vendor selection. Since most Nonprofits are probably not doing custom development, it is important to find the best fit solution—and often it will not be a 100% solution.
  • 24. How do we define and measure [IT] performance? • Nonprofits should define their business requirements for IT performance based on their mission/business strategy • Security – data/files are kept secure (including addressing confidentiality and privacy) – Are there regulatory or other compliance requirements associated with your data? – Have privacy controls been designed to address both technical and non-technical data/file risks? – If data is stored in the cloud or on a vendor’s systems: • What measures has the vendor taken to ensure security? • Is a Service Organization Controls report (SOC) or SSAE 16 report (if financial-related) available? • Have management controls been mapped to the SOC report and vendor control structure?
  • 25. How do we define and measure [IT] performance? • Establish responsibility and accountability by clearly defining performance criteria for each application/system used by the business – Availability – it’s available for use when I need it; “uptime” – Accessibility – it’s usable where I need to use it – Functionality – it provides the functionality I need • Accuracy – computations are performed correctly • Integrity – the integrity of my data/files is maintained • Usability – it is easy to use and intuitive • Responsiveness – actions are completed within a reasonable time / within the expected time – Security – data/files are kept secure (including addressing confidentiality and privacy) • Define these in “business” not “technical” terms
  • 26. How do we manage [IT-related] change? • To ensure that the full benefits of an IT-related initiative can be realized, remember to consider the impact of the change to: – The organization itself – Employees – Clients and Constituents – The organiation’s IT environment and risk posture • In Nonprofits, both executives/program management and IT service providers often forget that while simpler, the Nonprofit environment is also smaller. – A small change can sometimes have a much bigger impact. – A stone in a lake, can cause tidal waves in a puddle.
  • 27. How do we manage [IT-related] change? • IT-related change can impact the organization and its employees and clients/constituents in many different ways – Changes to business processes and procedures – Different tools / application used to complete a task – Increased / decreased access to data / information • Common staff complaints about IT-related change – Nobody told us it was changing! – Yes, the technology is good, but the impact to our procedures wasn’t considered until the new technology was already here. – We didn’t receive any training for the new technology. – The data is organized differently from the old system. – The computations are performed differently from the old system. – I can’t get the same reports that I used to from the old system.
  • 28. How do we manage [IT-related] change? • In addition to user-side impacts, consider the impact to the overall IT environment: – Have we increased our reliance upon a system—thereby increasing the potential impact of an availability issue? – Have we increased the accessibility of information? • Do we need to consider any additional mobile device risks? – Has the change in functionality impacted the efficiency, effectiveness, or agility of our business processes? – Does the change introduce any data-related risks? (e.g. privacy, confidentiality, security, backup, recoverability) • How do the changes impact the organization’s overall IT environment risk posture? – Is this an acceptable part of the business strategy? – Do we need to take any additional risk mitigation measures?
  • 29. How do we manage [IT-related] change? • Every change has risks associated with it – Just because a change has risks, it doesn’t mean that you shouldn’t do it—work to manage risk, not eliminate it • Manage risk by evaluating the risk and taking the appropriate mitigation steps to minimize the negative impact of the change – Balance cost of mitigation with benefits of managing the impact • Sometimes not making a change is a risk in and of itself— consider the cost/impact of not changing – Lack of change and lead to stagnation • Remember to consider the people and process aspects of the change, not only the technology.
  • 30. How do we organize [IT] decision rights? • There are usually two different approaches to IT decision-making by smaller Nonprofits 1. Minimal Involvement by executive or board • Just wants to know what it will cost and as long as reasonable (i.e. cost doesn’t seem excessive) then will approve • For the most part, decision authority rests with the IT manager or IT service provider 2. High Involvement by executive or board • Wants to understand everything that is being done • Will approve once it makes sense to them and they can validate the cost • Decision authority rests with the executive—IT Manager / IT Service Provider must “convince” the executive of necessity
  • 31. How do we organize [IT] decision rights? • There are inherent flaws in both approaches 1. Minimal Involvement • Requires a high-level of trust in IT Manager/Service Provider • Requires a highly competent IT Manager/Service Provider • Usually a spend-based decision 2. High Involvement • Executive/Board usually lacks expertise to adequately evaluate options • Cost validation usually doesn’t involve apples-to-apples • Usually a spend-based decision • Both approaches often lack – Consideration of mission/business strategy – Consideration of IT-related business risks – Longer term cost management perspective
  • 32. How do we organize [IT] decision rights? • The better approach is to identify business-focused parameters that provide a basis for decision-making – Strategic Alignment – IT Performance – IT Risk Management – Change Management – Cost Management • The Board of Directors should identify the key parameters that drive what is considered in evaluating options – IT Manager/Service Provider prepares an analysis of options based on the parameters – CEO/Executive Director is briefed on options based on parameters and recommendation from IT Manager/Service Provider – CEO/Executive Director makes final decision
  • 33. IT Governance in Action a practical example • Consider the following scenario: A small nonprofit wants to enable its staff of 10 people to have access to their e-mail anytime, anywhere on their laptops and mobile devices • It is considering three solution options: 1. Microsoft Small Business Server (SBS) 2. Microsoft Office 365 3. Google Apps for Nonprofits The business currently uses POP e-mail boxes provided by its Internet Service Provider (ISP) and Microsoft Outlook 2007.
  • 34. IT Governance in Action a practical example • How do we align the Nonprofit and IT? – Strategic imperative • Enable staff to spend more time with clients/constituents • Be more responsive to client/constituent requests • Business need = anytime, anywhere access across devices – Analysis of current ISP provided POP mail • Provides this at a basic level (e-mail can be accessed anywhere with an Internet connection) • Doesn’t allow for easy synchronization of data across devices — contacts and calendar entries must be entered separately on each device or synced via USB cable – All solutions considered enable synchronization across devices and provide anytime, anywhere access • All align at a high level with the mission/business strategy
  • 35. IT Governance in Action a practical example • How do we define and measure IT performance? – System availability or “uptime” is a key metric • Clients/constituents are in multiple time zones • Staff has flexible work schedules, so some work at night too – Based on the answer to this question: • SBS is an on-premise solution and the cost of making it highly available would make the cost of SBS far exceed the other two – Office 365 and Google Apps become the two leading options • Google Apps provides a 99.9% uptime guarantee, including maintenance windows • Microsoft Office 365 provides a 99.9% uptime guarantee, excluding maintenance windows • Microsoft Office 365 actually has a lower actual uptime if you adjust it for the maintenance windows
  • 36. IT Governance in Action a practical example • How do we manage IT-related change? – The organization’s staff is very competent, but they are not all particularly technology-savvy – Switching to a Google Apps solution • Potentially requires the staff to learn a new system • Gmail web interface/functionality very different from traditional POP web mail • Potential incompatibility with historical e-mail / archives – Switching to Microsoft Office 365 or SBS • Staff continue to use Outlook on their computers • Outlook Web Access (web mail) looks like Outlook – Mobile device e-mail functionality will depend on which kind of mobile device is used
  • 37. IT Governance in Action a practical example • How do we organize IT decision rights? – While this question is really speaking more toward decision-making authority, in this example we can also interpret it as: • What are the criteria for choosing a solution? – Strategy = Google Apps for Nonprofits or Microsoft Office 365 – Uptime = Google Apps for Nonprofits – Change = Microsoft Office 365 – Cost & Cash Flow • Gmail is Free (<3000 users) vs Microsoft Office 365 is $48/user/year – Security / Compliance • Microsoft Office 365 has options that meet ISO 27001, FIPS 140-2, HIPAA, FERPA, ITAR
  • 38. IT Governance in Action a practical example • What would you purchase? • Each organization’s situation is different – Different business strategies – Different key factors / considerations – Different staff competencies – Different technology platforms – Different IT Manager / service provider competencies – Different cost / cash-flow management situations • An IT Governance framework helps to ensure all of these differences are considered in making an IT decision
  • 39. What are the costs and benefits of improvement of IT governance? • IT governance doesn’t have to cost a lot – It does involve some up-front time to answer the questions – It does require some heavy thinking to answer them “right” • IT governance helps ensure IT value – Manage the costs of non-compliance – Balance short-term savings with long term value – Manage indirect costs of change – Balance benefits, cost, and risk • IT governance enables strategic advantage – Better alignment of IT with missions/business strategy – Improve the efficiency, effectiveness, and agility of business processes
  • 40. Call to Action – IT Governance • Nonprofit leaders must guide the decision-making and actions of their IT manager or IT service providers – Establish clear expectations and accountability for IT – Prevent a fragmented IT environment – Mitigate IT-related risks – Manage IT-related costs – Ensure alignment of IT with mission/business strategy • Proper governance of IT maximizes the benefits of your IT investments and helps you better achieve your mission
  • 41. Thank you for your attention and participation! Donny C. Shimamoto, CPA.CITP, CGMA donny@intraprisetechknowlogies.com (808) 735-8324 voice IntrapriseTechKnowlogies LLC Technologies and knowledge for synergizing your intraprise www.intraprisetechknowlogies.com | Hawaii | California Any Questions?