This PDF presentation aims to assist the C-Suite (CEO, CIO, CRO, CSO), Board Members and Audit and Risk Committees to be aware of good IT governance frameworks and references and thereby have Value conversations with IT professionals (and assist IT professionals to drive, and prepare for these conversations). It will cover a wide range of frameworks and references. Enjoy!
Falcon's Invoice Discounting: Your Path to Prosperity
Frameworks to drive value from your investment in Information Technology
1. What are some good
Frameworks?
HOW TO DRIVE VALUE
FROM YOUR INVESTMENT IN INFORMATION TECHNOLOGY
TODAY’S FOCUS IS ON:
2. INTRODUCTION
This presentation has been delivered by John Halliday to many
professional bodies including:
• ISACA (Information Systems Audit and Control Association)
• CPA Australia
• Australian Information Industry Association
John will be developing 5 minute videos of various aspects of this
presentation and posting them to his LinkedIn profile
Technology Governance Services is a strategic partner of Info~Tech
3. OBJECTIVE
This PDF presentation aims to:
Assist the C-Suite (CEO, CIO, CRO, CSO), Board Members
and Audit and Risk Committees to …….
Be aware of good IT governance frameworks and
references and …….
Thereby have Value conversations with IT professionals and
Assist IT professionals to drive, and prepare for these
conversations
It will cover a wide range of frameworks and references
4. OUTLINE
• Target Audience
• Role of the CIO and CFO in the context of value from IT
• Good Frameworks and references:
• Technology Business Management
• Gartner - IT MOOSE (Maintain and Operate the Organisation, Systems and Equipment)
• ITIL
• Enterprise Architecture - TOGAF
• IT4IT - Reference Architecture
• Applied Business Architecture
• COBIT
• Info~Tech
5. LEVERAGING MY EXPERIENCE AND
QUALIFICATIONS
Cross industry
experience in
Accounting,
Governance, IT, Internal
and External Audit
Professional Bodies:
FCPA FGIA
IIA ISACA AISA
COBIT5 IT Governance
Foundation Certified
(ISACA)
IT4IT Value Steam
Foundation Certified
(The Open Group)
Applied Business
Architecture Certified
(The Open Group)
Certified in the
Governance of
Enterprise IT
(ISACA)
7. KEY CHALLENGES
The CIO and the CFO need to be at the table speaking the
same governance language as the CEO for value to be
created and provided to the BOARD
Active communication, providing transparency and being
seen by the business to be sending the one message is
essential
The inability to justify the value from IT can lead to further
cost reduction targets being imposed on the CIO
Most CIOs are not able to access funds due to the lack
of demonstration of the value of these investments
Most CFOs view IT as a cost centre and, therefore, are
not linking investment in IT with value creation
8. GOOD FRAMEWORKS AND REFERENCES
The following slides will provide an overview of some good frameworks or references that you may find useful,
including:
• Technology Business Management
• Gartner - IT MOOSE
• ITIL
• Enterprise Architecture - TOGAF
• IT4IT - Reference Architecture
• Applied Business Architecture
• COBIT
• Info~Tech
The diagrams relating to IT4IT and Applied Business Architecture have been a sourced from The Open Group
certification http://www.opengroup.org/certifications
9. TECHNOLOGY BUSINESS MANAGEMENT
• Value Management framework
• Designed by CIO and CTO's
• Founded on transparency of costs,
consumption, and performance
10. GARTNER – IT MOOSE
• Spending to Maintain and Operate the Organisation, Systems,
and Equipment (MOOSE)
• Top 20 Initiatives e.g.
• Embark on application rationalisation to help IT shed duplicate
applications and infrastructure.
• Get improved data on application resource usage so you can
make better use of maintenance staff.
• Use application portfolio management (APM) tools to develop
metrics to drive maintenance effort and cost reductions.
12. ITIL – IT INFRASTRUCTURE LIBRARY
5 Books Purpose
Service Strategy Business goals and customer
requirements
PLAN
Service Design How to move strategies into plans
that help the business
PLAN/
DELIVER
Service Transition How to introduce services into the
environment
BUILD
Service Operation How to manage the IT services RUN /
MONITOR
Continual Service
Improvement
Helps adopters evaluate and plan
large and small improvements to IT
services
MONITOR
13. ENTERPRISE ARCHITECTURE - TOGAF
• The Open Group Architecture Framework (TOGAF)
• Enterprise architecture methodology and framework used to
improve business efficiency
• A comprehensive framework for managing and aligning IT assets,
operations, projects and people with operational characteristics.
• It aims for alignment between business vision and IT strategy and
defines how information and technology supports and benefits
the business
• Sometimes disconnect at Executive / Stakeholder level
18. APPLIED BUSINESS ARCHITECTURE
• Use a Capability-based Planning approach to
shape and operationalise strategy
• Identify key Stakeholders and their concerns and
determine how to find answers for those
concerns
• Review in-flight IT projects and align to strategic
pillars
• Summarise Business Modelling techniques and
artefacts
25. IF BUSINESS ARCHITECTURE IS
NOT PERFORMED
• Enterprise architecture teams risk performing
enterprise technical architecture only
• Business context confusion: confusion between
why, what and how
• Risks too many conversations about technical
standards
• Business governance becomes disconnected
from IT investment and business driven decisions,
leading to critical gaps!
26. COBIT – VALUE CREATION
The COBIT5 Framework
is driven by
Stakeholder Needs
(Note that COBIT 2019 has just been published
and will the subject of further updates)
27. WHAT IS VALUE ? – COBIT
Stakeholder
Needs
Resource
Optimisation
Risk
Optimisation
Benefits
Realisation
28. WHAT IS VALUE ?
Stakeholder
Needs
Cost Risk Benefits
For further information you van
view a 5 Minute Video either on
my LinkedIn profile or on the link
below:
“What is value?”
Allow me the
licence to refer to
Resource
Optimisation in the
context of Cost!
29. KEY VALUE CONCEPTSStakeholder
Needs
Cost
Transparency
Trust
Risk
Uncertainty
Uncertain
Future Risk
Event
Benefits
Objectives
Strategic Pillars
& Business
Capabilities
Cost => Transparency => Trust
When the business has
TRANSPARENCY on costs
this leads to TRUST
and a greater desire to partner with
IT to drive value
Resource Optimisation initiatives
should impact positively on
revenue, margin, expenses, capex
and opex outcomes …… in the
broad context of Cost
30. KEY VALUE CONCEPTSStakeholder
Needs
Cost
Transparency
Trust
Risk
Uncertainty
Uncertain
Future Risk
Event
Benefits
Objectives
Strategic Pillars
& Business
Capabilities
Risk => Uncertainty => Uncertain Future Risk
Event
ISO 31000:2009 Risk Standard defines
risk as “the effect of uncertainty on
objectives”
Monte Carlo modelling techniques
can be used to model risk and assist
in defining risk appetite in the context
of uncertain future risk events
31. KEY VALUE CONCEPTSStakeholder
Needs
Cost
Transparency
Trust
Risk
Uncertainty
Uncertain
Future Risk
Event
Benefits
Objectives
Strategic Pillars
& Business
Capabilities
Benefits => Objectives => Strategic
Pillars& Business Capabilities
Benefits are realised when business
objectives are achieved and IT is
aligned to business strategic pillars
and required maturity level of
business capabilities
36. COBIT - 5 DOMAINS, 37 PROCESSES
The Goals
Cascade helps
to focus the
priority COBIT
Processes
It is NOT the aim
to implement all
COBIT Processes
at once
37. INFO~TECH FRAMEWORK
Leverages COBIT and adds to it
Maps the process landscape
Fast Track to Goals and Metrics
Dive deeper into the performance
of processes.
Use the results to facilitate team
alignment
Tracks and assigns ownership and
accountability
Underpinned by blueprints and
resources
38. INFO~TECH 9 DOMAINS
• Strategy & Governance
• People & Resources
• Financial Management
• Service Planning & Architecture
• Infrastructure & Operations
• Security & Risk
• APPs
• Data & Business Intelligence (BI)
• PPM & Projects
39. INFO~TECH 8 ADDITIONAL PROCESSES
ITGR01 IT Organisational Design
ITGR02 Leadership, Culture & Values
ITGR03 Manage Service Catalogues
ITGR04 Application Portfolio Management
ITGR05 Application Maintenance
ITGR06 Business Intelligence & Reporting
ITGR07 Data Architecture
ITGR08 Data Quality
40. EXAMPLE INFO~TECH COMPARISON TO COBIT
InfoTech Domain / Process COBIT Domain COBIT Process
Strategy & Governance
APO01 IT Management & Policies Align, Plan and Organise APO01 Manage the IT Management
Framework
APO02 IT Strategy Align, Plan and Organise APO02 Manage Strategy
APO04 Innovation Align, Plan and Organise APO04 Manage Innovation
APO08 Stakeholder Relations Align, Plan and Organise APO08 Manage Relationships
EDM01 IT Governance Evaluate, Direct and Monitor EDM01 Ensure Governance Framework
Setting and Maintenance
EDM05 Stakeholder Relations Evaluate, Direct and Monitor EDM05 Ensure Stakeholder Transparency
MEA01 Performance Measurement Monitor, Evaluate and Assess MEA01 Monitor, Evaluate and Assess
Performance and Conformance
41. INFO~TECH ALIGNS WITH BUSINESS GOALS
TRANSFORM
Creates new industry
EXPAND
Extends into new business
Generates revenue
OPTIMIZE
Increases efficiency
Decreases costs
SUPPORT
Keeps business happy
Keep costs low
STRUGGLE
Does not embarrass
Does not crash
CEO Optimal
CEO Actual
CIO Optimal
CIO Actual
The role of IT needs to be
defined by the business
and realised by IT
Value is created by
ensuring that the CEO
and CIO agree on how
the IT role is defined so
that IT effectively
addresses business needs
and move from the ICT
Current State to an
agreed ICT Future State
42. INFO~TECH ALIGN WITH THE COBIT 5 FRAMEWORK
Effective processes are
essential to the success of IT
By understanding
Stakeholder Needs, business
goals and identifying IT
priorities and pain points,
the focus is on the right IT
processes to drive business
goals
43. Diagnostic programs incorporate smart analytic
engines that provides powerful reports that help CIOs
make critical decisions
DIAGNOSTIC PROGRAMS
44. CEO – CIO ALIGNMENT DIAGNOSTIC
• Understand the CEO's vision for IT
• CEO and CIO are “on the same page”
• A clear message is sent to the Board
• Identify and build core IT processes that automate IT-business
alignment
• Create a plan to address alignment gaps
• Deliver your plan to demonstrate IT value and progress
• Use the right metrics to evaluate IT and communicate progress
• Deliver results in a way that works for the CEO
45. IT Security Diagnostic Program
This diagnostic seeks responses to key questions to fast track the information management maturity
level and identify accountable persons in the following focus areas:
• Risk Analysis
• Compliance Management
• Auditing
• Vulnerability Management
• Event and Incident Management
• Security Culture
• Network Security - Policies And Processes Governance
• Host Security for Servers - Policies And Processes Governance
• End User Devices - Policies And Processes Governance
• Application Security - Policies And Processes Governance
• Data Security - Policies And Processes Governance
• IAM (Identity and Access Management) Security - Policies And Processes Governance
• Physical Security - Policies And Processes Governance
47. HOW TO DRIVE VALUE FROM YOUR
INVESTMENT IN INFORMATION
TECHNOLOGY …. TODAY’S FOCUS WAS ON:
What are some good
Frameworks?
48. TECHNOLOGY GOVERNANCE SERVICES
SPECIALTY AREAS✔ Information Security Governance Diagnostic
✔ CEO / CIO Alignment Diagnostic
✔ IT Staffing Diagnostic
✔ IT Management and Governance Diagnostic
✔ Leveraging the CIO Business Vision to Drive Value
✔ Project Assurance Reviews
✔ Incident Management Root Cause Analysis
✔ Fast Track Information Security Policies aligned to ISO 27000
✔ Managing Phishing & “Change of bank account” scams
✔ Cyber Risk Governance Review
✔ Data Breach Management and Planning Review
✔ Embedding a Pragmatic IT Governance Environment
49. For assistance with clarifying anything in this
article regarding driving value from your
investment in Information Technology
go to my diary at
calendly.com/technologygovernance
or freecall
1800TechGov