Oladapo Ogundeji, CTO of Digital Jewels Ltd, gave a presentation on IT governance and its importance in today's technology changing world. He discussed that IT governance provides a formal process to define IT strategy and oversee its execution to achieve business goals. It also helps balance priorities like maximizing returns, increasing agility, and mitigating risks. Ogundeji covered frameworks like COBIT 5 and ISO 38500 that provide guidance on implementing IT governance and highlighted critical success factors like executive commitment, focus on execution, and competence in resources.
4.18.24 Movement Legacies, Reflection, and Review.pptx
IT Governance – The missing compass in a technology changing world
1. IT GOVERNANCE – THE MISSING COMPASS
IN A TECHNOLOGY CHANGING WORLD
09/02/2016
1
By Oladapo Ogundeji : CTO/CISO, Digital Jewels Ltd.
Nigeria.
2. www.digitaljewels.net2
Oladapo Ogundeji
CTO/CISO - Digital Jewels
Oladapo Ogundeji is Chief Technical Officer at Digital Jewels. Mr. Ogundeji is PECB partner
and has more than 18 years of experience.
+234099930209
dapoo@digitaljewels.net ng.linkedin.com/in/dapoo
www.digitaljewels.net
3. Profile : Oladapo Ogundeji.
Professional career extends over 18 years of experience focused on enhancing the strategic
value of ICT in organisations through process re-engineering, strategic planning and project
management for corporate objective & strategy that address business opportunities and
issues.
A highly trained ICT Management Specialist & Consultant.
Masters In Information Technology ( M.I.T )
B. Sc. Electronics & Electrical Engineering.
Past roles/positions
Head of User Support & Service Desk
IT Manager
Project Manager – Technical Services
Deputy Head – Network Systems
Project Leader
Project / System Engineer
CTO/CISO - Digital Jewels Limited.
A specialised Information Value Chain Consulting
Firm offering specialised IT & PM Consulting &
Capacity Building Services
Contact: +234099930209 ; dapoo@digitaljewels.net
4. QUALIFICATIONS...
COBIT 4.1/5.0 Foundation & Certified Trainer
Business Continuity Management : ISO22301/ BS25999 Certified MASTER & Accredited Trainer
ISO 27001 Certified Lead Implementer Certified & Trainer
Certified IT Business Manager (ITBMC)
PRINCE2 Foundation Certificate (Project Management Methodology).
ISACA : C I S A // C I S M // C G E I T
IT Service Management Foundation (I T I L)
RAD Datacommunication Specialist & Engineer.
HP (COMPAQ) : Accredited Compaq Technician (A C T) // Accredited Platform Specialist (A P S)
Microsoft Certified Professional: ( M C P) // Microsoft Certified Professional + Internet: ( M C P + I) //
Microsoft Certified Professional + Internet: ( M C P + I) // Microsoft Certified System Engineer : ( M C S E)
// Microsoft Sales Specialist : ( M S S)
Cisco Certified Network Associate ( C C N A ) // Cisco Certified Network Professional ( C C N P ) // Cisco
Certified Design Associate ( C C D A ) // Cisco Certified Design Professional ( C C D P ) // Cisco Sales Expert
(CSE )
BICC Brand-Rex (Structured Cabling) Certified Installer.
TOGAF 9.1 Certified [+ Foundation]
MoR (Management of Risk) Certified & Accredited Trainer
5. Overview of IT Governance
Benefits of IT Governance
IT Governance Implementation :
Approach and Methodology
Critical Success Factors
AGENDA
7. WHAT IS IT GOVERNANCE
7
IT governance is the formal process of defining the strategy of the IT organization
and overseeing its execution to achieve the goals of the enterprise.
Decision rights
framework &
mechanisms
Vision,
goals/priorities, measures; value
prop &
service portfolio;
resource approaches &
commitments;
change management
plans
Aligned/synchronized with
the enterprise strategy,
including other key asset
strategies
Translation into
aligned, tactical, operational
plans; closed-loop
monitoring & control;
accountability;
regulatory compliance
8. IT: A DOUBLE ENDED SWORD…
• Increased complexity, speed, interconnectivity and
globalisation mean more than ever that IT:
Offers extraordinary
opportunities to enable &
transform business.
Involves huge costs &
enormous risks.
9. WHY IT GOVERNANCE: …BALANCING AMONG MANY COMPETING PRIORITIES
9
IT Governance
Priorities
Maximize Return:
a. Improve business results
b. Grow revenue and earnings
c. Cash flow
d. Reduced cost-of-operation
Increase agility
a. Enable the business organizations and
operations to adapt to changing
business needs
Improve performance:
a. Improve business operations
performance end-to-end across the
enterprise
b. Increase customer and employee
satisfaction
Mitigate Risk:
a. Ensure security and continuity of
internal business operations while
maximizing exposure to external risk
factors
10. CORE COMPETENCIES FOR IT GOVERNANCE
10
Enterprise
Architecture
Management
Relationship
Management
IT Strategy
Management
Financial
Management
Supply /
Demand
Management
Portfolio
Management
IT Operating
Model
• Align operational and strategic
IT investments to business
strategies & objectives.
• Establish
policies,
standards,
models and
processes for
managing IT as
an enterprise
asset • Lifecycle management of
infrastructure, applications and
services
• Understand the
drivers of IT costs
to allocate
appropriate costs
to the consumers
of IT services.
• Establish effective, collaborative
relationships with business
stakeholders and suppliers.
• Balance the demand for IT services with
available resources to meet immediate and
strategic goals.
11. NEED FOR IT GOVERNANCE - GOVERNANCE OF EMERGING TECHNOLOGIES
11
• Big Data Management & Analytics. How we can
manage Information, that would change the
way we run our business?
• BYOD & Enterprise Mobility. How to manage
mobile strategies enabling the mobile employee
with computing everywhere around them?
• Mobile & Cloud Security. Creating a balance
between the need to protect the organization
and the need to operate the business?
• Decision Supporting Systems. The increased
use of computing machines in decision
making to extend into the realm of financial
decisions such as FX trading, lending, e.t.c.
12. NEED FOR IT GOVERNANCE - TIE TOGETHER EMERGING TECH PROCESSES
12
• Crowd sourcing. Connecting more and more
employers through remote, distributed channels
with other employees in different places all over the
world.
• Desktop Virtualization and Cloud Client-
Computing. Empowering employees and IT with
secure, reliable desktop virtualization
• Web-Scale IT: The Enterprise Impact. Delivering
seamless user services on a massive scale using Open
technologies (Hardware, Software, Agile Software
Methods)
• Identity & Access Management. Preparing enterprise
infrastructure for a stateless identity; Protect and
monitor enterprise assets and processes anytime,
anywhere.
14. IT GOVERNANCE FAILURES
14
• In 2005, Ford Motor spent a whopping $400 million on a purchasing system,
only to abandon it.
• Canadian Blood Services’ Enterprise Resource Planning rollout failed and
abandoned
• By Meta Group, 60 to 80 per cent of project failures can be attributed
directly to poor requirements gathering analysis and management.
• Carnegie Mellon says 25 to 40 per cent of all spending on IT projects is
wasted as a result of re-work
15. NEEDS, ISSUES AND CHALLENGES
15
Procedure, Audits, Metrics
Control
Strategic
Tactical
Operations
Demand
IT and
Business
Resources
Supply
Capital, Capacity, Priorities
Planning
Alignment Flexibility
EfficiencyQuality
Lack of Business aligned strategy
Reduce costs across businessIneffective project Management
Deployment Complexity through lack
of standard & legacy
No Audit Trails
Management of Service Changes
Must reduce IT costs by 30%
Lack of IT resource transparency
Missed targets due to lack of steering control
Deployment Complexity in number of
project
Cannot aggregate need and distribute
ROI
No means of governing outsourced contracts
No means of capturing demands
No means of prioritization of
business need
No means of reporting SLA
Making new outsourcing decisions
16. EXPECTED OUTCOMES
Tighter IT-
Business alignment
Reduced
Operational
Criticality/Risk
Improved
Value Delivery and
Benefits Realization
Enhanced IT
Resource
Management
Improved
Performance
Management
Improved IT
Coverage
Integration with
other best practice
standards.
16
17. TANGIBLE BENEFITS
17
Cost avoidance
• Stop projects unlikely to deliver expected business value
• Save by avoiding investment in non-viable projects
• Reduce IT spend not aligned to IT strategy reduced
• Reduce IT project scope change orders
Cost reduction
• Reduce “At risk” projects
• Reduce IT expenditure s
• IT budget on target
Efficiency gains
• Greater IT-Business Alignment
• Increased Stakeholder value
• Reduced project funding process
• Reduce Schedule tracking and updating lead time
• Increase in Reporting efficiency of IT processes
• Increase in IT productivity, delivery and quality
• Increase Project management efficiency
• Reduce Demand queue
19. IT GOVERNANCE FRAMEWORKS
19
There are quite a few supporting references that can be useful guides to the implementation of
information and technology (IT) governance. Some of them are:
• COBIT 5
• ISO 38500
20. COBIT 5 PRINCIPLES
20
• COBIT 5 helps enterprises create
optimal value from IT by maintaining
a balance between realising benefits
and optimising risk levels and
resource use.
• COBIT 5 enables information and
related technology to be governed
and managed in a holistic manner for
the entire enterprise, taking in the
full end-to-end business and
functional areas of responsibility,
considering the IT-related interests
of internal and external stakeholders.
• The COBIT 5 principles and enablers
are generic and useful for enterprises
of all sizes, whether commercial, not-
for-profit or in the public sector.
21. COBIT 5 - GOVERNANCE & MANAGEMENT AREAS
21
• Governance ensures that enterprise
objectives are achieved by evaluating
stakeholder needs, conditions and
options; setting direction through
prioritisation and decision making;
and monitoring performance,
compliance and progress against
agreed-on direction and objectives
(EDM).
• Management plans, builds, runs and
monitors activities in alignment with
the direction set by the governance
body to achieve the enterprise
objectives (P B R M).
22. COBIT 5 ENTERPRISE ENABLERS
22
1. Principles, policies and
frameworks
2. Processes
3. Organisational structures
4. Culture, ethics and
behaviour
5. Information
6. Services, infrastructure
and applications
7. People, skills and
competencies
24. ISO/IEC 38500:2015
• ISO/IEC 38500:2015, Corporate governance of information technology, is applicable to organizations of
all sizes, including public and private companies, government entities, and not-for-profit organizations.
• The standard provides a framework for effective governance of IT to assist those at the highest level of
organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their
organizations’ use of IT.
• The framework comprises definitions, principles and a model. It sets out six principles for good corporate
governance of IT that express preferred behavior to guide decision making:
www.digitaljewels.net24
Six principles
for good
corporate
governance
of IT
Responsibility
Strategy
Acquisition
Performance
Conformance
Human
Behaviour
26. IT GOVERNANCE IMPLEMENTATION APPROACH & METHODOLOGY
26
Execute
IT Governance
Assessment
Setup
IT Governance
Framework
Design
IT Governance
Processes
Implement
Supporting Tools
•Execute assessment to identify gaps
•Define new role of IT in organization
•Define evolution roadmap to address the gaps
•Define roles and responsibilities
•Setup communication path to support IT-business alignment
•Define management structures for decision making, reporting and escalation
•Define policies
•Define processes
•Define KPIs and reporting requirements
•Implement tool to support the execution of the solution
•Implement tools for data collection and management reporting
Continuous
Improvement Plan
(Control Lifecycle)
•Identify indicators to monitor strategy execution
•Define steering committee to manage relationships within IT and between
business & IT
•Review IT strategy periodically and evolve governance environment
28. Critical Success Factors
• Clarity of Purpose
• Executive or Top Management commitment & buy-in: active &
sustained
• Prompt approval and implementation of recommendations from
the assessment
• Management of Business Change
• Focus, execute and enforce
• Measure achievable targets and
expectations
• Don’t over-engineer IT Governance
• Evolution not revolution
• Competence resource sufficiency &
availability
29. CONSTRAINTS
29
• Senior management not engaging IT
– Unwillingness to involve IT in decision making
• Poor Risk Management
– Not assessing likely potential threats
• Poor Strategic Alignment
– Little or no business value derived
from major IT investments
• Ineffective Resource &
Resource Mgt
– Ensure timely availability of people,
technology and financial resources.