1 / 32

Governance and Audit of IT in a Post-Recession World

Governance and Audit of IT in a Post-Recession World. Mark Toomey Author: Waltzing with the Elephant Managing Director Infonomics Pty Ltd Member, Standards Australia Committee IT-030 Member, ISO/IEC JTC-1 WG6. 0:00/1. A little (more) about me…. 0:01/1.

barb
Download Presentation

Governance and Audit of IT in a Post-Recession World

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Governance and Audit of IT in aPost-Recession World Mark Toomey Author: Waltzing with the Elephant Managing Director Infonomics Pty Ltd Member, Standards Australia Committee IT-030 Member, ISO/IEC JTC-1 WG6 0:00/1

  2. A little (more) about me… 0:01/1

  3. The promise of Information Technology... ... or a shattered dream. Photos: (1) http://velocityresource.com/RS6AvantPlus.aspx and Audi. (2) Public domain – widely circulated email 0:02/2

  4. Governance and Management of ITGlobal Survey • From 11 Feb to 23 Mar 2010 • Responses (complete – 75) • 13 Board Directors • 23 Business roles • 39 IT roles • Education • 38 Masters/MBA and above • 23 degree • 26 focused on technical • 35 focused on business • Age • 22 are 36 – 45 • 29 are 46 – 55 • 19 are 56 Plus • Organisation • 25 listed • 19 government • 15 private • 6 branch / subsidiary • 4 not-for-profit • Location • 25 AU • 15 NL • 8 GB • 6 US • 4 ES • 2 NZ • AE, AR, AX, BE, CA, DE, IN, IT, TR, VG, ZA. • Scale • 7 Up to US$ 500,000 • 4 US$ 500,000 to US$ 2m • 5 US$ 2m to US$ 10m • 12 US$ 10m to US$ 100m • 41 More than US$ 100m • Employees • 7 at 1 - 10 • 7 at 11 - 50 • 6 at 51 - 200 • 0 at 201 - 500 • 26 at 501 - 5000 • 29 at 5001 and above 0:04/1

  5. Governance and Management of ITGlobal Survey There is a strong track record over several years of successful IT projects that deliver the intended business outcomes. 48% 24% 0:05/1

  6. Governance and Management of ITGlobal Survey Executive management has sufficient evidence that day to day business operations will not be seriously damaged by unplanned interruptions to operational IT systems. 32% 46% 0:06/1

  7. Governance and Management of ITGlobal Survey The full spectrum of costs, risks, opportunities and value derived from the organization's current portfolio of operational IT systems is well understood and acceptable. 58% 22% 0:07/1

  8. From enormous challenge... ... to outstanding performance • Medicare database blunder (2005) • Customs commissions review of ICS debacle (2006) • Defence weak on IT, says chief (2007) • Vic: Health IT program late, over budget (2008) • Consultant: 33% of IT spend is wasted (2009) • Young war widows struggling (2009) • Software glitch stymies green loans (2009) • Licensing project over budget and a decade late (NSW, October 2009) • e-government • e-health • Accessible government • Efficient government • “Joined up” government • Innovative government • Post to offer passports online • Tech to prevent welfare cheats • Real change, real solutions, delivered and acclaimed, in business as in government. 0:08/2

  9. It can happen to anybody… … and it KEEPS happening! 2005 2004 2006 2007 Cargo Management Futures Market ERP Consolidation Five Day Fiasco 2009 2008 2010 2010 Scrapped Amadeus Crippled Year 2010 0:10/3

  10. Governance and Management of ITGlobal Survey Most organizations are very effective in governing their use of IT. 82% 4% 0:13/1

  11. We have tried to make IT better… • Typical efforts to ensure that IT is doing its job competently • Rigour • Process • Control • Reporting • … Miss the point! ITIL Prince2 CoBIT CMMI PMBOK MSP PPM Etc 0:14/1

  12. We have tried to make IT better… …but we have missed the key issue! 0:15/2

  13. We have tried to make IT better… … the problem is not the IT function! • Typical efforts to ensure that IT is doing its job competently… • Rigour • Process • Control • Reporting … Miss the point! • It’s not just in IT that problems develop: • Use of IT to achieve business goals involves business change • Process • People • Structure • Context • And necessarily requires that business leaders engage fully: • Being responsible • Setting direction • Planning and implementing ITIL Prince2 CoBIT Polishing INSIDE the Kettle improves supply… … but does not fully address the problem of use! Delivery CMMI PMBOK MSP PPM Etc Many issues arise here – outside IT’s sphere of control. Use Governance of IT has to deal with how organisations USE IT as well as with how IT departments operate. 0:17/1

  14. Governance and Management of ITGlobal Survey Organizations that govern their IT very well have a strategic advantage. 3% 90% 0:18/1

  15. The purpose of information technology... • Four key elements of operating organisations • People – who participate in business events • Process – what business events take place • Structure – where business events happen • Technology – enabling and recording events • Operating context of the organisation • External • Internal. • IT intrinsic to day to day operations • Generic - Email, Telephony, Information • Business process specific - Transactions, Customers, Etc • Future capabilities and functions. People The Business Context The Business System Process Structure Technology Based on H.J. Leavitt’s Model of organisational change, published in 1965. 0:19/1

  16. The Business System The purpose of information technology...... we depend on it as a business tool. • Four key elements of operating organisations • People – who participate in business events • Process – what business events take place • Structure – where business events happen • Technology – enabling and recording events • Operating context of the organisation • External • Internal. • IT intrinsic to day to day operations • Generic - Email, Telephony, Information • Business process specific - Transactions, Customers, Etc • Future capabilities and functions. • When IT fails, everything goes pear-shaped • Citylink Melbourne, Tuesday 20 Sept 2006 People People The Business Context Process Structure The Business System Process Structure Technology Technology Based on H.J. Leavitt’s Model of organisational change, published in 1965. 0:20/1

  17. People People Changed People The Business Context The Business Context Changed Business Context People Process Process Structure Structure The Business System The Business System Changed Process Changed Structure Changed Business System Process Structure Technology Technology Changed Technology The Business System Technology And we use IT as an enabler of change... ...but change involves much more than IT! • Omnibus Change • Business System • Process • Technology • Structure • People • Business Context • Process • Technology • Structure • People • Implementing IT enabled change involves attention to every facet of business models and practices • Internal and external factors • IT is now a fundamental enabler of change and is leading to new business models and new business practices • Eg e-Government “Traditional” IT Change Project • Governing IT Enabled Change involves much more than governing technology activities. 0:21/2

  18. Information technology is a tool ... ... what determines the use of the tool?. The System of Management Business Domain: How IT is used to enable and operate the business Strategic Business Future Ongoing business operations Supply Demand Supply Demand IT Domain: How IT is managed and delivered. Effective IT enabled change Reliable IT Service 0:23/2

  19. The context for governance of IT... The System of Management Business Domain: How IT is used to enable and operate the business Strategic Business Future Ongoing business operations The System of Management Strategic Business Future Ongoing business operations Business Domain: How IT is used to enable and operate the business Supply Demand Supply Demand Supply Supply IT Domain: How IT is managed and delivered. Demand Demand Effective IT enabled change Reliable IT Service IT Domain: How IT is managed and delivered. Effective IT enabled change Reliable IT Service 0:25/1

  20. The context for governance of IT... ... is to direct and control the use. Governance Top level oversight Evaluate Current & proposed demand for & supply of IT Monitor Direct The System of Management Strategic Business Future Ongoing business operations Business Domain: How IT is used to enable and operate the business The System of Governance Supply Supply Management Responsibility Demand Demand IT Domain: How IT is managed and delivered. Effective IT enabled change Reliable IT Service 0:26/1

  21. Governance and Management of ITGlobal Survey Governance of IT means evaluating, directing and monitoring the current and proposed future use of IT.  It involves overseeing preparation of plans for use of IT, overseeing delivery of business change enabled by IT and overseeing ongoing operational use of IT. 7% 90% 0:27/1

  22. Business Needs Business Pressures Directing and controlling the use of IT... ...does not require technical expertise. Governance AS8015 &ISO 38500 principles • Responsibility; • Strategy; • Acquisition; • Performance; • Conformance; • Human Behaviour. Evaluate Monitor Current and Future use of IT Direct Performance Conformance Plans, Policies Management IT enabled business change projects IT enabled business operations 0:28/2

  23. Governance and Management of ITGlobal Survey Governing the use of IT is the responsibility of those who have overall governance responsibility. 14% 80% 0:30/1

  24. Governance and Management of ITGlobal Survey Too much of contemporary guidance on “IT Governance” is actually focused on “IT Management”. 6% 78% 0:31/1

  25. Peter Gershon told government leaders... ...it’s your job to drive success. Finding Recommendation Strengthen Pan-Government Governance Ministerial committee on ICT Secretaries ICT Governance board with strong mandate Drive ministerial agenda on whole of government use of ICT. Oversight of opt-outs Redefine AGIMO role Establish program board Strengthen Agency Governance Link between policy formulation and implementation Best practices in benefits realisation. Those at the top levels of government have to play their role in governance of IT. • Weak governance of Pan-Government issues related to ICT. • Has led to significant fragmentation and duplication • Lack of standardisation in common processes • Agency governance mechanisms are weak in respect of focus on ICT efficiency and understanding of organisational capability to commission, manage and realise benefits from ICT-enabled projects. • ICT vs organisational capability. So do those at the top of business – but what is this part? 0:32/1

  26. Responsibility of business leaders... ...is to lead change from the front. • Plan the future model for an efficient and effective business that is inevitably enabled by and dependent on IT. • Orchestrate the pervasive change to the systems of business – people, process, structure AND technology. • Relentlessly drive change at the four points of the business system, never forgetting that leaving IT to lead or push WILL result in failure. • Persistently measure performance of IT in business terms and control IT expenditure in those terms - for investments and business as usual. • Encourage and reward appropriate behaviour of the people involved to maximise the outcomes of planned change. 0:33/3

  27. Governance and Management of ITGlobal Survey Achieving intended business outcomes is the principal measure of success for an “IT project”. 7% 85% 0:36/1

  28. Governance and Management of ITGlobal Survey Business managers should be accountable for delivery of business outcomes which mark the successful completion of “IT projects”. 6% 83% 0:37/1

  29. Governance and Management of ITGlobal Survey Effective governance of IT requires a set of management systems that are fit for purpose and appropriate to the nature of the organization. 6% 87% 0:38/1

  30. Governance and Management of ITGlobal Survey A formal certification scheme is required, so that organizations can test and verify the effectiveness of their arrangements for governance of IT. 13% 52% 0:39/1

  31. Governance and Audit of IT in theThe Post-Recession World • Clear understanding and delineation of governance and management roles; • Governance focused on principles and behaviour, not process; • Audit gives assurance to the board; • Audit looks beyond process to behaviour; • Scope of governance and audit engagement is the entire business system; • Audit helps bring future problems into early focus. 0:41/2

  32. More information www.infonomics.com.au Questions Download these slides from: www.infonomics.com.au/PresGAPRW.htm. 0:43/7

More Related