Xem mẫu
IT Governance: A Framework and
Implementation Guide
Marios Damianides Ernst & Young LLP
ISACA Membership Drive
April 20, 2006 – New Orleans, Louisianna
Agenda
• IT governance defined
• IT governance focus areas: theory and practice
• Roles and responsibilities for IT governance
• Implementation guidelines
• ITGI market research findings • Top 10 Questions to ask
1
Sources
Board Briefing on IT Governance, 2nd Edition
IT Governance Global Status Report 2003 and 2006
www.itgi.org
2
Increasing Expectations of IT Function
Internal & External Stakeholders
•CEO
•Board of Directors •CFO
•Audit Committee •COO •Shareholders •Head of IA •Regulators •Directors •Capital Markets •Business Partners •Employees
•Others
Cost
• Cost-efficiency • Higher ROI
• Reactive risk management
• Implement regulatory requirements, e.g.:
- Sarbanes-Oxley
- HIPAA - Etc.
• Decisionsupport
Value
• IT governance & management • Financial reporting
• Manage enterpriserisk (ERM) • Transparent disclosure
• Convergedsecurity • Program assurance • ROI
• Valuecreation
- New business
- Competitive advantage
• Project to process approach to regulatory requirements
Pre-1990s 1990s 2006—Post-Sarbanes-Oxley
3
IT Governance Global Status Report: Problems with IT (CPI)
IT staffing problems 117
High cost/low ROI 88
Operational IT incidents 85
No view on IT performance 81
Outsourcing problems 74
Disconnect business/IT strategies 72
Security/privacy incidents 60
IT not meeting compliance requirements 44
0 50 100 150
4
...
- tailieumienphi.vn
nguon tai.lieu . vn