book

IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT

by Alan Calder

March 2009

Intermediate to advanced

216 pages

3h 56m

English

IT Governance Publishing

Read now

Unlock full access

BackgroundGovernanceFiduciary dutiesGovernance frameworksEmergence of IT governance
Development of IT strategyBusiness, information and IT strategiesInformation strategyIS strategyApplication strategyIT strategyThe six-step IT strategy processMeasurement and qualityThe IT Balanced ScorecardPerspectivesBalanced Scorecard implementation
Enterprise risk management31Operational risk managementIT risk management

Information security law: the emerging standard for corporate compliance34
Information risks and ISO27001Continuity risks and BS25999, ISO/IEC 24762Civil contingencies and business continuity planning
UK Combined Code and Turnbull GuidanceSarbanes-OxleyCOSO and internal controlCOBITVal IT
Project failureProject governance objectivesExecution riskExecutive-level project governanceBoard-level project governanceProject management frameworksAgile project managementOPM3®Conclusions
Key decision areas1: IT governance principles and decision-making hierarchy (see Chapter 10: ISO/IEC 38500)2: Information strategy (see Chapter 3: Strategy: The Search for Competitive Advantage)3: IT strategy (see Chapter 3: Strategy: The Search for Competitive Advantage)4: IT risk management see (see Chapter 6: Information and Continuity Risk)5: IT architecture (see Chapter 16: Enterprise IT Architecture Committee)6: IT investment and project governance (see Chapter 8: Project Governance)7: Regulatory compliance and information security (see Chapter 5: IT Regulatory Compliance)
ScopeApplicationObjectivesBenefitsDefinitionsThe six principles of IT governance1: Responsibility2: Strategy3: Acquisition4: Performance5: Conformance6: Human behaviourThe IT governance model in ISO/IEC38500EvaluateDirectMonitorAccountabilityApplying the six principles1: Responsibility2: Strategy3: Acquisition4: Performance5: Conformance6: Human behaviourAlignment between ISO/IEC 38500 and the Calder-Moir Framework
FrameworksCOBIT™ISO/IEC 2 7002:2005 and ISO/IEC 2 7001:2005ISO/IEC 27005:2008 and BS3110Payment Card Industry Data Security StandardITIL®BS25999PMBoK™ and PRINCE2™The Zachman Framework and TOGAFConformanceConvergenceCOBIT-linked initiativesManagement standard convergenceIT governance starting pointEnd-to-end IT governance process
Navigating the framework1: Business Strategy2: Risk, Conformance and Compliance3: IT Strategy4: Change5: Information and Technology6: OperationsEvaluate, direct, monitorPlan, Do, Check, ActSome subtleties
Maturity modelsWhat is a maturity model?CMMIThe IT governance implementation processPre-requisitesStrand 1Strand 2Initial completionIssues that must be resolvedThe problem of silo managementObtaining the board’s buy-inIdentify symptomsOrganisational politics and IT governanceConclusions
The CEOThe CIOThe CIO: role descriptionKey CIO challengesCultureInnovationAsset leverageStrategyOperationsStaffingProcesses and qualityCompliance and securityIT management structureIT organisational structureOutsourcingSupplier selectionOutsourcing contracts
IT steering committeeComposition of the IT steering committeeExecutive IT committee
Centralised or decentralised IT?Enterprise IT architecture committeeThe Zachman FrameworkThe Open Group Architecture FrameworkService-oriented architectureConclusion
New Joint FrameworkBenefits of using the Joint Framework
PAS99The integrated management systemA single PDCA modelWhat are the differences between the two PDCA models?Aspects of integrating ISO/IEC 27001 and ISO/IEC 20000Management commitmentA single documentation frameworkDocument control requirementsRecord control requirementsElectronic records and e-discoveryHierarchy of documentationSingle monitoring, review and audit frameworkMonitoringAuditingAudit programmeManagement responsibilitiesReviewing
1. Initial IT governance assessment2. IT governance road map3. Principles—drawing on ISO385004. Develop organisational momentum (commitment, governance mandate)5. Initial risk assessment6. Plan changes (see Chapter 13: Implementing IT Governance)7. Build on existing capabilities8. Business strategy9. Risk, governance and compliance framework (see Chapter 4: Governance and Risk Management)10. IT architecture and strategy11. Change12. Information and technology lifecycles13. IT operations14. Reporting15. Evolution and management of IT governanceThe Calder-Moir IT Governance Framework Toolkit
Pocket guidesToolkitsBest practice reportsTraining and consultancyNewsletter

Content preview from IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT

CHAPTER 4: GOVERNANCE AND RISK MANAGEMENT

Risk management has always been a key governance issue. The board’s job is strategy and, therefore, strategic risk has always been a board responsibility, and effective risk management has become a key competitive differentiator. The modern corporation’s fundamental goal is to create and add value to its business on a continual basis. This means that boards must find an appropriate balance between profit maximisation and risk reduction.

Strategic risk can be described as the enterprise-level risk of a negative impact on earnings or capital arising from an organisation’s failure to create and execute appropriate business plans and strategies, improper implementation of decisions, or lack of responsiveness ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Executive's Guide to IT Governance: Improving Systems Processes with Service Management, COBIT, and ITIL

ISO 22301:2019 and business continuity management – Understand how to plan, implement and enhance a business continuity management system (BCMS)

Alan Calder

Publisher Resources

ISBN: 9781849281287

IT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT

by Alan Calder

CHAPTER 4: GOVERNANCE AND RISK MANAGEMENT

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like

Executive's Guide to IT Governance: Improving Systems Processes with Service Management, COBIT, and ITIL

Governance of IT

Corporate Governance Matters, 3rd Edition

ISO 22301:2019 and business continuity management – Understand how to plan, implement and enhance a business continuity management system (BCMS)

Publisher Resources

CHAPTER 4: GOVERNANCE AND RISK MANAGEMENT

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,and much more.

You might also like

Executive's Guide to IT Governance: Improving Systems Processes with Service Management, COBIT, and ITIL

Governance of IT

Corporate Governance Matters, 3rd Edition

ISO 22301:2019 and business continuity management – Understand how to plan, implement and enhance a business continuity management system (BCMS)

Publisher Resources

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.