Professional Documents
Culture Documents
Presented by:
Mark Toomey
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 1
This set of presentation slides was Consultants may provide a copy of these
developed for, and delivered at the itSMF slides to their clients without royalty
Australia 11th National Conference. providing that they are in their original
form and that they are accompanied by a
The slides are now available for download recommendation that Infonomics be
by participants in the conference and other consulted if further guidance is required.
interested parties, for their personal use in
self-development, and for the purpose of This material was prepared to provide
facilitating conversations with their general guidance and stimulate debate. It
colleagues, including top level should not be construed as providing
management and directors. Permission is professional advice and services for any
hereby given for participants to print and particular or specific situation. As such, it
copy this material for these purposes only. should not be used as a substitute for
consultation with expert advisers. Before
The slides do not equip readers with the making any decision or taking any action
in-depth knowledge required to enable you should consult with Infonomics Pty Ltd
them to provide any form of instruction or or other competent professionals.
consulting advice.
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 2
Top 5 management priorities of local CIOs
(Courtesy Peter Hind)
2006 2007
Aligning IT and business goals 1 1
Improving internal user satisfaction 3 2
Business continuity/risk management 2 3
IT-enabled process improvement 4 4
IT staff development 6 5
Controlling IT costs 5 6
Measuring & communicating IT value 10 7
IT governance IT governance 8 8
Improving project management discipline 9 9
Regulatory compliance 11 10
Revenue generating services/products N/A 11
Internal IT knowledge management 7 12
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008
IT is changing the rules of the game in delivery
of education how do we adapt and lead?
G-O-Learning
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 5
We worked through a structured process to build
understanding and prepare for change
2a Interviews
6a Signoff
1a Logistics 4a Develop Charter
4b Develop Policy
Four-draft 6b Communication
1b Assertions Review
Cycle
3 Executive
Workshop
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 7
ISO 3500 Framework
A Model, and Six Principles
Corporate
Governance
Evaluate Responsibility;
Direct Monitor Strategy;
Acquisition;
Policies
Conformance
Proposals
Plans,
Performance
Performance;
Conformance;
Human Behaviour.
IT IT
Projects Operations
Corporate Management
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 8
Using ISO 38500
Guide for assessment and improvement
Evaluate Direct Monitor
Principles
Responsibility
What does each cell mean?
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 9
The measurement showed where we had scope
for improvement
A B C A B C A B C A B C A B C A B C A B C A B C
AS8015 Principles
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 10
We considered key issues regarding assignment
of responsibility for IT
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 11
We considered key issues regarding planning for
IT
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 12
We considered key issues regarding decisions to
invest (spend) on IT
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 13
We designed a new way of controlling our use of
IT
Council
A = Financial Institution
B = Listed Industrial
C = Local Government Body
2006 Research with RMIT
Industry November 2006 Performance Measure: Audit & Risk
Committee
Corporate
Committee
Executive
Committee
Governance Organisation:
Midco, May 2007
executive responsibility.
Legend
Education
Services Reports
Business System ICT Infrastructure
A B C A B C A B C A B C A B C A B C A B C A B C Corporate Steering Committee Steering Committee Participates
Services
Informs
Owns
AS8015 Principles
Responsibility Policy:
Manage, update & communicate business/ICT strategy
Process Model:
Midco
Monitor emerging technologies & trends
IT Governance
plan
Manage production problems
Manual
Administer and manage the TAFE
business using management &
into appropriate
Manage & allocate resource pool
operational capability.
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 14
Midco Developed Policy for control of IT
based on the ISO 38500 principles
Evalu ate Direct M on itor
Prin cip les
Responsibility
Strategy
Acquisition
Your ISO
38500
Strategic Policies
Performance
Conformance
Framework
Human Behaviour
Your posture relative to Principles
Board role: consultation and approval
Operating policies
Specify how projects and operations are conducted
Board role: awareness
Usage policies
Rules for how people use the business systems and technology resources
Board role: part of user community.
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 15
Midcos structure for governing IT is firmly based
on clear responsibility for Demand and Supply
Ongoing
Business Domain:
Strategic business
How IT is used to
Business operations
enable and operate
Future
the business
ValIT
Demand
Demand
Supply
Supply
IT Domain: Effective IT Reliable IT
How IT is managed enabled change Service
and delivered.
ITIL, ISO 20000, ISO 27000, CoBiT
etc
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 16
Midcos system for governing IT fully integrates
board oversight and management tasks.
Responsibility
Corporate
Governance Oversight
ISO 38500
Board
Future
ValIT
Demand
Demand
Supply
Supply
IT Domain: Effective IT
How IT is managed and Reliable IT Service
enabled change
delivered.
ITIL, ISO 20000, ISO 27000, CoBiT etc
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, Page 17
2008
Midcos Overarching Policy: Responsibility for IT
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 18
The Responsibility Policy is specific about
executive and management responsibility
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 19
It establishes clear expectations of the new IT
Governance committees
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 20
There five further overarching policies
Technology
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 22
The Fundamental Equations:
Changing The Business System
People People
People
The The
The
Process Business Structure Process Business
Process Structure
Structure
Business
System System
System
Technology Technology
Technology
Traditional IT Change Project
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 23
The Fundamental Equations:
Changing The Business System
Change Program
Changed
People Business System People
People
People
Process
Technology
The Changed
The
Structure ChangedThe Changed
Process Business Structure People Process Business Structure
Process Structure
Process BusinessStructure
System Business Context System
System
Process
Technology
Technology Changed
Technology
Technology
Traditional IT Change Project
Structure Technology
People
Governing IT Enabled Change involves much more than governing technology activities.
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 24
The Executive has overall responsibility for IT
Three organisation
Board elements:
IT Governance
Audit & Risk Corporate Executive
Committee Committee Committee Committee
Business System
Steering
Committees
IT Infrastructure
Chief Executive Officer
Steering
Committee
Business
Development IT Governance
Advisory Committees
Committee
Front-line
operations
Legend
Production
Operations Reports
Business System IT Infrastructure
Steering Steering
Corporate Committee Committee
Participates
Services
Informs
Owns
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 25
The IT Governance Committee is the focus for
key decisions about the use of IT
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 27
Steering committees are key to operation of the
governance system
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 28
The Process Model involves four primary process
groups
1 2 3 4
Vision Strategy Plan Deliver Operate
Ge neralised Specific Detaile d Activity Ongoing
Inte nded Actions,
perfor mance Busine ss C ha nge Busin ess Set Targets
Targets
, ca pa bility, Priority & Projects Manage &
profile , Seque nce
People report
be haviour Busine ss Ca se : -
A llocate Funds &
Process performance
Resour ces Structure Ensure Service
Organise Syste ms Technology
Support the
3 Key Questions & Infrastructure
Manage business
Do todays IT systems meet Project Risk
ongoing needs? Benef its
Does planned business affect IT
systems?
What does technology evolution
mean for business? Policy Foundation
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 29
Most of these things already happen, but we now
have a different perspective
Manage, update & communicate business/IT strategy
New approach to
responsibility
Measure & Report business/IT performance
need to be
Deliver Business/IT Initiative
Plan new business/IT initiative
Establish business/IT strategy
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 30
It looks complicated, but experience will make it
seem easy
The Magic
Roundabout in
Swindon, UK
looks confusing
but has a lower
accident rate
than normal
intersections,
with much
higher traffic
flows.
Stage one
Business System & IT Infrastructure
Steering Committees
Stage three
Governance
Committee Initiative
Planning
Guiding Policies
Strategic Plan
Membership)
Assessments
Governance
Responsibility Initiative
(including
Strategic
Charters
Policy Delivery
Training
Refined
Governance Continuing
Process Operations
Model Governance Processes
Detailed Policies
Governance Oversight
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 33
Midcos situation today
Continuing to evolve their system for governance of IT;
Learnings from the project supported a major restructure
of the organisation;
Business is now fully engaged in setting the IT agenda
and is fully responsible for deciding priority;
IT department gets on with its job free of unfair criticism,
and is able to devote resources to improving service
delivery;
New initiatives are getting off the ground as well defined,
formal business projects for the first time in years;
Skunkworks initiatives have disappeared;
Suppliers are no longer driving the Technocitement
agenda.
2008 Infonomics Pty Ltd What does ISO 38500 mean for us? 2 September, 2008 Page 34
Information Technology allows us to
change the way we do things
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 35
Corporate Governance of IT enables us to direct
and control the change with confidence
Corporate
Governance
Evaluate Responsibility;
Direct Monitor Strategy;
Acquisition;
Policies
Conformance
Proposals
Plans,
Performance
Performance;
Conformance;
Human Behaviour.
IT IT
Projects Operations
Corporate Management
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 36
ISO 38500 provides the missing link in building
an effective system of governance
Responsibility
Strategy
CobiT Acquisition
ITIL Performance
Prince2 People
Conformance
PMBOK Human
Behaviour
Gateway
ValIT Control
Process and Direct Structure
use of IT.
Council
Technology
Audit & Risk Corporate Executive
Committee Committee Committee
Business
Development ICT Governance
Advisory Committees
Committee
Education
Programs
Legend
Education
Services Reports
Business System ICT Infrastructure
Corporate Steering Committee Steering Committee Participates
Services
Informs
Owns
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008 Page 37
Discussion
and
Questions
2008 Infonomics Pty Ltd Corporate Governance of IT: ISO 38500 Case Study 2 September, 2008