BIG DATA AND IT GOVERNANCE

Group 1
Rahul Ranjan PGP31102
Musadhiq Yavar PGP31389
Ritusri Ray PGP31404
Khushboo Solanki PGP31412
Tampishree Choudhury PGP31420
WHAT IS IT GOVERNANCE ?
IT governance is the set of processes that ensure the effective and
efficient use of IT in enabling an organization to achieve its goals.
- Gartner
Definition

Its a strategic framework for decision rights and accountability to

encourage desirable behavior in the use of IT.
Hence the main goal of IT governance is to

1. Align the IT objective with the business objective

2. To minimize IT-related risk.

From what we have learnt IT governance has 5 major aspects

1.Strategic Alignment
2. Value Delivery
3.Resource Management
4.Performance Measurement
5.Risk Management

We will look at how Big data could help us enhance the objectives of IT governance
WHAT IS BIG DATA?
When data becomes difficult to handle by the traditional databases and data management
tools due to its Volume, Variety and/or Velocity (Commonly referred to as 3 Vs)

- Definition

It includes both the structured as well as unstructured data.

WHAT IS BIG DATA?
COMMONLY USED BIG DATA TOOLS
1. R

2. Hadoop

3. Cloudera

4. MongoDB

5. Talend

6. RapidMiner

7. IBM SPSS Modeler

 WHAT?
TheCOBIT 5 is a framework for the governance and management of enterprise IT and
can help organizations get more value from information and technology.

It is a supporting toolset that allows managers to bridge the gap

between control requirements, technical issues and
business risks.

WHO CAN USE?

COBIT 5 is used globally by those who have the primary responsibility for business
processes and technology, depend on technology for relevant and reliable information,
and provide quality, reliability and control of information and related
technology.
 COBIT CASE STUDY: HARLEY-DAVIDSON
The business goal of Harley-Davidson Motor Company is
Business Goal : to produce and sell high-quality motorcycles

Limited attention was given to internal audit and

Problem Area & controls
The challenge was in getting management, information technology

Challenges:
(IT) and audit speaking the same language and working
toward increased control, while still respecting the companys
unique culture

Harley-Davidson created an IS compliance department and then

How COBIT Helped: converted the control framework to COBIT

Key to introducing COBIT was ensuring that all of IT and management understood why
they needed to care about effective, value-focused controls

One of the major benefits of using COBIT as its overall internal control and compliance model
was getting everyoneespecially nontechnical motorcycle expertsrevved up about control
activities and why controls are important
 Driving internal change was also a key goal of this highly
How COBIT Helped competitive company, and COBIT benchmarking was an invaluable
tool for independent comparison. It put the information in the right
Contd..: perspective for management and to obtain overall buy-in

IT governance personnel can map frameworks behind the scenes.

End users need to be aware of only one standard.
Benefits to IT can easily show compliance with multiple frameworks.
It helps establish a consistent focus.
HD: It gains external audit agreement on the companys control position.
It establishes the ability to use control objectives to help identify root
causes.
There is a comprehensive view of the risk and control environment.
It provides a foundation for all future internal and Sarbanes-Oxley-related
audits

The company is also planning to conduct an IT governance audit using Val

Plan Ahead: IT, a governance framework that helps boards of directors and executive
management attain an appropriate return on investment (ROI) for IT-
enabled investments.
BIG DATA & COBIT
Big data, cover three areas:

Marketing situational awareness IT predictive

(variety of information) analytics
(velocity of
information)

Fraud detection
(volume of information)
STRATEGIC IT RISK RELATIONSHIPS WITH BIG DATA RISKS
Risk presented Strategic IT risks
by big data Obsoles Integratio Interoperabili Securit Scalabilit Retrofit
cence n ty y y
High cost
Idle or
unutilized
data
Insufficient
infrastructure
Management
of data
Privacy,
security and
misuse of data
COBIT 5 PROCESSES ADDRESSING STRATEGIC ALIGNMENT
The COBIT 5 processes that were identified to address strategic alignment are now mapped to big
data strategic risks.

Each risk is considered for every strategic alignment process, based on various factors, such as the
risks attributes regarding current or future uses, being technology driven, the involvement with
people, its encumbering value or its link with big data business imperatives
WHAT IS VAL IT? NEED FOR VAL IT
A conservation framework which
helps firms in investments
It consists of principles, processes
and best practices related to
IT investments are not supporting the business strategy or providing
Value governance expected value.

There are too many projects, resulting in efficient use of recourses.

Portfolio management
Projects often delayed, run over budget, and/or don not provide the
needed benefits.
Investment management
It needs to ensure compliance to industry or governmental regulations.
7 PRINCIPLES OF VAL IT BENEFITS OF VAL IT
IT investments will be Increase ROI in projects
1. Be managed as a portfolio of Investments. Generate business value
2. Include the full scope of activities, Manage IT enables business
required to achieve business value.
investments
3. Be managed through full economic life
cycle.
Increase value of the
technology investments
Value delivery practice will be
4. Recognize categories of investments to be
Reduce cost of unnecessary
evaluated & managed investments
5. Define & monitor key metrics and respond Better decision making in
quickly to any changes or deviations terms of investments
6. Engage all stakeholders and assign
appropriate accountability
7. Be continually monitored, evaluated and
improved
MAJOR PROCESSES OF VAL IT

VG: is to optimize the value of an organizations IT-enabled

investments

PM: is to ensure that an organizations overall portfolio of IT-enabled

investments is aligned with & contributing optimal value to the
organizations strategic objectives

IM: is to ensure that an organization's individual IT-enabled investment

programs deliver optimal value at an affordable cost with a known and
acceptable level of risk
 Case study: ISEC
About the company
Advisors in developing complete security
programmes with real benefits for business,
processes, people and technologies
Work to determine how to best implement
information security strategies based on
governing environments, cultures, data
sensitivity and internal capabilities
Offers an end-to-end portfolio of services to
helps manage security risks across an entire
organization
Use solid and up-to-date tech to bring
together risk management capabilities and
focus on business objectives
Implementing VAL IT
Val IT is used in the consulting services sector
of ISEC
ISEC focusses strongly on Val IT
implementation as it brings more
transparency and strong decisional factors
After applying portfolio management
principles, they are able to evaluate, direct
and monitor the IT investments in a broader
perspective over the full economic cycle.
 Case study: ISEC Contd.

Approach to VAL IT implementation

ISEC believes that strongest frameworks permit selecting parts to implement for every single
organization, depending on their profile, existing risks and future needs
By implementing Val IT, ISEC first carefully analyse the scope of the processes, as the
framework could seems too sophisticated or complex for most organizations
To understand better ISEC familiarizes us with subsets, by assessing and scaling the best of
the processes in order to answer to its client needs
ISEC sees that implementing Val IT helps to focus on financial aspects- such as one should
never be afraid to cut costs or dissolve projects with no gains
With the right implementation, they will have the right tools to do that. Although a Val IT
implementation project could somewhat meet rejection throughout organization, anyone
should first see Val It as a concept and strong tools that helps to calculate and improve value
Val IT and Big Data

Elements important to enable systematic strategic planning:

Anticipated returns and potential impacts to competiveness through adoption
Potential impact to the current operational ecosystem
Opportunity cost for the investment (i.e., what else the enterprise might
have invested in instead)
Loss of value for investments already made

Big data analytics is particularly appealing to many enterprises because, in many

cases, they have already made some investment in both business analytics and
the collection of large data sets, on which analytics can be applied to generate
value.
POLICE CASE STUDYIT GOVERNANCE INSTITUTE

Value for Police

It is not financial ROI as it is a government agency
It is strategic outcomes - reducing crimes and increasing safety
Streamlining the processes staff scheduling
Infrastructure is up-to-date and foolproof
POLICE PROJECT BASED OUTCOME MAP
VALUE GOVERNANCE LIFE CYCLE
LIFE CYCLE

Pre-projectWhere ideas are received, assessed and qualified. If the idea is

approved, it goes into the program schedule, assuming there is an availability
of resources and funds.
ProjectWhere a project team will design, build and implement the system.
This may include necessary changes within management and the initiatives
that are required to achieve the business outcomes
Post-projectWhere the benefits are realized, and a comparison of the
benefits achieved against the business case is performed
RISKS INVOLVED

In between Gate 1 and Gate 2 there is a Business Case Assessment: This

assessment involves scoring the project from 0-5 according to its benefits,
cost and risk.
Benefits are viewed as a positive contribution of the project to Police
strategic outcomes
Risks are viewed as
Risk of technology (new technology? Dependable?)
Risk on not delivering the project
Risk of not delivering the benefits
BENEFITS/FUNCTIONALITY TABLE
RESULTS PROPERTY CRIME IN THE COMMUNITY

Positive results were noted:

Appreciable time and effort savings = 89 staff

Better targeted patrolling

Better quality court briefs

More property returned to its rightful owner

More timely information for officers-in-charge

More crimes solved (crime rates dropped)

A new Police culture has been created that respects the business value of the new system
Project selection is objective and aligned to agency strategy
Relevant affected area of business is accountable for the delivery of benefits
Real value to the Police of the new IT system is about doing things better with fewer staff.
ENTERPRISE RISK MANAGEMENT
J&J
Identifying potential events affecting entity

Managing associated risks & opportunities

Providing assurance of companys objectives to be

achieved
RISKS IDENTIFIED BY J&J

SELECT RISK STRATEGI OPERATIONA COMPLIANC FINANCIAL &

STRATEGIC MANAGEMENT C RISK L RISK E RISK REPORTING
FUNCTIONS RISK
CORPORATE
INTERNAL AUDIT
OPERATIONAL
ENVIRONMENT,
HEALTH & SAFETY
GLOBAL FINANCE
COMPLIANCE
GLOBAL MEDICAL
ORGANIZATION
GLOBAL SECURITY
FINANCIAL & REPORTING
IT RISK
MANAGEMENT
(ITRM)
IT JOURNEY
Increasing IT Infrastructure costs

Rapid increase of demand for apps, servers, storages, hardware, end user support

Shift to consolidate IT under centralized division

Technology costs tracked down - Networking division to provide IT support

ITIL implementation
BIG DATA & IT RISK MANAGEMENT -
NOVARTIS

Identify potential triggers leading to interruption of key activities, analyse duration of

consequences

Preventive and risk-minimization measures applied

Developing continuity plans for remaining risks to ensure business resumption in a timely
fashion
IMPLEMENTING BIG DATA & IT RISK
MANAGEMENT

Novartis and Roche &

QUALCOMM Track of drug usage QUALCOMM, Novo Medical Internet of
Host of big data
internet connected on smartphones Nordisk & Things
inhaler QUALCOMM
Conclusion

We conclude by studying a few organizations that the usage of Big data brings with itself an
additional set of IT risk.
The IT governance framework are robust enough to identify ,map and mitigate this risk.
THANK YOU