TOOLS AND USEFUL RESOURCES

At the time of writing, there is no neatly bundled IT governance toolkit available that I would recommend. Unlike IT service management where one framework fits all organisations pretty well, the make up of an IT governance framework will depend totally on the culture, goals and characteristics of an organisation. You will be pulling together a mix of standards, frameworks and tools from various sources to meet the specific requirements for your organisation.

Putting together an overarching framework is very much like mixing a cocktail. It requires patience and skill to balance the components, and adding too many components results in a mess that leaves a long hangover. Do not be tempted to adopt every form of recognised ‘best practice’. For a framework to be recognised as best practice, it has to have been in use for several years. You might find something that has been developed recently that fits your requirements perfectly, and provides a ‘lighter touch’ approach.

At the risk of stating the blindingly obvious, a tool is only a tool if it helps you and your business – so do not feel obliged to persevere with a reporting or monitoring scheme that just is not helpful.

Your biggest challenge will be to bridge the governance–management gap. You are aiming to purchase tools that will enable you to monitor and measure governance activity from the management layer, for displaying results at the governance layer, in a way that is meaningful and useful. Once you have read through the book, you will have a very clear idea of what is required and how monitoring and reporting processes can be set up to deliver this information.

TOOLING

Requirements for IT governance tools

There is a requirement for IT governance tools that support a principle-based assessment by enabling measurable outcomes to be linked to principles. These tools cannot be built through empirical means alone, but must be grounded on a platform of academic theory to be reliably useful. Governance runs on a long time frame. If I create a tool to make yoghurt, then it can be proved to work or not work within the space of 24 hours. If I create a tool to assist with the successful implementation of an IT governance framework, the value of the tool might not be evident for years. That said, there are some valuable tools available now that will assist in the building of elements of an IT governance framework, and these are referenced throughout the book.

Interfaces to management tools

No doubt your organisation is already using a number of IT tools, standards and frameworks at the management layer – ITIL®, ISO/IEC 20000, ISO/IEC 27000, COBIT®, CMMi and so on. Your governance tools should enhance the information reported from your management tools, or at least provide a filter for the delivery of relevant, succinct information to the governing body.

There is some excellent material available from government agencies, industry bodies, membership bodies and IT and director institutes in the form of procurement guidelines, frameworks and templates. Your vendors and suppliers will also have research material, white papers, templates and other useful information to guide you with the development of your framework.

CHECKLISTS

Governing body

  1. Read Part A of this book and decide on seven key objectives for the development of an IT governance framework for your organisation.
  2. Write your own extended versions of the principles of ISO 38500.
  3. Ensure that existing organisational policy supports these principles and create new a policy if required.
  4. Glance through Part B of this book and read the summary chapter at the end.
  5. Encourage your IT executives and managers to read Part B of this book.
  6. Work through how you, as the governing body, want to interact with the management team.
  7. Provide a briefing paper on what you expect to be achieved through the development of an IT governance framework, and discuss it with your executive team.

CIO

  1. Read Part B of this book to see what is entailed in delivering an IT governance framework – policy, process, procedure, systems, services, staff responsibility changes and so on.
  2. Glance through Part A of this book and read the summary chapter at the end.
  3. Read the briefing paper prepared by your board.
  4. Conduct a need-gap analysis to determine how far you are from delivering to the requirements of the governing body.
  5. Prepare terms of reference that connect the elements of the framework that you understand that you need to deliver with the requirements of the governing body.
  6. Identify potential team members and responsibilities and identify areas where you will need assistance from external resources.
  7. Prepare a budget, and the supporting documentation to seek approval and get started!

USEFUL RESOURCES

Committee of Sponsoring Organizations of the Treadway Commission COSO Internal Control-Integrated Framework 2011. Available at www.coso.org/ic-integratedframework-summary.htm

Financial Reporting Council Turnbull Report Internal Control: Guidance for Directors on the Combined Code 2005. Available at www.frc.org.uk/Our.../Turnbull-guidance-October-2005.aspx

Hoverstadt, Patrick (2008) The Fractal Organisation: Creating Sustainable Organisations with the Viable System Model. Chichester, John Wiley and Sons.

Kotter, John P. (1996) Leading Change. Boston, Harvard Business Review Press.

Kotter, John P. (2008) A Sense of Urgency. Boston, Harvard Business Review Press.

Kotter, John P. (2012) The Heart of Change: Real-Life Stories of How People Change Their Organisations. Boston, Harvard Business Review Press.

Baldrige Performance Excellence Program www.nist.gov/baldrige

ISACA Body of Knowledge www.isaca.org and IT Governance Institute www.itgi.org

The Cabinet Office, UK, www.cabinetoffice.gov.uk

Basel II Report – www.bis.org/bcbs/about.htm

Gartner Research – www.gartner.com/technology/home.jsp

TOGAF, The Open Group – www.opengroup.org/togaf/

Lean Six Sigma – www.isixsigma.com/new-lean-six-sigma/

Prince 2 – www.prince-officialsite.com/

PMI & PMBOK – www.pmi.org/PMBOK-Guide-and-Standards.aspx

Sarbanes- Oxley Act 2002 – www.gpo.gov/fdsys/pkg/PLAW-107publ204/pdf/PLAW-107publ204.pdf, www.sec.gov/about/laws.shtml

Companies Acts – for example – www.legislation.gov.uk/ukpga/2006/46/contents

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset