Aligning IT with the business is a key board objective. Better shareholder returns, greater competitiveness and fewer compliance issues are typical benefits of an IT governance framework. This is not a technology book.It has been written specifically for those directors, managers and their professional advisers who want to leverage IT more effectively to compete in our information economy. It argues that getting real value from IT is about leadership and shows how the board and CEO can take that lead - and avoid security breaches, project failure, compliance exposure, reputation damage, job loss and jail time. It’s a book for business leaders of today - and tomorrow.

• About the author
• CONTENTS
• INTRODUCTION
  • Symptoms of inadequate IT governance
  • Competitiveness
  • Shareholder accountability
  • Compliance
  • Directors’ personal liability
  • Conclusion
• CHAPTER 1: WHY IT GOVERNANCE MATTERS
  • Governance background
  • Information economy, intellectual capital
  • Competitiveness
  • Governance convergence
  • Strategic and operational risk management
  • Regulatory compliance
  • Information risk
  • Strategic system deployment and project governance
  • Benefits of an IT governance framework
• CHAPTER 2: GOVERNANCE AND RISK MANAGEMENT
  • Fiduciary duties
  • Governance frameworks
    • OECD Principles of Corporate Governance
    • BIS and Basel 2
    • Operational risk
  • Capital markets and financial reporting convergence
  • Converging audit requirements
    • UK Companies Act 2004
    • EU 8 th Company Law Directive
  • Corporate Governance in Europe
  • Combined Code and the Turnbull Guidance
    • The Turnbull Report
    • Revised Combined Code
  • Sarbanes Oxley
    • Key sections of Sarbanes Oxley Act
    • Internal controls and audit
  • Risk management framework
    • Risk Assessment
    • Controls
    • Risk management
  • Conclusions
• CHAPTER 3: INTELLECTUAL CAPITAL
  • Knowledge assets
  • Tangible relevance
  • Structure of intellectual capital
  • The role of IT governance
  • Beyond knowledge management
  • Protecting intellectual assets
    • Copyright
    • Design
    • Patent
    • Trademark
      • Copyright Designs and Patents Act 1988 (‘CDPA’)
  • Third party intellectual property rights (IPR)
    • Software copyright
  • Conclusion
• CHAPTER 4: COMPLIANCE
  • Privacy and Data Protection
    • OECD Guidelines
    • Tomorrow
    • Guidelines for Directors
  • National regulation
    • EU Regulation
    • UK Regulation
      • Data Protection Act 1998 (‘DPA’)
    • US Regulation
      • The Safe Harbor framework
      • The Gramm-Leach-Bliley Act (‘GLBA’)
      • The Fair Credit Reporting Act (‘FRCA’)
      • The Health Insurance Portability and Accountability Act (‘HIPAA’)
      • The Californian Senate Bill 1386 of 2003(‘SB 1386’)
      • The California Online Privacy Protection Act of 2004 (‘OPPA’)
    • APEC regulation
  • Anti-spam legislation
    • UK Privacy and Electronic Communications Regulations 2003
    • US CAN-SPAM Act
  • Freedom of Information legislation
  • Computer misuse legislation
    • Computer Misuse Act 1990 (‘CMA’)
  • Human Rights
    • The UK’s Human Rights Act 1998 (‘HRA’)
    • Regulation of Investigatory Powers Act 2000 (‘RIPA’)
    • Code of Practice
  • Other legislation
  • Record retention and destruction
  • Conclusion
• CHAPTER 5: INFORMATION RISK
  • Overview of threats and impacts
    • Threats
    • Impacts
  • Information security governance
    • Governance failure
  • Complexity and larger organizations
    • Threats to larger organizations
    • Vulnerabilities in larger organizations
    • Impacts on larger organizations
  • ‘Traditional’ external threats
  • ‘Traditional’ insider threats
  • Organized crime
  • Terrorism
  • Emerging trends
  • Information security best practice
  • The need for metrics
    • Guidelines for Directors
• CHAPTER 6: SYSTEM DEPLOYMENT AND PROJECT RISK
  • Project failure
  • Project governance objectives
  • Execution risk
  • Executive level project governance
  • Board level project governance
  • Conclusions
• CHAPTER 7: DESIGNING AN IT GOVERNANCE FRAMEWORK
  • Business context and culture
  • IT governance framework
  • Business, information and ICT strategies
  • IT steering and executive committees
    • Board steering committee
    • Executive committee
    • Enterprise IT architecture committee
    • Technology committee
  • Hierarchy of IT decisions
    • Key implementation principles
    • Follow the money
    • Mind the gap
  • Reporting and monitoring framework
    • IT audit
  • External systems and standards
  • Metrics
• CHAPTER 8: IT GOVERNANCE IN ACTION
  • ‘Operationalization’ of strategy
  • Responsibility and accountability
  • IT goals, functional organization and communication
    • Communication
  • Information Strategy
  • ICT Strategy
    • Application strategy
    • Enterprise IT architecture
  • Project governance
    • Portfolio management
    • Risk management
    • Change Management
  • Information security and compliance
    • Information risk assessment
    • Compliance risks
  • IT performance optimisation
• CHAPTER 9: ISSUES FOR THE PUBLIC SECTOR AND NOT-FOR-PROFIT ORGANIZATIONS
  • Public sector organizations
  • Voluntary sector organizations
• CHAPTER 10: IT’S ALL ABOUT LEADERSHIP
  • Board leadership
  • CEO’s role
  • CIO leadership
  • IT users
• FURTHER READING
• USEFUL WEBSITES
  • Governance
  • Information security
  • Accounting, finance and economics