Implementing Frameworks and Standards for the Corporate Governance of IT sets out for managers, executives and IT professionals the practical steps necessary to meet today’s corporate and IT governance requirements.
It provides practical guidance on how board executives and IT professionals can navigate, integrate and deploy to best corporate and commercial advantage the most widely used of today’s IT management and IT governance frameworks and standards from around the world.
FOREWORD
PREFACE
ABOUT THE AUTHOR
ACKNOWLEDGEMENTS
CONTENTS
INTRODUCTION: CORPORATE GOVERNANCE CONTEXT
Background
Governance
Fiduciary duties
Governance frameworks
Emergence of IT governance
CHAPTER 1: IT GOVERNANCE DEFINED
CHAPTER 2: INTELLECTUAL CAPITAL AND THE INFORMATION ECONOMY
CHAPTER 3: STRATEGY: THE SEARCH FOR COMPETITIVE ADVANTAGE
Development of IT strategy
Business, information and IT strategies
Information strategy
IS strategy
Application strategy
IT strategy
The six-step IT strategy process
Measurement and quality
The IT Balanced Scorecard
Perspectives
Balanced Scorecard implementation
CHAPTER 4: GOVERNANCE AND RISK MANAGEMENT
Enterprise risk management31
Operational risk management
IT risk management
CHAPTER 5: IT REGULATORY COMPLIANCE
Information security law: the emerging standard for corporate compliance34
CHAPTER 6: INFORMATION AND CONTINUITY RISK
Information risks and ISO27001
Continuity risks and BS25999, ISO/IEC 24762
Civil contingencies and business continuity planning
CHAPTER 7: INTERNAL CONTROL FRAMEWORKS
UK Combined Code and Turnbull Guidance
Sarbanes-Oxley
COSO and internal control
COBIT
Val IT
CHAPTER 8: PROJECT GOVERNANCE
Project failure
Project governance objectives
Execution risk
Executive-level project governance
Board-level project governance
Project management frameworks
Agile project management
OPM3®
Conclusions
CHAPTER 9: COMPONENTS OF IT GOVERNANCE
Key decision areas
1: IT governance principles and decision-making hierarchy (see Chapter 10: ISO/IEC 38500)
2: Information strategy (see Chapter 3: Strategy: The Search for Competitive Advantage)
3: IT strategy (see Chapter 3: Strategy: The Search for Competitive Advantage)
4: IT risk management see (see Chapter 6: Information and Continuity Risk)
5: IT architecture (see Chapter 16: Enterprise IT Architecture Committee)
6: IT investment and project governance (see Chapter 8: Project Governance)
7: Regulatory compliance and information security (see Chapter 5: IT Regulatory Compliance)
CHAPTER 10: ISO/IEC 38500
Scope
Application
Objectives
Benefits
Definitions
The six principles of IT governance
1: Responsibility
2: Strategy
3: Acquisition
4: Performance
5: Conformance
6: Human behaviour
The IT governance model in ISO/IEC38500
Evaluate
Direct
Monitor
Accountability
Applying the six principles
1: Responsibility
2: Strategy
3: Acquisition
4: Performance
5: Conformance
6: Human behaviour
Alignment between ISO/IEC 38500 and the Calder-Moir Framework
CHAPTER 11: IT GOVERNANCE FRAMEWORKS AND STANDARDS
Frameworks
COBIT™
ISO/IEC 2 7002:2005 and ISO/IEC 2 7001:2005
ISO/IEC 27005:2008 and BS3110
Payment Card Industry Data Security Standard
ITIL®
BS25999
PMBoK™ and PRINCE2™
The Zachman Framework and TOGAF
Conformance
Convergence
COBIT-linked initiatives
Management standard convergence
IT governance starting point
End-to-end IT governance process
CHAPTER 12: THE CALDER-MOIR FRAMEWORK
Navigating the framework
1: Business Strategy
2: Risk, Conformance and Compliance
3: IT Strategy
4: Change
5: Information and Technology
6: Operations
Evaluate, direct, monitor
Plan, Do, Check, Act
Some subtleties
CHAPTER 13: IMPLEMENTING IT GOVERNANCE
Maturity models
What is a maturity model?
CMMI
The IT governance implementation process
Pre-requisites
Strand 1
Strand 2
Initial completion
Issues that must be resolved
The problem of silo management
Obtaining the board’s buy-in
Identify symptoms
Organisational politics and IT governance
Conclusions
CHAPTER 14: DECISION MAKING AND THE IT ORGANISATION
The CEO
The CIO
The CIO: role description
Key CIO challenges
Culture
Innovation
Asset leverage
Strategy
Operations
Staffing
Processes and quality
Compliance and security
IT management structure
IT organisational structure
Outsourcing
Supplier selection
Outsourcing contracts
CHAPTER 15: IT STEERING COMMITTEE AND EXECUTIVE COMMITTEE
IT steering committee
Composition of the IT steering committee
Executive IT committee
CHAPTER 16: ENTERPRISE IT ARCHITECTURE COMMITTEE
Centralised or decentralised IT?
Enterprise IT architecture committee
The Zachman Framework
The Open Group Architecture Framework
Service-oriented architecture
Conclusion
CHAPTER 17: IT AUDIT
CHAPTER 18: THE ITIL/COBIT/ISO27002 JOINT FRAMEWORK
New Joint Framework
Benefits of using the Joint Framework
CHAPTER 19: THE IT MANAGEMENT SYSTEM OF TOMORROW
PAS99
The integrated management system
A single PDCA model
What are the differences between the two PDCA models?
Aspects of integrating ISO/IEC 27001 and ISO/IEC 20000
Management commitment
A single documentation framework
Document control requirements
Record control requirements
Electronic records and e-discovery
Hierarchy of documentation
Single monitoring, review and audit framework
Monitoring
Auditing
Audit programme
Management responsibilities
Reviewing
CHAPTER 20: CALDER-MOIR IMPLEMENTATION —#8212;A 15-STEP PROCESS
Implementing Frameworks and Standards for the Corporate Governance of IT sets out for managers, executives and IT professionals the practical steps necessary to meet today’s corporate and IT governance requirements.
It provides practical guidance on how board executives and IT professionals can navigate, integrate and deploy to best corporate and commercial advantage the most widely used of today’s IT management and IT governance frameworks and standards from around the world.
Table of contents
FOREWORD
PREFACE
ABOUT THE AUTHOR
ACKNOWLEDGEMENTS
CONTENTS
INTRODUCTION: CORPORATE GOVERNANCE CONTEXT
Background
Governance
Fiduciary duties
Governance frameworks
Emergence of IT governance
CHAPTER 1: IT GOVERNANCE DEFINED
CHAPTER 2: INTELLECTUAL CAPITAL AND THE INFORMATION ECONOMY
CHAPTER 3: STRATEGY: THE SEARCH FOR COMPETITIVE ADVANTAGE
Development of IT strategy
Business, information and IT strategies
Information strategy
IS strategy
Application strategy
IT strategy
The six-step IT strategy process
Measurement and quality
The IT Balanced Scorecard
Perspectives
Balanced Scorecard implementation
CHAPTER 4: GOVERNANCE AND RISK MANAGEMENT
Enterprise risk management31
Operational risk management
IT risk management
CHAPTER 5: IT REGULATORY COMPLIANCE
Information security law: the emerging standard for corporate compliance34
CHAPTER 6: INFORMATION AND CONTINUITY RISK
Information risks and ISO27001
Continuity risks and BS25999, ISO/IEC 24762
Civil contingencies and business continuity planning
CHAPTER 7: INTERNAL CONTROL FRAMEWORKS
UK Combined Code and Turnbull Guidance
Sarbanes-Oxley
COSO and internal control
COBIT
Val IT
CHAPTER 8: PROJECT GOVERNANCE
Project failure
Project governance objectives
Execution risk
Executive-level project governance
Board-level project governance
Project management frameworks
Agile project management
OPM3®
Conclusions
CHAPTER 9: COMPONENTS OF IT GOVERNANCE
Key decision areas
1: IT governance principles and decision-making hierarchy (see Chapter 10: ISO/IEC 38500)
2: Information strategy (see Chapter 3: Strategy: The Search for Competitive Advantage)
3: IT strategy (see Chapter 3: Strategy: The Search for Competitive Advantage)
4: IT risk management see (see Chapter 6: Information and Continuity Risk)
5: IT architecture (see Chapter 16: Enterprise IT Architecture Committee)
6: IT investment and project governance (see Chapter 8: Project Governance)
7: Regulatory compliance and information security (see Chapter 5: IT Regulatory Compliance)
CHAPTER 10: ISO/IEC 38500
Scope
Application
Objectives
Benefits
Definitions
The six principles of IT governance
1: Responsibility
2: Strategy
3: Acquisition
4: Performance
5: Conformance
6: Human behaviour
The IT governance model in ISO/IEC38500
Evaluate
Direct
Monitor
Accountability
Applying the six principles
1: Responsibility
2: Strategy
3: Acquisition
4: Performance
5: Conformance
6: Human behaviour
Alignment between ISO/IEC 38500 and the Calder-Moir Framework
CHAPTER 11: IT GOVERNANCE FRAMEWORKS AND STANDARDS
Frameworks
COBIT™
ISO/IEC 2 7002:2005 and ISO/IEC 2 7001:2005
ISO/IEC 27005:2008 and BS3110
Payment Card Industry Data Security Standard
ITIL®
BS25999
PMBoK™ and PRINCE2™
The Zachman Framework and TOGAF
Conformance
Convergence
COBIT-linked initiatives
Management standard convergence
IT governance starting point
End-to-end IT governance process
CHAPTER 12: THE CALDER-MOIR FRAMEWORK
Navigating the framework
1: Business Strategy
2: Risk, Conformance and Compliance
3: IT Strategy
4: Change
5: Information and Technology
6: Operations
Evaluate, direct, monitor
Plan, Do, Check, Act
Some subtleties
CHAPTER 13: IMPLEMENTING IT GOVERNANCE
Maturity models
What is a maturity model?
CMMI
The IT governance implementation process
Pre-requisites
Strand 1
Strand 2
Initial completion
Issues that must be resolved
The problem of silo management
Obtaining the board’s buy-in
Identify symptoms
Organisational politics and IT governance
Conclusions
CHAPTER 14: DECISION MAKING AND THE IT ORGANISATION
The CEO
The CIO
The CIO: role description
Key CIO challenges
Culture
Innovation
Asset leverage
Strategy
Operations
Staffing
Processes and quality
Compliance and security
IT management structure
IT organisational structure
Outsourcing
Supplier selection
Outsourcing contracts
CHAPTER 15: IT STEERING COMMITTEE AND EXECUTIVE COMMITTEE
IT steering committee
Composition of the IT steering committee
Executive IT committee
CHAPTER 16: ENTERPRISE IT ARCHITECTURE COMMITTEE
Centralised or decentralised IT?
Enterprise IT architecture committee
The Zachman Framework
The Open Group Architecture Framework
Service-oriented architecture
Conclusion
CHAPTER 17: IT AUDIT
CHAPTER 18: THE ITIL/COBIT/ISO27002 JOINT FRAMEWORK
New Joint Framework
Benefits of using the Joint Framework
CHAPTER 19: THE IT MANAGEMENT SYSTEM OF TOMORROW
PAS99
The integrated management system
A single PDCA model
What are the differences between the two PDCA models?
Aspects of integrating ISO/IEC 27001 and ISO/IEC 20000
Management commitment
A single documentation framework
Document control requirements
Record control requirements
Electronic records and e-discovery
Hierarchy of documentation
Single monitoring, review and audit framework
Monitoring
Auditing
Audit programme
Management responsibilities
Reviewing
CHAPTER 20: CALDER-MOIR IMPLEMENTATION —#8212;A 15-STEP PROCESS
Facebook
Twitter
Linkedin
Whatsapp