This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2012 Gartner, Inc. and/or its affiliates. All rights reserved.

II Encontro Nacional de Auditores da Tecnologia da Informação-ENAUTI

Governança de TIC – Uma Visão do

Mercado

Claudio Chauke

Executive Partner, Gartner LATAM

Brasília, 06 de junho de 2013

What is Governance?

• Gartner defines "governance" as the process of:

- Setting decision rights and accountability, as well as establishing policies that are aligned to business objectives (preservation and growth of shareholder value)

- Balancing investments in accordance with policies and in support of business objectives (coherent strategy realization)

- Establishing measures to monitor adherence to decisions and policies (compliance and assurance)

- Ensuring that processes, behaviors, and procedures are in accordance with policies and within tolerances to support decisions (risk management)

- Bottom Line: Who decides and by what process?

1

In Undisciplined Times, Successful CIOs Maintain a Continuous Planning Initiative

Use Key Management Tools to Drive Focus and Discipline

Objective Focus Discipline

Strategy Dodge Threats,

Leverage Opportunities,

Meet Objectives

Strategy Process as a

Focusing Exercise

Formal

Development and

Refresh Processes

Architecture Agile and Flexible

Evolution Path,

Provide Resources

Standard, Open,

Service-Oriented

Strongly Enforced

Rules

Governance Efficient and Effective

Collaboration

The Right Links With

Demand and Supply

Formal Roles,

Responsibilities and

Decisions

Leadership Continued Vision and

Guidance

Alignment, Coordination

and Integration

The Right Balance

between

Trust and Control

IT Governance Strategy

IT Governance

• Goals

• Domains

• Decision Rights

• Principles and Policies

Demand Governance is Dysfunctional for Most Public Sector Organizations

Supply

Governance

(How Should IT Do What It Does?)

Demand

Governance

(What Should IT Work On?)

IT Management Primary Responsibility

Architecture

• Plan

• Implement

• Manage

• Monitor Compliance

Sourcing

Project Management

• Plan

• Implement

• Manage

• Monitor Compliance

Procurement • Plan

• Implement

• Manage

• Monitor Compliance

Corporate Compliance

Etc.

IT Supply Governance Domains

• Plan

• Implement

• Manage

• Monitor Compliance

• Plan

• Implement

• Manage

• Monitor Compliance

• Plan

• Implement

• Manage

• Monitor Compliance

• Plan

• Implement

• Manage

• Monitor Compliance

Security

Business Management Primary Responsibility

Business IT Strategy

Validation

Overall IT Investment & Expense

Develop Demand Governance Processes

Business/IT Operational

Planning

IT Investment Portfolios

(PPM)

Intra/Inter Enterprise

Prioritization

Demand Governance

Implementation

IT Value Assessment

Board IT Governance

Funding/ Chargeback

Spending/ Project

Oversight

Councils/ Committees

Issue Escalation/ Resolution

Business Benefits Realization

Business Unit Prioritization

Plan Implement Manage Monitor

Investment Evaluation

Criteria

IT Service Chargeback

IT Governance Effectiveness (Metrics, etc.)

A Changing Environment Changes Business Objectives

Contractual Target

Business Objective

Governance Frameworks Respond to Changes

And Steer Processes toward Changing Objectives

Regulatory Compliance Undermines the Business!

Restricts Business Agility and Flexibility

Compliance without a Business Focus

Business Objective

Business Objective

Regulatory Compliance Undermines the Business!

Does Not Properly Support Business Objectives

Business Objective

Actually

Achieved

Compliance without a Business Focus

IT Governance: From the Basic Concept, Two Perspectives, One Framework

IT governance is the set of

processes that ensure the

effective and efficient use of IT

in enabling an organization to

achieve its goals

IT Governance

Framework

Formal and verifiable

description of:

Principles

Processes

Relationships

Decisions

Business

Alignment of decisions

to business strategy

and objectives

Regulatory

Compliance

Compliance with

regulations, and

accountability with transparency

Key Issues

How does IT governance support the achievement of business objectives?

How can you integrate IT governance and compliance?

Key Issues

How does IT governance support the achievement of business objectives?

How can you integrate IT governance and compliance?

Effective Governance Harnesses Different Perspectives

IT Governance

must provide continuous, agile

alignment with business objectives

Business: Solution

IT Area: Resources

GRC: Control

Players have different

objectives and perspectives over

IT initiatives

Governance: a Business Perspective

Enterprises will strategically use

IT governance to steer IT initiatives

toward changing business objectives

Governance Building Blocks

Process Framework

Principles

Relationships Decisions

Principles: The Guiding Ground Rules of Governance

A set of guiding ground rules

that clarify a strategy,

expressed as simple statements

of practical courses of action.

Contrasting Examples:

Decisions about IT initiatives will be made independently by business units, under general corporate directions and compliance requirements.

Individual decisions, favoring specific, individual business units, are taken in collaborative decision processes, with diverse representation from corporate areas and business units.

Role:

Establish culturally-aligned governance style

Shape process framework processes

Communicate direction (transmit and share)

The IT Governance Motherboard Is Collection of Processes

Strategy: Alignment, objectives, policies, priorities

Resources: Knowledge, skills, sources of resources

Delivery: Workflow, operations, coordination, integration

Finance: Budget, funding, assets, costs, cashflow

Control: Business value, performance, risk, compliance

Feedback: Communication, reporting 6

1

2

3

4

5

A set of shared processes that enable

the IT organization to continuously align IT initiatives

to changing organizational goals.

Processes Establish Relationships between Demand and Supply

Supply Governance:

Supports IT’s delivery patterns

How should IT work?

Demand

Governance:

Supports

the user’s expectations

What should IT be

working on?

Relationships in

an IT governance Framework:

Match expectations

and patterns according to

each specific IT initiative

How can IT initiatives

continuously match

business expectations?

Decision Relationship Typical

Method Level Governance Tools

Automatic 0 Rules, Controls

Role Autonomy 1 Principles, Guidelines

Processes 2 Workflow

Projects 4 Methodology

Collaborative Groups 3 Committees

Decisions Steer IT Initiatives toward Changing Business Goals

Decisions Steer IT Initiatives toward Changing Business Goals – Examples

Payment approval for external providers under ongoing contracts will made by a contract manager based on formal metrics established by contract T&C.

Selection of new technology will be approved by interested business user, after OK by chief architect followed by OK by budget committee, supported by business case.

Changes in project priority or resource allocation will be taken by business-IT initiatives committee, based on recommendations by CIO, supported by business cases.

Role Autonomy

Processes

Collaborative Groups

Simple

Fast

Few information requirements

Logically sequential

Time-economic interventions

Leveled information

Binding

Slow and expensive

Key Issues

How does IT governance support the achievement of business objectives?

How can you integrate IT governance and compliance?

Regulatory Compliance Undermines the Business!

Governance:

Formal description of how people work together

and make decisions

Principles Processes Relationships Decisions

Business Drivers

Predictability Regularity Transparency Control Auditability

Regulatory Compliance

Agility Flexibility Speed

What is Compliance, After All?

Compliance is about controls and accountability in the fulfillment of a mandate. It is also

predictable, consistent, transparent behavior.

Establish what you know

Know what to do

Do what you establish

Say what you do

The Connection Between IT Governance and Compliance

Governance Compliance

… through predictable, consistent and transparent

behavior

Aims at steering resources towards business goals

Is concerned with the process of how you do it

The governance framework defines mechanisms for

steering resources

Makes sure that those mechanisms meet

compliance objectives

Efficient & effective use of IT

in enabling an organization to achieve its goals

The Many Flavors of Compliance

Externally mandated regulations aiming ethical behavior, good corporate governance and financial transparency.

Regulatory Compliance

Requirements established by, or jointly developed with, external trading partners, including ESPs, aiming at the proper distribution of roles and responsibilities in their shared business processes.

Commercial Compliance

Organizational Compliance

A composite of vision, mission and bylaws aiming to shape organizational behavior and culture, with strong influence over business objectives, including CSR

Business Domain

There Are IT Initiatives Outside of Compliance (But Not Outside of IT Governance)

Regulatory Compliance

Commercial Compliance

Organizational Compliance

BPM

Dashboard Collaboration

Workbench

BI

Toolbox

Efficiency, Quality

Agility,

Flexibility

Innovation

Process Cycle Time

The Journey: Changing the Organization & Delivering Results along the Way

The Map: Strategy

Sets objective

Sets path to follow

The Vehicle: Governance

Aims the destination

Steers resources

Provides agility, flexibility

Comes with a dashboard

The Road: Compliance

Road characteristics and conditions

Regulations & sign posts

Radar and cameras

The Obsessed Cop: Constraints

Safe driving as priority over destination

Excessive, unjustified constraints

Tickets for everything

Equipment & Resources: Architecture

Defines equipment

Sets resource plan

Key Steps in The Journey toward Success

Understand what your business objectives are and how IT is going to achieve them.

Assess the current IT governance framework, its strengths and weaknesses

Establish IT governance objectives

Assess current IT compliance requirements

Integrate compliance requirements with governance objectives

Develop the IT governance framework

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2012 Gartner, Inc. and/or its affiliates. All rights reserved.

II Encontro Nacional de Auditores da Tecnologia da Informação-ENAUTI

Governança de TIC – Uma Visão do

Mercado

Claudio Chauke

Executive Partner, Gartner LATAM

Brasília, 06 de junho de 2013

Trends in Government

26

Will Governments Be Able to Sustain Themselves?

• Climate change

• Depletion of nonrenewable resources

Excessive Debt

Slow growth

High unemployment Civil unrest

Rapid economic growth

New infrastructure

Natural disasters

Five Key Trends That Will Shape Government IT in the Next Decade

Commoditization Seamless Socialization

Information Continuum Confluence of IT, OT, CT

Employee-Centricity

Seamless Socialization: The Symmetry of Open Government

Transparency

Participation

Community data

Employee participation

2

1

5

4 Government 2.0

3 Collaboration

Open Government

Information Continuum: New Challenges for Information Management

Top-down

Declassification, de-

identification, transformation

Taxonomies and ontologies

Formal and specialized

Information assurance

Mostly text and structured data

Bottom-up and sideways

Social network analysis, sentiment analysis

Tagging, rating, usage, folksonomies

Informal by crowd

Trusted sources, reputation, social rating

People, text, graphics, audio, video Media

Creation

Capture

Categorization

Maintenance

Open Data Social Data

Trust

At the Confluence of Information, Operational and Consumer Data

Crowdsourced Traffic Management

Collaborative Environmental Management

Environment

Energy

Traffic

• Air quality

• Water quality

• Water consumption

• Instant power supply

• Instant power demand

• Energy consumption

• Traffic light map

• Number of vehicles per zone

• Parking lot status

• Traffic cameras

Government Data

• Consumer GPS location

• Traffic-related feeds & microblogs

• Geolocated pictures & videos

• Instant home power demand

• Active devices per type

• Instant oil consumption/

carbon emission

• Instant water consumption

Citizen-Generated Data

Consumer Device to Government Infrastructure

The Evolution of Technology in Government

E-Government

• Online services

• Multiple websites

Joined-Up Government

• Life events

• Back-office re-engineering

• Benchmarking

Open Government

• Transparency, participation, collaboration

• Community engagement

Smart Government

• Sustainability

• Agility

• Blending IT, OT, CT

2000

2005

2010 2015+

• Integrates information, communication

and operational technologies

• to planning, management and operations

• across multiple domains, process areas

and jurisdictions

• to generate sustainable public value

A Different Approach to Government IT Strategic Planning

Political Agenda

Service Delivery &

Operations

Project Management

IT ESP

Strategic Sourcing

Business Strategic Plan

Budget

Political Agenda

(Strategic) Sourcing

Budget

Business Strategic Plan

Advice Agile PM

Clients ESP IT Business

Service Delivery &

Operations

Unclear or

Ambiguous

Fast-

Changing

Differentiate

& Record

Innovation

Smart Government

and the Nexus of

Forces

35

Not Just "the" Social Web — But a Dynamic Network of Networks

Collective intelligence

Pooling contributions

Expertise location Finding one in a million

Interest cultivation

Sharing interests

Relationship leverage

Cultivating weak ties

Flash coordination

Organizing a mass

Emergent structures

Unearthing reality

Social

Mobile Consumer Service Opportunities Proliferate

Video calling

Social networking

Low

High

Mobile advertising

Music (streaming

and downloading)

Mobile healthcare

Mobile payment

Ring tones Mobile e-mail

Mobile search

Mobile

virtual

worlds

Mobile TV

Consumer Impact Low High

Matu

rity

Consumer

telepresence

Mobile gaming

Indoor navigation

Likely rate of change: faster slower

Mobile

MS Clipart

(pixelated)

Many Elements Form a Context Impression

Device orientation

Voice tone /stress

Direction of movement

Speed of movement

Location

Light level

Social network

tie strength

Process stage

Acceleration Recent

interactions Heart rate

Temperature

Sentiment

Context

Expose Your Data and Services to the Cloud — Get More Open Innovation for Your Customers Cloud

Governance in the near future perspective

• What are your challenges?

• How do you think should be the better approach to deal with this scenario?

• What change should be taken in Government regarding auditing?

40

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2012 Gartner, Inc. and/or its affiliates. All rights reserved.

II Encontro Nacional de Auditores da Tecnologia da Informação-ENAUTI

Governança de TIC – Uma Visão do

Mercado

Claudio Chauke

Executive Partner, Gartner LATAM

Brasília, 06 de junho de 2013