P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2
-
Upload
rohitagarwal2703 -
Category
Documents
-
view
6 -
download
1
description
Transcript of P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2
![Page 1: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/1.jpg)
Concepts of Governance and Management of Information Systems
Final Course Paper 6 Information Systems Audit & Control
Chapter-1 Part 2 of 5
CA A.Rafeq, FCA
1
![Page 2: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/2.jpg)
Topics Covered: Part-2
1.7 IS and its Role in
Management 1.8 IT Strategy
Planning
2
![Page 3: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/3.jpg)
1.7 Role of IT in Enterprises
Enterprises are now using IT for strategic and competitive advantage
Business processes and organizational structure could be transformed through right deployment of IT
Essential to ensure that IT deployment is oriented towards achievement of business objectives
Ensure value creation and benefit realization from the IT investments
3
![Page 4: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/4.jpg)
1.7.1 Business and IT Strategy-Concepts
• Outlines the approach of the enterprise and is formulated by the senior management. Based on the strategy adopted, relevant policies and procedures are formulated.
Business Strategy
• Affects the way in which enterprises are structured, managed and operated. Enterprises can no longer develop business strategy separate from IT strategy and vice versa.
IT Strategy
• Policies, procedures, practices and enterprise structure that are designed to provide reasonable assurance that business objectives will be achieve and undesired events are prevented or detected and corrected.
Control
4
![Page 5: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/5.jpg)
1.7.1 Business and IT Strategy
• Review Information Systems as implemented from control perspective
• Provide consulting before, during or after implementation of IS strategy
• Auditors must have good understanding of management aspects as relevant to deployment of IT and IT strategy
• Internal audit can determine whether the linkage of IT metrics and objectives aligns with the organization’s goals
Auditor’s Role
5
![Page 6: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/6.jpg)
1.7.1 Business and IT Strategy
• Define their strategies and tactics to support the organization by ensuring that day-to-day IT operations are delivered efficiently and without compromise.
• Metrics and goals are established to help IT perform on a tactical basis and also to guide the efforts of personnel to improve maturity of practices.
• Auditors can validate that metrics are being measured correctly and represent realistic views of IT operations and governance on a tactical and strategic basis.
Management’s Role
6
![Page 7: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/7.jpg)
1.7.2 IT Steering Committee
• A high-level committee appointed by the senior management
• Led by a member of the Board of Directors. • Comprises of functional heads from all key
departments including audit and IT department
• Role and responsibilities of the committee are documented and approved by senior management
Constitution
7
![Page 8: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/8.jpg)
1.7.2 IT Steering Committee
• To ensure that long and short-range plans of the IT department are in tune with enterprise goals and objectives.
• To establish size and scope of IT function and sets priorities within the scope.
• To review and approve major IT deployment projects in all their stages.
• To approve and monitor key projects by measuring result of IT projects in terms of return on investment, etc..
• To review the status of IS plans and budgets and overall IT performance.
Key functions
8
![Page 9: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/9.jpg)
1.7.2 IT Steering Committee
• To review and approve standards, policies and procedures
• To make decisions on all key aspects of IT deployment and implementation
• To facilitate implementation of IT security within enterprise
• To facilitate and resolve conflicts in deployment of IT and ensure availability of a viable communication system exists between IT and its users
• To report to the Board of Directors on IT activities on a regular basis
Key functions
9
![Page 10: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/10.jpg)
1.8 IT Strategy Planning
IT strategic plans provide direction to deployment of information systems.
Management to ensure that plans are communicated to business process owners and other relevant parties.
Capture and report feedback from business process owners and users regarding quality and usefulness of the plans.
10
![Page 11: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/11.jpg)
1.8.1 IT Strategic Planning Process
Dynamic in nature i.e. capable of accommodating changes to the enterprise's long-range plan and changes in IT conditions
Ensure that the IT long-range plans are regularly translated into IT short-range plans
Ensure that appropriate IT function resources are allocated on a basis consistent with the IT long-range plans
Short-range plans should be reassessed and amended periodically in response to changing business and IT conditions
11
![Page 12: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/12.jpg)
1.8.2 Strategic Planning
12
Strategic Planning
Management Control
Operational Control
Three levels of managerial activity in an enterprise
![Page 13: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/13.jpg)
Enterprise Strategic Plan
IS Strategic Plan
IS Requirements
Plan
IS Applications and Facilities
Plan
1.8.2 Strategic Planning
13
![Page 14: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/14.jpg)
Role of IT Strategy Committee
IT becomes more critical for enterprise survival • In addition to enabling growth • IT strategy committees need to broaden their scope
• Offer advice on strategy when assisting the board in its IT governance responsibilities
• Focus on IT value, risk and performance.
Stresses need for boards to effectively direct and control IT
14
![Page 15: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/15.jpg)
1. Enterprise Strategic Plan
Business Planning determines overall plan of enterprise
Provides overall charter under which all units in the enterprise, including IS function must operate
Primary plan prepared by top management that guides the long run development of the enterprise
15
![Page 16: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/16.jpg)
Enterprise Strategic Plan
• Statement of mission • Specification of strategic objectives • Assessment of environmental and organization factors that affect
attainment of these objectives • Statement of strategies for achieving the objectives • Specification of constraints that apply, • Listing of priorities.
16
In an IT environment, it is important to ensure that the IT plan is aligned with the enterprise plan.
![Page 17: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/17.jpg)
2. IS Strategic Plan
Focus on striking an optimum balance of IT opportunities and IT business requirements as well as ensuring its further accomplishment
Require the enterprise to have a strategic planning process undertaken at regular intervals giving rise to long-term plans
Long-term plans should periodically be translated into operational plans setting clear and concrete short-term goals
17
![Page 18: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/18.jpg)
3. IS Requirements Plan
• Every enterprise needs to have clearly defined information architecture with objective of optimizing the organization of IS
• Requires creation and continuous maintenance of a business information model and also ensuring that appropriate systems are defined to optimize use of this information.
• Based on information architecture requirements of an enterprise, the IS requirements plan has to be drawn up so as to meet the information requirements of the enterprise.
• The IS requirements plan defines IS architecture for the information systems department.
18
![Page 19: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/19.jpg)
Layers of Enterprise Architecture
• Focuses on core business processes • Mission, vision and goals., standards and policies
Business Unit Architecture
• Analyzes the information used by the enterprise • Original documents, data, revisions, classification, and
responsible organizational units
Information Architecture
• Establishes a framework to meet specific information requirements
• Specifications, requirements, applications, modules, databases and procedures.
Information Systems Architecture
• Identifies how data are maintained, accessed and utilized • Data definitions, data dictionaries and data elements Data Architecture
• Describes and identifies the information service layer, network service layer
• The “wiring diagram” of the physical IT infrastructure
Delivery system architecture
19
![Page 20: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/20.jpg)
Key enablers of information architecture
1. Automated data repository and dictionary
2. Data syntax rules
3. Data ownership and criticality/security classification
4. An information model representing the business
5. Enterprise information architectural standards
20
![Page 21: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/21.jpg)
IS Requirements Plan
• Architecture specifies major organization functions needed to support planning, control and operations activities and the data classes associated with each function.
• Business planning will determine the information needs of an enterprise.
• Information architecture will determine information needs and flow in an enterprise.
21
![Page 22: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/22.jpg)
IS Requirements Plan
Based on the information architecture, organization structure is determined
This will lead to specific information systems, which include relevant IT and related processes. Example: Depending on the business, information architecture and organization structure, enterprise will decide whether to
Example: Depending on the business, information architecture and organization structure, enterprise will decide whether to
• Acquire or develop the solution and • Relevant controls are required to meet the business requirements.
22
![Page 23: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/23.jpg)
4. IS Applications and Facilities Plan
On basis of IS architecture and its associated priorities, IS management can develop an IS applications and facilities plan. This plan includes: • Specific application systems to be developed and
an associated time schedule • Hardware and Software acquisition/development
schedule • Facilities required • Organization changes required.
23
![Page 24: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/24.jpg)
IS Applications and Facilities Plan
Senior management is responsible for developing and implementing long and short-range plans that enable achievement of the enterprise mission and goals
Senior management should ensure that IT issues as well as opportunities are adequately assessed and reflected in the enterprise's long- and short-range plans
IT long and short-range plans should be developed to help ensure that the use of IT is aligned with the mission and business strategies of the enterprise
Strategic plan period could vary from 1 year to 3 years
24
![Page 25: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/25.jpg)
IS Applications and Facilities Plan
Ensure that the IT strategic plans are aligned with business strategic plans as IT is ultimately used for achieving business objectives
Strategic planning could be done by the top management or by the steering committee
Strategic planning facilitates in putting organization objectives into time-bound plans and action
Comprehensive planning helps to ensure an effective and efficient enterprise
Strategic planning is time and project oriented, but must also address and help determine priorities to meet business needs
25
![Page 26: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/26.jpg)
Enablers of the IS Strategic plan
1. Enterprise business strategy
2. Definition of how IT supports the business objectives
3. Inventory of technological solutions & current infrastructure
4. Monitoring the technology markets
5. Timely feasibility studies and reality checks
6. Existing systems assessments
7. Enterprise position on risk, time-to-market, quality
8. Need for senior management buy-in, support and critical review
26
![Page 27: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/27.jpg)
1.8.3 Objective of IT Strategy
Primary objective
Provide a holistic view of the current IT environment
Future direction
Initiatives required to
migrate
27
![Page 28: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/28.jpg)
1.8.3 Objective of IT Strategy
Align
• Strategic IT plans with business objectives
Communicate
• Objectives and associated accountabilities so they are understood
28
![Page 29: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/29.jpg)
1.8.3 Objective of IT Strategy
All IT strategic options:
Identified Structured Integrated
29
With the business plans
![Page 30: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/30.jpg)
1.8.4 Key Management Practices for aligning IT Strategy with Enterprise Strategy
Understand enterprise direction
Assess the current environment,
capabilities and performance
Define the target IT capabilities
Conduct a gap analysis
Define the strategic plan and
road map
Communicate the IT strategy and
direction
30
![Page 31: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/31.jpg)
Understand enterprise direction
Current enterprise environment
Business processes
Enterprise strategy
Future objectives
External environment • Industry drivers • Relevant regulations • Competition
![Page 32: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/32.jpg)
Assess the current environment, capabilities and performance
Assess the performance of
• Current internal business • IT capabilities • External IT services
Develop an understanding of the enterprise architecture related to IT
Identify issues currently being experienced and develop recommendations in areas that could benefit from improvement
Consider service provider:
• Differentiators and options • Financial impact • Potential costs • Benefits
![Page 33: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/33.jpg)
Define the target IT capabilities
Understanding of enterprise environment and requirements
Assessment of the current business process
IT environment and issues
Reference standards and best practices
Validated emerging technologies
Innovation proposals
![Page 34: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/34.jpg)
Conduct a gap analysis
Current and Target
Environment
Identify gaps between current and target environments
Alignment of assets (the capabilities that
support services)
Business outcomes
Optimize investment in and utilization of
internal and external asset base
Strategy execution
Critical success factors to support strategy execution
![Page 35: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/35.jpg)
Define strategic plan and road map
Create a strategic plan that defines in co-operation with relevant stakeholders
• How IT- related goals will contribute to the enterprise’s strategic goals
• How IT will support: • IT-enabled
investment programs • Business processes • IT services • IT assets
![Page 36: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/36.jpg)
Define strategic plan and road map
IT should define the initiatives
that will be required to
Close the gaps
Develop sourcing strategy
Measurements to be used to monitor achievement of
goals
Prioritize the initiatives and
Combine them in a high-level road map
![Page 37: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/37.jpg)
Communicate the IT strategy and direction
Create awareness and understanding
of the business and IT objectives
and direction
As captured in IT strategy
Through communication to
appropriate stakeholders and users throughout
the enterprise
![Page 38: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/38.jpg)
Measure success of alignment of IT and business strategy
Percentage of enterprise strategic goals and requirements supported by IT strategic goals
Extent of stakeholder satisfaction with scope of the planned portfolio of programs and services
Percentage of IT value drivers, which are mapped to business value drivers
![Page 39: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/39.jpg)
1.8.5 Business Value from Use of IT
Evaluate Value Optimization
Direct Value Optimization
Monitor Value Optimization
39
![Page 40: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/40.jpg)
Key metrics for evaluating business value from use of IT
Percentage of IT enabled
investments
• Where benefit realization monitored through full economic life cycle.
• Where claimed benefits met or exceeded Business cases with clearly defined and approved expected IT‐related costs and benefits.
Percentage of IT services
• Where expected benefits realized. with clearly defined and approved operational costs and expected benefits.
Satisfaction survey of key stakeholders
• The transparency, • Understanding
and • Accuracy of IT
financial information.
40
![Page 41: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/41.jpg)
Best Practices for IT Performance Management
Business Contribution
Future Orientation
Operational Excellence
User Orientation
41
![Page 42: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/42.jpg)
Practice Questions
1. Explain how Information Technology plays a critical role in modern enterprises.
2. Explain the scope and objectives of IT Strategy.
3. What is the role of the IT steering committee?
4. IT Strategy planning is critical to success of enterprises. Please explain with examples.
5. What is the role of the IT strategy committee?
6. IT strategic plan has to be aligned with Enterprise strategic plan to ensure value from IT investments. Please explain how this done.
7. Explain some of the key features of IS requirements plan.
42
![Page 43: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/43.jpg)
Summary
PART-2
1.7 Information System and its Role in Management
1.8 IT Strategy Planning
43
![Page 44: P6Ch1ConceptsOfGovernanceAndManagementOfInformationSystemsPart2](https://reader037.fdocuments.net/reader037/viewer/2022103023/55cf9413550346f57b9f73fe/html5/thumbnails/44.jpg)
Thank you
44