What Is It Governance Information Technology Essay

What Is It government activity discipline Technology EssayIT constitution is the process for controlling an organisation cultivation technology resource, where these resources are specify to include information and communication systems as well as technology. An organisation management and owners (represented by the board of directors ) share responsibility for governing both opening and IT.Enterprise establishment is the process of setting and implementing corporate strategy, making sure the organisation achieve its objectives efficiently, and manage risk. It memorial tablet is an increasingly important part of initiative governance because of organisational dependent on information and communication, the scale of IT investment, potential for IT to bring into being strategic opportunities, and the level of IT risk. IT governance also required controlling the process to undertake that it complies with regulatory, legal and contractual requirements.Organisation structure l ineups and executive management have long known the need for enterprise and corporate governance. However, most are stem to realize that there is a need to extend governance to information technology as well, and provide the leadership, organisational structures and processes that ensure that the enterprises IT sustains and extends the enterprises strategies andobjectives. strategic alignment focuses on ensuring the linkage of business and IT plans defining, maintaining and validating the IT value proposition and aligning IT operations with enterprise operations. Value stomachance is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimising costs and proving the intrinsic value of IT. Resource management is about the optimal investment in, and the proper management of, critical IT resources applications, information, infrastructure and people. Key issues link to the opti misation of knowledge and infrastructure. Risk management requires risk awareness by senior corporate officers, a clear understanding of the enterprises appetite for risk, understanding of abidance requirements, transparency about the significant risks to the enterprise and embedding of risk management responsibilities into the organisation. Performance measurement tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery, victimization, for example, match scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting.ITGIISACA recognized this shift in accent towards IT administration in 1998, and formed the IT Governance Institute (ITGI) to focus on current research, publications, resources and symposia on IT governance and cerebrate topics. In addition to the movement carried out by the ITGI, ISACA addresses the topic through a regular column in and occasional dedicate d issues of the Information Systems nurse Journal, conference sessions and tracks, and education courses. TheIT Governance Institute (ITGI)exists to assist enterprise leaders in their responsibility to ensure that IT goals align with those of the business, it delivers value, its performance is measured, its resources properly allocated and its risks mitigated. Through original research, symposia and electronic resources, the ITGI helps ensure that boards and executive management have the tools and information they need for IT to deliver against expectations.ITGIISACA recognized this shift in emphasis towards IT Governance in 1998, and formed the IT Governance Institute (ITGI) to focus on original research, publications, resources and symposia on IT governance and relate topics. In addition to the work carried out by the ITGI, ISACA addresses the topic through a regular column in and occasional dedicated issues of the Information Systems dictation Journal, conference sessions and tracks, and education courses. TheIT Governance Institute (ITGI)exists to assist enterprise leaders in their responsibility to ensure that IT goals align with those of the business, it delivers value, its performance is measured, its resources properly allocated and its risks mitigated. Through original research, symposia and electronic resources, the ITGI helps ensure that boards and executive management have the tools and information they need for IT to deliver against expectations.PublicationsThere are dickens major publications from ISACA in the field of IT Governance. COBIT VALITCOBITThe Control Objectives for Information and related Technology (COBIT) is a set of best practices (framework) for information technology (IT) management created by the ISACA, and ITGI in 1996. COBIT provides managers, auditors, and IT users with a set of generally authorized measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of i nformation technology and developing appropriate IT governance and control in a company.COBIT supports IT governance by providing a framework to ensure that IT is aligned with the business IT enables the business and maximises benefits IT resources are used responsibly IT risks are managed appropriatelyCOBIT Framework and IT Governance AreasCOBIT harvest-feastBriefly, the COBIT products include Board Briefing on IT Governance, 2nd pas seulHelps executives understand why IT governance is important, what its issues are and what their responsibility is for managing it. Management guidelines/maturity models Help cite responsibility, measure performance, and benchmark and address gaps in capability FrameworksOrganise IT governance objectives and equitable practices by IT domains and processes, and link them to business requirements Control objectivesprovide a exhaust set of high-level requirements to be considered by management for effective control of each IT process IT Governance Implementation Guide Using COBIT and Val IT TM, 2nd Editionprovides a generic road map for implementing IT governance using the COBIT and Val ITTM resources COBIT Control Practices Guidance to Achieve Control Objectives for Successful IT Governance, 2nd editionProvides focus on why controls are worth implementing and how to implement them IT Assurance Guide Using COBIT Provides guidance on how COBIT can be used to support a material body of assurance activities together with suggested testing steps for all the IT processes and controlVALITVal IT is a governance framework that consists of a set of guiding principles, and a number of processes conform to those principles that are further defined as a set of key management practices. The Val IT framework will be supported by publications and operational tools and provides guidance to Define the relationship between IT and the business and those functions in the organization with governance responsibilities Manage an organizations portfolio of IT-enabled business investments and Maximize the quality of business cases for IT-enabled business investments with particular emphasis on the definition of key financial indicators, the quantification of soft benefits and the comprehensive appraisal of the downside risk Val IT addresses assumptions, costs, risks and outcomes related to a balanced portfolio of IT-enabled business investments. It also provides benchmarking capability and allows enterprises to tack experiences on best practices for value management.CertificationCertified in the Governance of Enterprise Information Technology (CGEIT) is an advanced certification created in 2007 by the ISACA. It is intentional for experienced professionals, who can demonstrate 5 or more years of experience, serving in a managing or consultative role focused on the governance and control of IT at an enterprise level.The certification is intended to support the growing business demands related to IT governance increase th e awareness and importance of IT governance good practices and issues define the roles and responsibilities of the professionals performing IT governance work RequirementsTo earn the CGEIT credential, an individual must Pass the CGEIT exam (first exam December 2008) Adhere to the ISACA Code of paid Ethics Agree to comply with the CGEIT Continuing Education Policy Provide evidence of appropriate IT governance work experience as defined by the CGEIT Job Practice IT Governance experience Five (5) years requiredFive (5) or more years of experience managing, serving in an advisory or oversight role, and/or otherwise livelihood the governance of the IT-related contribution to an enterprise is required to apply for certification. This experience is defined specifically by the domains and line statements described in the CGEIT Job Practice. SpecificallyA minimum of one (1) year of experience relating to the development and/or maintenance of an IT governance framework is required. The causa and extent of experience accepted is described in CGEIT domain one (1) (see IT Governance Framework).Additional broad experience directly related to any two or more of the remaining CGEIT domains are required. The type and extent of experience accepted is described in CGEIT domains two (2) through six (6). These domains are Strategic Alignment Value Delivery Risk Management Resource Management Performance Measurement Individuals can take the CGEIT exam prior to earning the above work experience. Substitutions for IT governance experience (2 years maximum)To recognize other management experience and/or the achievement of specific IT governance related credentials, advanced (post-graduate) degrees and certificates, up to two (2) years of the five years of required IT governance experience can be substituted. Specifically, each of the following will destine (substitute) for one (1) year of IT governance experience, with a maximum of two years of substitutions being accepted . Other Management Experienceother management experience that is not specific to IT governance, such as performing consulting, auditing, assurance or security management related duties will qualify for up to one year of substitution. Specific Credentials, Advanced (Post-graduate) Degrees and CertificatesCredentials (in good standing), advanced (post-graduate) degrees and certificate programs which include an IT governance and/or management component or are specific to one or more of the CGEIT domains will qualify for up to one year of substitution. These include Certified Information Systems Auditor (CISA) issued by ISACA Certified Information Security motorcoach (CISM) issued by ISACA Implementing IT Governance using COBIT and Val IT certificate issued by ISACA (available in 2008) ITIL Service Manager certification program Chartered Information Technology Professional (CITP) issued by the British Computer confederacy Certified Information Technology Professional (CITP) issued by the American Institute of CPAs Project Management Professional (PMP) issued by the Project Management Institute Information Systems Professional (I.S.P.) issued by the Canadian Information Processing Society Certified Internal Auditor (CIA) issued by the Institute of Internal Auditors Certified Business Manager (CBM) issued by The Association of Professionals in Business Management Prince2 Registered Practitioner certificate from the Office of Government Commerce Advanced (post-graduate) degree from an accredited university in governance, information technology, information management or business administration (For example Masters in Corporate Governance, Masters of Business Administration, Masters in Information and trading operations Management, Masters of Information Systems Management, Masters in Information Technology) Exception Two years as a full-time university instructor teaching IT governance related subjects at an accredited university can be substituted for every one year of IT governance experience.Applicants who have earned/acquired other credentials, advanced (post-graduate) degrees and/or certificates that include a significant IT governance and/or information management component and are not listed above are welcome to submit them to the CGEIT Certification Board for consideration. IT Governance CharacteristicsSets direction and oversees compliance and performanceSpecifies the decision-making authority and accountability to encourage desirable behaviors in the use of ITIs a process for managing and controlling the use of technology to create valueAre the rules and regulations under which an IT organization functionsEnsures that everyone is playing by the same rules so that the computing purlieu works for everyone. Road Map for Implementing IT GovernanceThe initial focus for developing an IT Governance Program is identifying needs and governance input rights and decision making based on Current state of IT within and supporting business o rganization and objectives Internal and external requirements/regulations and applicable best business practicesBusiness AlignmentIT Business Executives set the IT Strategy, resolve issues, and shadow IT organizations eliminatedInvestment Board sets project priorities, costs, oversees progress, reduced millions $ in costsChange Management and failures matching usersChanges managed actually blocked where not properly vetted or testedNumber of user impact failures reduced from 200+ to Number of unauthorized application and infrastructure changes reduced to 1 or less per month Emergency changes reduced to less than 3% of total changesImproved results across the board, accountability built into personal performance evaluationsProjectsProjects on time, on budget increased by 60+%Improved from 40% SDLC compliance to cytosine% TechnologyStandards and architecture established and enforced via tech reviews reduced number of system software tools by over 50%100% of the equipment on the network identified and none added unless authorized24 hour server back-ups improved from 95% to 99.9%Security patches being performed within 24 hours of approbationSystem Admin Accounts reduced by over 50%Governing Document Framework SAMPLEConclusionAs we have discussed that in todays business environment information is the most valuable asset, therefore in order to protect the information we require a profound infrastructure that enables us to not provided secure the information we have but to validate that information as well, plus enable the organization towards IT.