it governance made easy
Post on 10-May-2015
7.618 Views
Preview:
DESCRIPTION
TRANSCRIPT
IT Governance Made EasyJerry Bishop
The Higher Ed CIO
Creative Commons Attribution-NoDerivs 3.0 Unported License.
Purpose
To outline the BASICS of IT Governance with illustrations for higher education that
can be used in setting up an initial IT Governance system.
Why View this Presentation
• Institutions are wasting scarce financial and human resources with low productivity because they do not have a formalized IT governance systems in place.
Why View this Presentation
Institutional leadership needs a better way to:• Direct IT in support of institutional strategies• Measure the real value provided by IT• Monitor the performance of IT• Manage and mitigate IT-related risks
Ask Yourself
Are wedoing
the rightthings?
Are we doing them
the rightway?
Are wegetting
them donewell?
Are wegetting
thebenefits?
Now Consider The Meanings
IT-CollegeAlignment
Are wedoing
the rightthings?
Standards& Methods
Are we doing them
the rightway?
Capability& Efficiency
Are wegetting
them donewell?
Return onInvestment
Are wegetting
thebenefits?
That’s IT Governance
• Alignment of priorities and resources• Right services, technologies, methods• Meeting the needs, performance levels, TCO• Delivering results – the ROI• Mitigating IT related risks
INSTITUTIONAL GOVERNANCEThe framework for IT Governance
Purpose of Governance
• Creates continuity of expectations• Creates consistency of management• Codifies decision making rights &
responsibilities• Strengthens compliance by reducing various
institutional risks
Institutional Governance
• Defines the decision making rights and responsibilities within the college
• Expressed through policies, procedures– Often includes standards
• Originates from the Board• Extended by executive Cabinet• Includes shared governance in higher education– Divisional and departmental roles– Committee and sub-committee roles– Faculty senates and unions
Policy-Based Governance
Defines and grants functional (Division or
Committee) roles, responsibilities and
authorizes standards
Defines institutional requirements and
delegations
Defines Board Operations
Delegates Authorities to Administration
Board P&P
College P&P
Divisional & Committee P&P plus Standards
SHARED GOVERNANCEThe common model in higher education
Organizing for Shared Governance
Department & Sub-Committee P&P and
Standards
Divisional & Committee P&P and Standards
College P&P
Board Policies & Procedures (P&P) Board
Executive Cabinet
Education Divisions
Academic Departments
Admin & Oper Divisions
Admin & Oper Departments
Institutional Committees
Sub-Committees
Shared IT Governance Illustrated
Board
Executive Cabinet
Marketing Committee
Web & Social Media
Committee
Education Council
Academic Technology Committee
eLearning Committee
IT Governance Committee
Project Steering
Committees
ERP Module Owners
Power User Group
Security Committee
Compliance Committee
Issues for Shared IT Governance
• Everyone is in charge, no one is in charge• Who advises, who informs, who decides• Possible trade-offs for agility & responsiveness• Traceability & accountability of decisions• Transparency vs. Opacity• Consensus vs. Re-Decisioning
IT GOVERNANCEThe essentials made simple
IT Governance Defined
"… the leadership and organisational structures and processes that ensure that the
organisation’s IT sustains and extends the organisation’s strategies and objectives.“ ITGI
What is IT Governance
• Subset of institutional governance• Fundamentally it is risk management ensuring:
– IT strategies are aligned to institutional priorities– Full value of IT investments can be realized– IT performance is measured and managed– IT resources are properly allocated – IT decision making is transparent– Formal procedures, standards and methods exist
• It’s an accountability system for IT results to its Service Owners, their customers and users
What it is NOT
• It’s not shared decision making on the How– Too many cooks spoil…
• It’s not about “Best Practice”– Governance is specific to institutional culture– Best practice is only what will work for you
• It’s not IT constraints it’s about controls
Illustration of Model
Departmental & Sub-Committee
Divisional & Committee
College
Board P&P Compliance Requirements
Risk Management Plan
IT Security Plan
Data Security Standards
Server Hardening
Vulnerability Management
Illustration Continued
Software version control…patch and
change management…
Security manual …requirements for all systems…exception
process…
CIO will establish P&P to provide for privacy
and security…data
Comply with laws and regulations…annually
present risk management plan
Board Policies
College Policy
Procedures & Standards
Procedures & Standards
WHERE TO STARTFirst things first
Where to Start
• Outline a possible model for your institution– Include policy and procedure framework
• Form an IT Governance Committee– Senior leadership to make institutional decisions– Draft a Charter
• Outline priorities of what to tackle first– Strategy, project & portfolio planning, budgets– Identify needed Policies and Procedures
• Communicate your plan and status
Do’s and Don’ts
DO• Obtain Cabinet sponsorship• Include cross-section of
stakeholders, students too• Keep it simple• Set realistic goals• Meet regularly to build
momentum• Rely on your IT team• Connect with a peer for
advice
DON’T• Do it yourself, stakeholders
need to be invested too• Be overly ambitious, change
is cultural and takes time• Leave it to the last minute• Forget to communicate• Forget to maintain healthy
boundaries on the HOW• Neglect the value of training
for you and your committee
Samples you can use
Check out the companion SAMPLE• IT Governance Committee Charter• IT Project Governance Summary
Governance Reference Models
Control Objectives for Information Technology (CobiT), ISACA
IT Governance Institute (ITGI)
ISO/IEC 20000-1 , International Organization for Standardization (ISO)
Information Technology Infrastructure Library (ITIL), OGC
QUESTIONS?Jerry BishopThe Higher Education CIO
top related