IT GOVERNANCE: WHAT LIBRARY BOARDS NEED TO KNOW NOWKaren DubeauBoard Member, Newmarket Public Library [email protected]
AGEN
DA
1. What is IT Governance?
2. Why is it Important for Libraries?
3. How Does it Apply to Board Responsibilities
• Strategic Planning• Financial/Legal issues• Risk Management• Advocacy• Staff Retention and Recruitment
4. What You Can Do Now
5. Key Resources
6. Questions and Answers
IT GO
VERNAN
ACEWhat Is IT Governance?
IT Governance is "a framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensure that the organization’s IT supports and enables the achievement of its strategies and objectives." IT Governance Institute
If Information Technology is a part of your business, governance now extends to and includes information and the IT infrastructure that supports your business.
IT GO
VERNAN
ACEWhat Is IT Governance?
The overall objective of IT governance is to:• understand the issues and the strategic importance of IT, so that the organization can sustain its operations and implement the strategies required to extend its activities into the future.
•IT governance aims at ensuring that expectations for IT are met and IT risks are mitigated.
IT GO
VERNAN
ACEWhy Is It Important?
“IT Governance is the term used to describe how those persons entrusted with governance of an entity will consider IT in their supervision, monitoring, control and direction of the entity. How IT is applied within the entity will have an immense impact on whether the entity will attain its vision, mission, or strategic goals.”
Robert S. Roussey, CPA, Professor, University of Southern California
IT GO
VERNAN
ACEComponents of IT Governance
Strategic Alignment
Value Delivery
Resource Management
Risk Management
Performance Measurement
IMPO
RTANCE TO
LIBRARIESStrategic Planning
The right IT investments can save costs, improve productivity, provide robust services
How IT can support the organizations achieving its goals - understanding the costs and benefits
Setting guidelines for management
Assessing capability to take advantage of IT
Assessing skills sets required to realize objectives
Framework for budget planning and capital investments
IMPO
RTANCE TO
LIBRARIESRelevance of IT Governance to Libraries
Impacts all areas of Library operations and service delivery
Increasingly critical regarding deployment of WiFi and RFID services
Tremendous opportunity for Libraries, but:
Impacts: Strategic Planning Financial Planning Brings legal and regulatory issues Introduces risk and requires risk management Advocacy components pertinent to Libraries
STRATEGIC PLAN
NIN
GBoard Responsibilities
Board needs to extend governance to IT and provide the leadership, organizational structures and processes that ensure the enterprise’s IT sustains and extends the strategies and objectives.
-Align IT strategy with business strategy-Cascade IT strategy and goals down into the organization-Ensure that an IT governance framework be developed-Measuring IT performance
FINAN
CIALGovernance Issues
Scale of Investment will grow
Increasing focus on using technology for:- reducing costs, expanding services, reaching new audiences- upgrading IT infrastructure (communications, servers,
applications, and related skills)
Will become one of the largest capital expenditures and running operational costs (second only to staffing)
Directors are responsible for overseeing assets of the organization and for financial planning, therefore, they need to know about theIT costs and potentially the biggest investments
LEGAL ISSU
ESBoard Responsibilities
FIPPA, MFIPPAEnsuring compliance with relevant statutesProtection and privacy of patron information
- especially on integrated or distributed networks- issue when services are hosted remotely- RFID carries potential for patron privacy to be compromised
Licensing Agreements
Digital Rights and Digital Rights Management
RISK MAN
AGEM
ENT
Board Responsibilities
Duty of Care- to clients, to funders- to asset management
Network Security Issues- effective security is a “spectrum” from desktops to firewalss- public access to Internet and WiFi – need to be able to identify breaches and have policies in place for account suspension
Protection Failure Response Protocols- public relations component- failure to respond effectively could significantly impact future services and potential funding
Business Continuity/Service Interruptions
ADVO
CACYBoard Responsibilities
Bridging the digital divide – appropriate resources provided to the community
Promoting information literacy Ensuring equitable accessMitigating increased costs for all types of content (CRTC )
Discussion of Net Neutrality and current CRTC positions Downstream effects on Libraries
Emerging Issue of Green IT
FINAN
CIAL ISSUES
Green IT
An increasingly relevant subject requiring consideration within the sphere of IT Governance is the issue of Green IT. In the same way that IT Governance is a critical component within the Corporate Governance of an organisation, Green IT has become an essential aspect within the decision making, framework building, and business processes, of IT Governance.Find further information on Green IT here and a selection of cutting edge texts, support manuals, and standards on both Green IT and the Environmental Management Standard ISO 14000.
WH
AT YOU
CAN D
O N
OW
Next Steps:
Understand emergence of CIO function in private sector
Find out more about issues of concern - Learn
You don’t have to be able to program or trouble shoot your PC, but it does help to have a high level understanding of technology
Ask pertinent questions
Consider implementing security audit processes
Review existing policies – update where necessary, create where not present
Bring in Expertise – 2 methods
FINAN
CIAL ISSUES
Regulatory Frameworks
ISO/IEC 38500The world's formal international IT Governance Standard, IS/IEC 38500, was published in June 2008. the standard is a key resource for IT governance professionals everywhere in the world.
ITIL®, CobiT® and ISO17799ITIL®, or IT Infrastructure Library®, was developed by the UK's Office of Government Commerce as a library of best practice processes for IT service management. Widely adopted around the world,
CobiT®, or Control Objectives for Information and related Technology, was developed by America's IT Governance Institute. CobiT is increasingly accepted as good practice for control over information, IT and related risks.
ISO17799, now renumbered as ISO27002 and supported by ISO 27001, (both issued by the International Standards Organization in Geneva), is the global best practice standard for information security management in organizations.
Joint FrameworkISO 17799 (ISO27002), ITIL and CobiT are all, potentially, part of any best-practice approach to regulatory and corporate governance compliance. The challenge, for many organizations, is to establish a co-ordinated, integrated framework that draws on all three of these standards. The recently released Joint Framework, put together by the ITGI (owners of CobiT) and the OGC (owners of ITIL) is a significant step in the right direction. Here is a webinar that describes how to leverage this best-practice framework to simplify your regulatory compliance.
RESOURCES
RESOU
RCES
Organizations:
IT Governance Institute: http://www.itgi.org
it Governance Company: http://www.itgovernance.co.uk
Information Systems Audit and Control Association (ISACA): http://www.isaca.org
QUESTIONS AND ANSWERS