governance tools boyd carter 2006
DESCRIPTION
An Overview of Governance ToolsTRANSCRIPT
![Page 1: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/1.jpg)
Elegantsolutions.ca
Introduction to Governance Frameworks
A selection of governance tools and how they may be used.
Elegant Solutions
Boyd Carter - 2006
Copyright © 2006 elegantsolutions.ca
(Permission is granted to use unchanged. elegantsolutions.ca) www.elegantsolutions.ca
![Page 2: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/2.jpg)
Elegantsolutions.ca
Governance – OECD
A working definition of corporate governance
Grant Kirkpatrick, Corporate Affairs Division, OECD Corporate governance … involves a set of relationships between a
company’s management, its board, its shareholders and other stakeholders. Corporate governance also provides the structure through which the
objectives (i.e. strategy) of the company are set, and the means of obtaining those objectives and monitoring performance are determined.
![Page 3: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/3.jpg)
Elegantsolutions.ca
Governance – CIMA
CIMA – Chartered Institute of Management Accountants Enterprise governance is the set of responsibilities and practices
exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.
![Page 4: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/4.jpg)
Elegantsolutions.ca
Governance – itSMF
itSMF – IT Service Management Forum IT governance is the system by which IT within enterprises is directed and
controlled. The IT governance structure specifies the distribution of rights and responsibilities among different participants, such as the board, business and IT managers, an spells out the rules and procedures for making decision on IT. By doing this, it also provides the structure through which the IT objectives are set, and the means of attaining those objectives and monitoring progress.
![Page 5: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/5.jpg)
Elegantsolutions.ca
Governance In Context
Relationships Rights and Responsibilities Structure (framework) which facilitates
Setting objectives attaining those objectives monitoring performance
![Page 6: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/6.jpg)
Elegantsolutions.ca
Governance Cycles
OECD Balanced Scorecard Deming on Quality ITIL COBIT
![Page 7: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/7.jpg)
Elegantsolutions.ca
Cycles – Quality (Deming)
Plan Do Check Act
Plan
DoCheck
Act
![Page 8: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/8.jpg)
Elegantsolutions.ca
Cycles – Quality (Deming)
Plan Goals and Targets Methods to Achieve
Do Education & Training Implement Work
Check Act
Ishikawa expanded Deming's four steps into the following six:
Source: http://dtiinfo1.dti.gov.uk/mbp/bpgt/m9ja00001/m9ja0000110.html#ishikawa
![Page 9: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/9.jpg)
Elegantsolutions.ca
Cycles – OECD
Political Agenda Issue Analysis Policy Making Implementation Monitoring
A. Macintosh. Using information and communication technologies to enhance citizen engagement in the policy process. In Promises and Problems of E-Democracy: Challenges of Online Citizen Engagement. OECD, Paris, 2004.
![Page 10: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/10.jpg)
Elegantsolutions.ca
Cycles – Balanced Scorecard
Cause & Effect Future Orientation Operational Excellence Meet Stakeholder
Expectations Corporate Contribution
Measuring and Improving IT Governance Through the Balanced Scorecard By Wim Van Grembergen and Steven De Haes Copyright © 2005 Information Systems Audit and Control Association. All rights reserved.
![Page 11: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/11.jpg)
Elegantsolutions.ca
Cycles – ITIL
Service Strategies Design Transition Operations Continuous Improvement
ITIL.org · ITIL V3 - Service Life Cycle · Service Strategy
![Page 12: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/12.jpg)
Elegantsolutions.ca
Cycles – TOGAF
The US Federal CIO Council’s perspective
How EA Processes fit within the Enterprise Life Cycle
Engineering Program Mgmt. Capital Planning
& Investment Control Processes
From TOGAF version 8.1, and The US Federal CIO Council’s "A Practical Guide to Federal Enterprise Architecture”
![Page 13: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/13.jpg)
Elegantsolutions.ca
Cycles – COBIT
Objectives Direct Create Protect Act Monitor
From Article: IT Governance Hands-on: Using COBIT to Implement IT Governance1By Luc Kordel, CISA, RE, CISSP, CIA, RFA
Governance– Alignment– Value Delivery– Risk Mgmt.– Resource Mgmt.– Performance
Mgmt.
![Page 14: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/14.jpg)
Elegantsolutions.ca
Cycles – Buffalo City
Planning Implementation Review Evaluation Reporting The public
participates in everything except the actual implementation
From a thesis by Quinton Walter Williams, January 2006, Masters of Business Administration, Rhodes Investec Business School, RHODES UNIVERSITY, entitled: IMPLEMENTING PERFORMANCE MANAGEMENT AT LOCAL GOVERNMENT LEVEL IN SOUTH AFRICA: A CASE STUDY ON THE IMPACT OF ORGANISATIONAL CULTURE.
![Page 15: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/15.jpg)
Elegantsolutions.ca
Cycles – Quality Governance
Relationships, Rights & Responsibilities Structure (Framework) which facilitates
Setting Objectives Plan
Goals and Targets Methods to Achieve
Attaining those objectives Do
Education & Training Implement Work
Monitoring Performance Check Act
![Page 16: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/16.jpg)
Elegantsolutions.ca
Frameworks – COSO
PWC Presentation: COSO 1 COSO 2 PWC ERM-SET.pdf
![Page 17: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/17.jpg)
Elegantsolutions.ca
Frameworks – COSO COSO for Smaller Public Companies (COSO 3)
Image from Volume 2 of COSO’s Internal Control over Financial Reporting –Guidance for Smaller Public Companies
![Page 18: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/18.jpg)
Elegantsolutions.ca
Frameworks – COSO
Image from COSO’s ERM – Integrated Framework
![Page 19: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/19.jpg)
Elegantsolutions.ca
Frameworks – COSO
Image from COSO’s ERM – Integrated Framework
![Page 20: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/20.jpg)
Elegantsolutions.ca
Frameworks – COSOExample of Framework Content
Image from Resolver’s Compliance Framework
![Page 21: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/21.jpg)
Elegantsolutions.ca
Frameworks – COBIT
COBIT Products
Image from the IT Governance Institute’s COBIT4
![Page 22: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/22.jpg)
Elegantsolutions.ca
Frameworks – COBIT
The COBIT Cube
Image from the IT Governance Institute’s research-PMBOK-Mapping-COBIT
![Page 23: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/23.jpg)
Elegantsolutions.ca
Frameworks – COBITCOBIT Mapped to PMBOKCOBIT is also Mapped to SEI-CMM, Prince2, ITIL, COSO, TOGAF & ISO 17799
Image from the IT Governance Institute’s research-PMBOK-Mapping-COBIT
![Page 24: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/24.jpg)
Elegantsolutions.ca
Frameworks – COBIT
COBIT Quickstart to Estimate Scope
Image from the IT Governance Institute’s COBIT Quickstart
In this example, the small company is very dependent on its Information Technology. This would indicate the use of COSO for Smaller Public Companies for the Business Framework and either a complete COBIT Framework for IT or an extended COBIT Quickstart with applicable portions of the complete COBIT Framework added to the project.
SEG = Segregation of Duties
SCS = Simple Command Structure
SCP = Short Communications Path
SOC = Span Of Control
ITL = IT Level (of Sophistication)
ITS = IT Strategic Importance
ITE = IT Expenditures
![Page 25: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/25.jpg)
Elegantsolutions.ca
Frameworks – COBIT
VALIT To Optimize IT Investments
Image from the IT Governance Institute’s VALIT-Framework
![Page 26: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/26.jpg)
Elegantsolutions.ca
Image from the IT Governance Institute’s VALIT-Framework
Frameworks – COBIT
VALIT To Optimize IT Investments
![Page 27: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/27.jpg)
Elegantsolutions.ca
Frameworks – COBITExample of Framework Content
Image from Resolver’s Compliance Framework
![Page 28: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/28.jpg)
Elegantsolutions.ca
Frameworks – ITILFrom a GC IT Services PerspectiveWith COBIT for Program Management
Image from The Treasury Board Profile of GC Information Technology Serviceshttp://www.tbs-sct.gc.ca/cio-dpi/webapps/technology/profil/profil05_e.asp
![Page 29: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/29.jpg)
Elegantsolutions.ca
Frameworks – ITIL
From an HP IT Services Planning Perspective
A common ITIL Image, this one from HP’s IT Service Management and IT Governance: Review, Comparative Analysis and their Impact on Utility Computing
![Page 30: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/30.jpg)
Elegantsolutions.ca
Frameworks – ITIL
From an Application Services Library Perspective
Another common ITIL Image, this one from ASLfoundation.org
Planning to Implement Service Management
Service Management
ServiceSupport
ServiceDelivery
The
Business
The Business Perspec-
tive
Applications Management
ICTInfra-
structureMgt
The
Technology
Security Management
![Page 31: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/31.jpg)
Elegantsolutions.ca
A common ITIL Image, this one from HP’s IT Service Management and IT Governance: Review, Comparative Analysis and their Impact on Utility Computing
Frameworks – ITIL
From an HP IT Services Operations Perspective
![Page 32: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/32.jpg)
Elegantsolutions.ca
Frameworks – BSC
From an IT Governance Perspective
Image from the IT Governance Institute’s Information Systems Control Journal The Balanced Scorecard and IT Governance By Wim Van Grembergen, Ph.D.
![Page 33: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/33.jpg)
Elegantsolutions.ca
Frameworks – BSC
From an IT Governance Perspective
Image from the IT Governance Institute’s Information Systems Control Journal The Balanced Scorecard and IT Governance By Wim Van Grembergen, Ph.D.
![Page 34: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/34.jpg)
Elegantsolutions.ca
Frameworks – BSC
Financial Internal
Business Processes
Learning & Growth
Customer
To succeed financially,how should we appear to our shareholders?
initiativestargets
measuresobjectives Financial
initiativestargets
measuresobjectives
initiativestargets
measures
objectives
initiativestargets
measuresobjectives
To achieve our vision , how should we appear to our customers ?
To satisfy our shareholders and customers what business processes must we aim at?
Customer Internal Business Process
To achieve our vision, how will we sustain our ability to change and improve ?
Learning and Growth
The balanced scorecard provides a framework to translate a strategy into operational terms
Visionand
strategy
From a Performance Measurement Presentation in the archives of the Faculty of Technology, Policy and Management, TBM.tudelft.nl, slide context attributed to: R.S. Kaplan, The balanced scorecard, 1996
Strategy to Operational Terms
![Page 35: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/35.jpg)
Elegantsolutions.ca
Frameworks – TOGAF
From TOGAF version 8.1
![Page 36: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/36.jpg)
Elegantsolutions.ca
Frameworks – TOGAF
From TOGAF version 8.1
![Page 37: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/37.jpg)
Elegantsolutions.ca
Frameworks – Zachman
From TOGAF version 8.1, Framework image from ZIFA.com
![Page 38: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/38.jpg)
Elegantsolutions.ca
Standards – AcSOC & PSAB
AcSOC’s primary function is to serve the public interest by overseeing the activities of the Accounting Standards Board (AcSB) and the Public Sector Accounting Board (PSAB). The AcSB and the PSAB both develop and establish standards and guidance governing financial accounting and reporting in Canada. The AcSB sets standards for profit-oriented enterprises and not-for-profit organizations, while the PSAB sets standards for public sector entities.
![Page 39: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/39.jpg)
Elegantsolutions.ca
Standards – PSAB
Focus: Accounting Standards for Public Sector entities
Consider PSAB when you need “to maintain the financial integrity of the entity” (Council role “e”)
![Page 40: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/40.jpg)
Elegantsolutions.ca
Standards – ISO/IEC 17799
ISO 17799 Information Technology
Code of Practice for Information Security Management Published by the International Organisation for Standardisation
(http://www.iso.org) and International Electrotechnical Commission (http://www.iec.org)
![Page 41: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/41.jpg)
Elegantsolutions.ca
Standards – CMMI
Best-known Maturity Model
Initial Repeatable Defined Measurable Optimized
1
initial
Project management
Process definition
Process measurements
Process control
Ad hoc, chaotic
4
quantitatively managed
Proces performance is predictable
2
managed
Projects perform according to plan
5
optimizing
Continually improving of process performance
3
defined
Projects are more consistent across the organization
CMMI as described by:
![Page 42: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/42.jpg)
Elegantsolutions.ca
Standards – ISO 17799 Domains
Security Policy Security Organization Asset Classification and Control Personnel Security Physical and Environmental Security Communications and Operations Management Access Control Access Control Systems Development & Maintenance Systems Business Continuity Management Compliance
![Page 43: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/43.jpg)
Elegantsolutions.ca
Standards – ISO 17799
Focus: Controls need to be established to ensure that the specific security objectives of the
organization are met
Consider it when:
You need guidance regarding the establishment and operation of security controls
![Page 44: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/44.jpg)
Elegantsolutions.ca
Standards – PMBOK®
Project Management Body of Knowledge
Planning and controlling projects Broadly applicable; Small to large scale Different domains or industries Globally recognized ANSI American National Standard IEEE Standard
![Page 45: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/45.jpg)
Elegantsolutions.ca
Standards – PMBOK®
Focus: Planning and controls of projects Commonly accepted framework Not a ‘how’, but ‘what’
Consider it when: You are leading a small or large project or initiative
![Page 46: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/46.jpg)
Elegantsolutions.ca
Processes – Six SigmaSix Sigma was invented by Motorola in 1986 as a way to measure defects and improving quality. Since then, it has evolved to a business improvement methodology that focuses an organization on customer requirements, process alignment, analytical rigor and timely execution.
![Page 47: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/47.jpg)
Elegantsolutions.ca
Processes – Six Sigma
Focus: Quality is defined by customer requirements for the chosen
process Defects are defined and counted Inconsistencies in the process, known as variation, are studied
Consider it when: process involves producing a product or service for a customer
and you want to measure improvements.
![Page 48: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/48.jpg)
Elegantsolutions.ca
Processes – LEAN (Kaizen)
Lean is about reducing or eliminating all activities that do not add value. It reduces or eliminates 8 principle sources of waste:
Waiting - set-up, changeover, no work, no operator, downtime
Inventory - stagnant Work-in-Process, spare parts, just-in-case
Overproduction - batch runs, minimum run rates
Extra Processing - rework, conditioning
Motion - non-adjacent processing, go-fer
Transportation - moving product
Defects - rejects
Underutilized People - THE GREATEST WASTE OF ALL!
From a TechHelp presentation, www.techhelp.org
![Page 49: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/49.jpg)
Elegantsolutions.ca
Integration Matrix
What was the One Common Denominator for Frameworks and Standards? Right! COBIT! COBIT has been mapped to
COSO ITIL SEI-CMMI PMBOK & Prince2 TOGAF ISO 17799
![Page 50: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/50.jpg)
Elegantsolutions.ca
Integration Matrix
DIRECTIVES-
REQUIREMENTS
FRAMEWORKSSTANDARDSPROCESSES
ITPOLICY-BASED
INITIATIVES
Corporate………...• Orders in Council• Directives• Policy
ITSUSTAINMENT
Social………......• Conservation• Environment• Health & Safety
ITDEVELOPMENT
Government……• Federal• Provincial• Regional• Bill 198*
ITGOVERNANCE
INTEGRATING FRAMEWORK IS COBIT
COSOISO 17799
ITIL BSC PMBOCTOGAF
PSABCMMI
TOOLS FOR SUCCESS – SIX-SIGMA / LEAN /
OTHER INITIATIVES
* See note on Bill 198 – next slide
![Page 51: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/51.jpg)
Elegantsolutions.ca
BILL 198
An Act to implement Budget measures and other initiatives of the Government
Bill 198 enables Ontario Municipal Statutes Bill 198 also enables OSC regulations, but that’s not
germane to this presentation…yet.It may be in the future. In the context of “a public sector entity”, there is the possibility that public sector entities may, at some point in time, be required to satisfy “OSC-type” regulations in a manner similar to public companies listed on the TSX and other exchanges. This is beginning to happen voluntarily in some places as a “matter of good governance”.
![Page 52: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/52.jpg)
Elegantsolutions.ca
Why is this document so important?
Integration – How to Integrate IT Control Objectives for Sarbanes-Oxley
![Page 53: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/53.jpg)
Elegantsolutions.ca
Auditing Standard 2 (AS2)
COBITCOBITControl ObjectivesControl Objectives
ITILITILActivitiesActivities
ISO 17799ISO 17799SecuritySecurity
Internal ControlsInternal Controls--
Integrated FrameworkIntegrated Framework
(Not ERM)(Not ERM)
Version 2.0 benefits from lessons learned during the first two years.
Sarbanes-Oxley Act of 2002
Bill 198
Integration – How to Integrate IT Control Objectives for Sarbanes-Oxley (Cont.)
![Page 54: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/54.jpg)
Elegantsolutions.ca
Why is this document so important? The first edition has been downloaded more than a quarter of a
million times* De facto standard for evaluating information technology (IT)
controls in support of compliance Governance More than 100 expert reviewers provided input to second edition. The second edition incorporates many of the lessons learned
since the first edition of the publication was issued. De facto Road Map for designing a governance initiative based
on COBIT, which is already integrated with much of COSO, ITIL & ISO17799
Integration – How to Integrate IT Control Objectives for Sarbanes-Oxley (Cont.)
* From the InsideSarbanesOxley.com blog http://www.insidesarbanesoxley.com/sarbanes_oxley_blog/archive/2006_10_01_index.asp
![Page 55: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/55.jpg)
Elegantsolutions.ca
* From the InsideSarbanesOxley.com blog http://www.insidesarbanesoxley.com/sarbanes_oxley_blog/archive/2006_10_01_index.asp
Integration – How to Integrate IT Control Objectives for Sarbanes-Oxley (Cont.)
![Page 56: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/56.jpg)
Elegantsolutions.ca
* From the InsideSarbanesOxley.com blog http://www.insidesarbanesoxley.com/sarbanes_oxley_blog/archive/2006_10_01_index.asp
Integration – How to Integrate IT Control Objectives for Sarbanes-Oxley (Cont.)
![Page 57: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/57.jpg)
Elegantsolutions.ca
* From the InsideSarbanesOxley.com blog http://www.insidesarbanesoxley.com/sarbanes_oxley_blog/archive/2006_10_01_index.asp
Integration – How to Integrate IT Control Objectives for Sarbanes-Oxley (Cont.)
1. Plan and Scope
2. Assess Risk
![Page 58: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/58.jpg)
Elegantsolutions.ca
* From the InsideSarbanesOxley.com blog http://www.insidesarbanesoxley.com/sarbanes_oxley_blog/archive/2006_10_01_index.asp
Integration – How to Integrate IT Control Objectives for Sarbanes-Oxley (Cont.)
3 Document Controls
4.1 Evaluate Design
4.2 Evaluate Operational Effectiveness
![Page 59: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/59.jpg)
Elegantsolutions.ca
* From the InsideSarbanesOxley.com blog http://www.insidesarbanesoxley.com/sarbanes_oxley_blog/archive/2006_10_01_index.asp
Integration – How to Integrate IT Control Objectives for Sarbanes-Oxley (Cont.)
5. Evaluate and Remediate Deficiencies
6. Build Sustainability
![Page 60: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/60.jpg)
Elegantsolutions.ca
Integration – How to Integrate
IT Governance Based on COBIT4 Follow the Compliance Road Map Use all of COBIT4’s Control Objectives initially Scale back where not applicable Scale up with other frameworks where applicable. For example:
ITIL in COBIT4 is to ensure compliance with regulations, add more ITIL where appropriate
Same for ISO 17799, PMBOK, TOGAF & CMMI Customize to fit your environment, as you did with the Tailored PM
Framework
![Page 61: Governance Tools Boyd Carter 2006](https://reader033.vdocuments.us/reader033/viewer/2022061222/54c042ea4a79597c3e8b4593/html5/thumbnails/61.jpg)
Elegantsolutions.ca
Questions?