View
114
Download
0
Category
Preview:
Citation preview
#ISSlearn
#ISSlearn
GOVERNANCE
IN THE AGE OF DIGITAL
11 Aug 2017 / Nicholas Tan
#ISSlearn#ISSlearn
Agenda
What is Digital?
• What is Governance?
• Need for Governance
• Governance by Design
2© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 3
What is Digital? A View
3© 2017 National University of Singapore. All Rights Reserved
https://www.youtube.com/watch?v=xsWbECkVqgI
#ISSlearn 4
What is Digital? Another View
4© 2017 National University of Singapore. All Rights Reserved
https://www.youtube.com/watch?v=SgLxocWA4JI
#ISSlearn 5
What is Digital? A Collision
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 6
Digital – Compressed Timeline
6© 2017 National University of Singapore. All Rights Reserved
#ISSlearn#ISSlearn
Agenda
• What is Digital?
• What is Governance?
• Need for Governance
• Governance by Design
7© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 8
“Academic” Definition
Definition Source
IT governance is the responsibility of the Board of Directors and Executive Management. It is an integral part of
enterprise governance and consists of the leadership and organizational structures and processes that ensure
that the organization’s IT sustains and extends the organization’s strategy and objectives.
[1]
Specifying the decision rights and accountability frameworks to encourage desirable behavior in using IT. [2]
IT governance is the organizational capacity exercised by the board, executive management and IT management
to control the formulation and implementation of IT strategy and in this way ensure the fusion of business and IT.[3]
IT governance is the definition and implementation of processes, structures, and relational mechanisms in the
organization that enable both business and IT to execute their responsibilities in support of business/IT alignment
and the creation of business value from IT enabled investments.
[4]
IT Governance is the strategic alignment of IT with the business such that maximum business value is achieved
through the development and maintenance of effective IT control and accountability, performance management
and risk management.
[5]
IS/IT governance concentrates on the structure of relationships and processes to develop, direct and control IS/IT
resources in order to achieve the enterprise’s goals through value adding contributions, which account for
balancing risk versus return over IS/IT resources and its processes.
[6]
IT Governance describes the distribution of IT decision-making rights and responsibilities among different
stakeholders in the organization, and the rules and procedures for making and monitoring decisions on
strategic concerns.
[7]
Preparation, development and implementation of decisions on goals, processes, people and technology at
tactical and strategic levels.[8]
The organizational capacity to control the formulation and implementation of IT strategy and guide to proper
direction for the purpose of achieving competitive advantages for the corporation.[9]
8
Source: Mahy, Y., Ouzzif, M., & Bouragba, K. (2016). Toward a shared view of IT governance. International Journal of Innovation, Management and Technology, 7(4), 125-131.
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn
Common Elements
9
IT governance is the responsibility of
the Board of Directors and Executive
Management. It is an integral part of
enterprise governance and consists
of the leadership and organizational
structures1 and processes2 that
ensure that the organization’s IT
sustains and extends the
organization’s strategy and
objectives3.
Specifying the
decision rights and
accountability
frameworks4 to
encourage desirable
behavior5 in using IT.
Element ITGI Weill
Structures 1 4
Processes 2 4
Alignment 3 5
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 10
“Practical” Definition
Gartner defines “governance” as the process of:
• Setting decision rights and accountability; establishing policies
aligned to business objectives (preservation and growth of
shareholder value)
• Balancing investments in accordance with policies and in support
of business objectives (coherent strategy realization)
• Establishing measures to monitor adherence to decisions and
policies (compliance and assurance)
• Ensuring that processes, behaviours and procedures are in
accordance with policies and within tolerances to support
decisions (risk management)
10© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 11
Governance… To What End?
+ Clarity of responsibilities and accountability for
both demand and supply of IT
+ Good practice in relationships with stakeholders
+ Innovation in services, markets and business
+ Efficient allocation of resources
+ Actual realization of expected benefits from each
IT investment
+ Business sustainability
11
Value Creation
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 12
Value Creation? Value Loss?
Organization Function Measure of Value IT Measure?
Procurement Cost savings
TC
O?
SLA
?
Finance Maximize cash flow
Human Resource Employee engagement
Engineering New designs
Sales Revenue
Operations Productivity
Legal Compliance
Manufacturing Quality
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn#ISSlearn
Agenda
• What is Digital?
• What is Governance?
• Need for Governance
• Governance by Design
13© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 14
Inversion of Control
Collaborate
Digita
lstr
ategy
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 15
Pressure from Digital
Source: https://www.techinasia.com/singapore-press-holdings-media-revenue-declined-4-straight-years
Source: Martin Hirt, Paul Willmott, “Strategic principles for competing in the digital age” in McKinsey Quarterly, May 2014
“Digital capabilities
increasingly will
determine which
companies create or lose
value.”
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 16
“World’s Best” Digital Bank
Winner Shortlisted
https://www.forbes.c
om/sites/jasonbloom
berg/2016/12/23/how
-dbs-bank-became-
the-best-digital-
bank-in-the-world-
by-becoming-
invisible/#2ef169e83
061
Asian-ness ‘Asian service’…
Respectful, Easy to deal with, and Dependable
CEO
COO
Eliminate ‘Waste’
“We took out 250 million customer hours of waste per year.”
“One year later, we had the top customer satisfaction scores in Singapore,”
User-Centered Design
When customers lose wallet or handbag… new call centre script… first, show empathy; then explain the process; and finally, provide phone numbers to help the customer get their lives back together.
Make Banking Invisible
“Digital is all about the business model, enabled by emerging technology and data,”
“Great user experiences based on ecosystem plays to make the banking component invisible.”
Driving Innovation
“I told our innovation team: don’t innovate,”
“Instead, teach the rest of the organization to innovate.”
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 17
Everywhere @digital
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 18
Governance “Miss”
© 2017 National University of Singapore. All Rights Reserved
Observation 3: The OEA project was not approved through established IT Governance and did not follow required IT Governance
processes.
Dr. Chin described the OEA project to us as a donor-funded research and innovation project derived from a concept that artificial intelligence could
potentially be applied to the delivery of health care. She clarified that, “because of its high-risk and transformative nature, it was not [an] idea suitable
for extramural grant funding” and “therefore, it was up to philanthropy” to fund the project. As a donor-funded research project “not executed under IT
management,” she did not consider it to be an information technology (IT) project that would have been subject to institutional IT development policies
and processes.
MD Anderson’s Information Technology Project Management and Governance Policy defines an IT project as, “an initiative that provides technology
solutions (e.g., products, services, or results) characterized by well-defined parameters, specific objectives, common benefits, planned activities, a
scheduled completion date, an established budget with a specified source of funding, and requires in excess of 80 hours of work effort to complete.”
…
The OEA project was not proposed to ISET, did not receive formal ISET approval, and did not follow the established IS Governance Project Portfolio
Management process.
We believe OEA meets the definition of an IT project per MD Anderson policy primarily because the objective of the project, from its inception, was to
develop a technology solution to be broadly used in delivering MD Anderson services.
…
We acknowledge that MD Anderson’s policy definition of an IT project could be subjective. Although we believe OEA meets the definition, Dr. Chin told
us that she views OEA only as a “research innovation project” and, as such, IT project procedures should not apply. We view the project as both. She
further stated that ISET leadership “should have suggested or required such action from [her]” if ISET approval and governance was needed. IT staff
reported to us involvement throughout the project, but confirmed that the IT governance process was not followed. Staff told us that Supply Chain
Management would normally confirm ISET approval before processing purchase orders. However, in this case procurement staff stated that this project
was an “outlier” and did not provide further explanation or justification.
OEA – Oncology Expert Advisor
ISET – Information Systems Executive Team
#ISSlearn#ISSlearn
Agenda
• What is Digital?
• What is Governance?
• Need for Governance
• Governance by Design
19© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 20
Organizational Demarcation
© 2017 National University of Singapore. All Rights Reserved
• Giving directions and oversight
Governance
• Keeping operations aimed at achieving common pre-defined goals
Management
• Running the day-to-day business
Operations
#ISSlearn 21
System of Practice
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 22
Governance Timeline
Unclear
origin…
1998… IT
Governance
Institute was
formed
Late 90’s… articles
start mentioning “IT
Governance” in
their titles
2002… mention of
IT Governance as a
Board function
2003… Gartner
introduced idea of
“Improving IT
governance”
A set of practices to
guide IT people to provide
IT services that meet the
needs of business
formalized as Service
Level Agreements (SLAs).
A framework that “helps
enterprises create optimal
value from IT by
maintaining a balance
between realizing benefits
and optimizing risk levels
and resource use”[10].
An international standard
for corporate governance
of IT that provides
“principles, definitions, and
a model for evaluating,
directing and monitoring
the use of IT.
Common control “processes, procedures and policies”
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 23
‘What’ vs ‘How’
‘What’…
Direct
‘How’…
Manage
Are we Doing the
right things?
Are we Getting
the right
benefits?
Are we Doing
them the right
way?
Are we Getting
them done well?
Create
Retire
Sustain
Discover… Design… Develop… Discover…
Adapted: J. Thorp, The Information Paradox, 2007
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 24
Governance – by any other name
DIRECT
ADVISE
ISO/IEC 38500:2015 COBIT 5.1
COBIT 5.1
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 25
Assign responsibilities for the preparation
and implementation of plans and policies
Assign responsibilities for the
preparation and implementation
of performance management
ISO/IEC 38500:2015
Guiding principles for good corporate governance of IT
Responsibility Employees know their responsibilities both in
terms of demand and supply of IT and have the
authority to meet them
Strategy Business strategies take into account IT
resources & capabilities and IT strategies are
aligned with business strategies
Acquisition IT acquisition decisions are taken in a
reasonable and transparent way, short-term and
long-term costs/risks and benefits are weighed
Performance The purpose of IT is to serve business. It is
ready to meet current and future needs
Conformance IT complies with legislation and regulations.
Policies and practices are clearly defined and
implemented
Human
behaviour
IT policies, practices and decisions show
respect for Human behavior and the needs of all
the ‘people in the process’
Political and
economic
pressures
Business
pressures
Technology
trends
Proposals and
strategy
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 26
Core Capabilities
GovernanceP
ort
foli
o
Man
ag
em
en
t
Perf
orm
an
ce
Man
ag
em
en
t
Ris
k
Man
ag
em
en
t
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 27
Conclusion
By chance
• Sponsor
• Prioritize
• Protect
• Remove hurdles
• Communicate
Leadership
• Capability
• Structure
People
• Policies
• Guidelines
Process
• Fit for purpose
Technology
By design
© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 2828© 2017 National University of Singapore. All Rights Reserved
#ISSlearn
APPENDIX
29© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 30
References
Source Description
[1] IT Governance Institute, Board Briefing on IT Governance, Rolling Meadows, Ill.: IT Governance Institute, 2003.
[2]P. Weill and J. W. Ross, IT Governance How Top Performers Manage IT Decision Rights for Superior Results,
2004.
[3] W. V. Grembergen, Strategies for Information Technology Governance, Hershey: Idea Group Pub, 2004.
[4]S. DeHaes and W. Van Grembergen, Enterprise Governance of Information Technology, Boston, MA: Springer
US, 2009.
[5]P. Webb, C. Pollard, and G. Ridley, “Attempting to define IT governance: wisdom or folly?” in Proc. the 39th
Annual Hawaii International Conference on System Sciences, 2006, vol. 8, p. 194a–194a.
[6]N. Korac-Kakabadse and A. Kakabadse, “IS/IT governance: need for an integrated model,” Corp. Gov. Int. J. Bus.
Soc., vol. 1, no. 4, pp. 9–11, Dec. 2001.
[7]
R. R. Peterson, R. O’Callaghan, and P. Ribbers, “Information technology governance by design: investigating
hybrid configurations and integration mechanisms,” in Proc. the Twenty First International Conference on
Information Systems, 2000, pp. 435–452.
[8]M. arten Simonsson and P. Johnson, “Defining IT governance-a consolidation of literature,” in Proc. the 18th
Conference on Advanced Information Systems Engineering, 2006, vol. 6.
[9] W. V. Grembergen, The Balanced Scorecard and IT Governance, 2000.
[10]Information Systems Audit and Control Association, COBIT 5: A Business Framework for the Governance and
Management of Enterprise IT, Rolling Meadows, Ill: ISACA, 2012.
30© 2017 National University of Singapore. All Rights Reserved
#ISSlearn 31
THANK YOU
nicholas_tan@nus.edu.sg
31© 2017 National University of Singapore. All Rights Reserved
Recommended