Upload
barb
View
40
Download
1
Embed Size (px)
DESCRIPTION
Governance and Audit of IT in a Post-Recession World. Mark Toomey Author: Waltzing with the Elephant Managing Director Infonomics Pty Ltd Member, Standards Australia Committee IT-030 Member, ISO/IEC JTC-1 WG6. 0:00/1. A little (more) about me…. 0:01/1. - PowerPoint PPT Presentation
Citation preview
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Audit of IT in a
Post-Recession World
Mark ToomeyAuthor: Waltzing with the Elephant
Managing Director Infonomics Pty LtdMember, Standards Australia Committee IT-030
Member, ISO/IEC JTC-1 WG6
Page 10:00/1
©2010 Infonomics Pty Ltd Post-Recession World
A little (more) about me…
Page 20:01/1
©2010 Infonomics Pty Ltd Post-Recession World
The promise of Information Technology...
Page 3
Photo
s: (
1)
htt
p:/
/velo
city
reso
urc
e.c
om
/RS
6A
vantP
lus.
asp
x a
nd
Aud
i.(2
) Pub
lic d
om
ain
– w
idely
cir
cula
ted
em
ail
0:02/2
... or a shattered dream.
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey• From 11 Feb to 23 Mar 2010• Responses (complete – 75)
– 13 Board Directors– 23 Business roles– 39 IT roles
• Education– 38 Masters/MBA and above– 23 degree– 26 focused on technical– 35 focused on business
• Age– 22 are 36 – 45– 29 are 46 – 55– 19 are 56 Plus
• Organisation– 25 listed– 19 government– 15 private– 6 branch / subsidiary– 4 not-for-profit
• Location– 25 AU– 15 NL– 8 GB– 6 US– 4 ES– 2 NZ– AE, AR, AX, BE, CA, DE, IN, IT, TR, VG, ZA.
• Scale– 7 Up to US$ 500,000– 4 US$ 500,000 to US$ 2m – 5 US$ 2m to US$ 10m – 12 US$ 10m to US$ 100m– 41 More than US$ 100m
• Employees– 7 at 1 - 10 – 7 at 11 - 50 – 6 at 51 - 200 – 0 at 201 - 500 – 26 at 501 - 5000 – 29 at 5001 and above
Page 40:04/1
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey
Page 5
There is a strong track record over several years of successful IT projects that deliver the intended business outcomes.
0:05/1
24%48%
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey
Page 6
Executive management has sufficient evidence that day to day business operations will not be seriously damaged by unplanned interruptions to operational IT systems.
0:06/1
46%32%
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey
Page 7
The full spectrum of costs, risks, opportunities and value derived from the organization's current portfolio of operational IT systems is well understood and acceptable.
0:07/1
22%58%
©2010 Infonomics Pty Ltd Post-Recession World
From enormous challenge...
• Medicare database blunder (2005)• Customs commissions review of ICS
debacle (2006)• Defence weak on IT, says chief
(2007)• Vic: Health IT program late, over
budget (2008)• Consultant: 33% of IT spend is
wasted (2009)• Young war widows struggling (2009)• Software glitch stymies green loans
(2009)
• Licensing project over budget and a decade late(NSW, October 2009)
• e-government• e-health• Accessible government• Efficient government• “Joined up” government• Innovative government
• Post to offer passports online• Tech to prevent welfare cheats
• Real change, real solutions, delivered and acclaimed, in business as in government.
Page 8
... to outstanding performance
0:08/2
©2010 Infonomics Pty Ltd Post-Recession World
It can happen to anybody…
21 April 2023 Page 9
2004
Five Day Fiasco
2005
Cargo Management
2006
ERP Consolidation
2007
Futures Market
2008
Scrapped
2009
Amadeus
2010
Crippled
2010
Year 2010
… and it KEEPS happening!
0:10/3
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey
Page 10
Most organizations are very effective in governing their use of IT.
0:13/1
4%82%
©2010 Infonomics Pty Ltd Post-Recession World 21 April 2023
We have tried to make IT better…
• Typical efforts to ensure that IT is doing its job competently– Rigour– Process– Control– Reporting
– … Miss the point!
ITILITIL Prince2Prince2 CoBITCoBIT
CMMICMMI PMBOKPMBOK
PPMPPM
Page 11
EtcEtcMSPMSP
0:14/1
©2010 Infonomics Pty Ltd Post-Recession World
We have tried to make IT better… …but we have missed the key issue!
21 April 2023 Page 120:15/2
©2010 Infonomics Pty Ltd Post-Recession World 21 April 2023
We have tried to make IT better…
• Typical efforts to ensure that IT is doing its job competently…– Rigour– Process– Control– Reporting
… Miss the point!• It’s not just in IT that problems develop:
– Use of IT to achieve business goals involvesbusiness change
• Process• People• Structure• Context
– And necessarily requires that business leaders engage fully:• Being responsible• Setting direction• Planning and implementing
Polishing INSIDE the Kettle improves supply…
… but does not fully address the problem of use!
Governance of IT has to deal with Governance of IT has to deal with how organisations USE IT as well as how organisations USE IT as well as with how IT departments operate.with how IT departments operate.
Governance of IT has to deal with Governance of IT has to deal with how organisations USE IT as well as how organisations USE IT as well as with how IT departments operate.with how IT departments operate.
DeliveryDelivery
UseUseMany issues arise Many issues arise here – outside IT’s here – outside IT’s sphere of control.sphere of control.
Many issues arise Many issues arise here – outside IT’s here – outside IT’s sphere of control.sphere of control.
Page 13
… the problem is not the IT function!
ITILITIL Prince2Prince2 CoBITCoBIT
CMMICMMI PMBOKPMBOK
PPMPPM EtcEtcMSPMSP
0:17/1
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey
Page 14
Organizations that govern their IT very well have a strategic advantage.
0:18/1
90%3%
©2010 Infonomics Pty Ltd Post-Recession World
The purpose of information technology...
• Four key elements of operating organisations– People – who participate in business events– Process – what business events take place– Structure – where business events happen– Technology – enabling and recording events
• Operating context of the organisation– External– Internal.
• IT intrinsic to day to day operations – Generic - Email, Telephony, Information– Business process specific - Transactions,
Customers, Etc– Future capabilities and functions.
Page 15
ProcessProcess StructureStructure
PeoplePeople
TechnologyTechnology
The
Busin
ess C
onte
xt
The
Busin
ess C
onte
xt
Based on H.J. Leavitt’s Model of organisational change, published in 1965.
0:19/1
The Business System
The Business System
©2010 Infonomics Pty Ltd Post-Recession World
ProcessProcess StructureStructure
PeoplePeople
TechnologyTechnology
The Business System
The Business System
The
Busin
ess C
onte
xt
The
Busin
ess C
onte
xt
• Four key elements of operating organisations– People – who participate in business events– Process – what business events take place– Structure – where business events happen– Technology – enabling and recording events
• Operating context of the organisation– External– Internal.
• IT intrinsic to day to day operations – Generic - Email, Telephony, Information– Business process specific - Transactions,
Customers, Etc– Future capabilities and functions.
• When IT fails, everything goes pear-shaped– Citylink Melbourne, Tuesday 20 Sept 2006
The purpose of information technology...... we depend on it as a business tool.
Page 16
The Business System
The Business System
Based on H.J. Leavitt’s Model of organisational change, published in 1965.
TechnologyTechnology
PeoplePeople
StructureStructureProcessProcess
0:20/1
©2010 Infonomics Pty Ltd Post-Recession World
ProcessProcess StructureStructure
PeoplePeople
TechnologyTechnology
The Business System
The Business System
The
Busin
ess C
onte
xt
The
Busin
ess C
onte
xt
ProcessProcess StructureStructure
PeoplePeople
TechnologyTechnology
The Business System
The Business System
The
Busin
ess C
onte
xt
The
Busin
ess C
onte
xt
And we use IT as an enabler of change...
• IT is now a fundamental enabler of change and is leading to new business models and new business practices
– Eg e-Government
• Implementing IT enabled change involves attention to every facet of business models and practices
– Internal and external factors
Page 17
• Governing IT Enabled Change involves much more than governing technology activities.
“Traditional” IT Change Project“Traditional” IT Change Project
Omnibus Change• Business System
•Process•Technology•Structure•People
• Business Context•Process•Technology•Structure•People
Omnibus Change• Business System
•Process•Technology•Structure•People
• Business Context•Process•Technology•Structure•People
The Business System
The Business System
TechnologyTechnology
PeoplePeople
StructureStructureProcessProcessChangedProcess
ChangedProcess
ChangedStructureChangedStructure
ChangedPeople
ChangedPeople
ChangedTechnologyChanged
Technology
Changed Business System
Changed Business System
Chang
ed B
usin
ess Con
text
Chang
ed B
usin
ess Con
text
0:21/2
...but change involves much more than IT!
©2010 Infonomics Pty Ltd Post-Recession World
Ongoing business
operations
StrategicBusinessFuture
Reliable IT Service
Effective IT enabled change
Information technology is a tool ...
Page 18
Business Domain: How IT
is used to enable and operate the
business
IT Domain: How IT is
managed and delivered.
0:23/2
... what determines the use of the tool?.
©2010 Infonomics Pty Ltd Post-Recession World
Ongoing business
operations
StrategicBusinessFuture
Reliable IT Service
Effective IT enabled change
Business Domain: How IT
is used to enable and operate the
business
IT Domain: How IT is
managed and delivered.
The context for governance of IT...
Page 190:25/1
Ongoing business operations
StrategicBusinessFuture
Reliable IT ServiceEffective IT
enabled change
Business Domain: How IT is used to enable and operate the business
IT Domain: How IT is managed and
delivered.
Dem
and
Dem
and
©2010 Infonomics Pty Ltd Post-Recession World
GovernanceEvaluate
The context for governance of IT... ... is to direct and control the use.
Page 20
Managem
en
tR
esp
onsi
bili
tyTop level
overs
igh
t
Th
e S
yst
em
of
Govern
ance
0:26/1
Ongoing business operations
StrategicBusinessFuture
Reliable IT ServiceEffective IT
enabled change
Business Domain: How IT is used to enable and operate the business
IT Domain: How IT is managed and
delivered.
Dem
and
Dem
and
Direct MonitorCurrent & proposed
demand for & supply of IT
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey
Page 21
Governance of IT means evaluating, directing and monitoring the current and proposed future use of IT. It involves overseeing preparation of plans for use of IT, overseeing delivery of business change enabled by IT and overseeing ongoing operational use of IT.
0:27/1
90%7%
©2010 Infonomics Pty Ltd Post-Recession World
Directing and controlling the use of IT... ...does not require technical expertise.
AS8015 &ISO 38500 principles• Responsibility;• Strategy;• Acquisition;• Performance;• Conformance;• Human Behaviour.
Page 22
Business
Pressures
Governance
Management
Evaluate
Direct Monitor
IT enabled business change
projects
IT enabled business
operations
0:28/2
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey
Page 23
Governing the use of IT is the responsibility of those who have overall governance responsibility.
0:30/1
80%14%
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey
Page 24
Too much of contemporary guidance on “IT Governance” is actually focused on “IT Management”.
0:31/1
78%6%
©2010 Infonomics Pty Ltd Post-Recession World
Peter Gershon told government leaders...
Finding
• Weak governance of Pan-Government issues related to ICT.
– Has led to significant fragmentation and duplication
• Lack of standardisation in common processes
• Agency governance mechanisms are weak in respect of focus on ICT efficiency and understanding of organisational capability to commission, manage and realise benefits from ICT-enabled projects.
– ICT vs organisational capability.
Recommendation
• Strengthen Pan-Government Governance
– Ministerial committee on ICT– Secretaries ICT Governance board
with strong mandate• Drive ministerial agenda on whole of
government use of ICT.
– Oversight of opt-outs– Redefine AGIMO role– Establish program board
• Strengthen Agency Governance– Link between policy formulation and
implementation– Best practices in benefits realisation.
Page 25
Those at the top
levels of
government have
to play their role in
governance of IT.
0:32/1
...it’s your job to drive success.
So do those at the
top of business –
but what is this
part?
©2010 Infonomics Pty Ltd Post-Recession World
Responsibility of business leaders...
• Plan the future model for an efficient and effective business that is inevitably enabled by and dependent on IT.
• Orchestrate the pervasive change to the systems of business – people, process, structure AND technology.
• Relentlessly drive change at the four points of the business system, never forgetting that leaving IT to lead or push WILL result in failure.
• Persistently measure performance of IT in business terms and control IT expenditure in those terms - for investments and business as usual.
• Encourage and reward appropriate behaviour of the people involved to maximise the outcomes of planned change.
Page 26
...is to lead change from the front.
0:33/3
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey
Page 27
Achieving intended business outcomes is the principal measure of success for an “IT project”.
0:36/1
85%7%
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey
Page 28
Business managers should be accountable for delivery of business outcomes which mark the successful completion of “IT projects”.
0:37/1
83%6%
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey
Page 29
Effective governance of IT requires a set of management systems that are fit for purpose and appropriate to the nature of the organization.
0:38/1
87%6%
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Management of ITGlobal Survey
Page 30
A formal certification scheme is required, so that organizations can test and verify the effectiveness of their arrangements for governance of IT.
0:39/1
52%13%
©2010 Infonomics Pty Ltd Post-Recession World
Governance and Audit of IT in theThe Post-Recession World
• Clear understanding and delineation of governance and management roles;
• Governance focused on principles and behaviour, not process;
• Audit gives assurance to the board;• Audit looks beyond process to behaviour;• Scope of governance and audit engagement is the entire
business system;• Audit helps bring future problems into early focus.
Page 310:41/2
©2010 Infonomics Pty Ltd Post-Recession World
More information
www.infonomics.com.au
Page 320:43/7
Questions
Download these slides from: www.infonomics.com.au/PresGAPRW.htm.