IT GOVERNANCE: WHAT LIBRARY BOARDS NEED TO KNOW NOWKaren DubeauBoard Member, Newmarket Public Library Boardkwdubeau@yahoo.com

AGEN

DA

1. What is IT Governance?

2. Why is it Important for Libraries?

3. How Does it Apply to Board Responsibilities

• Strategic Planning• Financial/Legal issues• Risk Management• Advocacy• Staff Retention and Recruitment

4. What You Can Do Now

5. Key Resources

6. Questions and Answers

IT GO

VERNAN

ACEWhat Is IT Governance?

IT Governance is "a framework for the leadership, organizational structures and business processes, standards and compliance to these standards, which ensure that the organization’s IT supports and enables the achievement of its strategies and objectives." IT Governance Institute

If Information Technology is a part of your business, governance now extends to and includes information and the IT infrastructure that supports your business.

IT GO

VERNAN

ACEWhat Is IT Governance?

The overall objective of IT governance is to:• understand the issues and the strategic importance of IT, so that the organization can sustain its operations and implement the strategies required to extend its activities into the future.

•IT governance aims at ensuring that expectations for IT are met and IT risks are mitigated.

IT GO

VERNAN

ACEWhy Is It Important?

“IT Governance is the term used to describe how those persons entrusted with governance of an entity will consider IT in their supervision, monitoring, control and direction of the entity. How IT is applied within the entity will have an immense impact on whether the entity will attain its vision, mission, or strategic goals.”

Robert S. Roussey, CPA, Professor, University of Southern California

IT GO

VERNAN

ACEComponents of IT Governance

Strategic Alignment

Value Delivery

Resource Management

Risk Management

Performance Measurement

IMPO

RTANCE TO

LIBRARIESStrategic Planning

The right IT investments can save costs, improve productivity, provide robust services

How IT can support the organizations achieving its goals - understanding the costs and benefits

Setting guidelines for management

Assessing capability to take advantage of IT

Assessing skills sets required to realize objectives

Framework for budget planning and capital investments

IMPO

RTANCE TO

LIBRARIESRelevance of IT Governance to Libraries

Impacts all areas of Library operations and service delivery

Increasingly critical regarding deployment of WiFi and RFID services

Tremendous opportunity for Libraries, but:

Impacts: Strategic Planning Financial Planning Brings legal and regulatory issues Introduces risk and requires risk management Advocacy components pertinent to Libraries

STRATEGIC PLAN

NIN

GBoard Responsibilities

Board needs to extend governance to IT and provide the leadership, organizational structures and processes that ensure the enterprise’s IT sustains and extends the strategies and objectives.

-Align IT strategy with business strategy-Cascade IT strategy and goals down into the organization-Ensure that an IT governance framework be developed-Measuring IT performance

FINAN

CIALGovernance Issues

Scale of Investment will grow

Increasing focus on using technology for:- reducing costs, expanding services, reaching new audiences- upgrading IT infrastructure (communications, servers,

applications, and related skills)

Will become one of the largest capital expenditures and running operational costs (second only to staffing)

Directors are responsible for overseeing assets of the organization and for financial planning, therefore, they need to know about theIT costs and potentially the biggest investments

LEGAL ISSU

ESBoard Responsibilities

FIPPA, MFIPPAEnsuring compliance with relevant statutesProtection and privacy of patron information

- especially on integrated or distributed networks- issue when services are hosted remotely- RFID carries potential for patron privacy to be compromised

Licensing Agreements

Digital Rights and Digital Rights Management

RISK MAN

AGEM

ENT

Board Responsibilities

Duty of Care- to clients, to funders- to asset management

Network Security Issues- effective security is a “spectrum” from desktops to firewalss- public access to Internet and WiFi – need to be able to identify breaches and have policies in place for account suspension

Protection Failure Response Protocols- public relations component- failure to respond effectively could significantly impact future services and potential funding

Business Continuity/Service Interruptions

ADVO

CACYBoard Responsibilities

Bridging the digital divide – appropriate resources provided to the community

Promoting information literacy Ensuring equitable accessMitigating increased costs for all types of content (CRTC )

Discussion of Net Neutrality and current CRTC positions Downstream effects on Libraries

Emerging Issue of Green IT

FINAN

CIAL ISSUES

Green IT

An increasingly relevant subject requiring consideration within the sphere of IT Governance is the issue of Green IT. In the same way that IT Governance is a critical component within the Corporate Governance of an organisation, Green IT has become an essential aspect within the decision making, framework building, and business processes, of IT Governance.Find further information on Green IT here and a selection of cutting edge texts, support manuals, and standards on both Green IT and the Environmental Management Standard ISO 14000.

WH

AT YOU

CAN D

O N

OW

Next Steps:

Understand emergence of CIO function in private sector

Find out more about issues of concern - Learn

You don’t have to be able to program or trouble shoot your PC, but it does help to have a high level understanding of technology

Ask pertinent questions

Consider implementing security audit processes

Review existing policies – update where necessary, create where not present

Bring in Expertise – 2 methods

FINAN

CIAL ISSUES

Regulatory Frameworks

ISO/IEC 38500The world's formal international IT Governance Standard, IS/IEC 38500, was published in June 2008. the standard is a key resource for IT governance professionals everywhere in the world.

ITIL®, CobiT® and ISO17799ITIL®, or IT Infrastructure Library®, was developed by the UK's Office of Government Commerce as a library of best practice processes for IT service management. Widely adopted around the world,

CobiT®, or Control Objectives for Information and related Technology, was developed by America's IT Governance Institute. CobiT is increasingly accepted as good practice for control over information, IT and related risks.

ISO17799, now renumbered as ISO27002 and supported by ISO 27001, (both issued by the International Standards Organization in Geneva), is the global best practice standard for information security management in organizations.

Joint FrameworkISO 17799 (ISO27002), ITIL and CobiT are all, potentially, part of any best-practice approach to regulatory and corporate governance compliance. The challenge, for many organizations, is to establish a co-ordinated, integrated framework that draws on all three of these standards. The recently released Joint Framework, put together by the ITGI (owners of CobiT) and the OGC (owners of ITIL) is a significant step in the right direction. Here is a webinar that describes how to leverage this best-practice framework to simplify your regulatory compliance.

RESOURCES

RESOU

RCES

Organizations:

IT Governance Institute: http://www.itgi.org

it Governance Company: http://www.itgovernance.co.uk

Information Systems Audit and Control Association (ISACA): http://www.isaca.org

QUESTIONS AND ANSWERS