it governance for board members
DESCRIPTION
An introduction to IT Governance for corporate board members.TRANSCRIPT
IT GovernanceEdmonton ICD Governance Forum
Bill ClarkAlberta Gaming and Liquor Commission
April 25, 2012
1. Is IT a Topic for the Board?2. Current and Emerging IT Trends3. IT Governance4. Questions to Ask Your CEO5. Questions / Comments
Agenda
◦ Technical
◦ Focused on formal governance frameworks
◦ Beyond the scope of any Corporate Director
What It is Not
Most organizations are highly dependent upon their IT systems
Major IT initiatives involve major risks, large capital expenditures, and significant trauma to the organization
The pace of technology change continues to be very fast
IT and the Board
“IT Governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organizational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.” IT Governance Institute
IT and the Board
Some Current IT Trends
What is It?◦ The demand for IT continues to increase◦ Colleges are producing fewer IT graduates◦ “Boomers” are starting to retire
Why is it Important?◦ Supporting legacy applications is becoming more
difficult◦ Recruitment and retention of human resources
with the necessary skill sets in new technologies is becoming more difficult
IT Trends – Manpower Shortages
What is It?◦ Connectivity of everything to everything◦ Access 24 / 7 / 365◦ SOA [Services Oriented Architecture]
Why is it Important?◦ Internet enabled applications◦ PCs -> Laptops -> Tablets -> Smart Phones◦ Security
IT Trends – The Network Is King
What is It?◦ Browser based applications ◦ Massive data◦ Centralized control
Why is it Important?◦ Mainframe skills are in short supply◦ Mainframes are expensive◦ Sharing [Outsourcing] may be appropriate
IT Trends – The Mainframe Isn’t Dead
What is it?◦ Separation of physical and logical storage◦ Virtual storage (you don’t know where data is
stored or on what device)
Why is it important?◦ Reliance upon 3rd parties (good and bad)◦ Data crossing borders◦ An answer to continual hardware/software
upgrades (?)
IT Trends – Cloud Computing
What is it?◦ FaceBook, Twitter, LinkedIn, YouTube, …◦ Accessible at any time from anywhere on any
device◦ Instant!
Why is it important?◦ Communication method of choice for a significant
portion of the population and growing dramatically
IT Trends – Social Media
What is the trend?◦ From 1.0 (Static Information Presentation) to
◦ 2.0 (Interactive Transaction Processing) to◦ 3.0 (Smart Applications / Data Intensive) to ◦ 4.0 (???)
Why is it important?◦ The platform for Social Media◦ Sophisticated [complex] architectures◦ New skill sets required
IT Trends – The Internet
What is it?◦ Bring Your Own Device◦ Staff use of personal Smart Phones, Laptops, and
Tablets for company business
Why is it Important?◦ Complexity [Support of Multiple Platforms]◦ Security / Confidentiality◦ Liability
IT Trends - BYOD
What is it?◦ Separate IT organizations to “Keep the Lights On”
vs. Plan and Introduce New Functionality
Why is it Important?◦ Radically different skill sets are required◦ Dedicated resources are required for both
IT Trends – Separation of Strategic From Operational IT
What is it?◦ Use of 3rd party organizations to provide IT services◦ Can be Hardware / Application Support / Help Desk◦ Can be local, regional or international
Why is it Important?◦ Can help address IT skill shortages◦ Can allow the business to focus on its primary
mandate◦ Often gets screwed up
IT Trends - Outsourcing
What is it?◦ Formal training and certification of Project
Managers, Business Analysts, Programmers, Security Specialists, …
◦ Periodic re-certification
Why is it important?◦ Base level competency◦ Common terminology◦ The business of IT constantly changes
IT Trends – Formal Credentials
What is it?◦ Use of powerful software tools to sift through
massive amounts of data to extract trends◦ Sophisticated reporting◦ Includes: Data Cleanup / “Deduping” /
Consolidation
Why is it Important?◦ Stability of data over time◦ Reliability of data – definitional issues◦ FOIP
IT Trends - Analytics
What is it?◦ A vendor raises the bar by offering everything the
competition has plus more - and sometimes for less
Why is it Important?◦ “Best of Breed” is a transient measure◦ Both IT professionals and IT users often get into
“religious wars” concerning what is best◦ The reality is that the range of technology
solutions will change soon
IT Trends - Leapfrogging
What is it?◦ Providing the necessary tools to allow IT
personnel and others to work from home◦ Hardware / network access / security
Why is it Important?◦ Preferred method of working for many◦ Cost savings?◦ “Green”◦ Helps keep young mothers in the workforce
IT Trends – Work From Home
IT Governance
What is it?◦ Alignment of IT with Business◦ Introduction and use of formal frameworks to guide
IT investment and use◦ Identify and mitigate risks◦ Confirm that value is commensurate with
investment
Why is it Important?◦ Places accountability in the right places◦ Transparency◦ A baseline to audit against
IT Governance
How are IT decisions made? Who makes them?
Who owns accountability for IT – your IT Dept. or your IT users?
Is investment in IT planned and continuous or ad hoc and infrequent?
Are major projects given sufficient transparency?
Formal approaches exist and require investment
IT Governance – Some of the Issues
Questions for Your CEOA Starter Set
Is succession planning well in hand? [How old is your IT leadership team?]
Are we using a formal IT control methodology such as COBIT or ISO?
Do we have PMPs (certified Project Management Professionals) leading all strategic projects?
Do we have external oversight on all large and/or strategic projects?
Ask Your CEO
How many “failed” projects has your PM and team experienced? [Too many should raise a flag. None should also raise a flag. How experienced is your PM? Good PMs tend to get pulled into failing projects.]
How long since the last major project? What has changed - Technology platform? Architecture? Key Users? Methodology? Major business transformation? Regulatory rules? The project complexity [risk] increases significantly with each new component.
Ask Your CEO - continued
Has the primary business user been through a large IT project before?
How will the day-to-day responsibilities of users seconded to the project be handled?
[“I also have a 9 to 5 job!”]
Who is leading the Change Management? [New processes, new job specs., re-training, org. design, communications plan, …] Has this team done it before?
Ask Your CEO - continued
Who owns the project and is ultimately accountable?
Do they have the authority to:◦ Change dates? ◦ Reallocate user resources? ◦ Reduce or add functionality? ◦ Change the project budget?◦ Hire external resources?
Ask Your CEO -continued
In Conclusion
The Board does have a role in the oversight of Information Technology
The basic questions that need to be addressed are not technical
Formal methodologies and models exist and are important
Good IT governance requires training and investment
Conclusion
Questions / Comments ?