IT Governance is a subset discipline of Corporate Governance focused on information technology (IT) systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives, for instance Sarbanes-Oxley in the USA and Basel II in Europe, as well as the acknowledgment that IT projects can easily get out of control and profoundly affect the performance of an organization.
The primary goals for information technology governance are to (1) assure that the investments in IT generate business value, and (2) mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility of information, business processes, applications, infrastructure, etc.
IT Gov is responsible for all the activities of IT. They are responsible for creating policies and procedures of IT, creating templates for various IT activities and processes.
There are quite a few supporting references developed to guide the implementation of information technology governance. Some of them are:
Control Objectives for Information and related Technology (COBIT) is regarded as the worlds leading IT governance and control framework. This is done by providing tools to assess and measure the performance of 34 IT processes of an organization. Originally created by ISACA, The ITGI (IT Governance Institute) is now responsible for COBIT.
The ISO/IEC 27001 (ISO 27001) is a set of best practices for organizations to follow to implement and maintain a security program. It started out as British Standard 7799 ([BS7799]), which was published in the United Kingdom and became a well known standard in the industry that was used to provide guidance to organizations in the practice of information security.BS7799 - focus on IT security
Six Sigma - focus on quality assurance
COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.
Recently, ISACA has released Val IT, which correlates the COBIT processes to senior management processes required to get good value from IT investments
COBIT 4.1 has 34 high level processes that cover 210 control objectives categorized in four domains: Planning and Organization, Acquisition and Implementation, Delivery and Support, and Monitoring and Evaluation. COBIT provides benefits to managers, IT users, and auditors.
COBIT covers four domains:
Plan and Organize
Acquire and Implement
Deliver and Support
Monitor and Evaluate
Sarbanes-Oxley Act of 2002 are encouraged to adopt COBIT and/or the Committee of Sponsoring Organizations of the Treadway Commission (COSO)
COBIT approaches IT control by looking at information — not just financial information — that is needed to support business requirements and the associated IT resources and processes. COSO control objectives focus on effectiveness, efficiency of operations, reliable financial reporting, and compliance with laws and regulations. The two frameworks have different audiences. COSO is useful for management at large, while COBIT is useful for IT management, users, and auditors. COBIT is specifically focused on IT controls. Because of these differences, auditors should not expect a one-to-one relationship between the five COSO control components and the four COBIT objective domains.
http://en.wikipedia.org/wiki/COBIT
Monday, September 21, 2009
Where does ITIL fit? It's alternatives & certifications
Organizational policies, practices and procedures tells us how should we do it in our organization. Applied Framework tells us how should we do it in a particular context, like in IT. Best practices tells how should we do it. Standards tells us that what should be done.
HP ITSM and Microsoft Operating Framework(MOF) and Cobit are the examples of applied framework. ITIL is an example of best practices.
Models are like tools: not the goal, just the means to achieve the goals(goals of IT towards business). If you needed to implement IT control, CobiT is the answer; if you were working on operational IT processes/services, ITIL is the answer. Unfortunately, things are not that simple. With Cobit 4 and ITIL 3, n number of things are overlapping. ITIL going in the arena of Cobit and vice versa.
ITIL Alternative:
COBIT is perceived as an audit framework but the supporting body of knowledge (such as COBIT's books Control Practices, IT Assurance Guide, IT Governance Implementation Guide, and User's Guide for Service Managers) has grown to offer a credible alternative to ITIL.
Organizations that need to understand how ITIL processes link to a broader range of IT processes or need task level detail to guide their service management implementation can use the IBM Tivoli Unified Process (ITUP). Like MOF, ITUP is aligned with ITIL, but is presented as a complete, integrated process model.
ITIL Certification:
ITIL v2 offers 3 certification levels: Foundation, Practitioner and Manager. These should be progressively discontinued in favor of the new ITIL v3 scheme.
ITIL v3 certification levels are: Foundation, Intermediate, Expert and Master.
Link:
http://en.wikipedia.org/wiki/Information_Technology_Infrastructure_Library
http://www.computerworlduk.com/community/blogs/index.cfm?blogid=30&entryid=2249
Subscribe to:
Posts (Atom)