PART 2 – CISA Domain 2 – Governance and Management of IT
- What is IT Balanced Score Card (BSC)?
- What are the roles and responsibilities of IT Governing Committee (IT Strategy and Steering committee)?
- What are the Maturity and process improvement models?
4.IT Balanced Score Card (BSC):
- BSC is a process management evaluation technique that can be applied to the GEIT process in assessing IT functions and processes
- BSC is the most effective means to aid the IT strategy committee and management in achieving IT governance through proper IT and business alignment
|Points to remember:
- The purpose of IT Balance Score card is to evaluate and monitor performance indicators – Customer satisfaction, internal processes, innovation capacity, etc.
- The IT BSC does not measure the financial performance of the enterprise
5.IT Governing committees:
- Organizations, broadly have two committees
- IT Strategy committee
- IT Steering committee
- There should be a clear understanding of both the IT strategy and IT steering committee
Role of IT strategy committee:
- Advises the board and management on IT strategy
- Is delegated by the board to provide input to the strategy and prepare its approval
- Focuses on current and future strategic IT issues
- Provides insight and advice to the board on topics such as:
- The alignment of IT with the business direction
- The availability of suitable IT resources, skills and infrastructure to meet the strategic objectives
- The achievement of strategic IT objectives
Membership of IT Strategy committee:
- Board members, and
- Specialist non-board members
Role of IT Steering committee:
- Assists the executive in the delivery of the IT strategy
- Oversees day-to-day management of IT service delivery and IT projects
- Focuses on implementation
- Decides the overall level of IT spending and how costs will be allocated
- Approves project plans and budgets, setting priorities and milestones
- Communicates strategic goals to project teams
- Monitors resource and priority conflict between enterprise divisions and the IT function as well as between projects
- Report to the board of directors on IS activities.
- Make decisions regarding centralization versus decentralization and assignment of responsibility.
|Points to remember: The enterprise’s risk appetite is best established by IT Steering committee.
Membership of IT Strategy committee:
- Sponsoring executive
- Business executive (key users)
- Chief information officer (CIO)
- Key advisors as required (IT, audit, legal, finance)
6.Maturity and Process Improvement Models:
- Implementation of IT governance requires ongoing performance measurement of an organization’s resources that contribute to the execution of processes that deliver IT services to the business
- Some of the process improvement models are:
- The IDEAL model is a software process improvement (SPI) program model in planning and implementing an effective software process improvement program and consists of five phases:
- Acting and
- The COBIT Process Assessment Model (PAM), using COBIT 5,
- Capability Maturity Model Integration (CMMI) – is a process improvement approach that provides enterprises with the essential elements of effective processes. It is based on ISO/IEC 15504 Information Technology—Process Assessment standard. CMMI have five maturity levels
- Level 1 – Initial – This is a riskiest stage an organization can find itself – an unpredictable environment that increases risk and inefficiency.
- Level 2 – Managed – Projects are planned and performed, however there are lot of issues to be addressed
- Level 3 – Defined – Organizations are proactive at this level, rather than reactive. Processes are tailored for the organization. Organization is aware of their shortcomings, how to address and plans for improvement.
- Level 4 – Quantitatively managed – This level is more measured and controlled. The organization is ahead of risks, with more data-driven insight into process deficiencies.
- Level 5 – Optimised – At this stage, the processes are stable and flexible. The organization will be in constant state of improving and responding to changes or other opportunities.