1 / 24

Why IT Governance?

Auditing IT Governance In the State of Hawai‘i National State Auditors Association NSAA IT Conference Harrisburg, PA September 30, 2009 Sterling Yee Assistant Auditor Office of the Auditor. Why IT Governance?. What is IT governance? Two initial audits

beau-matthews
Download Presentation

Why IT Governance?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Auditing IT GovernanceIn the State of Hawai‘iNational State Auditors AssociationNSAA IT ConferenceHarrisburg, PASeptember 30, 2009Sterling YeeAssistant AuditorOffice of the Auditor

  2. Why IT Governance? What is IT governance? Two initial audits Report No. 09-06, Audit of the State of Hawaii’s Information Technology, March 2009 Report No. 09-08, Management Audit of Information Technology Within the Office of Hawaiian Affairs, June 2009

  3. Guidance ITIL COBIT Board Briefing on IT Governance, 2nd Edition, IT Governance Institute

  4. IT Governance

  5. IT Governance Audit Executive branch Focus on central IT function 1995 through 2007 (includes transfer of central IT function) Scope limited to IT governance

  6. Peer Comparison Other states’ practices Leadership group of 11 states

  7. Major Findings Weak and ineffective IT management No lead agency for IT

  8. Weak and Ineffective CIO position not clearly defined CIO position is part time IT executive and technical committees poorly planned & managed No statewide IT strategic plan Highest technical risk not addressed

  9. No Lead Agency Information & Communications Systems Division (ICSD) stopped functioning Support & standards halted 20 years ago ICSD primarily doing maintenance of legacy systems Loss of confidence in ICSD’s capabilities

  10. Conclusions If changes are not made, State will be required to outsource IT functions Data center risk is one the State cannot afford to take

  11. Recommendations Full time, qualified CIO IT steering committee CIO should report to governor and IT steering committee

  12. Office of Hawaiian Affairs OHA, established in 1978 ConCon Financial & management audits every 4 years Management audit - IT governance

  13. Who is OHA? Better the conditions of Hawaiians Trustee for ceded lands & other income Managed by board of 9 trustee Trustees elected by state electorate

  14. Who is OHA? (continued) 152 full time staff Manage 1.2 million acres of land Manage $400 million investment portfolio

  15. OHA Mission Better conditions of Hawaiians Formulate policies to support programs Organize 400,000 Hawaiians throughout the U.S. Provide effective communications

  16. OHA IT Systems LAN, file sharing and Internet connection SharePoint Accounting Investment management Human Resources Hawaiian Registry Others

  17. OHA Audit Methodology Based on COBIT and Board Briefing on IT Governance Same methodology as the previous audit

  18. Contrasts Between Audits Totally different environment Totally different results Management supports use of IT throughout Many improvements made to systems IT has been as tactical rather than strategic Many large IT demands loom over the horizon

  19. Major Findings OHA doesn’t recognize the critical & strategic importance of electronic information Current systems are dispersed without oversight & coordination

  20. Recommendations Create a CIO position to provide direction over IT Form an IT steering committee to support the CIO

  21. Lessons Learned From A Nascent IT Audit Program IT governance audit provides an excellent, high level view of IT IT governance audit provides a road map for future IT audits IT governance audit can provide meaningful and relevant findings and recommendations

  22. Questions? Audit reports are available at: http://hawaii.gov/auditor Sterling Yee syee@auditor.state.hi.us

More Related