200 likes | 602 Views
Governance of the IT Function. Partially Summarized from: Chapter 9, Lynda Applegate, Robert D. Austin, and Deborah L. Soule, Corporate Information Strategy And Management: Text and Cases , McGraw Hill, 8th Edition, 2009.
E N D
Governance of the IT Function Partially Summarized from: Chapter 9, Lynda Applegate, Robert D. Austin, and Deborah L. Soule, Corporate Information Strategy And Management: Text and Cases, McGraw Hill, 8th Edition, 2009. These slides have been modified to meet the teaching needs of the class --- Celeste Ng Prepared by Celeste Ng
Essentials of Enterprise Governance – A Case of Enron • Enron, an American energy company能源公司 • In late 2001, shortly after claiming revenues自稱收入of $111 billion and named “America’s Most Innovative Company” for six consecutive years, filed for bankruptcy (Enron 在很短時間內,從他宣布龐大的受益$ 1110億之後, 既然突然公開宣布申請破產) • It • Hid the fact that most of its profits and revenues were derived from deals with special purpose entities特殊目的公司Avoided reporting debts and losses clearly in its financial statements (他隱瞞他的利潤和收入是來自於自己的特殊目的公司 - 主要的目的是避免在財務報表中明確報告債務和損失) • Pressured施壓Arthur Anderson Consulting to ignore the issues (他還有施壓會計顧問公司不要理會這件事情) • In response to this case, legislation法律has pushed senior managers and company boards to attend more carefully to matters of governance政府立法法律推動高級管理人員和公司董事會更加謹慎地參與治理事務 Prepared by Celeste Ng
Governance – what • What - Governance治理 is a process that involves establishing chains of建立一鏈responsibility責任, authority管理權 and communication, as well as policies政策, standards, measurements and control mechanisms機制 • (治理是一個流程涵蓋了一連串的責任,管理權, 溝通,政策, 標準,衡量指標與控制機制) Prepared by Celeste Ng
Governance – purpose • Why - Governance治理 is meant to (治理是涵蓋了一連串的責任,管理權, 溝通,政策, 標準,衡量指標與控制機制 • Allow organizational members to carry out their roles and responsibilities • Serve to defineexpectations, allocateresources分配資源, managerisk, and verify performance驗證工作表現 Prepared by Celeste Ng
Source: https://www.enisa.europa.eu/activities/risk-management/current-risk/business-process-integration/files/ir_governance.gif 台灣 - 企業會計準則: e.g. Enterprise Accounting Standards (EAS)-它是參考IFRS(國際會計準則)架構,並依據國內實務與法令進行 – Source: http://www.ardf.org.tw/english/sfas1.html 治理框架 Prepared by Celeste Ng
What is SOX? • “The Sarbanes-Oxley Act薩班斯 - 奧克斯利法案of 2002 (often shortened to SOX) is: • Legislation passed by the U.S. Congress to美國國會立法法規主要是要 • Protect shareholders and the general public fromaccounting errors and fraudulent practices in the enterprise (保護股東和公眾免受企業中的會計錯誤和欺詐行為的影響) • Improve the accuracy of corporate disclosures (改善公司公開信息的準確性).” – Source: http://searchcio.techtarget.com/definition/Sarbanes-Oxley-Act Prepared by Celeste Ng
Governancesystem • A governance system治理制度 • At corporate level企業層面, these include: • (1) a board of directors董事會intended to oversee監督organizational strategies, structures and systems on behalf of the shareholders; and (涵蓋一個董事會用意是:代表股東監督組織策略,組織結構和組織系統) • (2) an external auditors外部審計師who should offer insights見解into the reliability of the company’s financial statements (涵蓋一個外部審計師用意是:應提供有關公司財務報表可靠性的見解) • To oversee監督the performance of the company Prepared by Celeste Ng
The need for governance system (Why?....The real problem.) • Is partially driven by what we refer to as the “agency problem”代理問題 • The physical separation實體隔離between the owners of a company and its managers (or agents) provides those managers the opportunities to act in ways that are advantageous有利to themselves but detrimental不利to the interests of the owners (公司所有者與管理者(或代理人)之間的兩方實際的去別) • To minimize the agency problem, certain control and monitoring systems are instituted設立to ensure conformance to a set of externally defined requirements(必須設立控制和監視系統來符合外部定的要求) Prepared by Celeste Ng
The objectives of governance • Ensure that managers and employees • Faithfully translate strategies into operational initiatives忠實地由策略變成行動計劃 • Protect organizational assets資產and use them efficiently • Comply with遵守laws and regulations法規 • What is Governance: • Is the process of establishing lines of: • Responsibility, authority權力, communications, policies政策, standards, measurement and internal control mechanisms機制 • That guide people in fulfilling their roles and responsibilities Prepared by Celeste Ng
The benefits of good enterprise governance良好的企業治理的好處 • Affect a company’s share price股價or its cost of raising capital (financial asset or value (影響公司的股價或籌集資金的成本) • A quality control mechanism品質控制機制for assuring better defined biz processes and efficiency (品質控制機制,用於確保更好的業務流程和效率) • Facilitate the access to external resources such as debt-financing債務融資or foundation support基金會的支助 (促進獲得債務融資或基金會支持等外部資源) Prepared by Celeste Ng
Example of IT Governance Standards Direct quote from: http://en.wikipedia.org/wiki/ISO/IEC_38500 • “There are quite a few supporting references ... to the implementation of information and technology (IT) governance. Some of them are: • AS8015-2005 Australian Standard for Corporate Governance of Information and Communication Technology. AS8015 was adopted as ISO/IEC 38500 in May 2008 • ISO/IEC 38500:2008 Corporate governance of information technology,[4] (very closely based on AS8015-2005) provides a framework for effective governance of IT to assist those at the highest level of organizations to understand and fulfill their legal, regulatory, and ethical obligations in respect of their organizations’ use of IT. ISO/IEC 38500 is applicable to organizations from all sizes, including public and private companies, government entities, and not-for-profit organizations. This standard provides guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations. • COBIT (Control Objectives for Information and related Technology) is regarded as the world's leading IT governance and control framework. COBIT provides a reference model of 37 IT processes typically found in an organization. Each process is defined together with process inputs and outputs, key process activities, process objectives, performance measures and an elementary maturity model. ISACA published COBIT 5 in April 2012 as a "business framework for the governance and management of enterprise IT". COBIT 5 consolidates COBIT4.1, Val IT and Risk IT into a single framework acting as an enterprise framework aligned and interoperable with TOGAF and ITIL.” Direct quotes from Source: https://en.wikipedia.org/wiki/Corporate_governance_of_information_technology Prepared by Celeste Ng
Example of IT Governance Standards Direct quote from: http://en.wikipedia.org/wiki/ISO/IEC_38500 • ISO/IEC 38500 • An international standard for Corporate governance of information technology是一個國際標準的資訊科技監管published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) • Provide guiding principles for directors of organizations on the effective, efficient, and acceptable use of Information Technology (IT) within their organizations (為組織主管提供有關在其組織內有效,高效和可接受地使用信息技術(IT)的指導原則) • Set out six principles for good corporate governance of IT: • Responsibility; • Strategy; • Acquisition; • Performance; • Conformance; • Human behaviour. Prepared by Celeste Ng
Source: http://www.itgovernance.in/images/itgov_framework.jpg Prepared by Celeste Ng
Drivers towards better IT governance推動更好的IT治理的原因 (1) • (1) The growth in IT investments due to business value of IT (由於IT的商業價值,IT投資的增長) • In the past, IT investment is justified in terms of cost-savings (using IT for automation, cost reduction, efficiency) • But, increasingly, IT is able and expected to facilitate more rapid and widespread innovation, underpinning new products and services, reach new customers (an example of IT innovation) • Governance practices such as establishing procedures and criteria for evaluating, prioritizing, and monitoring the major IT investments in delivering biz value, can help organization through this transition Prepared by Celeste Ng
Drivers towards better IT governance推動更好的IT治理的原因 (2) • (2) Business risk potential of ITdue to the use of IT (由於使用IT而導致的IT業務風險潛力) • The increasing criticality of IT to enterprise viability and the fact that many critical biz activities are thoroughly dependent on information and IS, and organization’s IT capability(IT能力)can no longer be approached as a “black box”. • Good governance practices aim to make senior executives and board accountable for managing the risk and ensuring that stakeholders receive maximum value from IT Prepared by Celeste Ng
Drivers towards better IT governance推動更好的IT治理的原因 (3) • (3) IT as an enabler of corporate governance and compliance (IT是公司治理和合規的推動者) • Organization today is subject to an increasing number of regulations governing data retention, information protection, financial accountability財務責任, financial risk management, recovery from disasters災害復原and disclosure 公開 of biz information • Two triggers • Prevent further terrorism恐怖主義– requires organizations to maintain robust records強大的記錄of financial and communications transactions • Sarbanes-Oxley Act of 2002 (Enron), intended to increase internal financial controls in public organizations公共機構 • Although IT governance is not a formal requirement specified by the legislation, its effective practice can improve internal controls and accessibility to data獲得數據that many of these laws demand. Prepared by Celeste Ng
Research findings • Companies with more mature IT governance practices are less likely to have customer data stolen or lost, often face significantly lower financial losses accruing from loss or theft of customer data • As IT governance capabilities mature, organizations end up spending relatively less on regulatory compliance efforts遵守法規; and their governance, risk management, and compliance capabilities improve • The scope of IT governance is broad and varies among countries • United States – driven by compliance • Europe (UK) – besides compliance, greater emphasis on value and performance Prepared by Celeste Ng
Good practices (1) • Broad-based direct senior involvement廣泛高層的直接參is associated with stronger IT governance performance • Clear ownership所有權but broad participation • IT governance requires an owner with the necessary authority and accountability權力和責任(Ze2); and • Designates an individual to be accountable for the design, implementation, and performance of IT governance Prepared by Celeste Ng
Good practices (2) • Enforce execution but accommodate exception容納例外 • Define benefits and target expectations • Evaluate IT governance efforts in terms of how well it enables IT to deliver on four objectives • Cost effectiveness • Asset utilization資產利用率 • Business growth • Business flexibility Prepared by Celeste Ng