1 / 26

the dti IT Governance Framework

the dti IT Governance Framework. Presented to GITOC Standing Committee on IT Governance and e-governance 09 May 2011 By: Bafana Nkosi. Table of Contents. Purpose. To share with Governance & E-Gov. SC the dti ’s Approach to IT governance as per Council resolution. Background.

malha
Download Presentation

the dti IT Governance Framework

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. the dti IT Governance Framework Presented to GITOC Standing Committee on IT Governance and e-governance 09 May 2011 By: Bafana Nkosi

  2. Table of Contents

  3. Purpose To share with Governance & E-Gov. SC the dti’s Approach to IT governance as per Council resolution

  4. Background Framework developed internally Consultation with key IT industry players Internal Audit consulted Framework is in the final approval stages

  5. Part A: IT Governance Context

  6. Adopted IT Governance Definition • “IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.” Source: ITGI Board Briefing on IT Governance, 2nd edition

  7. Business Case for IT Governance Key reasons why the dti needs an IT governance framework : • General lack of accountability • Widening gap between IT and Business • Understanding of IT Value Delivery • Understanding the present and future business IT needs • Awareness and management of critical IT risks • Managing IT complexity

  8. Summary of King III IT Governance Principles • The board should be responsible for information technology (IT) governance • IT should be aligned with the performance and sustainability objectives of the company • The board should delegate to management the responsibility for the implementation of an IT governance framework • The board should monitor and evaluate significant IT investments and expenditure • IT should form an integral part of the company’s risk management • The board should ensure that information assets are managed effectively • A risk committee and audit committee should assist the board in carrying out its IT responsibilities

  9. Summary of ISO/IEC 38500 IT Governance Principles • All within the organisation have to understand and accept their responsibilities in respect of both supply of , and demand for IT. (King no.1 & 3) • Theorganisation’s business strategy takes into account the current and future capabilities of IT. (King no.2) • All IT acquisitions are made for valid reasons. On the basis of the appropriate and ongoing analysis, with clear and transparent decision making. (King no.4) • IT is fit for purpose in supporting the organisation, providing the services, levels of service and service quality required to meet current and future business requirements. • IT complies with all mandatory legislation and regulations. Policies and practices are clearly defined, implemented and enforced. • IT policies, practices and decisions demonstrate respect for Human Behaviour, including the current and evolving needs of all the ‘people in the process’.

  10. The State of IT Governance in the South African Government • Auditor General’s Recommendations: • DPSA/ National Treasury/SITA to prescribe a comprehensive IT governance framework • Accounting officers to ensure implementation of the comprehensive IT governance framework • Accounting Officers to address IT related audit findings and recommendations. • GITOs to assist departments in designing systems to ensure reliability and integrity of performance information Auditor General’s Findings: • Lack of IT governance framework • Inadequate security management controls • Inadequate user access controls • Lack of business continuity and disaster recovery plans

  11. The State of IT governance at the dti • Accountability • IT Governing Board (IT Steering committee & IT Strategy Committee • CIO sits at Executive Board & Dept Operations Committee • IT Alignment with Internal Audit & Corporate governance • IT operations control through Change Control Board • Strategy Alignment • Master Systems Plan • Enterprise Architecture being developed • Performance Measurement • Operational focus • Metrics inadequate (non-IT best practice) • IT Balanced Scorecard not in place

  12. The State of IT governance at the dti… continued • Value delivery • Not measured • Risk Management • Part of corporate risk management • Implementation of Risk IT framework in progress • Resource Management • IT acquisition decentralized • Information assets: Databases, DRP & Records Management • Technology: Open source & Propriety • People: Skills relatively adequate • Processes: Based on ITIL, COBIT, PRINCE2

  13. Part B: the dti’s IT Governance Framework

  14. ISO/IEC 20000; MIOS • ISO/IEC 20000; MIOS • GWEA/ TOGAF; ITIL • ISO/IEC 27000; • MISS • Technology Architecture Board • Change Control Board • Risk Management Committee • IT Steering Committee • Audit Committee • ISO/IEC 42010; • ISO/IEC 20000 Val IT • ISO/IEC 42010 IT Balanced Scorecard • ITIL; PRINCE2/ PMBOK Guiding Principles: ISO 38500/King III the dti’s Approach to IT Governance • Risk IT Focus Areas Accountability Resource management Risk management Value Delivery Strategy Alignment Performance Measurement • Risk Governance Management Process Domains Governance Process Domains • StrategyAlignment • Value Delivery Align & Plan Acquire, Build & Deploy Operate & Support Process Model Legislative & Regulatory Compliance Quality Management Enabling Standards & Frameworks • ITIL Structures

  15. Focus areas

  16. IT Process Model

  17. Legislative & Regulatory Compliance • Driven by Governance, Risk and Compliance (GRC) best practice (Acquisition of GRC tool in process) • Key regulations including PSR, PAIA, NARS, MISS, etc. • Standards compliance, including COBIT, ITIL, PRINCE2

  18. Quality Management • Plan, Do, Check, Act approach • Driven by Continual Service Improvement (CSI) ethos • Monitoring and Evaluation of processes & services • Alignment with ISO/IEC standards through adopted enabling frameworks including ITIL, COBIT, PRINCE2

  19. Governance Structures

  20. Governance Structures…continued IT Governance Board Incorporates functions of COBIT’s IT strategy & IT Steering Committee • To set strategic direction and priorities for Information Management • To review and approve recommendations for IT standards, policies and procedures, and to review issues of non-compliance • To ensure senior management & all stakeholders have input into IT planning process • To review and endorse recommendations for allocation and commitment of resources • To provide ongoing oversight review of large projects and initiatives • To review proposals for new IT investments

  21. Governance Structures… continued Technology Architecture Board • Oversees the technology implementation in the dti across the full technology life cycle. • Responsible for: • Maintaining and updating the enterprise technology architecture standards for the dti. • Reviewing and issuing decisions and proposals for changes to the architecture. • Reviewing IT trends, strategies and activities, and referring issues to the CIO and other IT governance bodies • Chaired by Technology Architect • Composed of representatives from OCIO areas

  22. Part C: Implementation Approach

  23. Implementation approach

  24. Implementation approach State Desired Annual Capability Maturity Level (COBIT) Prepare for subsequent annual projects Determine annual deliverables/ scope Ensure constant buy-in Execute sub-projects Assess achievements

  25. Conclusion • Avoid “re-inventing the wheel” by adopting components of best practice frameworks • Framework driven by good governance principles • Kept simple by avoiding being “too prescriptive”

  26. THANK YOU

More Related