Академический Документы
Профессиональный Документы
Культура Документы
N
Shared IT Services: how to ensure integrated IT
Governance
Track C
Shared IT Services:
How to Ensure Integrated IT Governance
Lily Bi
Bi, Director of Technologies Practices
Practices, IIA
Karine Wegrzynowicz, Internal Audit Director, Lafarge Group Audit
Outline
• Business and IT
• Integrated
g g
governance
Governance
External Auditors
Internal
I t l Auditors
A dit
Board Management
IT Governance
G
Business Objectives
Business
Business Processes
Applications
IT
IT Infrastructure
Business and IT – An Example
Business Processes
Applications Application
IT General Controls
Controls Application A Application B Application C • Authorization
• Systems Dev. • Integrity
g y
• Change Management • Availability
• Logical Access • Confidentiality
• Physical controls IT Infrastructure • Segregation of duties
• Service & Support
Processes Database
• Backup & Restore
Operating System
Network/Physical
IT Governance Framework
IT / Business Alignment
Processes
• Business
B i Plan
Pl Do the
right thing
• IT Plan
Do it right
• IT Plan Execution
Achieve the
right
i ht
outcome
• Monitor and Control
Examples
p of
Good IT Governance Practices
At structure level:
• IT steering committee,
• CIO reporting line and interaction with C
C-suite,
suite
• IT leadership
At process llevel:
l
• Strategic IS planning,
• Project management methodology,
• IT budget control and reporting,
• Portfolio management,
• Balance scorecard
• Formal and informal meeting between business and IT
senior management
Integrated IT Governance
Consider integrated
g IT governance
g in a shared service environment.
Service
Business
Outsource
•Support
•Enable
Vendors
•Invest
•Direct
•Outsource
Outsource
•Co-source
Service
IT
Governance Considerations
In Shared Services
Sh
Shared
d services
i G
Governance Considerations
C id ti
Co-source program • Define roles and responsibilities among vendor, internal IT and user
development departments in the contract
• Ensure vendor has a well-defined Systems Development Methodology
Methodology,
programming standards, an effective system to prioritize all program
modification requests.
• Involve both IT and user and clearly define system requirements to
ensure the new system meets the business goals
• Monitor of development process
• Involve both IT and users and develop test plan to ensure the new
system meets the original requirements
• Security
• Unauthorized access
• A il bilit
Availability
• Data loss
• L
Loss off knowledge
k l d
• Failure of IT investment
• Breachh off contract/risk
/ i k off legal
l l action
i
• Reputation damage
• …
Outsourcing Life Cycle
Alignment Transaction Optimization / transformation
• Validating the strategy • Structuring the deal • Monitoring the contract and
• Identifying the options • Agreeing on the assets resolving disputes
• Preparing the business • Negotiating the contract • Transforming the business
model • Delivering the deal and the • Re-assessing the relationship
• Agreeing on sponsorship business case • Delivering the business case
and building the team – realizing the benefits
governance process
optimization / termination/
alignment feasibility transaction transition
transformation renegotiation
project and risk management
• Service
S i L Levell A
Agreements
t (SLA’
(SLA’s))
• US SAS 70 Type
y II
• GTAG 7: IT Outsourcing