IT Governance, Risk, and Compliance


September 2, 2011  9:23 PM

Common Risk Determinants for an IT Architecture – Part III



Posted by: Robert Davis
COBIT, Control Environment, IT Architecture, ITG, Project Management

Controlled environments provide a structured method for effective IT project management. Partially reflecting the COBIT framework; systems and infrastructure delivered to the core business processes through procurement and/or development project management should minimally assist in fulfilling IT architecture criteria for quality requirements, security requirements, and fiduciary requirements.

The entity’s CE affects the IT organizational structure. Centralized structures often have a single computer processing strategy and use a single set of systems and infrastructure software, enabling tighter management control over the IT architecture. Alternatively, in decentralized structures, each profit or cost center generally has its own computer processing strategy, application programs, and infrastructure software, which may result in differences in policies and procedures and various levels of compliance at each location. Nevertheless, IT policies and procedures should demonstrate alignment with the entity’s mission.

View Part I of the Common Risk Determinants for an IT Architecture series here

August 30, 2011  8:47 PM

Common Risk Determinants for an IT Architecture – Part II



Posted by: Robert Davis
COBIT, Control Environment, IT Architecture, Project Management

Communicating the expectation for adequate IT controls to every entity employee aids in establishing an effective ITG support structure. Therefore, ITG should be installed to convey managements’ CE attitude, awareness, and actions regarding IT. Step-wise, ITG should ensure an adequate IT project governance program is installed.

Generally, business drivers for implementing an IT project governance program include:
 Ensuring active involvement of users
 Ensuring active involvement of stakeholders
 Adopting proven best practices for project management
 Ensuring that there is a focus on business outcomes during project decision making
 Provisioning a consistent approach to project management
 Establishing a common understanding of the processes for project management
 Establishing a common understanding of the responsibilities for project management
 Establishing a common understanding of the accountabilities for project management

View Part I of the Common Risk Determinants for an IT Architecture series here


August 26, 2011  9:52 PM

Common Risk Determinants for an IT Architecture – Part I



Posted by: Robert Davis
COBIT, Control Environment, IT Architecture, Project Management, Third Party Providers, TPP

An entity’s control environment (CE) can provide discipline and structure to processes ensuring operational, financial, and compliance requirements are adequately addressed. As an integrated component, technology has and will continue to influence the CE as well as assume activity change agent responsibility. Nevertheless, technological development and deployment is inextricably connected to the economic, social, political, and informational factors that prevail in the entity’s CE.

Managements’ interest in, and awareness of, IT capabilities (including those performed for the entity by Third Party Providers (TPPs)) is important in establishing an entity-wide consciousness of control issues. To determine appropriate IT control issues, an entity’s CE normally requires management define control emphasis through ‘assessments of importance’ between IT domain criteria and entity objectives.


August 23, 2011  8:30 PM

An Overview of IT Service Delivery and Support – Part VIII



Posted by: Robert Davis
Asset Management, Availability Management, Capacity Management, Change Management, Configuration Management, Continuity Management, Financial Management, IEC, Information Security Management, ISO, ITSM, Service Level Management

Aligned with the generally accepted IT value definition; IT service basic principles should deliver appropriate quality, on-time and within-budget, while achieving promised benefits. Where these basic principles are earnestly harmonized, IT service delivery and support benefits usually translate into attainment of: competitive advantage, reduced elapsed time for service request fulfillment, customer satisfaction, reduced customer wait time, as well as increased employee productivity and profitability.

To enable beneficial IT service delivery and support (as with all processes) appropriate objectives, goals, policies, procedures, standards and rules are required. Specifically, utilizing standards for ITSM usually generates benefits the moment an entity decides to outsource a business process.

View Part I of the An Overview of IT Service Delivery and Support series here


August 19, 2011  8:15 PM

An Overview of IT Service Delivery and Support – Part VII



Posted by: Robert Davis
Asset Management, Availability Management, Capacity Management, Change Management, Configuration Management, Continuity Management, Financial Management, IEC, Information Security Management, ISO, IT Service Management, ITG, ITSM, Service Level Management

Once the ITG stage is reached, IT processes are fully integrated with business processes; thus potentially improving service quality and business agility for achieving entity objectives. Governance focusing on IT service delivery and support should address strategy, design, transition, operation, and continual improvement. Towards this end, entity oversight committee members, particularly non-executive directors, should ensure they are satisfied that adequate processes are deployed for each previously mentioned IT service delivery and support governance issue. In particular, if an effective ITSM framework is deployed internally and externally, IT units manage accepted service-level agreements (SLAs) to meet agreed-upon quality and cost targets.

View Part I of the An Overview of IT Service Delivery and Support series here


August 16, 2011  7:55 PM

An Overview of IT Service Delivery and Support – Part VI



Posted by: Robert Davis
Asset Management, Availability Management, Capacity Management, Change Management, Configuration Management, Continuity Management, Financial Management, IEC, Information Security Management, ISO, ITG, ITIM, ITSM, Service Level Management

As discussed in IT Service Management and IT Governance: Review, Comparative Analysis and their Impact on Utility Computing, when evolving from technology providers into strategic partners, IT organizational units generally fellow a three stage systematic approach: IT infrastructure management (ITIM), IT service management (ITSM), then IT Governance (ITG). Starting with ITIM, each subsequent evolutionary stage builds upon previously established constructs.

During the first deployment stage, an entity’s IT units primarily focus on improving ITIM with effectiveness measurements — usually based on maximizing return on computing assets as well as infrastructure control. Thereafter, the second deployment stage, ITSM, promotes entity IT units actively identifying services customers need; then focusing on planning and delivering defined services to meet availability, performance, as well as security requirements. When IT units evolve to the third deployment stage, ITG, there is a transformation into true business partners enabling new business opportunities for the entity.

View Part I of the An Overview of IT Service Delivery and Support series here


August 12, 2011  8:31 PM

An Overview of IT Service Delivery and Support – Part V



Posted by: Robert Davis
Asset Management, Availability Management, Capacity Management, Change Management, Configuration Management, Continuity Management, Financial Management, IEC, Information Security Management, ISO, Service Level Management

With IT applications attempting to support every possible organizational structure and business process, operational simplicity can proportionally diminish or vanish for users. Despite transparency provisions through graphical user interfaces, color diversity and help messages; IT complexity can introduce malfunctions or imperfections that may stymie objective achievement. Consequently, incident or problem conditions must be addressed by competent employees if IT is to sustain perceptions as an effective tool for accomplishing entity-centric functionality and reliability objectives. Therefore, management should consider IT service delivery a foundational component for effective IT governance as well as entity governance that requires periodic IT audit or review assurance.

View Part I of the An Overview of IT Service Delivery and Support series here


August 9, 2011  7:54 PM

An Overview of IT Service Delivery and Support – Part IV



Posted by: Robert Davis
Asset Management, Availability Management, Capacity Management, Change Management, Configuration Management, Continuity Management, Financial Management, IEC, Information Security Management, ISO, Service Level Management

Considering information systems are generally critical to enhancing productivity, it is imperative deployed IT provide availability with service responsiveness meeting user utilization demands. Entity intricacies and IT operational complexities can result in issues that may necessitate speedy and systematic redress to fulfill availability requirements. Furthermore, neither business nor IT resides within static environments. Thus, environmental dynamics can generate changes altering system interfaces that require timely response and resolution to ensure continuous service delivery. When concluded, IT service delivery normally is assessed based on satisfying user configuration item (CI) functionality expectations.

View Part I of the An Overview of IT Service Delivery and Support series here


August 5, 2011  8:00 PM

An Overview of IT Service Delivery and Support – Part III



Posted by: Robert Davis
Asset Management, Availability Management, Capacity Management, Change Management, Configuration Management, Continuity Management, Financial Management, IEC, Information Security Management, ISO, Service Level Management

IT management should pursue satisfactorily serving its customers to enhance information asset value perceptions. For most entity users, IT is a tool to perform routine business processes. As examples, potential IT usage can encompass: transferring or collecting financial instruments, receiving goods or services, selling goods or services as well as recruiting employees. Managerially, IT usually pervades all entity organizational structures, thus enabling communication through e-mail and instant messaging, enhancing teamwork through collaboration techniques, facilitating better decision making through various information delivery mechanisms as well as offering opportunities for business model development that may lead to value creation and competitive advantages.

View Part I of the An Overview of IT Service Delivery and Support series here


August 2, 2011  8:21 PM

An Overview of IT Service Delivery and Support – Part II



Posted by: Robert Davis
Asset Management, Availability Management, Capacity Management, Change Management, Configuration Management, Continuity Management, Financial Management, IEC, Information Security Management, ISO, Service Level Management

In order to deliver adequate IT services, the necessary support processes must be established and functioning consistent with entity-centric service requirements. Abstractively; asset management, configuration management as well as change management should be considered the primary IT service support processes enabling IT service delivery control objectives achievement. If these processes are properly deployed, exceptional secondary service support can be provided through: release management, problem management, incident management, supplier management, and customer relationship management. Typically, within the IT service support domain, the IT service desk function is a primary sub-process for ensuring a responsive organizational structure.

View Part I of the An Overview of IT Service Delivery and Support series here


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: