IT Governance, Risk, and Compliance


July 9, 2010  5:28 PM

Not-for-profit Risk Management – Part III



Posted by: Robert Davis
COBIT, Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, IT Architecture, IT Service Management, ITG, ITSM, Performance Measurement, Risk Assessment, Risk Management, Strategic Planning, Value Delivery

To adequately govern not-for-profit IT, risk management must be addressed at multiple levels; including entity, project, and service layers. Those responsible for governance must understand the ubiquitous nature of technical and operational risks that each approved project presents and progressively meld initial assessments into an entity-wide, portfolio-focused and strategically driven comprehensive risk assessment. An entities managerial philosophy and operating style can be assessed by examining the nature of IT risks management accepts, the frequency of managements’ interaction with IT subordinates, and managements’ attitude toward monitoring IT processes; leading to designing and deploying specific compensating, mitigating, and/or enhancing activities.

View Part I of the Not-for-profit Risk Management series here

July 6, 2010  6:10 PM

Not-for-profit Risk Management – Part II



Posted by: Robert Davis
COBIT, Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, IT Architecture, IT Service Management, ITG, ITSM, Performance Measurement, Risk Assessment, Risk Management, Strategic Planning, Strategic Risk, Strategy, Value Delivery

By definition, strategy is the skill in managing or planning an approach to achieving an end. It is crucial to accomplishing an entity’s long range plans. Strategy is concerned with controlling the entity’s destiny and achieving stated goals; while planning is a formalized procedure to produce an articulated expected outcome, in the form of an integrated system of decisions. However, as with most decisions there are risks. IT strategic risk is the current and prospective affect on value delivery arising from adverse decisions, improper deployment decisions, or lack of responsiveness to environment changes; whereas IT planning risk is the current and prospective affect on the control environment arising from incorrect identification, improper design decisions, or lack of reliable information. Thus, the prerequisite to sustaining a holistic strategy is adequate risk management planning.

View Part I of the Not-for-profit Risk Management series here


July 1, 2010  6:00 PM

Not-for-profit Risk Management – Part I



Posted by: Robert Davis
COBIT, Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, IT Architecture, IT Service Management, ITG, ITSM, Performance Measurement, Risk Assessment, Risk Management, Strategic Planning, Value Delivery

Crucial to achieving appropriate not-for-profit performance and conformance equilibrium is consideration of the entity’s strategic mission as well as risk management system. To empower performance and conformance through entity-centric risk management, not-for-profit’s must: establish a common definition of control that serves all organizational units, provide standards against which organizational units can assess their control systems and determine what improvements are necessary. Cascading from these requirements, not-for-profit entities that execute a strong balance between performance and conformance through appropriate value delivery risk management have the best long term prospects for thriving in their particular regulatory environment.


June 28, 2010  6:32 PM

Not-for-profit Value Delivery – Part VIII



Posted by: Robert Davis
COBIT, Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, IT Architecture, IT Service Delivery, IT Service Management, ITG, ITSDS, ITSM, Performance Measurement, Strategic Planning, Value Delivery

Inasmuch as the cost of maintaining effective and efficient IT and the ability of IT to create strategic advantage when appropriately developed and deployed; having a sound entity IT architecture is vital to effective and efficient not-for-profit IT service delivery. Management’s dedication to a set of principles and practices applicable to value delivery processes such as configuration and application management, are critical. Consistent with adopting IT Governance principles and practices, once there is an understanding of strategic alignment requirements, management can take the value creation approach and identify what needs to be done to make things happen as conceived.

View Part I of the Not-for-profit Value Delivery series here


June 24, 2010  6:04 PM

Not-for-profit Value Delivery – Part VII



Posted by: Robert Davis
Change Management, COBIT, Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, IT Service Management, ITG, ITSM, Non-profit, Performance Measurement, Problem Management, Strategic Planning, Value Delivery

There are many components that are required to integrate and deploy effective and efficient IT service delivery. To reduce the possibility of misalignment, management must ensure that there is a clear understanding that value is derived from IT only when IT-enabled investments are managed as a portfolio of services that include the full cost of changes that the entity may have to make to optimize the benefit from IT capabilities in delivering the defined strategy. For IT service delivery, judgment is typically based on timely receipt and expected functionality. Thus, among other COBIT objectives, establishing configuration procedures to support management and logging of all changes to the configuration repository as well as integrating these procedures with change management and problem management activities enhances the potential for effective and efficient IT service delivery.

View Part I of the Not-for-profit Value Delivery series here


June 21, 2010  4:03 PM

Not-for-profit Value Delivery – Part VI



Posted by: Robert Davis
Application Software, COBIT, Configuration Management, Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, IT Service Management, ITG, ITSM, Performance Measurement, Strategic Planning, Value Delivery

Commonly, value delivery requires appropriate controls. In order to provide enduring IT value delivery controls normally necessitates adopting appropriate objectives. Most control experts agree, when addressing IT value delivery controls, the COBIT framework is the generally accepted reference for developing such objectives. For example, where configuration management controls are critical, COBIT 4.1 suggests, control over the IT process of managing the entity’s configuration can satisfy the business requirement for IT optimizing the IT infrastructure, resources and capabilities and accounting for IT assets by focusing on establishing as well as maintaining an accurate and complete repository of asset configuration attributes and baselines that enable comparison against the entity’s actual asset configuration. Furthermore, COBIT 4.1 also suggests, control over the IT process of acquiring and maintaining application software can satisfy the general business requirement for IT alignment of available applications consistent with business requirements by focusing on ensuring that there is a timely and cost effective development process.

View Part I of the Not-for-profit Value Delivery series here


June 17, 2010  6:44 PM

Not-for-profit Value Delivery – Part V



Posted by: Robert Davis
Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, IT Service Management, ITG, ITSM, Performance Measurement, Service Level Management, SLM, Strategic Planning, Value Delivery, Value Realization

Key management practices ensure effective and efficient value delivery. Effective IT value delivery practices recognize there are different categories of investments that must be evaluated and managed asymmetrically; while engaging all stakeholders and assigning accountability for delivery of expected capabilities as well as the realization of benefits. Whereas, efficient value delivery defines and monitors key metrics and responds quickly to any changes or deviations as well as provides continuous monitoring, evaluation and improvement. For instance, a key value delivery practice minimizing projection versus perception risks is adequate service level management.

View Part I of the Not-for-profit Value Delivery series here


June 14, 2010  5:52 PM

Not-for-profit Value Delivery – Part IV



Posted by: Robert Davis
Application Software, Configuration Management, Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, IT Enablement, IT Service Management, ITG, ITSM, Performance Measurement, Strategic Planning, Value Delivery

Almost every type of not-for-profit entity today requires some level of IT enablement. Applying this generally accepted principal, the vendor community and at times IT leadership tend to overstate the value and understate the expenditures as well as difficulties in bringing effective IT to bear on achieving objectives. In truth, most entity-wide IT deployments are complicated and resource intensive — both at the outset and in terms of ongoing maintenance and support. Indeed, once IT solutions are deployed within an entity, they commonly need to run continuously, accommodate additional temporary usage, adjust to new processing requirements, and adapt to changes in the direction or nature of the environment.

View Part I of the Not-for-profit Value Delivery series here


June 10, 2010  5:49 PM

Not-for-profit Value Delivery – Part III



Posted by: Robert Davis
Application Software, Configuration Management, Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, IT Service Management, ITG, ITSM, Performance Measurement, Strategic Planning, Value Delivery

Considering IT value attributes, delivery is a simple concept. Either the particular product or service is transferred to the designated recipient or it is not. However, influencing IT delivery is the ‘IT transfer agent’. When well organized, the IT transfer agent is charged with keeping a record of the entity’s information assets and issuing as well as cancelling IT requests. For IT configurations, this generally requires: establishing a central repository of all configuration items, identifying and maintaining configuration items, and reviewing the integrity of configuration data. Regarding application software, this commonly entails: translating business requirements into design specifications, adhering to development standards for all modifications, and separating development, testing and operational activities.

View Part I of the Not-for-profit Value Delivery series here


June 7, 2010  6:01 PM

Not-for-profit Value Delivery – Part II



Posted by: Robert Davis
Educational Institutions, Enterprise Governance, Entity Governance, Governance Tree, Government Agencies, ICT, IT Service Management, ITG, ITSM, Performance Measurement, Strategic Planning, Value Delivery

Reflective of ISACA’s Val IT framework; value is complex, contextual, and dynamic. Influencing value is individual perception. In regard to entity employees, the essential quality of value varies for different organizational formations. For-profit organizational formations tend to view value in financial terms and can simply be determined by return-on-investment. Contrastingly, not-for-profit organizational formations tend to derive value in non-financial terms and can be ascertained by a complex combination of considerations. Yet, IT value should reflect an improvement in the entity’s actual performance versus expected performance and/or the net increase in revenues available to provide goods or services, based on the investment.

View Part I of the Not-for-profit Value Delivery series here


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: