Friday, April 9, 2010

IT Governance


Information Technology Governance, IT Governance is a subset discipline of Corporate Governance focused on information technology (IT) systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives, for instance Sarbanes-Oxley in the USA and Basel II in Europe, as well as the acknowledgment that IT projects can easily get out of control and profoundly affect the performance of an organization.

A characteristic theme of IT governance discussions is that the IT capability can no longer be a black box. The traditional involvement of board-level executives in IT issues was to defer all key decisions to the company's IT professionals. IT governance implies a system in which all stakeholders, including the board, internal customers, and in particular departments such as finance, have the necessary input into the decision making process. This prevents IT from independently making and later being held solely responsible for poor decisions. It also prevents critical users from later finding that the system does not behave or perform as expected, as explained in the Harvard Business Review article by R. Nolan:

A board needs to understand the overall architecture of its company's IT applications portfolio … The board must ensure that management knows what information resources are out there, what condition they are in, and what role they play in generating revenue…

source:wikipedia

COBIT


Control Objectives for Information and related Technology (COBIT®)
provides good practices across a domain and process framework
and presents activities in a manageable and logical structure. COBIT’s good practices represent the consensus of experts. They are strongly focused more on control, less on execution. These practices will help optimise IT-enabled investments, ensure service delivery and provide a measure against which to judge when things do go wrong. For IT to be successful in delivering against business requirements, management should put an internal control system or framework in place. The COBIT control framework contributes to these needs by:
• Making a link to the business requirements
• Organising IT activities into a generally accepted process model
• Identifying the major IT resources to be leveraged
• Defining the management control objectives to be considered

The business orientation of COBIT consists of linking business goals to IT goals, providing metrics and maturity models to measure their achievement, and identifying the associated responsibilities of business and IT process owners.

Indonesian:

Control Objective for Information and related Technology, disingkat COBIT, adalah suatu panduan standar praktik manajemen teknologi informasi. Standar COBIT dikeluarkan oleh IT Governance Institute yang merupakan bagian dari ISACA. COBIT 4.0 merupakan versi terbaru.

COBIT memiliki 4 cakupan domain, yaitu :

  • Perencanaan dan organisasi (plan and organise)
  • Pengadaan dan implementasi (acquire and implement)
  • Pengantaran dan dukungan (deliver and support)
  • Pengawasan dan evaluasi (monitor and evaluate)