IT Governance

BSB213 Governance Issues in e-Business – Workshop 10 and Workshop 11 Solutions

by

At the request of a student, I am blogging the solutions to Workshop 10 and Workshop 11 of the subject I have been teaching at QUT.

These are absolutely not intended to be ‘perfect’ answers for the tutorial – they are designed to enhance discussion – but will give students a shot at understanding how to answer a case study.

The workshop solutions are here:

Students (or anyone for that matter) should feel free to email me to discuss these answers. 

Risk management framework

by

It was with some alarm that I sat down to read my favourite read, ISACA’s monthly IS Control Journal, to discover that ISACA/ITGI is producing another framework to go with the COBIT framework (and it is a framework, I don’t care what anyone else says), and the VAL IT framework:  the IT Risk Management Framework.

I was a little concerned that perhaps it might be one framework too many.

However, it does make sense to create such a beast when you consider that, as I am fond of telling the students I am lecturing (no doubt much to their disgust, terror and ennui), the only two things that matter are what value you can get for what risk. 

Anyway, you can check out the new risk management framework on ITGI’s website, where it will b released as it becomes available.  It’s mentioned in the latest Information Systems Control Journal, in an article by Urs Fischer, and in this relatively recent update to the COBIT vision and strategy.

ITGI Roundtable discussion

by

Yesterday I had the privilege of attending the Brisbane ISACA chapter’s Executive Lunch with John Thorp on the topic of Value Governance, Investment Management and Portfolio Management.  Amongst many other qualifications, John chairs the ITGI Val IT Committee.

John’s luncheon presentation was very, very good, and reaffirmed some of the positions I’ve had for some time now.  What I love about COBIT and VAL IT is that it is bringing a framework to all that stuff we have in the past done ‘just because’. 

Some highlights for me from John’s presentation were the following points:

  1. IT investments don’t exist, this is all about investment in IT-enabled change – which we can only change when business and IT know who is responsible for what.
  2. A nice little formula from John:  OO + NT = COO [Old Organisation + New Technology = Complex Old Organisation].  Seen that a few times.
  3. Appealing to the television geeks in the audience (like myself), John pilloried the Star Trek school of management – ‘Make It So!’ is rarely as successful as it is in Star Trek.  For a start, most people have no common view as to what ‘it’ is.
  4. John has a nice turn of phrase – ‘bad news does not get better with age’; ‘decibel-based decision-making’, ‘more effort into less things for more value’ (so true!).
  5. Apparently governance goes back to the Greek word ‘kubernan’, which is defined as ‘continually steering or adjusting to stay on course’.
  6. There is a new VAL IT – VAL IT 2.0, which partners COBIT more closely than in the past, and is maturing.  I suspect that in a year or two the course I am giving on IT Governance needs to pick up on this point and move with it.
  7. What I have always referred to as a ‘business prioritisation forum’ is better called an ‘investment services board’ – at least that is what it is in VAL IT parlance.

I believe John’s presentation will soon be on the Chapter website.

Last night I had also had the honour of attending dinner for a recorded roundtable discussion on the topic of IT Governance, with many local professionals giving their thoughts and comments.  One of the curious things that really did highlight for me is probably that the term ‘IT Governance’ is all wrong – which is why ISACA’s new qualification is called ‘CGEIT’ – Certified in the Governance of Enterprise IT.  I haven’t met anyone yet who actually likes the term, yet we keep using it and getting confused with corporate governance issues.

I mean, why don’t we have a marketing governance or an HR Governance, or such like?

At any rate, John is very passionate about advancing the profession in the world of IT management.

It was a good night, and we certainly managed to relax after the microphone was turned off in the convention centre.  I was bitterly disappointed though – the Plough Inn was closed at 10.20 on a Thursday night.  Bitterly disappointed!

ISACA Executive Briefing on IT Governance

by

Today I am attending the John Thorp Executive Lunch on IT Governance (specifically, he is discussing value governance, investment management and portfolio management).  This is happening at the Convention Centre, and then afterwards I am attending a round table discussion for the IT Governance Institute on the topic of IT Governance and where it needs to go to.

The discussion is complementary to my current role lecturing in IT Governance at QUT and the PhD I am doing in IT Audit (which relates directly to COBIT, and whether organisations need to have different approaches to IT Audit).  My personal view is that not enough organisations are working with COBIT enough, and are treating their IT systems as black boxes.  I don’t believe that that’s appropriate for large, IT-dependent businesses.  And I think that is becoming an increasingly validated point of view. 

I get a guernsey to the roundtable discussion as a ‘leading local professional’ in the area of IT Governance.  Modesty prevents me from affirming that description, but I will fight for their right to say it. 

It promises to be interesting; I’ll post my thoughts on how it travelled after it’s happened. 

Advancing data governance to create improved data quality frameworks

by

As promised in my last post, I attach to this blog post my speaker’s notes for today’s session ‘Advancing data governance to create improved data quality frameworks’.  This presentation was given at Ark Group Australasia’s Data Quality Conference, held on 30th April 2008 at Crystal Palaces, Luna Park in Sydney.  I undertook the presentation as a Director of Applied Insight Pty Ltd, my business systems consulting company. 

The brochure for this conference can be found here.

My speaker’s notes are available below:

For completeness, here are my slides as provided to conference participants (in PDF form):

As always, feedback from members of the audience, via comments or an email, is very welcome.  I hope it was an interesting approach at some level. 

I did at one stage think of going all Gordon Ramsey (he of ‘Ramsey’s Kitchen Nightmares’) on the audience – I’m a brand new fan, it’s just like consulting but with more swearing and nan bread! – but decided against it.  Perhaps next time, that’s what I’ll do – I’ll try good-consultant, bad-consultant.  Probably at least as good as my idea of having a 40-minute presentation with a single slide with four circles on it.  Maybe one day I’ll be able to combine the two approaches. 

By the way, I loved the venue – at least it will stand out in my memory, that’s for sure.  Here’s a photo I took outside:

I am fairly certain it is the only data quality conference ever held in a theme park.