Scribd
Upload
7 views40 pages

K 8 Tty

Uploaded by

Joshua Daniel L. Escote
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
7 views40 pages

K 8 Tty

Uploaded by

Joshua Daniel L. Escote
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

IT

GOVERNANCE
TABLE OF CONTENTS

01 02
IT Processes Enterprise Risk
Management

03 04
Metric and Metric Reporting
Management
I am something people love or hate. I
change people's appearances and
thoughts. If a person takes care of
them self I will go up even higher. To
some people, I will fool them. To
others, I am a mystery. Some people
might want to try and hide me but I
will show. No matter how hard people
try I will Never go down. What am I?
AGE
01
IT PROCESSES
IT Processes
A COBIT Monitor and Evaluate IT
performance domain addresses IT
governance and performance
management facilitated by
reporting and measurement.
Processes to Monitor and evaluate

Monitor and Evaluate IT


Performance

Monitor and Evaluate Internal


Control

Ensure Regulatory Compliance

Provide IT Governance
IT governance can improve
organizational performance by:
 Ensuring decisions and investments are aligned with
organizational objectives.
 Integrating IT into the ERM program.
 Improving oversight and control of organizational
requirements, process proposal decisions, as well as
implementation planning and support.
 Establishing a framework for managing IT to deliver value to
the organization
 Ensuring adequate internal controls and regulatory
compliance
 Defining roles and responsibilities across the organization to
support the identification and assignment of appropriate
resources for development, implementation, compliance,
02
Enterprise Risk
Management (ERM)
Enterprise Risk
Management (ERM)
 Enterprise risk management is a process,
effected by an entity’s board of directors,
management and other personnel, applied
in strategy setting and across the
enterprise, designed to identify potential
events that may affect the entity, and
manage risks to be within its risk appetite,
to provide reasonable assurance regarding
the achievement of entity objectives.

 mismanagement of risk can carry an


enormous cost. An increasingly risky
environment in which risk mismanagement
can have dire consequences mandates that
Reasons for the Establishment of ERM functions
within organizations:

Organizational Oversight Magnitude Problem

Increasing Business Risks Market Factors

Corporate Governance
Organizational
Oversight

Two groups have recently


emphasized the importance of risk
management at the organization’s
highest levels.
Magnitude Problem
The magnitude of loss and the
impact of operational risk and
losses to date are difficult to
ignore. The industry’s leading
focus on ERM, especially in the
area of asset–liability modeling
and treasury management
models to manage risks in the
highly volatile capital markets’
activity of derivative trading
and speculation.
Increasing Business Risk
With the increasing speed of change for all
companies in this new era, senior management must
deal with m any complex risks that have substantial
consequences for the organization.

A few forces currently creating uncertainty are


technology and the internet, increased worldwide
competition, complex financial instruments, free
trade and investment worldwide, deregulation of key
industries, changes in organizational structures from
downsizing, reengineering, and mergers, increasing
customer expectations for products and services.

These forces are stimulating considerable change


and creating an increasing risk in the business
environment.
Market
Market Factors
factors also play an
important role in motivating
organizations to consider ERM.
Financial markets place substantial
premiums for consistently meeting
earnings expectations.

Not meeting expectations can


result in severe and rapid decline
in shareholder value.
Corporate
Governance
The strongest defense against operational
risk and losses resides and flows from the
highest level of the organization the board
of directors and executive management.

As representatives of the shareholders,


the board of directors is responsible for
policy matters relative to corporate
governance, including but not limited to
setting the stage for the framework and
foundation for ERM.
Performance Measurement
(ERM)
 Measuring IT performance is dependent on the strategy and
objectives of the organization. In general, IT delivers value
through delivering successful projects and keeping operations
running.

 IT projects deliver business value by automating business


processes. As these projects are enabled by technology, IT is
adding value to the organization.

 Measuring the amount of benefit delivered from these projects is


one way of representing the value of IT. Automating business
processes typically results in higher IT costs and lower business
costs (or higher revenue).
Performance Measurement
(ERM)
 It is important to keep this information in front of the board and senior
management reminder of the value of IT.

 Delivering the promised value is the responsibility of both IT and the


business function.

 Reporting on the actual results holds both parties accountable for the
expected results. part of the strategic and operational planning
process, an organization must decide the level of service required of IT.
Balanced Scorecard

IT governance, business A balanced scorecard A balanced scorecard is


alignment, internal provides an overall picture developed by listing the
controls, and performance of IT performance aligned objectives of IT and
can be measured by to the objectives of the establishing
implementing a balanced organization measurements that track
scorecard. performance against the
objectives.
03

Metric and Management


Metric and Management
 The only way to effectively manage IT is to implement the
measurement of key processes.

 Measurement is required to monitor key processes to measure


performance, detect control failures, and identify trends.

 Developing a measurement process takes time and resources (time


and money) to implement and must be full support. They should
also be consulted as to the types of measurements they believe will
benefit the organization.

 The areas to be measured should be closely aligned to the


objectives of the organization. A critical metric set the few key
metrics that are critical to the successful management of the
function must be identified and applied to the environment.
Metric and Management
 Once the critical metric set has been identified, the individuals in
the areas that are to be measured should be consulted, and a set of
measurements that will provide meaningful data should be devised.

 The individual is responsible for doing the work should select the
best means to measure the quality and productivity of their work.
Metrics that are developed should only be applied to data that is
both measurable and meaningful.
Metric and Management
 After the initial implementation of the first measurements, it is
important to show the results.

 Data should be compiled over a predefined period, and results


should be provided to the management on a regular basis. As the
metrics database grows, the reliability of the data will increase and
the usefulness of the reports to the management will increase.
Metric and Management
 For the sample metrics, identify several areas that can be measured
and provide the management with reports on these areas. Again, it
is important to provide short-term payback to show results and
continue to produce reports to management, showing progress i n
those areas.

 Once it sees that the areas being measured are improving, it may
provide its full support. The support will come soon, but constant
reminders will most definitely pay off and the management will look
like heroes to the customers and their bosses when the
improvements start appearing.

 As soon as the management has been convinced that the metrics


process has many benefits, it will be more than happy to identify the
critical metric set. After this takes place, the remaining steps
04

Metric Reporting
Metric Reporting
 Once the data is gathered, it must be put in a format that is easy
for the management to understand. A combination of graphics
and text is important to illustrate the context and performance
trends. The reports to management must stress the progress in
those areas selected by the management for measurement.

 The key point in that shows short-term results in the long-term


measurement process. Areas of improvement must be stressed to
show management that the process is working. When
management has accepted the concept of metrics, it is time to
begin implementing some measurements in the critical areas.

 The most important rule to remember in the design and


implementation of metrics is that in all cases, the area that is to
be measured must help in the development of the metrics. This
Metric Reporting
 The second important rule to remember in the design and
implementation of metrics is that it is absolutely vital that the
measures are applied to events and processes, and never
individuals. If people get the idea that their performance is being
measured, they will be less likely to comply with the metrics
process.

 It must be explicitly stated that the results of the metrics will not
be used to measure the productivity or effectiveness of individuals
but of the processes used by the individuals to create their
products or services.

 Keeping these two rules in mind, the next step is to identify the
attributes of an effective measure. An effective measure must be
able to pass tests of reliability and validity.
Thank
you!
I am as light as a feather, yet
no man can hold me for
long. What am I?
YOUR BREATH
I can be cracked, I can be
made. I can be told, I can
be played. What am I?
A JOKE

You might also like