CPE Credits: 7
Description:
The combination of business changes (market demands), enterprise responses (in terms of IT-intensive organizational changes), and technologies dispersed into business units, creates a need to explore how IT is most effectively and efficiently governed.
IT Governance may be defined as a framework for the ongoing leadership, organizational structures and business processes, standards and compliance to these standards, which ensures that IT supports and enables the achievement of both IT and organizational strategies and objectives.
IT portfolio management is a restricted collection of IT assets, plotted against investment strategies, which are tied to acceptable risk levels designed to meet business objectives. This is achieved through a calculated, favorable mix (the proportion or variety of investments made in each enterprise area), based on a postulation about future performance, (planned and deliberate development expectations of the enterprise). The result is in taking advantage of the reward verses risk tradeoffs (guaranteeing that the identified IT investments provide the required level of usefulness for the cost and risk involved) in maximizing the enterprise's returns on its IT spend.
This seminar addresses the critical linkage between proactive IT governance and practical IT portfolio management.
Audience:
This presentation is intended for Internal and external auditors (IT, financial, operational), Chief Technology Officers, General Counsels, Chief Information Officers, Chief Security Officers, Controllers, and - -persons charged with establishing or reviewing the implications of establishing strategies that embrace and coordinate the role of organizational IT in substantiating organizational compliance to today’s (and tomorrow’s) governance regulations, as well as professionals who generally want to learn more about controlling their organization’s compliance efforts through the proactive uses of IT.
Prerequisites:
There is no prerequisite for this presentation
Objectives:
After completing this seminar, attendees will be able to:
1. Map business and IT assets into a portfolio representation.
2. Use portfolio representations as a communication tool among various parts of the business, the IT group, and the executive office.
3. Recognize the inter-relationships between governance, risk and compliance as a means to effectively govern IT
4. Identify and categorize IT investments according to their levels of necessity and risk.
5. Evaluate the “line items” in an IT portfolio. The line-items constitute the applications, or the infrastructure elements, or the IT services, or the development projects.
6. Detect elements of continuing “disconnects” between the business leadership and their IT assets and resources
7. Assess whether these disconnects get in the way of successful exploitation of IT by businesses.
8. Determine the responsiveness of IT to the needs of users and the enterprise.
9. Pinpoint gaps between business management and IT management impeding effective communication and partnership.
10. Ascertain whether business and IT are on the same cultural page, and a page that’s consistent with the strategic and competitive use of IT needed in the business.
Course Outline:
Introduction
Governance, Risk, Compliance (GRC)
Governance
· Governance Framework
· GRC Objectives
· Why is GRC Needed?
· What Does GRC Include?
· The GRC Challenge
· Why Does GRC Matter?
Standards Leading to Compliance Considerations
Internal Control Challenges
IT Governance vs. Data Governance
· Why IT Governance?
· What is IT Governance?
· IT Governance Objectives
· Benefits of IT Governance
Risk and Compliance
· Asset Based Risk Assessment
· Threat Modeling
· Technical Audit
· Dependency Modeling
· Gap Analysis
IT Governance Frameworks
· COBIT
· ITIL
· COSO
· CMMI
Open Compliance & Ethics Group (OCEG)
· What is OCEG?
· OCEG Framework
IT Portfolio Management
· IT Portfolio Assessment
· Governing IT Activities
Summary
· GRC Key Challenges
· GRC Success Factors
· Effective Governance Enablers
· IT Governance Maturity Benchmark
Dr. Marcella’s presentation will address the major components of a robust GRC policy, and the policy’s role in successfully managing an organization’s IT portfolio, structured to achieve strategic organizational goals and objectives