UCB “SAN PABLO” – SIS303 Docente: Ph.D. Indira Guzman Alineamiento Estrategico UCB “SAN PABLO” – SIS303 Docente: Ph.D. Indira Guzman

Strategic Alignment (Chan, 2002) Strategic alignment means the fit between the priorities and activities of the IS function and the business unit. The goal in strategic alignment is for IS priorities, capabilities, decisions, and actions to support those of the entire business.

Alineamiento Estratégico de SI/TI Planificación estratégica integrando los conceptos y posibilidades de TI/SI, dos enfoques: El apoyo sistemático de las TI a los procesos de la empresa para mejorarlos de manera continua, haciéndolos más eficientes, o El rediseño radical de los procesos de negocio.

Importancia de Alinear TI y Estrategia Históricamente el plan de TI fue enfocado a infraestructura interna - procesos, aplicaciones, hardware, las personas y capacidades internas. Plan estratégico de TI que genere un marco de acción y dirección.

IT Governance

What is IT Governance? Information Technology Governance (Gobierno de TI) es una disciplina subconjunto de Gobierno Corporativo centrada en el rendimiento de las tecnología de la información (TI) y su y la gestión del riesgo. El creciente interés en IT Governance se debe en parte a las iniciativas de cumplimiento de reglamentos (por ejemplo, la ley Sarbanes-Oxley (EE.UU.) y Basilea II (Europa)), así como el reconocimiento de que los proyectos de TI puede salir fácilmente fuera de control y afectar profundamente el desempeño de una organización. 6

What is IT Governance? “IT governance es responsabilidad del consejo de administración y la gestión ejecutiva. Es una parte integrante de la gobernanza empresarial y consiste en el liderazgo y las estructuras organizativas y procesos que garanticen que la organización de TI sea capaz de sostener y extender las estrategias de la organización y sus objetivos” ITGI, Board Briefing on IT Governance

IT Governance se ocupa de… Quien toma las decisiones (poder) Porque ellos las toman (alineamiento) Como se las toman (proceso de toma de decisiones) Idealmente las decisiones son tomadas conjuntamente entre la administracion del negocio y la administracion de TI. Comunicacion efectiva y eficiente entre TI y el negocio. Aspectos criticos para la apropiada toma de deciciones respecto a TIs.

Motivos de su Importancia En los últimos años, las encuestas han revelado de manera consistente que del 20 al 70 por ciento de las inversiones a gran escala de cambios basados en TI presentan perdidas o no resultan en las ganancias calculadas para la empres. o no para un retorno a la empresa (De hecho, una encuesta sobre la medición de los costos y valor, encontro que en muchas empresas, menos del 8 por ciento del presupuesto en TI se gasta en las iniciativas que realmente crean algun valor para la empresa. A 2002 Gartner survey found that 20 percent of all expenditures on IT is wasted—a finding that represents, on a global basis, an annual destruction of value totaling about US $600 billion. A 2004 IBM survey of Fortune 1000 CIOs found that, on average, CIOs believe that 40 percent of all IT spending brought no return to their organizations. A 2006 study conducted by The Standish Group found that only 35 percent of all IT projects succeeded while the remainder (65 percent ) were either challenged or failed. Reference: Val IT Framework 2.0

Headlines around the world corroborate these findings: Nike reportedly lost more than US $200 million through difficulties experienced in implementing its supply chain software. Failures in IT-enabled logistics systems at MFI and Sainsbury in the UK led to multimillion-pound write-offs, profit warnings and share price erosion. Tokyo Gas reported a US $46.6 million special loss due to cancellation of a large customer relationship management (CRM) project. In the public sector, the UK Department for Work and Pensions apparently ‘squandered’ more than £2 billion by abandoning three major projects. Reference: Val IT Framework 2.0

What Makes IT Governance so important? Strategic importance of IT Extended Enterprise Regulatory requirements Cost optimisation Return on investment Drivers Gartner – more than 600 billion $ thrown away annually on ill conceived or ill executed IT projects Standish Group – about 20% of projects fail outright, 50% are challenged and only 30% are successful ITGI 2005 Survey early findings confirm concerns Low return from high-cost IT investments, and transparency of IT’s performance are two top issues More than 30% claim negative return from IT investments targeting efficiency gains 40% do not have good alignment between IT plans and business strategy Interest in and use of active management of the return on IT investments has doubled in 2 years (28% to 58%)

Forces Driving IT Governance Business/IT Alignment ROI Compliance Project Execution Security

What makes IT Governance so important? Shareholders want protection for the Enterprise’s Share Price “…if not filed, auditor must include a paragraph in its annual report that it cannot vouch for the enterprise’s ability as a going concern…” "... Si no es parte del informe, el auditor debe incluir un párrafo en su informe anual que no puede dar fe de la capacidad de la empresa de seguir como negocio en marcha ..." “…financial reporting system is not up to speed…” “…the company has lost a third more of its market value yesterday as it revealed a virtual collapse of its financial reporting system…” “…data entry problems…”

Mayores Preocupaciones de los lideres en TI para el 2008 (segun una encuesta de la revista ComputerWorld) # 1 on this list is IT Governance, including business alignment From the Dec 10, 2007 issue of Computerworld Magazine (pg 74) Computerworld Magazine is a publication of International Data Group Inc.

Why is IT Governance important? IT are in competition for budget – Business is beating IT to and for budget IT needs to become a business focused discipline IT is viewed by senior management as ‘Fire Fighters’ and not ‘Planners or implementers’ IT is viewed as a monetary drain on business IT needs to compete effectively at the ‘C’ level Business does not perceive IT as value for money 15

Governance Issues Education Human interface Records Management Laws of the Land & beyond

Risk Issues

Legislative Issues

Security Issues

Internal Threats

External Threats

Physical Security

What should Information Technology Governance Deliver? Executives should focus on Information Technology Governance, which when properly implemented should provide the following: 23

Caracteristicas Un tema general de IT Governance se refiere a que las capacidades de TI ya no puede ser algo que los que administran el negocio no entiendan y que también TI debe entender el negocio y sus necesidades. El manejo de TI ha sido siempre un problema para los ejecutivos de alto nivel de una empresa debido a la naturaleza técnica de las TI; por lo tanto, las decisiones clave fueron dejadas a los profesionales de TI. IT Governance implica un sistema en el que todas las partes interesadas, incluida la Junta, los clientes internos y áreas afines tales como las finanzas, tienen la información necesaria para la toma de decisiones. Esto evitará que un solo actor, por lo general de TI, sean culpados por malas decisiones. También evita que los usuarios más tarde se quejen de que el sistema no se comporta como se esperaba. 24

What are the IT Governance Characteristics (2)? Most importantly - The board needs to understand the overall architecture of its company's IT applications portfolio … The board must ensure that management knows what information resources are out there, what condition they are in, and what role they play in generating revenue… 25

IT Governance Goals The primary goals for Information Technology Governance are: assure that the investments in IT generate business value (2) mitigate the risks that are associated with IT. This can be done by implementing an organizational structure with well-defined roles for the responsibility for information, business processes, applications, infrastructure that’s is well communicated across the organization. 26

C2C’s GRC Model view – supporting IT Governance

Who is this aimed at? Senior Management CIOs CISOs IT Managers IT staff and IT centric organizations

IT Governance Institute IT Governance Institute is a non-profit research think-tank associated with ISACA®

An Overview of IT Governance

IT Governance Needs a Management Framework Driving Forces Map Onto the IT Governance Focus Areas

Areas de Gobierno de TI

Interrelaciones de los Componentes de COBIT

Beneficios de Implementar COBIT como marco de referencia de Gobierno sobre TI

IT Governance Life Cycle

IT Governance Control Cycle

IT Governance Control Cycle Assess Environment Based on COBIT®, develop an approach for improved internal control to meet regulatory requirements that incorporates business and IT mission, vision, and strategy Establish risk management strategy Formally document existing processes

IT Governance Control Cycle Maintain IT Controls Framework Develop controls framework to supports sound business decisions Document integration points in the current environment Create an organizational mechanism to support the governance of IT Mitigate identified risks through the IT controls framework

IT Governance Control Cycle Develop & Refine Governing Documents Utilize a central repository for governing documents Develop a consistent approach for creating governing documents Consistently apply processes and procedures Gain executive commitment for IT governance frameworks and structure

IT Governance Control Cycle Communicate and Train Provide “Tone at the Top” Develop a strategic communication plan for mission objectives and overall management direction Execute strategic communication plan Implement a standard training program to avoid unnecessary and redundant training

IT Governance Control Cycle Implement and Operate Align staff responsibilities with IT control objectives Achieve sustainability of IT controls in the operational environment Support continuous improvement of operational effectiveness and accountability

IT Governance Control Cycle Measure and Validate Revise current metrics program to include newly defined controls Verify the sustainability of defined controls Develop cost effective automated measurements Measure all processes to include Applications, Databases, Platforms and Networks

IT Governance Control Cycle Monitor and Report Report on continued effectiveness of controls Increase transparency to auditors of issues and actions taken Accurately attest to IT’s compliance with policy, laws, and regulations Improve existing processes using metrics trending

IT Governance Control Cycle Enforce Reinforce required policy compliance and standards conformance Define a consistent approach for enforcement across all processes

C2C’s GRC Model view – supporting IT Governance

A quienes afecta? Senior Management CIOs CISOs IT Managers IT staff and IT centric organizations

PREGUNTAS ;-)