You are previewing Executive's Guide to IT Governance: Improving Systems Processes with Service Management, COBIT, and ITIL.
O'Reilly logo
Executive's Guide to IT Governance: Improving Systems Processes with Service Management, COBIT, and ITIL

Book Description

Create strong IT governance processes

In the current business climate where a tremendous amount of importance is being given to governance, risk, and compliance (GRC), the concept of IT governance is becoming an increasingly strong component. Executive's Guide to IT Governance explains IT governance, why it is important to general, financial, and IT managers, along with tips for creating a strong governance, risk, and compliance IT systems process.

  • Written by Robert Moeller, an authority in auditing and IT governance

  • Practical, no-nonsense framework for identifying, planning, delivering, and supporting IT services to your business

  • Helps you identify current strengths and weaknesses of your enterprise IT governance processes

  • Explores how to introduce effective IT governance principles with other enterprise GRC initiatives

  • Other titles by Robert Moeller: IT Audit, Control, and Security and Brink's Modern Internal Auditing: A Common Body of Knowledge

  • There is strong pressure on corporations to have a good understanding of their IT systems and the controls that need to be in place to avoid such things as fraud and security violations. Executive's Guide to IT Governance gives you the tools you need to improve systems processes through IT service management, COBIT, and ITIL.

    Table of Contents

    1. Cover
    2. Series
    3. Title Page
    4. Copyright
    5. Dedication
    6. Preface
    7. Part One: IT Governance Concepts
      1. Chapter One: Importance of IT Governance for All Enterprises
      2. Chapter Two: Fundamental Governance Concepts and Sarbanes-Oxley Rules
        1. SARBANES-OXLEY ACT
        2. OTHER SOx RULES—TITLE II: AUDITOR INDEPENDENCE
        3. SOx TITLE III: CORPORATE RESPONSIBILITY
        4. TITLE IV: ENHANCED FINANCIAL DISCLOSURES
        5. WHAT IS IT GOVERNANCE?
        6. NOTES
      3. Chapter Three: Enterprise Governance and GRC Tools
        1. THE ROAD TO EFFECTIVE GRC PRINCIPLES
        2. IMPORTANCE OF GRC GOVERNANCE
        3. RISK MANAGEMENT COMPONENT OF GRC
        4. GRC AND ENTERPRISE COMPLIANCE
        5. IMPORTANCE OF EFFECTIVE GRC PRACTICES AND PRINCIPLES
    8. Part Two: Frameworks to Support Effective IT Governance
      1. Chapter Four: IT Governance and COSO Internal Controls
        1. IMPORTANCE OF EFFECTIVE INTERNAL CONTROLS AND COSO
        2. COSO INTERNAL CONTROL SYSTEMS MONITORING GUIDANCE
        3. WRAPPING IT UP: IMPORTANCE OF COSO INTERNAL CONTROLS
        4. NOTES
      2. Chapter Five: COBIT and the IT Governance Institute
        1. AN EXECUTIVE’S INTRODUCTION TO COBIT
        2. THE COBIT FRAMEWORK AND ITS DRIVERS
        3. COBIT PRINCIPLE 1: ESTABLISH AN INTEGRATED IT ARCHITECTURE FRAMEWORK
        4. COBIT PRINCIPLE 2: STAKEHOLDER VALUE DRIVERS
        5. COBIT PRINCIPLE 3: FOCUS ON BUSINESS CONTEXT
        6. COBIT PRINCIPLE 4: GOVERNANCE AND RISK MANAGEMENT ENABLERS
        7. COBIT PRINCIPLE 5: GOVERNANCE AND MANAGEMENT PERFORMANCE MEASUREMENT STRUCTURES
        8. PUTTING IT TOGETHER: MATCHING COBIT PROCESSES AND IT GOALS
        9. USING COBIT IN A SOx ENVIRONMENT
        10. COBIT IN PERSPECTIVE
        11. NOTES
      3. Chapter Six: ITIL and IT Service Management Guidance
        1. ITIL FUNDAMENTALS
        2. ITIL SERVICE STRATEGY COMPONENTS
        3. ITIL SERVICE DESIGN
        4. ITIL SERVICE TRANSITION MANAGEMENT PROCESSES
        5. ITIL SERVICE OPERATION PROCESSES
        6. IT GOVERNANCE AND ITIL SERVICE DELIVERY BEST PRACTICES
        7. NOTE
      4. Chapter Seven: IT Governance Standards: ISO 9001, 27002, and 38500
        1. ISO STANDARDS BACKGROUND
        2. ISO 9000 QUALITY MANAGEMENT STANDARDS
        3. ISO IT SECURITY STANDARDS: ISO 27002 AND 27001
        4. ISO 38500 IT GOVERNANCE STANDARD
        5. NOTES
      5. Chapter Eight: IT Governance Issues: Risk Management, COSO ERM, and OCEG Guidance
        1. RISK MANAGEMENT FUNDAMENTALS
        2. COSO ERM DEFINITIONS AND OBJECTIVES: A PORTFOLIO VIEW OF RISK
        3. COSO ERM FRAMEWORK
        4. OTHER DIMENSIONS OF THE COSO ERM FRAMEWORK
        5. THE OCEG GRC “RED BOOK,” RISK MANAGEMENT, AND IT GOVERNANCE
        6. NOTES
    9. Part Three: Tools and Technologies to Manage the IT Governance Infrastructure
      1. Chapter Nine: Cloud Computing, Virtualization, and Portable, Mobility Computing
        1. UNDERSTANDING CLOUD COMPUTING
        2. IT SYSTEMS AND STORAGE MANAGEMENT VIRTUALIZATION
        3. SMARTPHONE AND HANDHELD IT DEVICE GOVERNANCE ISSUES
        4. NOTE
      2. Chapter Ten: Governance, IT Security, and Continuity Management
        1. IMPORTANCE OF AN EFFECTIVE IT SECURITY ENVIRONMENT
        2. ENTERPRISE IT SECURITY PRINCIPLES: GENERALLY ACCEPTED SECURITY STANDARDS
        3. IMPORTANCE OF AN EFFECTIVE, ENTERPRISE-WIDE SECURITY STRATEGY
        4. IT CONTINUITY PLANNING
        5. THE BUSINESS CONTINUITY PLAN AND IT GOVERNANCE
        6. NOTES
      3. Chapter Eleven: PCI DSS Standards and Other IT Governance Rules
        1. PCI DSS BACKGROUND AND STANDARDS
        2. GRAMM-LEACH-BLILEY ACT IT GOVERNANCE RULES
        3. HIPAA: HEALTH CARE AND MUCH MORE
        4. NOTES
      4. Chapter Twelve: IT Service Catalogs: Realizing Greater Value from IT Operations
        1. IMPORTANCE OF IT SERVICE CATALOGS
        2. ROLE OF A SERVICE CATALOG IN THE IT SERVICE PROVIDER ORGANIZATION
        3. AN IT SERVICE CATALOG’S CONTENT AND FEATURES
        4. IT SERVICE CATALOG MANAGEMENT
    10. Part Four: Building and Monitoring Effective IT Governance Systems
      1. Chapter Thirteen: Importance of IT Service-Oriented Architecture for IT Governance Systems
        1. SOA APPLICATIONS AND SERVICE-DRIVEN IT APPLICATIONS
        2. SOA GOVERNANCE, INTERNAL CONTROL ISSUES, AND RISKS
        3. PLANNING AND BUILDING AN SOA IMPLEMENTATION BLUEPRINT
        4. SOA AND IT GOVERNANCE
        5. NOTES
      2. Chapter Fourteen: IT Configuration and IT Portfolio Management
        1. IT CONFIGURATION MANAGEMENT CONCEPTS
        2. ITIL BEST PRACTICES FOR IT CONFIGURATION MANAGEMENT
        3. THE CONFIGURATION MANAGEMENT DATABASE: AN OFTEN DIFFICULT CONCEPT
        4. ESTABLISHING AN ENTERPRISE CMDB
        5. IT PORTFOLIO MANAGEMENT
      3. Chapter Fifteen: Application Systems Implementations and IT Governance
        1. THE SYSTEMS DEVELOPMENT LIFE CYCLE: A BASIC APPLICATION DEVELOPMENT TECHNIQUE
        2. IT RAPID DEVELOPMENT PROCESSES: PROTOTYPING
        3. ENTERPRISE RESOURCE PLANNING AND IT GOVERNANCE PROCESSES
      4. Chapter Sixteen: IT Governance Issues: Project and Program Management
        1. THE PROJECT MANAGEMENT PROCESS
        2. PMBOK STANDARDS
        3. ANOTHER PROJECT MANAGEMENT STANDARD: PRINCE2
        4. IT SYSTEMS PORTFOLIO AND PROGRAM MANAGEMENT
        5. THE PROGRAM MANAGEMENT OFFICE (PMO), A STRONG GOVERNANCE RESOURCE
        6. PROJECT MANAGEMENT, THE PMO, AND IT GOVERNANCE
        7. NOTE
      5. Chapter Seventeen: Service Level Agreements, itSMF, Val IT, and Maximizing IT Investments
        1. ITIL SERVICE MANAGEMENT BEST PRACTICES AND THE ITSMF
        2. OPEN COMPLIANCE AND ETHICS GROUP (OCEG) STANDARDS
        3. VAL IT: ENHANCING THE VALUE OF IT INVESTMENTS
        4. NOTES
    11. Part Five: Monitoring and Measuring Enterprise Management and Board Governance
      1. Chapter Eighteen: Enterprise Content Management
        1. ECM CHARACTERISTICS AND KEY COMPONENTS IN THE ENTERPRISE TODAY
        2. ECM PROCESSES AND IT GOVERNANCE
        3. CREATING AN EFFECTIVE ECM ENVIRONMENT IN THE ENTERPRISE
      2. Chapter Nineteen: Internal Audit's Governance Role
        1. INTERNAL AUDITING HISTORY AND BACKGROUND
        2. INTERNAL AUDITING AND THE IT AUDITOR
        3. INTERNAL AUDIT’S IT GOVERNANCE ACTIVITIES AND RESPONSIBILITIES
        4. INTERNAL AUDIT IT GOVERNANCE STANDARDS
        5. INTERNAL AUDIT IT GOVERNANCE PROCEDURES
        6. NOTE
    12. Part Six: IT Governance and Enterprise Objectives
      1. Chapter Twenty: Creating and Sustaining an Ethical Workplace Culture
        1. IMPORTANCE OF MISSION STATEMENTS
        2. ENTERPRISE CODES OF CONDUCT
        3. WHISTLEBLOWER AND HOTLINE FUNCTIONS
        4. LAUNCHING AN ETHICS PROGRAM AND IMPROVING ENTERPRISE GOVERNANCE PRACTICES
        5. NOTE
      2. Chapter Twenty One: Impact of Social Media Computing
        1. WHAT IS SOCIAL MEDIA COMPUTING?
        2. SOCIAL MEDIA EXAMPLES
        3. ENTERPRISE SOCIAL MEDIA COMPUTING RISKS AND VULNERABILITIES
        4. SOCIAL MEDIA POLICIES
        5. NOTES
      3. Chapter Twenty Two: IT Governance and the Audit Committee's IT Role
        1. THE ENTERPRISE AUDIT COMMITTEE AND IT GOVERNANCE
        2. AUDIT COMMITTEE IT GOVERNANCE RESPONSIBILITIES
        3. AUDIT COMMITTEE BRIEFINGS AND IT GOVERNANCE ISSUES
    13. About the Author
    14. Index