You are previewing IT Governance: Guidelines for Directors.
O'Reilly logo
IT Governance: Guidelines for Directors

Book Description

A director's guide to IT governance

This book is an essential read for those sitting on the board of any organisation that wants to secure its information, its intellectual property and its competitive advantage.

Written for a non-technical, commercially-minded audience, this book offers a comprehensive introduction to the critical subject of IT governance.

Why is IT governance important?

Your business will stand or fall on the quality of its IT governance. Information technology can enable you to improve your operations and cut costs. And by changing the way you deal with your customers, IT may even have the potential to transform your entire business.

However, IT involves an element of risk. For the sake of your bottom line, these risks are something your company needs to be capable of managing.

IT governance and the board

IT governance generally enjoys less board understanding and commitment than corporate governance. However, the reality is that the IT function is vital to the running of your business and so IT governance too requires leadership from the top.

Information security breaches have the potential to alienate your customers and to damage your company's reputation. The consequences of cyber crime could cripple your business with heavy financial losses. Failure to comply with the information security requirements of corporate governance codes may even cause your company to be denied a presence in entire countries.

The road to information security goes through corporate governance. This means that information security has to be a specific board-agenda item, and a priority at CEO level.

IT governance and intellectual property

While you can easily judge how much a factory is worth, some of your company's most important assets may be the intangible ones. The real worth of your company is a matter of its intellectual capital - such as patents, designs and databases - as well as the sites and machinery in its possession.

This kind of information is held on computer systems. So your company needs to be as serious about protecting its digital information from industrial espionage and cybercrime as it is about protecting its warehouses from robbery and arson.

IT governance as a business enabler

Having an effective IT governance framework in place will help you to safeguard your company against an information security breach. At the same time, your IT governance framework can open doors for your business.

By ensuring that your IT systems are properly integrated with your business, and in harmony with your overall business goals, your company will be in a far better position to drive through changes and improvements. Establishing an IT governance framework is essential for the success both of IT projects and for the larger projects that need support from across the whole organisation.

"

Table of Contents

  1. About the author
  2. CONTENTS
  3. INTRODUCTION
    1. Symptoms of inadequate IT governance
    2. Competitiveness
    3. Shareholder accountability
    4. Compliance
    5. Directors’ personal liability
    6. Conclusion
  4. CHAPTER 1: WHY IT GOVERNANCE MATTERS
    1. Governance background
    2. Information economy, intellectual capital
    3. Competitiveness
    4. Governance convergence
    5. Strategic and operational risk management
    6. Regulatory compliance
    7. Information risk
    8. Strategic system deployment and project governance
    9. Benefits of an IT governance framework
  5. CHAPTER 2: GOVERNANCE AND RISK MANAGEMENT
    1. Fiduciary duties
    2. Governance frameworks
      1. OECD Principles of Corporate Governance
      2. BIS and Basel 2
      3. Operational risk
    3. Capital markets and financial reporting convergence
    4. Converging audit requirements
      1. UK Companies Act 2004
      2. EU 8 th Company Law Directive
    5. Corporate Governance in Europe
    6. Combined Code and the Turnbull Guidance
      1. The Turnbull Report
      2. Revised Combined Code
    7. Sarbanes Oxley
      1. Key sections of Sarbanes Oxley Act
      2. Internal controls and audit
    8. Risk management framework
      1. Risk Assessment
      2. Controls
      3. Risk management
    9. Conclusions
  6. CHAPTER 3: INTELLECTUAL CAPITAL
    1. Knowledge assets
    2. Tangible relevance
    3. Structure of intellectual capital
    4. The role of IT governance
    5. Beyond knowledge management
    6. Protecting intellectual assets
      1. Copyright
      2. Design
      3. Patent
      4. Trademark
        1. Copyright Designs and Patents Act 1988 (‘CDPA’)
    7. Third party intellectual property rights (IPR)
      1. Software copyright
    8. Conclusion
  7. CHAPTER 4: COMPLIANCE
    1. Privacy and Data Protection
      1. OECD Guidelines
      2. Tomorrow
      3. Guidelines for Directors
    2. National regulation
      1. EU Regulation
      2. UK Regulation
        1. Data Protection Act 1998 (‘DPA’)
      3. US Regulation
        1. The Safe Harbor framework
        2. The Gramm-Leach-Bliley Act (‘GLBA’)
        3. The Fair Credit Reporting Act (‘FRCA’)
        4. The Health Insurance Portability and Accountability Act (‘HIPAA’)
        5. The Californian Senate Bill 1386 of 2003(‘SB 1386’)
        6. The California Online Privacy Protection Act of 2004 (‘OPPA’)
      4. APEC regulation
    3. Anti-spam legislation
      1. UK Privacy and Electronic Communications Regulations 2003
      2. US CAN-SPAM Act
    4. Freedom of Information legislation
    5. Computer misuse legislation
      1. Computer Misuse Act 1990 (‘CMA’)
    6. Human Rights
      1. The UK’s Human Rights Act 1998 (‘HRA’)
      2. Regulation of Investigatory Powers Act 2000 (‘RIPA’)
      3. Code of Practice
    7. Other legislation
    8. Record retention and destruction
    9. Conclusion
  8. CHAPTER 5: INFORMATION RISK
    1. Overview of threats and impacts
      1. Threats
      2. Impacts
    2. Information security governance
      1. Governance failure
    3. Complexity and larger organizations
      1. Threats to larger organizations
      2. Vulnerabilities in larger organizations
      3. Impacts on larger organizations
    4. ‘Traditional’ external threats
    5. ‘Traditional’ insider threats
    6. Organized crime
    7. Terrorism
    8. Emerging trends
    9. Information security best practice
    10. The need for metrics
      1. Guidelines for Directors
  9. CHAPTER 6: SYSTEM DEPLOYMENT AND PROJECT RISK
    1. Project failure
    2. Project governance objectives
    3. Execution risk
    4. Executive level project governance
    5. Board level project governance
    6. Conclusions
  10. CHAPTER 7: DESIGNING AN IT GOVERNANCE FRAMEWORK
    1. Business context and culture
    2. IT governance framework
    3. Business, information and ICT strategies
    4. IT steering and executive committees
      1. Board steering committee
      2. Executive committee
      3. Enterprise IT architecture committee
      4. Technology committee
    5. Hierarchy of IT decisions
      1. Key implementation principles
      2. Follow the money
      3. Mind the gap
    6. Reporting and monitoring framework
      1. IT audit
    7. External systems and standards
    8. Metrics
  11. CHAPTER 8: IT GOVERNANCE IN ACTION
    1. ‘Operationalization’ of strategy
    2. Responsibility and accountability
    3. IT goals, functional organization and communication
      1. Communication
    4. Information Strategy
    5. ICT Strategy
      1. Application strategy
      2. Enterprise IT architecture
    6. Project governance
      1. Portfolio management
      2. Risk management
      3. Change Management
    7. Information security and compliance
      1. Information risk assessment
      2. Compliance risks
    8. IT performance optimisation
  12. CHAPTER 9: ISSUES FOR THE PUBLIC SECTOR AND NOT-FOR-PROFIT ORGANIZATIONS
    1. Public sector organizations
    2. Voluntary sector organizations
  13. CHAPTER 10: IT’S ALL ABOUT LEADERSHIP
    1. Board leadership
    2. CEO’s role
    3. CIO leadership
    4. IT users
  14. FURTHER READING
  15. USEFUL WEBSITES
    1. Governance
    2. Information security
    3. Accounting, finance and economics