Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Presentation

advertisement 
Impacts of the selfassessment on the SAIs
Dainius Jakimavičius
Director Information Technology Department
Progress of the selfassessment – 18 countries
–
–
–
–
–
–
–
–
–
Bulgaria
Cyprus
Croatia
Czech
Republic
Denmark
Finland
France
Germany
Hungary
–
–
–
–
–
–
–
–
–
Lithuania
Norway
Portugal
Russian
Federation
Slovenia
Spain
Switzerland
The Netherlands
United Kingdom
2
The most important IT processes
PO1
AI3
Define a strategic IT plan
Acquire and maintain
technology infrastructure
AI6
Manage changes
DS4 Ensure continuous service
DS5 Ensure system security
DS7 Educate and train users
DS10 Manage problems and
incidents
M1
Monitor the processes
P02
Define the information
architecture
P03
Determine the technological
direction
P010 Manage projects
AI1
Identify automated solutions
AI2
Acquire and maintain
application SW
AI4
Develop and maintain
procedures
DS11 Manage data
P09
Assess risks
3
IT processes with relative high
maturity level
P0 3 Determine the technological direction
AI 2 Acquire and maintain application software
AI 3 Acquire and maintain technology infrastructure
AI 4 Develop and maintain procedures
AI 6 Manage changes
DS 5 Ensure system security
DS10 Manage problems and incidents
DS11 Manage data
4
IT processes with relative low
maturity level
P01
P02
P010
P09
AI1
DS4
DS7
M1
Define a strategic IT plan
Define the information architecture
Manage projects
Assess risks
Identify automated solutions
Ensure continuous service
Educate and train users
Monitor the processes
5
“He can maintain your house... but to build
the new one, he needs a plan and a client!”
Michel Huissoud, Presentation at EUROSAI IT WG
3-rd Meeting, Nikosia, 14 February 2005
6
Action Plans - 1
Enforcement of IT-strategy (PO1):
alignment between business processes and the
functional aspects of information systems
: Create a proactive IS-strategy or policy, and not
just react to IT problems
: Improve integration of systems, processes and
data between departments
7
Action Plans - 2
Improvement of IT-function organisation (PO4): Allocate responsibilities for certain parts of the IT function
Improve communication between users and IT (i.e. make a
user responsible for business processes or IT applications)
Focus IT more on solving business problems, less on
technological solutions
Define functions to be performed by IT personnel and to be
performed by users.
8
Action Plans - 2
Improvement of IT-function organisation (PO4): cf. Defined Process
Defined roles and responsibilities for the IT organisation and
third parties exist.
The IT organisation is developed, documented,
communicated and aligned with the IT strategy.
Organisational design and the internal control environment
are defined.
There is formalisation of relationships with other parties,
including steering committees, internal audit and vendor
management.
The IT organisation is functionally complete; however, IT is
still more focused on technological solutions rather than on
using technology to solve business problems. There are
definitions of the functions to be performed by IT personnel
9
and of those which will be performed by users.
Lithuania: Practical example
IT Development Strategy (September 2002)
•
•
main aspects for IT development until 2006
oriented more on technological potential, less on
business needs
Mid-sized office
•
•
•
over 300 working places (230 notebooks - auditors,
80 desktops – administration & audit management)
6 remote locations (branch offices)
less posibilities for ad-hoc management
10
Objectives
Introduce principles (practices ?) of corporate IT
governance by integration of the main office
processes with IT processes
as well as
•
•
•
increase awareness of the main office processes
owners consolidating their inputs for IT development
disclose the most important IT processes supporting
the main office business processes
set priorities for subsequent actions in the NAO
11
Pilot in Lithuania, October 2003
8 persons in the target group:
•2 from IT
•6 from business
Some knowledge on self-assessment, minor
knowledge about COBIT
Duration: 2 half-days + presentation of the Action
Plan to the Auditor General on the 3-rd day
12
Most important IT processes
PO1
AI1
DS5
Define a Strategic IT Plan
Identify Automated Solutions
Ensure Systems Security
15/18
14/18
14/18
PO10 Manage Projects
12/18
AI6
DS4
Manage Changes
Ensure Continuous Service
12/18
12/18
DS6
M2
Identify and Allocate Costs
Assess Internal Control Adequacy
12/18
12/18
13
Shortcomings
PO1: Indicated Shortcoming: Policy not known,
no business planning system
AI1: Indicated Shortcoming: No methodology
and business requirements
DS5: Indicated Shortcoming: No security plan &
procedures, no testing
14
Action Plan
Actions:
• Policy creation, Procedures & Priorities for
Allocation of Resources (importance
ranking: 10)
• Setting up Business Requirements
• Introduce Security Policy (including security
control procedures)
15
Enforcement -1
Establishment of LT NAO Strategic Management &
Risk Management Commission (November 2003).
IT Management – among 7 most important risk
areas
Approval by LT NAO Council Implementation Plan
of LT NAO IT Strategy (January 2004):
•
•
•
•
IT Infrastructure Development
System Policies & Procedures
Business Software
Remote access & direct links to NAO clients
16
Enforcement - 2
Establishment of IT Management Committee (February
2004) - sharing responsibility for IT development with
owners of the main processes (auditors)
Approval by LT NAO Council of outline of the new LT
NAO information system (March 2004)
Establishment of WG for elaboration proposals for
development of future audit management and
documentation system (May 2004).
Representatives – mainly from business side
17
Practical Hints
Involvement of Head of SAI at the very early stage of selfassessment – demonstrating importance of the issue
Mixing auditors & IT professionals – corporate nature of
IT management
Closing seminar – summing up things to be done
Other Added Values
Recognition of SAI by ISACA community (locally).
Presentation of self-assessment to the ISACA LT
Chapter meeting (February 2004)
Demonstrating IT awareness to SAI clients
18
Related documents
Strategic Flood Relief Management
Strategic Flood Relief Management
Tim Banfield, Director, National Audit Office
Tim Banfield, Director, National Audit Office
Positive NAO Index
Positive NAO Index
Meeting Agenda Example
Meeting Agenda Example
M C I ti ti
M C I ti ti
Math 1210-001 Tuesday Mar 29 WEB L110
Math 1210-001 Tuesday Mar 29 WEB L110
Annual report and accounts
Annual report and accounts
ABSTRACT THESIS: The Influence of the North Atlantic Oscillation on Seasonal Snowfall
ABSTRACT THESIS: The Influence of the North Atlantic Oscillation on Seasonal Snowfall
Lecture - with animation
Lecture - with animation
Computer Vision and Route Planning for Humanoid Robots Background and Objectives
Computer Vision and Route Planning for Humanoid Robots Background and Objectives
Ashley Jung - ATFTTB Final Essay
Ashley Jung - ATFTTB Final Essay
(Why Does the) Positive Phase of NAO Pattern Appear(s)
(Why Does the) Positive Phase of NAO Pattern Appear(s)
Download
advertisement