Final Report of the Task Force on IT Governance Richard Brisebois Beijing, China Office of the Auditor General of Canada Agenda Background Project Objective Project team Project Schedule/History IT Governance Key Questions Outcomes Conclusion Office of the Auditor General of Canada Project Objective The main objective of the project was to discuss the importance of IT Governance, identify risks and challenges being faced and propose new guidance and share best practices in this area Office of the Auditor General of Canada Project Team Project leader: Richard Brisebois, Canada Active Members: 1. Claudia Dias, Brazil 2. Nagarajan Nagarajan & Ashutosh Sharma, India 3. Dainius Jakimavicius & Irmantas Aleliunas, Lithuania 4. Thomas Wijsman, Netherlands 5. Thor Kristian Svendsen & Erna Jørgensen Lea, Norway 6. Mr. Jamtsho, Bhutan 7. Shaima Al Hinai, Oman 8. Alla Petrenko, Russian Federation 9. Steve Doughty/Angus Waugh, United Kingdom 10. Madhav Panwar, USA Commentary Project Participants: 1. Sr. Ryoichi Doi, Japan 2. Bjørn Undall, Sweden Office of the Auditor General of Canada Project Schedule/History May 2006: The IT Governance project was initiated at the INTOSAI WGITA meeting in Brazil. Oct 2006: Scoping report completed. March 2007: WGITA IT Governance Performance Auditing Seminar in Muscat, Oman. 2008: Launch of the IT Governance database in Japan 2008: Collection of various SAI’s work on IT Governance (inserted to the IT Governance database) 2009: Collection of reference material on IT Governance (inserted to the IT Governance database) 2008 & 2009: Interim Progress Reports April 2010: IT Governance Checklist April 2010: Final report of IT Governance task force Office of the Auditor General of Canada Office of the Auditor General of Canada Office of the Auditor General of Canada What is IT Governance? “IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.” IT Governance Institute Office of the Auditor General of Canada IT Governance Key Questions 1. 2. 3. 4. 5. Leadership and Organization - Do the IT organizational structure and human resources (personnel) management in place support the organization’s strategies and objectives? IT strategy - Is there an IT strategy in place, including the IT direction, and the processes for the strategy’s development, approval, and implementation and maintenance that is aligned with the organization’s strategies and objectives? Policies and standards - Are there IT policies, standards, and procedures, and the processes for their development, approval, implementation, maintenance, and monitoring in place to support the IT strategy and comply with regulatory and legal requirements? Quality Management System - Is there an IT quality management system in place to support the organization’s strategies and objectives? IT controls - Are there sufficient IT management and monitoring of controls (e.g., continuous monitoring, QA) in place to support organization’s policies, standards and procedures? Office of the Auditor General of Canada IT Governance Key Questions 6. 7. 8. 9. 10. Investment planning - Are there IT resource investment, use and allocation practices, including prioritization criteria in place that are aligned with the organization’s strategies and objectives? Contracting - Are there IT contracting strategies and policies, and contract management practices in place to support the organization’s strategies and objectives? Risk management - Are there risk management practices in place to ensure that the organization’s IT-related risks are properly managed? Monitoring and reporting - Are there monitoring and assurance practices in place to allow the board and executive management to receive sufficient and timely information about IT performance? Business continuity planning - Is there a business continuity plan in place to support orderly recovery of essential business operations during the period of an IT disruption? Office of the Auditor General of Canada How to Use the Questions Question: Do the IT organizational structure and human resources (personnel) management in place support the organization’s strategies and objectives? Audit objective: To determine whether IT organizational structure and human resources (personnel) management in place support the organization’s strategies and objectives. Criterion: We expect the organization to have in place adequate IT organizational structure and human resources (personnel) management to support the organization’s strategies and objectives. Office of the Auditor General of Canada Outcomes of the IT Governance Task Force Publications Database of Reference Material for IT Governance http://www.intosaiitaudit.org/intosaiitgov/default.aspx?AspxAutoDetectCookieSupport=1 IT Governance Scoping, status and final reports Papers and presentations made at the 5th performance audit seminar (Oman, 2007) Collection of various SAI’s work on IT Governance Collection of Reference material on IT Governance Identification of Framework and Standards related to IT Governance Office of the Auditor General of Canada Sub Projects Cancelled • Develop training material on IT • Governance (cancelled) Adapt Private Sector IT Governance material for Public Sector use (cancelled) Office of the Auditor General of Canada Conclusion Lets not re-invent the wheel There are a lot of resources available on IT governance Most of them are available in Database of Reference Material for IT Governance Lets continue to share best practices and facilitate exchange of information and experience Office of the Auditor General of Canada Questions/Thank You Richard Brisebois CGA, CISA Principal, IT Audit Services Office of the Auditor General of Canada Tel: (613)952-0213 ext. 2235 Fax: (613)947-9736 E-mail: Richard.Brisebois@oag-bvg.gc.ca 240 Sparks Street Ottawa, Ontario, Canada K1A 0G6 www.oag-bvg.gc.ca Office of the Auditor General of Canada