Temat: Standard COBIT stanowi zbiór najlepszych praktyk...
Monitor and Evaluate
Process: ME4 Provide IT Governance
Establishing an effective governance framework includes defining organisational structures, processes, leadership, roles and responsibilities to ensure that enterprise IT investments are aligned and delivered in accordance with enterprise strategies and objectives.
ME4.1 Establishment of an IT Governance Framework
Define, establish and align the IT governance framework with the overall enterprise governance and control environment. Base the framework on a suitable IT process and control model and provide for unambiguous accountability and practices to avoid a breakdown in internal control and oversight. Confirm that the IT governance framework ensures compliance with laws and regulations and is aligned with, and confirms delivery of, the enterprise’s strategies and objectives. Report IT governance status and issues.
ME4.2 Strategic Alignment
Enable board and executive understanding of strategic IT issues, such as the role of IT, technology insights and capabilities. Ensure that there is a shared understanding between the business and IT regarding the potential contribution of IT to the business strategy. Work with the board and the established governance bodies, such as an IT strategy committee, to provide strategic direction to management relative to IT, ensuring that the strategy and objectives are cascaded into business units and IT functions, and that confidence and trust are developed between the business and IT. Enable the alignment of IT to the business in strategy and operations, encouraging co-responsibility between the business and IT for making strategic decisions and obtaining benefits from IT-enabled investments.
ME4.3 Value Delivery
Manage IT-enabled investment programmes and other IT assets and services to ensure that they deliver the greatest possible value in supporting the enterprise’s strategy and objectives. Ensure that the expected business outcomes of IT-enabled investments and the full scope of effort required to achieve those outcomes are understood; that comprehensive and consistent business cases are created and approved by stakeholders; that assets and investments are managed throughout their economic life cycle; and that there is active management of the realisation of benefits, such as contribution to new services, efficiency gains and improved responsiveness to customer demands. Enforce a disciplined approach to portfolio, programme and project management, insisting that the business takes ownership of all IT-enabled investments and IT ensures optimisation of the costs of delivering IT capabilities and services.
ME4.4 Resource Management
Oversee the investment, use and allocation of IT resources through regular assessments of IT initiatives and operations to ensure appropriate resourcing and alignment with current and future strategic objectives and business imperatives.
ME4.5 Risk Management
Work with the board to define the enterprise’s appetite for IT risk, and obtain reasonable assurance that IT risk management practices are appropriate to ensure that the actual IT risk does not exceed the board’s risk appetite. Embed risk management responsibilities into the organisation, ensuring that the business and IT regularly assess and report IT-related risks and their impact and that the enterprise’s IT risk position is transparent to all stakeholders.
ME4.6 Performance Measurement
Confirm that agreed-upon IT objectives have been met or exceeded, or that progress toward IT goals meets expectations. Where agreed-upon objectives have been missed or progress is not as expected, review management’s remedial action. Report to the board relevant portfolios, programme and IT performance, supported by reports to enable senior management to review the enterprise’s progress toward identified goals.
ME4.7 Independent Assurance
Obtain independent assurance (internal or external) about the conformance of IT with relevant laws and regulations; the organisation’s policies, standards and procedures; generally accepted practices; and the effective and efficient performance of IT.
Grzegorz Albinowski edytował(a) ten post dnia 30.01.08 o godzinie 19:02
пропозиції роботи
