ebook img

Executive's Guide to IT Governance: Improving Systems Processes with Service Management, COBIT, and ITIL PDF

380 Pages·2013·4.697 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Executive's Guide to IT Governance: Improving Systems Processes with Service Management, COBIT, and ITIL

Executive’s Guide to IT Governance Founded in 1807, John Wiley & Sons is the oldest independent publishing company in the United States. With offices in North America, Europe, Asia, and Australia, Wiley is globally committed to developing and marketing print and electronic products and services for our customers’ professional and personal knowledge and understanding. The Wiley Corporate F&A series provides information, tools, and insights to corpo- rate professionals responsible for issues affecting the profitability of their company, from accounting and finance to internal controls and performance management. Executive’s Guide to IT Governance Improving Systems Processes with Service Management, COBIT, and ITIL ROBERT R. MOELLER John Wiley & Sons, Inc. Cover image: © Max Delson Martins Santos/iStockphoto Cover design: © John Wiley & Sons, Inc. Copyright © 2013 by John Wiley & Sons, Inc. All rights reserved. Published by John Wiley & Sons, Inc., Hoboken, New Jersey. Published simultaneously in Canada. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permis- sion of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions. Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in pre- paring this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages. For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002. Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com. Library of Congress Cataloging-in-Publication Data: Moeller, Robert R. Executive’s guide to IT governance : improving systems processes with service management, COBIT, and ITIL / Robert R. Moeller. 1 online resource. — (Wiley corporate F&A series) Includes bibliographical references and index. Description based on print version record and CIP data provided by publisher; resource not viewed. ISBN 978-1-118-22495-3 (pdf) — ISBN 978-1-118-23893-6 (epub) — ISBN 978-1-118-26354-9 (mobipocket) — ISBN 978-1-118-13861-8 (o-book) — ISBN 978-1-118-54017-6 (cloth) 1. Information technology—Management. 2. Information technology—Auditing. 3. Electronic data processing departments—Auditing. I. Title. HD30.2 004.068’4—dc23 2012050404 Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 Dedicated to my best friend and wife, Lois Moeller. Lois has been my companion and partner for over 40 years, whether we are on our Lake Michigan sailboat, skiing in Utah or elsewhere, visiting museums and traveling to interesting places in the world, vegetable gardening in the backyard, or jointly cooking its produce. Contents Preface xiii PART I: IT GOVERNANCE CONCEPTS Chapter 1: Importance of IT Governance for All Enterprises 3 Chapter 2: Fundamental Governance Concepts and Sarbanes-Oxley Rules 9 Sarbanes-Oxley Act 10 Other SOx Rules—Title II: Auditor Independence 18 SOx Title III: Corporate Responsibility 22 Title IV: Enhanced Financial Disclosures 24 What Is IT Governance? 28 Notes 35 Chapter 3: Enterprise Governance and GRC Tools 37 The Road to Effective GRC Principles 38 Importance of GRC Governance 39 Risk Management Component of GRC 40 GRC and Enterprise Compliance 42 Importance of Effective GRC Practices and Principles 45 PART II: FRAMEWORKS TO SUPPORT EFFECTIVE IT GOVERNANCE Chapter 4: IT Governance and COSO Internal Controls 49 Importance of Effective Internal Controls and COSO 50 COSO Internal Control Systems Monitoring Guidance 65 vii viii ◾ Contents Wrapping It Up: Importance of COSO Internal Controls 66 Notes 66 Chapter 5: COBIT and the IT Governance Institute 67 An Executive’s Introduction to COBIT 68 The COBIT Framework and Its Drivers 70 COBIT Principle 1: Establish an Integrated IT Architecture Framework 72 COBIT Principle 2: Stakeholder Value Drivers 74 COBIT Principle 3: Focus on Business Context 75 COBIT Principle 4: Governance and Risk Management Enablers 78 COBIT Principle 5: Governance and Management Performance Measurement Structures 80 Putting It Together: Matching COBIT Processes and IT Goals 81 Using COBIT in a SOx Environment 84 COBIT in Perspective 85 Notes 86 Chapter 6: ITIL and IT Service Management Guidance 87 ITIL Fundamentals 88 ITIL Service Strategy Components 91 ITIL Service Design 94 ITIL Service Transition Management Processes 99 ITIL Service Operation Processes 102 IT Governance and ITIL Service Delivery Best Practices 106 Note 107 Chapter 7: IT Governance Standards: ISO 9001, 27002, and 38500 109 ISO Standards Background 110 ISO 9000 Quality Management Standards 112 ISO IT Security Standards: ISO 27002 and 27001 115 ISO 38500 IT Governance Standard 118 Notes 123 Chapter 8: IT Governance Issues: Risk Management, COSO ERM, and OCEG Guidance 125 Risk Management Fundamentals 126 COSO ERM Definitions and Objectives: A Portfolio View of Risk 134 COSO ERM Framework 136 Other Dimensions of the COSO ERM Framework 152 The OCEG GRC “Red Book,” Risk Management, and IT Governance 153 Notes 157 Contents ◾ ix PART III: TOOLS AND TECHNOLOGIES TO MANAGE THE IT GOVERNANCE INFRASTRUCTURE Chapter 9: Cloud Computing, Virtualization, and Portable, Mobility Computing 161 Understanding Cloud Computing 162 IT Systems and Storage Management Virtualization 168 Smartphone and Handheld IT Device Governance Issues 175 Note 176 Chapter 10: Governance, IT Security, and Continuity Management 177 Importance of an Effective IT Security Environment 177 Enterprise IT Security Principles: Generally Accepted Security Standards 178 Importance of an Effective, Enterprise-Wide Security Strategy 185 IT Continuity Planning 186 The Business Continuity Plan and IT Governance 188 Notes 193 Chapter 11: PCI DSS Standards and Other IT Governance Rules 195 PCI DSS Background and Standards 196 Gramm-Leach-Bliley Act IT Governance Rules 203 HIPAA: Health Care and Much More 208 Notes 216 Chapter 12: IT Service Catalogs: Realizing Greater Value from IT Operations 217 Importance of IT Service Catalogs 219 Role of a Service Catalog in the IT Service Provider Organization 221 An IT Service Catalog’s Content and Features 223 IT Service Catalog Management 224 PART IV: BUILDING AND MONITORING EFFECTIVE IT GOVERNANCE SYSTEMS Chapter 13: Importance of IT Service-Oriented Architecture for IT Governance Systems 231 SOA Applications and Service-Driven IT Applications 232 SOA Governance, Internal Control Issues, and Risks 235 Planning and Building an SOA Implementation Blueprint 236 SOA and IT Governance 242 Notes 245 x ◾ Contents Chapter 14: IT Confi guration and IT Portfolio Management 247 IT Confi guration Management Concepts 248 ITIL Best Practices for IT Confi guration Management 250 The Confi guration Management Database: An Often Diffi cult Concept 254 Establishing an Enterprise CMDB 255 IT Portfolio Management 259 Chapter 15: Application Systems Implementations and IT Governance 263 The Systems Development Life Cycle: A Basic Application Development Technique 264 IT Rapid Development Processes: Prototyping 266 Enterprise Resource Planning and IT Governance Processes 268 Chapter 16: IT Governance Issues: Project and Program Management 275 The Project Management Process 275 PMBOK Standards 277 Another Project Management Standard: PRINCE2 280 IT Systems Portfolio and Program Management 280 The Program Management Offi ce (PMO), a Strong Governance Resource 284 Project Management, the PMO, and IT Governance 286 Note 286 Chapter 17: Service Level Agreements, itSMF, Val IT, and Maximizing IT Investments 287 ITIL Service Management Best Practices and the itSMF 288 Open Compliance and Ethics Group (OCEG) Standards 292 Val IT: Enhancing the Value of IT Investments 298 Notes 305 PART V: MONITORING AND MEASURING ENTERPRISE MANAGEMENT AND BOARD GOVERNANCE Chapter 18: Enterprise Content Management 309 ECM Characteristics and Key Components in the Enterprise Today 310 ECM Processes and IT Governance 310 Creating an Effective ECM Environment in the Enterprise 314 Contents ◾ xi Chapter 19: Internal Audit’s Governance Role 319 Internal Auditing History and Background 320 Internal Auditing and the IT Auditor 323 Internal Audit’s IT Governance Activities and Responsibilities 323 Internal Audit IT Governance Standards 329 Internal Audit IT Governance Procedures 329 Note 334 PART VI: IT GOVERNANCE AND ENTERPRISE OBJECTIVES Chapter 20: Creating and Sustaining an Ethical Workplace Culture 337 Importance of Mission Statements 337 Enterprise Codes of Conduct 340 Whistleblower and Hotline Functions 347 Launching an Ethics Program and Improving Enterprise Governance Practices 352 Note 353 Chapter 21: Impact of Social Media Computing 355 What Is Social Media Computing? 356 Social Media Examples 358 Enterprise Social Media Computing Risks and Vulnerabilities 365 Social Media Policies 367 Notes 370 Chapter 22: IT Governance and the Audit Committee’s IT Role 371 The Enterprise Audit Committee and IT Governance 371 Audit Committee IT Governance Responsibilities 374 Audit Committee Briefi ngs and IT Governance Issues 375 About the Author 377 Index 379

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.