IT in Control Samenvatting
Inhoudsopgave
Week 1 - Strategy ....................................................................................................................... 2
Selig Chapter 1 – Introduction business/IT alignment ........................................................... 2
Selig Chapter 3 – Business/IT strategy alignment ................................................................. 8
Paper 1 – Henderson – Strategic Alignment Model ............................................................. 10
Paper 2 – Sabherwal – Dynamics of alignment ................................................................... 15
Week 1 - Governance ............................................................................................................... 16
Selig Chapter 2 – IT governance, best practice frameworks ................................................ 16
Selig Chapter 6 – IT Service Management, Execution management ................................... 25
Paper 3 – Hardy – COBIT .................................................................................................... 28
Paper 4 – Kerr – COBIT framework .................................................................................... 31
Paper 5 – Haes – IT in a major airline .................................................................................. 32
Week 2 – Outsourcing .............................................................................................................. 35
Selig Chapter 7 – Strategic sourcing & outsourcing ............................................................ 37
Selig Chapter 9 – Cloud computing ..................................................................................... 42
Paper 6 – Julisch – Security and control in the cloud .......................................................... 46
Week 3 – Cybercrime ............................................................................................................... 51
Romney Chapter 8 – Fraud and errors ................................................................................. 51
Romney Chapter 9 – Computer fraud and abuse techniques ............................................... 54
Week 4 – Security .................................................................................................................... 58
Romney Chapter 10 – Control and accounting information systems................................... 59
Romney Chapter 11 – Controls for information security ..................................................... 61
Week 5 – Privacy ..................................................................................................................... 63
Romney Chapter 12 – Confidentiality and privacy controls ................................................ 65
Romney Chapter 13 – Processing integrity and availability controls .................................. 72
Week 6 – Analytics .................................................................................................................. 75
Romney Chapter 4 – Relational databases ........................................................................... 76
Romney Chapter 11 – Auditing computer based information systems ................................ 78
Paper 7 – Chan – Innovation and practice of continuous auditing ....................................... 82
Paper 8 – Debrecenya – XML and XBRL ........................................................................... 85
,Week 1 - Strategy
- Selig - Chapter 1: Introduction to IT/Business Alignment, Planning, Execution and
Governance
- Selig - Chapter 3: Business/IT Alignment, Strategic Planning and Portfolio
Investment Management Excellence (Demand Management)
- Henderson, J.C.; Venkatraman, N. (1993). Strategic Alignment, Leveraging
Information technology for transforming organizations
- Sabherwal, R.; Hirschheim, R.; Goles, T. (2001). The Dynamics of Alignment,
Insights from a Punctuated Equilibrium Model
Selig Chapter 1 – Introduction business/IT alignment
Strategy is about the what question, whereas governance is about the how question. IT
strategy + IT governance = Business strategy. The following key business drivers are
currently very important: rapid changing technology, privacy, security and ethics (AVG),
continuous innovation.
There are three kinds of governance: enterprise, business and IT governance. Enterprise
governance represents the highest level of governance (board level). Business governance
represents the CEO, and other C-level staff. IT governance is represented by the CIO (Chief
Information Officer). Enterprise governance deals with the separation of ownership and
,control of the organization, whereas business governance focuses on the direction, control
and execution of the business plan and strategies. IT governance focuses on the direction,
control and execution of IT plans and strategies. Most organizations have the CIO function
integrated into the CFO function. This is bad because the CFO is mostly cost driven.
Major challenges for IT planning and governance:
More challenges on page 7 to 9.
Most important challenges:
Compliance (AVG), architecture
(cloud landscape), on demand
management (outsourcing),
security (cybercrime).
Definition, purpose and scope
Governance:
Governance formalizes and
clarifies oversight, accountability
and decision rights for a wide
array of IT strategy, resource and
control activities. It is a
collection of management,
planning and performance
review policies, practices and
processes with associated
decision rights, which establish authority, sponsorship, controls, a baseline and performance
metrics for investments, plans, major changes, security and etc.
The purpose of IT governance can be found on page 10, whereas the scope of IT governance
can be found on page 11. Page 12 shows who benefits from a good IT governance. Page 12
also shows the value propositions of IT governance.
, Successful IT governance is built upon three critical pillars. The pillars are:
If one of the above pillars is missing or ineffective, the IT governance will not be effective or
sustainable. In addition, over-dependence on one dimension over the others will result in sub-
optimal performance. Poor IT governance can lead to business losses and disruptions,
schedules not met, higher costs, poorer quality, unsatisfied customers, core business are
negatively affected and failure of IT to demonstrate its investment benefits or value
propositions.
Page 14, 15 and 16 talk about the implications of Sarbanes Oxley Act (SOX) and other
regulations on IT governance. This has not been covered during the lecture & screencasts.
Page 16 and 17 talks about the CEO role, and the two ways a CEO can go. The two ways are
Growth (maximize value proposition) and Optimize effectiveness & efficiency.
Page 17 and 18: How much governance is required and when is enough, enough?
To plan, develop, deploy and sustain a cost effective approach to IT governance, the blended
and integrated governance network consists of five critical IT governance must do’s. The
five work areas are:
1. Business strategy, plan and objectives (demand management): This involves the
development of the business strategy and plan which should drive the IT strategy and
plan.
2. IT strategy, plan and objectives (demand management): This should be based on
the business plan and objectives and will provide the direction and priorities of the IT
functions and resources. Including portfolio management investments, prioritization
scheme and identify decision rights on a wide variety of IT areas. The CIO is
Inhoudsopgave
Week 1 - Strategy ....................................................................................................................... 2
Selig Chapter 1 – Introduction business/IT alignment ........................................................... 2
Selig Chapter 3 – Business/IT strategy alignment ................................................................. 8
Paper 1 – Henderson – Strategic Alignment Model ............................................................. 10
Paper 2 – Sabherwal – Dynamics of alignment ................................................................... 15
Week 1 - Governance ............................................................................................................... 16
Selig Chapter 2 – IT governance, best practice frameworks ................................................ 16
Selig Chapter 6 – IT Service Management, Execution management ................................... 25
Paper 3 – Hardy – COBIT .................................................................................................... 28
Paper 4 – Kerr – COBIT framework .................................................................................... 31
Paper 5 – Haes – IT in a major airline .................................................................................. 32
Week 2 – Outsourcing .............................................................................................................. 35
Selig Chapter 7 – Strategic sourcing & outsourcing ............................................................ 37
Selig Chapter 9 – Cloud computing ..................................................................................... 42
Paper 6 – Julisch – Security and control in the cloud .......................................................... 46
Week 3 – Cybercrime ............................................................................................................... 51
Romney Chapter 8 – Fraud and errors ................................................................................. 51
Romney Chapter 9 – Computer fraud and abuse techniques ............................................... 54
Week 4 – Security .................................................................................................................... 58
Romney Chapter 10 – Control and accounting information systems................................... 59
Romney Chapter 11 – Controls for information security ..................................................... 61
Week 5 – Privacy ..................................................................................................................... 63
Romney Chapter 12 – Confidentiality and privacy controls ................................................ 65
Romney Chapter 13 – Processing integrity and availability controls .................................. 72
Week 6 – Analytics .................................................................................................................. 75
Romney Chapter 4 – Relational databases ........................................................................... 76
Romney Chapter 11 – Auditing computer based information systems ................................ 78
Paper 7 – Chan – Innovation and practice of continuous auditing ....................................... 82
Paper 8 – Debrecenya – XML and XBRL ........................................................................... 85
,Week 1 - Strategy
- Selig - Chapter 1: Introduction to IT/Business Alignment, Planning, Execution and
Governance
- Selig - Chapter 3: Business/IT Alignment, Strategic Planning and Portfolio
Investment Management Excellence (Demand Management)
- Henderson, J.C.; Venkatraman, N. (1993). Strategic Alignment, Leveraging
Information technology for transforming organizations
- Sabherwal, R.; Hirschheim, R.; Goles, T. (2001). The Dynamics of Alignment,
Insights from a Punctuated Equilibrium Model
Selig Chapter 1 – Introduction business/IT alignment
Strategy is about the what question, whereas governance is about the how question. IT
strategy + IT governance = Business strategy. The following key business drivers are
currently very important: rapid changing technology, privacy, security and ethics (AVG),
continuous innovation.
There are three kinds of governance: enterprise, business and IT governance. Enterprise
governance represents the highest level of governance (board level). Business governance
represents the CEO, and other C-level staff. IT governance is represented by the CIO (Chief
Information Officer). Enterprise governance deals with the separation of ownership and
,control of the organization, whereas business governance focuses on the direction, control
and execution of the business plan and strategies. IT governance focuses on the direction,
control and execution of IT plans and strategies. Most organizations have the CIO function
integrated into the CFO function. This is bad because the CFO is mostly cost driven.
Major challenges for IT planning and governance:
More challenges on page 7 to 9.
Most important challenges:
Compliance (AVG), architecture
(cloud landscape), on demand
management (outsourcing),
security (cybercrime).
Definition, purpose and scope
Governance:
Governance formalizes and
clarifies oversight, accountability
and decision rights for a wide
array of IT strategy, resource and
control activities. It is a
collection of management,
planning and performance
review policies, practices and
processes with associated
decision rights, which establish authority, sponsorship, controls, a baseline and performance
metrics for investments, plans, major changes, security and etc.
The purpose of IT governance can be found on page 10, whereas the scope of IT governance
can be found on page 11. Page 12 shows who benefits from a good IT governance. Page 12
also shows the value propositions of IT governance.
, Successful IT governance is built upon three critical pillars. The pillars are:
If one of the above pillars is missing or ineffective, the IT governance will not be effective or
sustainable. In addition, over-dependence on one dimension over the others will result in sub-
optimal performance. Poor IT governance can lead to business losses and disruptions,
schedules not met, higher costs, poorer quality, unsatisfied customers, core business are
negatively affected and failure of IT to demonstrate its investment benefits or value
propositions.
Page 14, 15 and 16 talk about the implications of Sarbanes Oxley Act (SOX) and other
regulations on IT governance. This has not been covered during the lecture & screencasts.
Page 16 and 17 talks about the CEO role, and the two ways a CEO can go. The two ways are
Growth (maximize value proposition) and Optimize effectiveness & efficiency.
Page 17 and 18: How much governance is required and when is enough, enough?
To plan, develop, deploy and sustain a cost effective approach to IT governance, the blended
and integrated governance network consists of five critical IT governance must do’s. The
five work areas are:
1. Business strategy, plan and objectives (demand management): This involves the
development of the business strategy and plan which should drive the IT strategy and
plan.
2. IT strategy, plan and objectives (demand management): This should be based on
the business plan and objectives and will provide the direction and priorities of the IT
functions and resources. Including portfolio management investments, prioritization
scheme and identify decision rights on a wide variety of IT areas. The CIO is
