Simplifying IT Governance
Michael R. Wood is a Business Process Improvement & IT Strategist Independent Consultant. He is creator of the business process-improvement methodology called HELIX and founder of The Natural Intelligence Group, a strategy, process improvement and technology consulting company. He is also a CPA, has served as an Adjunct Professor in Pepperdine's Management MBA program, an Associate Professor at California Lutheran University, and on the boards of numerous professional organizations. Mr. Wood is a sought after presenter of HELIX workshops and seminars in both the U.S. and Europe.
Since the introduction of Sarbanes-Oxley (SOX) in 2002, the focus on IT governance has been intense within publicly traded companies, government and even privately held medium- to large-scale organizations. Standards and frameworks like
-
CObIT(Control Objectives for Information and related Technology)
-
ITIL (IT Infrastructure Library)
-
ISM3 (Information Security Management Maturity Model)
-
AS8015 (Australian Standard for Corporate Governance of Information and Communication Technology)
-
CMMI (Capability Maturity Model) and
-
ISO 27001
have been established to address various aspects of governance. It all gets very confusing, frustrating and prone to bureaucratic over-control.
To illustrate the extent to which IT Governance can get out of control consider the IT governance organization in place at UC San Francisco:
While well-intentioned, it begs the question: “How many committees does it take to insure that IT is well managed and governed?”
Today, there is an effort afoot to re-visit SOX and its compliance components with an eye toward simplification. The process of simplifying IT governance begins with an understanding of the goal. To find a goal statement of IT governance that is easy to understand is not easy at all. Wikipedia, for example, states the …
Please log in or sign up below to read the rest of the article.
ADVERTISEMENTS
|
"Enjoy yourself. It's later than you think." - Chinese Proverb |
