Strategic Information Systems Management: Governance Frameworks Report

Verified

Added on 2023/01/03

AI Summary

This report provides a detailed analysis of IT governance frameworks, focusing on COBIT and ITIL, and their significance in strategic information systems management. It begins with an introduction to IT governance, defining its role in managing, executing, and monitoring governance within an organization, emphasizing risk management and aligning IT with business objectives. The report then examines the Sarbanes Oxley Act (SOX) and its influence on governance frameworks. The core of the report delves into COBIT, explaining its components, assets (risk minimization, environment regulation, size independence, productivity and efficiency, and governance), and issues (implementation, need for experienced analysts, and lack of specifications). Subsequently, the report explores ITIL, detailing its five parts (service strategy, design, transition, operations, and continuous service improvement), assets (cost transparency, better risk management, aligning business and IT, improved service quality, and framework integration), and issues (extensive training, potential for disruption, and expense). The report concludes by highlighting the commonalities between COBIT and ITIL, emphasizing their contributions to effective IT governance and organizational success. This report is available on Desklib, a platform that provides AI-based study tools and resources for students.

Strategic Information
Systems Management

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Abstract
IT governance is framework that specifies distinct methods through which project can be
carried out in an appropriate manner by taking into account certain risks that areas associated
with information technology. It is important that all adequate risk management strategies are
considered through which it will be ensured that relevant measures are taken for coping up with
them. This comprises of different models which can be utilised by organisation as per their
requirements. The report will provide overview of these models, their assets and issues
associated with them so that it becomes easy to identify which one will address all the
requirements of the organisation.

Table of Contents
Abstract............................................................................................................................................2
Introduction......................................................................................................................................1
Illustrate different governance frameworks that are associated with Sarbanes Oxley Act
(2002).....................................................................................................................................1
Conclusion.....................................................................................................................................13
References......................................................................................................................................14
1

Introduction
IT governance framework implies type of framework that illustrates the methods along
with ways by which firm can execute, manage as well as monitor governance in the organisation.
It is one or multiple processes that are liable for enabling IT employees for carrying out
management of risks and render their best services through which organisation can attain their
objectives on the whole (Starbird, Arif and Wilson, 2019). Basically, it is liable for rendering as
well as measuring effective utilisation of resources as well as processes in an organisation. This
provides a roadmap for evaluation of performance along with effectualness of the processes. It
enables firms within having insight into their performance as well as attains legal along with
regulatory compliance in context of IT. This report will provide an insight into different
governance models like ITIL and CoBIT. Furthermore, PRINCE2 as well as programme
management will also be specified along with associated issues and different aspects related with
them.
Illustrate different governance frameworks that are associated with Sarbanes Oxley Act (2002)
This framework is liable for furnishing mechanism for management and operational level
employees for having precise understanding related with anticipation, performance, objectives,
reporting needs and risk appetite. It is important that theses aspects are interacted in an
appropriate manner for significant persons within the organisation. Governance framework is
liable for directing the ways in which people conduct interaction within the organisation with
regulators, stakeholders and organisation for guiding as well as monitoring their functionalities
(Kamariotou and Kitsios, 2019). This aspect enables organisation within putting affirmative
traits that are displayed firmly. This leads to make all their intensions clear that are liable for
targeting actions and behaviour and this will further aid within distancing duplicity while
carrying out their activities. IT governance framework comprises of organisational structure,
leadership, business standards, compliance and standards that are liable for making that the IT
system of firm capable enough for addressing their objectives and strategies. Sarbanes Oxley Act
(2002) denotes law formulated via U.S. Congress that was passed on 30th July that enables
investors to be secured from certain fraudulent financial reporting that is made via corporations.
The act has formulated various strict rules for auditors, corporate officers and auditors for
ensuring stringent recordkeeping needs. Furthermore, criminal penalties are also imposed for
2

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

violation of security laws. The different models associated with IT governance framework have
been specified beneath:
COBIT: Control objectives for information and related technology. The framework that
is given by ISACA for IT management and governance as a supportive tool for management that
will lead to bridge gap among business risk, control needs and technical issues is referred to as
COBIT. It is a recognised guideline which can be applied within the organisation irrespective of
industry in which they deal with (Sihotang and et. al., 2019). Basically, COBIT framework
comprises of associated with business goals along with their IT infrastructure by rendering
linked business accountabilities of IT processes. Here, emphasis is made on four different
aspects, they are: planning and organisation; delivering & support; acquisition and
implementation; monitoring and evaluation. Basically, it acts like a guideline integrator that is
responsible to merge all the solutions which are under single umbrella. The components of
COBIT are:
Components:
Framework: IT aids within management of objectives associated with IT governance for
ensuring that best domains and processes are being utilised while associating business needs.
Illustration 1: COBIT framework and components
3

Process descriptions: This acts like a reference model as well as common language for
each individual within the organisation. It comprises of aspects like building, monitoring,
execution and planning of all the related information technology processes.
Control objectives: It is liable for furnishing complete list of needs that are taken into
account by management for effectual control of the business.
Maturity Models: This is accountable for accessing maturity along with capabilities of
each process through which gaps can be addressed in an appropriate manner.
Management guidelines: This aspect will aid within better assignment of liabilities,
measurement of performance, have an agreement on identical objectives and illustration of
enhanced interrelationship among each process (van Wyk and Rudman, 2019).
COBIT is utilised by organisations here there primal accountability is business processes
along with associated technologies that are dependent on having reliable and significant
information. The assets and issues of COBIT are specified beneath:
Assets:
Risk minimisation: COBIT is time-tested framework that aids organisation within
reducing infrastructure and service risks.
Environment regulation: There is increased impact of technology on day to day life of
people that have created a significant impact on role of regulations. The latest version of COBIT
enables to adhere to compliance that further makes this easy for organisation so that objectives
can be accomplished.
Size independence: Through the assistance of techniques and tools, COBIT principles are
liable for improvisation of effectiveness along with efficiency. They can be applied within all the
industries regardless of its growth trajectory or business size.
Productivity and efficiency: COBIT principles and models are recognised
internationally. This aids within addressing concerns of stakeholders, specifying their liabilities,
attainment of organisational strategic objectives and realisation of business benefits (Amorim
and et. al., 2020). This will result firm to have amplified productivity along with efficiency.
Governance: The major asset of COBIT is execution of IT governance standards within
the working of organisation. This is liable for making sure that the risks linked with information
4

technology are mitigated as well as effectual controls are put within place for ensuring that
processes are monitored in an effective manner.
Issues:
Implementation: It is not so easy to implement COBIT framework and thus, many of
firms do not opts for its execution as this require enhanced knowledge along with skills that are
utilised like a tool for offering IT governance control or furnish control for performance of IT
department (Mubaraq and et. al., 2019).
Experienced analyst needed: The maturity model is accountable to render generic
analysis for any peculiar situation that requires seasoned analyst for conducting credible maturity
assessment within the IT firm.
Lack of specifications: The framework lacks certain specifications in context of its
relation among benefits of activities and the way in which features are expressed within the
maturity model.
ITIL: IT infrastructure library implies the library that is liable for illustrating framework
of best practices through which best practices can be delivered for information technology
services. Basically, it is an approach that furnishes guidance to individuals as well as
organisation with reference to ways in which this can be utilised for facilitating business
transformation, growth and change. The objective is to amplify efficiency along with
performance and attain certain levels of delivering effective services. This is utilised for dealing
with new challenges related with service management and unlock potential possessed by modern
technologies (Alimam, Bertin and Crespi, 2017). The ITIL framework that comprises of five
different parts, they are specified beneath:
Service strategy: This aids within providing understanding associated with customer
needs that are liable to making continuous improvisation within operations carried out by
information technology.
Service design: This implies services that are being rendered via IT department for
supporting the operations carried out via organisation.
Service transition: It denotes moving from development to operational phase so that it
can become easy to deliver services as per required standards.
5

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Service operations: This is responsible for making sure that IT services are furnished as
per required service level.
Continuous services improvisation: ITIL aids within identification along with execution
of means that will enable within offering enhanced services.
Illustration 2: What is ITIL?
ITIL methodology is associated with concept of IT control that defines responsibilities,
decision making, illustrates access hierarchy and control through which higher levels of
customer satisfaction can be attained for accomplishment of organisational objectives and goals.
This aspect is further categorised into two aspects in terms of service management processes,
they are:
Service delivery: The goal of organisation is to make current services enhanced by
focussing on analysis along with planning of responses in context of future services needs (Orta
and Ruiz, 2019). This comprises of aspects like availability, financial, capacity, service
continuity and service level management.
Support service: In this case, class emphasise on each day activities that are carried out
via business which further leads to make sure that current services are maintained in adequate
way. This involves incident, configuration, and version and change management along with
service desk.
With reference to all the aspects illustrated above, there are certain assets that can be
attained by implementation of ITIL within working premises. Furthermore, certain issues are
6

also there which creates a significant pessimistic influence on its execution. They are mentioned
below:
Assets:
Cost transparency: In this case, metric based strategies will be created as ITIL will aid
firm within formulation of budgeting as well as accounting requirements. This will enable
organisation to have clear information associated with their financial assets and can deliver their
operations accordingly (Aguiar and et. al., 2018). The processes that have been established by
making use of ITIL framework enables organisation within checking detailed metrics that makes
cost-cutting decisions critical.
Better risk management: If organisation makes relevant usage of ITIL for dealing with
cost optimisation then there is still possibility that there are certain factors that leads to creation
of risk. The risk management activities are associated with multiple processes that must be
conducted for identification, prioritisation and organisation of service improvisations.
Aligning business and IT: ITIL do not assist within creating business strategies but it is
accountable for supporting all the aspects associated with them. It is compatible with goals of
business that will aid them within execution of operation of IT department as they are
accountable for deliver services, i.e. they are service provider. This makes operations of IT the
critical part of business.
Improvised quality of service: ITIL execution furnishes firm with probable control
measures through which all the activities of firm can be aligned with their goals and ensure that
any kind of risk do not exit. This enables employees within acknowledging what must be done as
well keep track of each procedure that they have to abide to while delivering their operations.
This ultimately leads to improvisation within the procedures that are followed by firm.
Framework integration: It is easy to integrate ITIL with project management system that
are provided or taken up form third party for optimisation of distinct workflows. This further
enables to have coordination among distinct departments of the organisation.
Issues:
Extensive training: For execution of ITIL it is necessary that each asset of firm must
have relevant knowledge so that they can deliver their functionalities accordingly. The
7

implementation s lengthy process which implies that extensive training is needed across different
departments.
Disrupts current state of organisation: ITIL comprises of wide range of processes, for
conducting risk management when services are being delivered (Hunter, 2020). While imposing
any kind of alterations within organisation, it can be disruptive.
Expensive: The overall process that involves implementation of ITIL is costly at each
level.
Commonalities:
Both the frameworks that have been specified above aids firm within delivering their
responsibilities in an appropriate manner and each have certain assets through which functioning
of organisation will get better. ITIL and COBIT both have some issues but if these can be
maintained in relevant manner then affirmative results can be attained. COBIT furnishes
organisation with guidelines and set of practices that will enable management within having
most from their IT resources. On the other hand, ITIL is designed for managing IT services by
making use of best practices, through formulation of plans and selection across the lifecycle.
PRINCE2: Projects In controlled environment is process dependent method for
management of the project. It is well-defined structured methodology that makes it easy for
controlling complete work process and also enables managers to segregate the project in way that
it can be managed and controlled in an adequate way. The principles of methodology are
illustrated below:
 Each project must have certain business justification which implies that project must
render value to customers that will enable firm within having enhanced return on
investment.
 Team have to acknowledge each stage and all the results attained must be recorded so
that in future they can be used like a reference point.
8

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Illustration 3: PRINCE2
 The project must be well planned and segregated into respective phases so that periodic
review can be attained, progress can be tracked and deadlines will also be ensured.
 As such there is no approach that will fit all the requirements this means that PRINCE2
method must be adjusted for attainment of needs of each project (Hinde, 2018).
Phases of PRINCE2
The process can be broken into different seven phases, they are illustrated beneath:
Start project: Request for new project will be submitted and this is mandatory to access
for ensuring that firm can deliver their accountabilities. If this aspect will be approved then
detailed overview of project must be submitted by the company.
Direct project: Project briefs must be reviewed as well as evaluated via project board and
they will be liable for deciding the ways in which it will be organised and implemented.
Initiation of project: The project manager is liable for creation of initiation
documentation that comprises of plane along with baseline targets such as benefits, quality, cost,
scope and risk. The board is liable for deciding that whether documentations will be address the
approval from all.
9

Controlling stages: The project is segregated within small phases via project manager
and information to pass to teams. Each stage will be seen via manager who will step within the
project as per requirements and will also coordinate responsibilities that are carried out each day.
Product delivery management: It is necessary that deliverables must acknowledge
expectations of PRINCE2 with reference to quality before they have been passed to the
customers (Vaníčková, 2017). The project manager will verify all the aspects and will evaluate
outcomes will have approval or might need some changes.
State boundary management: Each stage of project must be reviewed via project
manager and board for making sure that each aspect is well planned as well as requirements are
addressed in an appropriate manner. The board is liable for deciding whether project will be
continued or not.
Closing of project: Once the work is completed then project manager is liable for
wrapping things in an appropriate manner.
Assets:
Predictable: The methodology is liable for breaking project down into distinct stages
which will be closely monitored through usage of step via step method from initiation of the
project till this is closed. This declines chances associated with spiralling them out of control and
revise documents for keeping track for intended goals.
Utilisation of best practices: Project is regarded as useful when it can deliver quality
products which are agreed as per the conception that have been given. The best way by which
this can be attained into utilise best practices.
Standardisation: The PRINCE2 methodology is accountable for standardising each
aspect related with project for making sure that there is no misdirection or miscommunication. It
is liable for guarantying what is involved within the project in context of what will be done and
when this must be done.
Time & cost effectualness: Time as well as money is saved for rendering training for
new employees which are familiar with methodology (Hughes, Dwivedi and Rana, 2017). This
also needs less time within identification of risks as they will be able to easily identify associated
risks that will outline at initiation of project.
10