Strategic Information Systems Management: Governance Frameworks Report

Verified

Added on 2023/01/03

AI Summary

This report provides a detailed analysis of IT governance frameworks, focusing on COBIT and ITIL, and their significance in strategic information systems management. It begins with an introduction to IT governance, defining its role in managing, executing, and monitoring governance within an organization, emphasizing risk management and aligning IT with business objectives. The report then examines the Sarbanes Oxley Act (SOX) and its influence on governance frameworks. The core of the report delves into COBIT, explaining its components, assets (risk minimization, environment regulation, size independence, productivity and efficiency, and governance), and issues (implementation, need for experienced analysts, and lack of specifications). Subsequently, the report explores ITIL, detailing its five parts (service strategy, design, transition, operations, and continuous service improvement), assets (cost transparency, better risk management, aligning business and IT, improved service quality, and framework integration), and issues (extensive training, potential for disruption, and expense). The report concludes by highlighting the commonalities between COBIT and ITIL, emphasizing their contributions to effective IT governance and organizational success. This report is available on Desklib, a platform that provides AI-based study tools and resources for students.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Strategic Information
Systems Management

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Abstract
IT governance is framework that specifies distinct methods through which project can be
carried out in an appropriate manner by taking into account certain risks that areas associated
with information technology. It is important that all adequate risk management strategies are
considered through which it will be ensured that relevant measures are taken for coping up with
them. This comprises of different models which can be utilised by organisation as per their
requirements. The report will provide overview of these models, their assets and issues
associated with them so that it becomes easy to identify which one will address all the
requirements of the organisation.

Table of Contents
Abstract............................................................................................................................................2
Introduction......................................................................................................................................1
Illustrate different governance frameworks that are associated with Sarbanes Oxley Act
(2002).....................................................................................................................................1
Conclusion.....................................................................................................................................13
References......................................................................................................................................14
1

Introduction
IT governance framework implies type of framework that illustrates the methods along
with ways by which firm can execute, manage as well as monitor governance in the organisation.
It is one or multiple processes that are liable for enabling IT employees for carrying out
management of risks and render their best services through which organisation can attain their
objectives on the whole (Starbird, Arif and Wilson, 2019). Basically, it is liable for rendering as
well as measuring effective utilisation of resources as well as processes in an organisation. This
provides a roadmap for evaluation of performance along with effectualness of the processes. It
enables firms within having insight into their performance as well as attains legal along with
regulatory compliance in context of IT. This report will provide an insight into different
governance models like ITIL and CoBIT. Furthermore, PRINCE2 as well as programme
management will also be specified along with associated issues and different aspects related with
them.
Illustrate different governance frameworks that are associated with Sarbanes Oxley Act (2002)
This framework is liable for furnishing mechanism for management and operational level
employees for having precise understanding related with anticipation, performance, objectives,
reporting needs and risk appetite. It is important that theses aspects are interacted in an
appropriate manner for significant persons within the organisation. Governance framework is
liable for directing the ways in which people conduct interaction within the organisation with
regulators, stakeholders and organisation for guiding as well as monitoring their functionalities
(Kamariotou and Kitsios, 2019). This aspect enables organisation within putting affirmative
traits that are displayed firmly. This leads to make all their intensions clear that are liable for
targeting actions and behaviour and this will further aid within distancing duplicity while
carrying out their activities. IT governance framework comprises of organisational structure,
leadership, business standards, compliance and standards that are liable for making that the IT
system of firm capable enough for addressing their objectives and strategies. Sarbanes Oxley Act
(2002) denotes law formulated via U.S. Congress that was passed on 30th July that enables
investors to be secured from certain fraudulent financial reporting that is made via corporations.
The act has formulated various strict rules for auditors, corporate officers and auditors for
ensuring stringent recordkeeping needs. Furthermore, criminal penalties are also imposed for
2

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

violation of security laws. The different models associated with IT governance framework have
been specified beneath:
COBIT: Control objectives for information and related technology. The framework that
is given by ISACA for IT management and governance as a supportive tool for management that
will lead to bridge gap among business risk, control needs and technical issues is referred to as
COBIT. It is a recognised guideline which can be applied within the organisation irrespective of
industry in which they deal with (Sihotang and et. al., 2019). Basically, COBIT framework
comprises of associated with business goals along with their IT infrastructure by rendering
linked business accountabilities of IT processes. Here, emphasis is made on four different
aspects, they are: planning and organisation; delivering & support; acquisition and
implementation; monitoring and evaluation. Basically, it acts like a guideline integrator that is
responsible to merge all the solutions which are under single umbrella. The components of
COBIT are:
Components:
Framework: IT aids within management of objectives associated with IT governance for
ensuring that best domains and processes are being utilised while associating business needs.
Illustration 1: COBIT framework and components
3

Process descriptions: This acts like a reference model as well as common language for
each individual within the organisation. It comprises of aspects like building, monitoring,
execution and planning of all the related information technology processes.
Control objectives: It is liable for furnishing complete list of needs that are taken into
account by management for effectual control of the business.
Maturity Models: This is accountable for accessing maturity along with capabilities of
each process through which gaps can be addressed in an appropriate manner.
Management guidelines: This aspect will aid within better assignment of liabilities,
measurement of performance, have an agreement on identical objectives and illustration of
enhanced interrelationship among each process (van Wyk and Rudman, 2019).
COBIT is utilised by organisations here there primal accountability is business processes
along with associated technologies that are dependent on having reliable and significant
information. The assets and issues of COBIT are specified beneath:
Assets:
Risk minimisation: COBIT is time-tested framework that aids organisation within
reducing infrastructure and service risks.
Environment regulation: There is increased impact of technology on day to day life of
people that have created a significant impact on role of regulations. The latest version of COBIT
enables to adhere to compliance that further makes this easy for organisation so that objectives
can be accomplished.
Size independence: Through the assistance of techniques and tools, COBIT principles are
liable for improvisation of effectiveness along with efficiency. They can be applied within all the
industries regardless of its growth trajectory or business size.
Productivity and efficiency: COBIT principles and models are recognised
internationally. This aids within addressing concerns of stakeholders, specifying their liabilities,
attainment of organisational strategic objectives and realisation of business benefits (Amorim
and et. al., 2020). This will result firm to have amplified productivity along with efficiency.
Governance: The major asset of COBIT is execution of IT governance standards within
the working of organisation. This is liable for making sure that the risks linked with information
4

technology are mitigated as well as effectual controls are put within place for ensuring that
processes are monitored in an effective manner.
Issues:
Implementation: It is not so easy to implement COBIT framework and thus, many of
firms do not opts for its execution as this require enhanced knowledge along with skills that are
utilised like a tool for offering IT governance control or furnish control for performance of IT
department (Mubaraq and et. al., 2019).
Experienced analyst needed: The maturity model is accountable to render generic
analysis for any peculiar situation that requires seasoned analyst for conducting credible maturity
assessment within the IT firm.
Lack of specifications: The framework lacks certain specifications in context of its
relation among benefits of activities and the way in which features are expressed within the
maturity model.
ITIL: IT infrastructure library implies the library that is liable for illustrating framework
of best practices through which best practices can be delivered for information technology
services. Basically, it is an approach that furnishes guidance to individuals as well as
organisation with reference to ways in which this can be utilised for facilitating business
transformation, growth and change. The objective is to amplify efficiency along with
performance and attain certain levels of delivering effective services. This is utilised for dealing
with new challenges related with service management and unlock potential possessed by modern
technologies (Alimam, Bertin and Crespi, 2017). The ITIL framework that comprises of five
different parts, they are specified beneath:
Service strategy: This aids within providing understanding associated with customer
needs that are liable to making continuous improvisation within operations carried out by
information technology.
Service design: This implies services that are being rendered via IT department for
supporting the operations carried out via organisation.
Service transition: It denotes moving from development to operational phase so that it
can become easy to deliver services as per required standards.
5

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Service operations: This is responsible for making sure that IT services are furnished as
per required service level.
Continuous services improvisation: ITIL aids within identification along with execution
of means that will enable within offering enhanced services.
Illustration 2: What is ITIL?
ITIL methodology is associated with concept of IT control that defines responsibilities,
decision making, illustrates access hierarchy and control through which higher levels of
customer satisfaction can be attained for accomplishment of organisational objectives and goals.
This aspect is further categorised into two aspects in terms of service management processes,
they are:
Service delivery: The goal of organisation is to make current services enhanced by
focussing on analysis along with planning of responses in context of future services needs (Orta
and Ruiz, 2019). This comprises of aspects like availability, financial, capacity, service
continuity and service level management.
Support service: In this case, class emphasise on each day activities that are carried out
via business which further leads to make sure that current services are maintained in adequate
way. This involves incident, configuration, and version and change management along with
service desk.
With reference to all the aspects illustrated above, there are certain assets that can be
attained by implementation of ITIL within working premises. Furthermore, certain issues are
6

also there which creates a significant pessimistic influence on its execution. They are mentioned
below:
Assets:
Cost transparency: In this case, metric based strategies will be created as ITIL will aid
firm within formulation of budgeting as well as accounting requirements. This will enable
organisation to have clear information associated with their financial assets and can deliver their
operations accordingly (Aguiar and et. al., 2018). The processes that have been established by
making use of ITIL framework enables organisation within checking detailed metrics that makes
cost-cutting decisions critical.
Better risk management: If organisation makes relevant usage of ITIL for dealing with
cost optimisation then there is still possibility that there are certain factors that leads to creation
of risk. The risk management activities are associated with multiple processes that must be
conducted for identification, prioritisation and organisation of service improvisations.
Aligning business and IT: ITIL do not assist within creating business strategies but it is
accountable for supporting all the aspects associated with them. It is compatible with goals of
business that will aid them within execution of operation of IT department as they are
accountable for deliver services, i.e. they are service provider. This makes operations of IT the
critical part of business.
Improvised quality of service: ITIL execution furnishes firm with probable control
measures through which all the activities of firm can be aligned with their goals and ensure that
any kind of risk do not exit. This enables employees within acknowledging what must be done as
well keep track of each procedure that they have to abide to while delivering their operations.
This ultimately leads to improvisation within the procedures that are followed by firm.
Framework integration: It is easy to integrate ITIL with project management system that
are provided or taken up form third party for optimisation of distinct workflows. This further
enables to have coordination among distinct departments of the organisation.
Issues:
Extensive training: For execution of ITIL it is necessary that each asset of firm must
have relevant knowledge so that they can deliver their functionalities accordingly. The
7

implementation s lengthy process which implies that extensive training is needed across different
departments.
Disrupts current state of organisation: ITIL comprises of wide range of processes, for
conducting risk management when services are being delivered (Hunter, 2020). While imposing
any kind of alterations within organisation, it can be disruptive.
Expensive: The overall process that involves implementation of ITIL is costly at each
level.
Commonalities:
Both the frameworks that have been specified above aids firm within delivering their
responsibilities in an appropriate manner and each have certain assets through which functioning
of organisation will get better. ITIL and COBIT both have some issues but if these can be
maintained in relevant manner then affirmative results can be attained. COBIT furnishes
organisation with guidelines and set of practices that will enable management within having
most from their IT resources. On the other hand, ITIL is designed for managing IT services by
making use of best practices, through formulation of plans and selection across the lifecycle.
PRINCE2: Projects In controlled environment is process dependent method for
management of the project. It is well-defined structured methodology that makes it easy for
controlling complete work process and also enables managers to segregate the project in way that
it can be managed and controlled in an adequate way. The principles of methodology are
illustrated below:
 Each project must have certain business justification which implies that project must
render value to customers that will enable firm within having enhanced return on
investment.
 Team have to acknowledge each stage and all the results attained must be recorded so
that in future they can be used like a reference point.
8

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Illustration 3: PRINCE2
 The project must be well planned and segregated into respective phases so that periodic
review can be attained, progress can be tracked and deadlines will also be ensured.
 As such there is no approach that will fit all the requirements this means that PRINCE2
method must be adjusted for attainment of needs of each project (Hinde, 2018).
Phases of PRINCE2
The process can be broken into different seven phases, they are illustrated beneath:
Start project: Request for new project will be submitted and this is mandatory to access
for ensuring that firm can deliver their accountabilities. If this aspect will be approved then
detailed overview of project must be submitted by the company.
Direct project: Project briefs must be reviewed as well as evaluated via project board and
they will be liable for deciding the ways in which it will be organised and implemented.
Initiation of project: The project manager is liable for creation of initiation
documentation that comprises of plane along with baseline targets such as benefits, quality, cost,
scope and risk. The board is liable for deciding that whether documentations will be address the
approval from all.
9

Controlling stages: The project is segregated within small phases via project manager
and information to pass to teams. Each stage will be seen via manager who will step within the
project as per requirements and will also coordinate responsibilities that are carried out each day.
Product delivery management: It is necessary that deliverables must acknowledge
expectations of PRINCE2 with reference to quality before they have been passed to the
customers (Vaníčková, 2017). The project manager will verify all the aspects and will evaluate
outcomes will have approval or might need some changes.
State boundary management: Each stage of project must be reviewed via project
manager and board for making sure that each aspect is well planned as well as requirements are
addressed in an appropriate manner. The board is liable for deciding whether project will be
continued or not.
Closing of project: Once the work is completed then project manager is liable for
wrapping things in an appropriate manner.
Assets:
Predictable: The methodology is liable for breaking project down into distinct stages
which will be closely monitored through usage of step via step method from initiation of the
project till this is closed. This declines chances associated with spiralling them out of control and
revise documents for keeping track for intended goals.
Utilisation of best practices: Project is regarded as useful when it can deliver quality
products which are agreed as per the conception that have been given. The best way by which
this can be attained into utilise best practices.
Standardisation: The PRINCE2 methodology is accountable for standardising each
aspect related with project for making sure that there is no misdirection or miscommunication. It
is liable for guarantying what is involved within the project in context of what will be done and
when this must be done.
Time & cost effectualness: Time as well as money is saved for rendering training for
new employees which are familiar with methodology (Hughes, Dwivedi and Rana, 2017). This
also needs less time within identification of risks as they will be able to easily identify associated
risks that will outline at initiation of project.
10

Issues:
25 distinct techniques and tools are provided within PPRINCE2 methods out of 132 that
are specified within PMBOK Guide can be used instead of this which will act like reference
manuals for project managers about these. Lots efforts are needed for creation as well as
maintenance of documents along with log at all the stages of processes.
Programme management: The coordinated management of projects along with as usual
activities of business for attainment of beneficial changes is referred to as programme
management. It is transient and unique endeavour that is being taken for attaining beneficial
changes as well as incorporation of group associated project. It is overall management of
associated projects that are liable for making a programme. This comprises of associating
business change functionalities in distinct business areas that creates an affect for ensuring that
changes are executed in an appropriate manner (Butler, Szwejczewski and Sweeney, 2018).
Planning is critical aspect while working on any project to identify what has to be attained and in
what ways this can be done.
Illustration 4: Programme Management
This is liable for furnishing governance layer for peculiar project and make sure that they
are executed in an effective manner. In this context, aims along with desired benefits related with
programme must be clearly identified within the business case. Here, firm will formulate vision
statement by setting out future state by taking into account programme delivery and blueprint of
11

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

the programme that is set out. The blueprint will provide the details about the end product that
will be attained when project will be completed. The key aspects related with the term are:
Governance: This is liable for defining responsibilities along with roles within carrying
out processes and metrics for assessing progress of the project.
Management: The planning of the project has to be carried out and it will be made sure
that regular reviews are taken through which stakeholders will be engaged and overall
performance of programme can be analysed in an affirmative manner.
Financial management: It is necessary that cost for management of programme must be
tracked as well as controlled so that need can be placed at place. In addition to this, priority must
be formulated and budget must be made so that all the aspects can be addressed as per needs of
the project (Lytvynchenko, 2016).
Infrastructure: This is crucial to create relevant working environment for supporting
programme planning by development of plan that is based on particular project, timescale,
resources and control for dealing with overall programme.
Assets:
 Program management enables senior management within having adequate levels as well
as degree of detail associated with information from different projects along with related
projects that have carried out. This enables them within formulation of relevant decisions
and accordingly makes efforts.
 The programme furnishes certain consistency within firm with respect to ways in which
program will be executed and this will aid within imposing certain standards for simple
aspects like documentations through which risks can be managed in an appropriate
manner. By considering business case, issues can be managed in an effectual manner
through utilisation of risk registers and associated matters.
Issues:
 Programme management can be seen like making project distant from executive who are
liable for providing funds and are less accountable for them. But it is important that they
must be involved for having a vision.
12

 The extra layer related with bureaucracy will be less gainful while communicating but it
leads to confusions and misinformation when this aspect is not considered while working
on any specific project (Mottaeva, 2018).
 Certain inappropriate standards might be imposed on projevt which will further lead to
increase work which might not be required. In case, when programme requires project
that all the details of business case must be delivered then this will lead to unnecessary
work for carrying out the project
The different governance models have been illustrated along with their functionalities for
making sure that firm can deliver their liabilities in an appropriate manner (Kamariotou and
Kitsios, 2019). Along with this, certain assets and issues related with them are also presented
which will enable firm to make sure and identify the method or model through which they can
accomplish their requirements as well as the impact that will be created on their functionalities
must also be restricted.
Conclusion
From above it can be concluded that IT governance implies process that is liable for
ensuring that efficient and effectual use of information technology is made that will further
enable organisation to attain their goals and requirements. COBIT provides set of guidelines for
organisation for developing, implementation, monitoring and improvisation of technology
governance. Here, emphasis is made on IT service governance with goal to efficiently manage IT
department of the firm by setting up right direction. ITIL implies framework that is geared for
enhancement of information technology services for meeting requirements of firm. It is liable for
organising services through which firm can execute their operations in smooth manner along
with this opportunities are created for constant perfection. PRINCE2 is liable for diving project
into manageable as well as controllable stages and comprises of 4 integrated elements,
principles, processes, themes and tailoring for addressing requirements of project environment.
13

References
Books and Journals
Aguiar, J., Pereira, R., Vasconcelos, J. B., & Bianchi, I. (2018). An overlapless incident
management maturity model for multi-framework assessment (ITIL, COBIT, CMMI-
SVC). An overlapless incident management maturity model for multi-framework
assessment (ITIL, COBIT, CMMI-SVC), 137-163.
Alimam, M., Bertin, E., & Crespi, N. (2017). ITIL perspective on enterprise social
media. International Journal of Information Management, 37(4), 317-326.
Amorim, A. C., da Silva, M. M., Pereira, R., & Gonçalves, M. (2020). Using agile
methodologies for adopting COBIT. Information Systems, 101496.
Butler, M., Szwejczewski, M., & Sweeney, M. (2018). A model of continuous improvement
programme management. Production Planning & Control, 29(5), 386-402.
Hinde, D. (2018). PRINCE2 Study Guide: 2017 Update. John Wiley & Sons.
Hughes, D. L., Dwivedi, Y. K., & Rana, N. P. (2017). Mapping IS failure factors on PRINCE2®
stages: An application of interpretive ranking process (IRP). Production Planning &
Control, 28(9), 776-790.
Hunter, M. G. (2020). Selected readings on strategic information systems. Innovations, 314.
Kamariotou, M., & Kitsios, F. (2019). Strategic information systems planning. In Advanced
Methodologies and Technologies in Business Operations and Management (pp. 535-
546). IGI Global.
Lytvynchenko, G. (2016). Financial mechanism as a part of programme management. Procedia-
Social and Behavioral Sciences, 230, 198-203.
Mottaeva, A. (2018). Formation of mechanism of programme management for the development
of medical organizations. In MATEC Web of Conferences (Vol. 170, p. 01053). EDP
Sciences.
Mubaraq, R., Rombe, E., Hadi, S., & Ardiansyah, R. (2019, October). Strategic Information
System, Supply Chain Performance and Operational Performance in the Fishing Industry:
A Conceptual Model. In 2019 International Conference on Organizational Innovation
(ICOI 19). Atlantis Press.
Orta, E., & Ruiz, M. (2019). Met4ITIL: A process management and simulation-based method for
implementing ITIL. Computer Standards & Interfaces, 61, 1-19.
Sihotang, H. T., Zarlis, M., Efendi, S., & Jollyta, D. (2019, August). Evaluation of Maturity
Level of Information and Communication Technology (ICT) Governance with CobIT 5.0
Case Study: STMIK Pelita Nusantara Medan. In Journal of Physics: Conference
Series (Vol. 1255, No. 1, p. 012046). IOP Publishing.
Starbird, K., Arif, A., & Wilson, T. (2019). Disinformation as collaborative work: Surfacing the
participatory nature of strategic information operations. Proceedings of the ACM on
Human-Computer Interaction, 3(CSCW), 1-26.
van Wyk, J., & Rudman, R. (2019). COBIT 5 compliance: best practices cognitive computing
risk assessment and control checklist. Meditari Accountancy Research.
Vaníčková, R. (2017). Application of PRINCE2 project management methodology. Studia
Commercialia Bratislavensia, 10(38), 227-238.
14