IT Governance & Change Management Proposal for WA Agencies - INTE2412

Verified

Added on 2022/11/01

AI Summary

This report presents an IT Governance & Change Management Proposal, focusing on the application of COBIT19 to address security and management issues within Western Australian (WA) government agencies. It begins with an introduction highlighting the existing problems in ICT governance and the need for enhanced security measures, referencing previous ITIL implementations and audit reports. The report's purpose is to detail COBIT19's potential for WA agencies, including a critical analysis of its benefits and challenges. The background section outlines security risks identified in WA's ICT systems, such as weak passwords and improper account management, emphasizing the need for improvement. The report then explores COBIT19 features, including its framework based on 40 management objectives, enhanced performance measurement, and customization capabilities. A critical analysis section follows, outlining benefits such as alignment with current security requirements, compliance with international standards, and the ability to customize the framework. The report also addresses potential challenges, like transitioning from existing frameworks and managing change resistance. A proposed change management model based on the PMBoK guide is presented, including phases for change planning, execution, control, and closure. The report then discusses EDM (Evaluate, Direct, and Monitor) processes to enhance quality assurance. The report concludes by emphasizing the importance of ICT systems and the need for improved data security, recommending COBIT19 implementation.

IT Governance & Change Management Proposal
Education Department
9/18/2019

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT Governance & Change Management Proposal
Table of Contents
Introduction...........................................................................................................................................2
Purpose..............................................................................................................................................2
Background to the Case.........................................................................................................................2
Features of COBIT19............................................................................................................................2
Critical Analysis....................................................................................................................................3
Set of Benefits...................................................................................................................................3
Specific Challenges...........................................................................................................................4
Proposed Change Management Model..................................................................................................5
EDM Processes......................................................................................................................................6
Conclusion.............................................................................................................................................7
References.............................................................................................................................................8
1

IT Governance & Change Management Proposal
Introduction
There are a lot many problems that have been identified in the governance structure of the
ICT systems in Western Australia (WA). There are several steps that have been taken
towards security and information handling in the past. Some of these include the
implementation of ITIL2, ITIL3, and many other steps. However, the required state of
security and management has not been achieved. The report explores the features of
COBIT19 that can be implemented in the case of the ICT systems in WA to make sure that
the overall security is enhanced.
Purpose
The purpose of the report is to provide the details of COBIT19 that can be applied in the ICT
systems in WA. The report also aims to carry out the critical analysis of the same to
determine specific challenges and benefits.
Background to the Case
The audit reports that have been published by Western Australia show that there are
numerous security risks and issues that the systems are exposed to. These risks are due to
system and security vulnerabilities along with the lack of awareness among the users. For
example, there are easily guessed passwords put across the systems and applications which
can lead to the violation of security. The administrator accounts and privileged accounts are
also not managed properly. These accounts are shared with multiple users which bring up the
risks of unauthorized access. There are a number of critical applications that are managed by
the agencies n WA, such as patient record system, election management system, keysmart
system, and others. The audit results showed that the status of the security of the sensitive
information was not up to the mark. The highest score obtained by one such system was 69%
and a majority of these fell in the range of 50-60%. This shows that there are several security
loopholes and gaps. There are risks associated with breaching of data and network security
and other issues that may appear and may cause damage to the sensitive information.
Features of COBIT19
COBIT is one of the frameworks that have been developed by international professional
association called ISACA and it provides the set of practices and guidelines for controlling
2

IT Governance & Change Management Proposal
and managing the IT services and operations. The latest version of the framework is
COBIT19.
There are some of the features of COBIT19 that can be implemented in the control and
monitoring of the ICT systems in WA. These features are as listed below.
 The framework is developed on the basis of 40 management objectives which can be
used as the base for WA to develop its core model.
 The framework provides an enhanced performance measurement model which
includes the modules, such as maturity management and capability measurement.
These can be used and the flexibility of usage that comes with the model will be
applicable for WA (Isaca, 2019).
 The governance solution for the agencies under WA can be customized as per the
specific requirements and a standard model can be implemented at the highest level
that will include the mandatory policies and requirements that will remain unchanged
for all the agencies.
 The listing of the design factors is done under the framework and the usage and
incorporation of the same can be done for the WA agencies.
 The workflow designs will be modified in accordance with the security requirements
and the consideration of the latest security risks and attacks is also done.
 The practicality and tailor-made customizations will make it possible to enhance the
security of the data sets and the ICT systems.
Critical Analysis
Set of Benefits
There will be a number of benefits that will be provided to the WA agencies with the
utilization and implementation of COBIT19 in its architecture.
The design and development of COBIT19 is done as per the latest security requirements.
COBIT5 was the previous COBIT version that was developed in 2012 and there are massive
changes that have taken place since then. COBIT19 has been developed keeping the present
and the future technologies in to consideration. There are latest security risks that have also
been analysed and the control framework for these risks is included in the COBIT19
framework.
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT Governance & Change Management Proposal
The utilization of the framework will allow the WA agencies to have the opportunity to
manage and streamline the systems and enhance the overall security. There is a wide range of
standards that the COBIT19 framework is based on. Some of these standards include
ISO/IEC 20000, PMBoK guide 2017, King IV Report of Corporate Governance, 2016, ITIL
V3, CMMI V2.0, NIST Standards, Amazon Web Services (AWB), and many more. This
shows that the consideration of the local and international standards and policies is done
before developing the framework. The WA agencies interact and carry out the business
operations with the Australian and international entities. The use of COBIT19 will make sure
that the compliance is followed and maintained in every scenario.
The five governance and management objectives that are included under COBIT19 comprise
of 40 different processes. One of these processes is set as managed data. The need of data
handling and management has been acknowledged in the development of the framework.
There are mechanisms that are included to make sure that the data sets are effectively
managed. The ability to develop and maintain a governance structure will be offered to WA
and its agencies with the implementation of the framework.
The inclusion of the design factors is done in COBIT19 which is one of the major changes
when compared with COBIT5. Some of these design factors include risk profile, enterprise
size, and role of IT, threat landscape, and many more. These design factors will make sure
that the customization of the framework and its policies as per the WA agencies and their
requirements is effectively done. This will also ensure that the prioritization of the
governance and management objectives is done as per the specific functions carried out by
the agencies. Some may give higher priority to the APO, that is, align, plan, and organize
objective while there may be some of the agencies that may give preference to DSS, that is,
deliver, service, and support. The ability to customize will ensure that the application and
utilization of the framework is effectively done.
Specific Challenges
There are some of the issues and challenges that may also appear with the implementation
and usage of COBIT19 framework in WA.
The first will be the challenges associated with the transition from the existing framework to
COBIT19. WA and its agencies have tried implementing ITIL V2 and ITILV3 in the past.
There are other standards that are currently followed in the agencies. The implementation of
COBIT19 will bring along numerous changes in terms of the policies and workflows. The
4

IT Governance & Change Management Proposal
ineffective handling of these changes can be extremely challenging. The employees
associated with WA agencies may also show some resistance to change and adopt new
framework. The resolution of these issues will be critical so that the intended goals and
objectives are achieved. However, in this process, the management may lose focus on the
ongoing operations and the overall productivity may get affected.
Another challenge that may come up could be in terms of implementing too many
improvements at the same time. The COBIT19 comprises of 40 different processes and 11
different design factors for the overall functioning and enhancement of the security. The WA
agencies may be presented with too many improvement opportunities and mechanisms at the
same time which may lead to the emergence of additional challenges.
Proposed Change Management Model
It will be necessary that the handling of the changes is effectively done so that the benefits
associated with COBIT19 are achieved. There are a number of changes that the WA agencies
will be introduced to with the implementation of COBIT19 (Sholihat, 2018).
This is because COBIT19 includes a lot many newer features that are not utilized by WA
before. These features are different from the previous COBIT frameworks or any of the ITIL
versions as well. For example, COBIT19 provides managed data as one of the processes
under its management objectives which is not seen with other frameworks. It also addresses
the new changes and trends in technology, such as Internet of Things (IoT) and Big Data. It
comes with enhanced flexibility and ease of usage and it is also extremely up to date in terms
of the features and overall package.
The changes that will be introduced in the organization shall be managed by using the change
model defined under the Project Management Body of Knowledge (PMBoK) guide. The
change model that is proposed for WA and its agencies comprise of four phases (Fanning,
2014).
There shall be a change management plan that shall be developed in the first phase of change
planning. The implementation and usage of COBIT19 will bring numerous changes in terms
of technology, design, workflows, and others. The change management plan that is developed
shall include the details of the methodology for change handling, information on the roles and
responsibilities, risk handling mechanisms, reporting and communication details, and other
5

IT Governance & Change Management Proposal
planning procedures. The second stage shall be change execution. The conversion of the
existing processes, migration of data and services, changes in the workflows, etc. shall be
carried out in this phase as per the plan. The control phase shall be simultaneously conducted
wherein the monitoring and control of the changes shall be done. This shall include the
security checks and audits and compliance checks to make sure that the overall security is
maintained and the procedure is carried out as per the plans (Zwikael, 2015).
The last will be the change closure phase in which the final implementations will be done and
the verification of all the areas will be carried out. There will be a closure report that will be
prepared at the end which will mark the end of the change handling process.
The procedure will make sure that all of the changes are implemented properly and the use of
these phases will make sure that the overall tracking and management is effectively done.
EDM Processes
There is Governance objectives that are defined under the COBIT19 framework and these are
usually referred as EDM which standards for Evaluate, Direct, and Monitor.
The utilization of the same will be done to enhance the quality assurance processes in the
overall security of the WA ICT systems. Some of the initiatives will include:
 Development of an Information Security & Quality Management Policy and plan that
will include a detailed set of plans and policies for enhancing the overall quality and
security.
 Conduction of the test processes, such as system, integration, performance, load,
regression, sanity, smoke, etc. on all the software codes and applications that are used
by the agencies.
 Security testing and assurance by monitoring the security state to determine the
loopholes and gaps (Zhang and Fever, 2013).
 Re-development of the audit and control cycle to make sure that the regular processes
are followed in order to avoid any gaps.
 Device testing and maintenance cycles to make sure that there are no security
vulnerabilities in the devices being used (Zeinolabedin, 2014).
 Monitoring of the existing tools and hardware for making sure that the latest ones are
included at all times.
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

IT Governance & Change Management Proposal
Conclusion
The use of ICT systems has become essential for the business firms and agencies in the
present times. There are a number of issues that have been highlighted in the audit reports
released by the WA agencies in the past. The majority of these issues are associated with
information security and privacy. It is, therefore, necessary that the measures are developed
in order to improve the security and overall quality of the data sets and the ICT systems. The
implementation of the COBIT19 framework in the WA agencies will provide the mechanism
to enhance the security and privacy of the ICT systems. The framework is based on the latest
technological norms and requirements and also considers data management as one of the
significant aspects. The utilization of COBIT19 will allow the overall security of the WA
agencies and systems.
7

IT Governance & Change Management Proposal
References
Fanning, F. (2014). Adapting PMBoK Guidance to Public Sector Projects. Organization,
technology and management in construction: An international journal, 6(3).
Isaca (2019). COBIT 2019. [online] Isaca.org. Available at:
http://www.isaca.org/cobit/pages/default.aspx [Accessed 19 Sep. 2019].
Sholihat, N. (2018). The Implementation of COBIT 4.1 and COBIT 5-Based IT Governance
Audits in the Ministry of Finance of Indonesia. The Indonesian Journal of Accounting
Research, 21(2).
Zeinolabedin, N. (2014). How COBIT can Complement ITIL to Achieve BIT. Electrical &
Computer Engineering: An International Journal, 3(2), pp.1-11.
Zhang, S. and Fever, H. (2013). An Examination of the Practicability of COBIT Framework
and the Proposal of a COBIT-BSC Model. Journal of Economics, Business and Management,
pp.391-395.
Zwikael, O. (2015). The Relative Importance of the PMBOKÂ® Guide's Nine Knowledge
Areas during Project Planning. Project Management Journal, 40(4), pp.94-103.
8