Here are the slides that Rob used last night in his excellent presentation.
http://community.mis.temple.edu/mis5202online2016/files/2016/09/IT-Governance-Deloitte.pdf
Temple University
Here are the slides that Rob used last night in his excellent presentation.
http://community.mis.temple.edu/mis5202online2016/files/2016/09/IT-Governance-Deloitte.pdf
We want to go over your weekly activities a second time to make sure there is no confusion. Each Wednesday morning, you will find a post with questions about the coming week’s readings and case. Once you have finished the readings you should answer, or comment on someone else’s answer, one or more of the weekly reading questions in a comment to our original post.
Then you should turn your attention to the weekly case or activity. For our four Harvard Cases, you will need to prepare answers to all of the case questions in preparation for the discussion (whether in class or on Webex). For ISACA cases,
Finally, there will be a quiz on each week’s material the weekend after both classes. There will be five multiple choice questions on each quiz, mostly CISA practice exam questions. The quiz will be available from Saturday at 6:00 am until Sunday at midnight. You will have 15 minutes to complete the quiz but can take it anytime that weekend. Once you start, you must finish in 15 minutes.
I think this case is wonderful as an opener for an IT Governance class. Why? Because there is no governance at STARS, at least nothing explicit. If we use my “Right Things, Done Right” mantra, we can illustrate what I mean. Khan is inheriting an IT organization that has no identifiable mission or charter. Senior management doesn’t recognize the critical role that IT could play in its organization. The implicit charter is probably something like, “Give the business what it needs to get the job done.” That simply isn’t good enough leadership. On the “Done Right” side, you all have pointed out the deficiencies of the effort (its not even a real organization). No organizational structure, runaway customers, out-of-control contractors, no technical standards, no project portfolio management etc. The only good news for Khan is that the only way to go is up!
The key point for this class is to recognize that both things are necessary for true governance. IT organizations, as a generalization, have tended to focus on the process of doing things extremely well and very efficiently. This is important but it is only half of the game. IT leadership and company leadership must work together to ensure that IT is doing things that provide value to the company and manage risk. This is a political (small p) process and not one that is comfortable to most IT people. Hence many CIO’s fail because, while they run good IT shops, they are not focused on, nor especially contributing to, the company’s goals.
Throughout this course and the program, keep the “Right Things, Done Right” model in mind. Many CISA and CISSP questions will give you three answers that urgently need doing and one that seems so obvious that it can be assumed and ask you which is MOST important. Don’t fall for the trap, the correct answer is usually the one about making sure that the organization is doing the right thing and must come first.
I’m happy to see you are all eager to start but the questions for Week 2 won’t come out until Wednesday. The questions at the end of each ISACA case are dated and refer to al older version of COBIT so please wait for the questions we provide. Also, please post your thoughts as replies or comments to our posting rather that an original post of you own. Sorry for the confusion.
I got some questions on the Stars case in an email and wanted to post them here so that everyone can see them. Please whenever you have questions about the class materials, ask them by posting on this site. That way, everyone who has the same questions can see the answers. My thanks to Xiaodi Ji for being the first one to ask a quesiton.
Dear Richard,
I have some thoughts and confusions about the first case, Stars Ambulance. I am a full-time student so I do not have rich experiences about the company or management. Could you help correct them?First, What is the most important issue in the company?They do not have IT governance or CEO does not give them enough for developing IS department. It about more than the CEO and money. There needs to be an agreement from the board, through the senior executives and down to the CIO about what the role of IT is in the company. Is it to provide low cost administrative services, or to transform the existing business to become a digital business. Everyone in the organization needs to understand what IT’s role is and how they are expected to interact with IT.Then, in this case, it shows us each department hires their own consultants. I think this is not good. The first reason is that each department builds their own program which may cannot connect to the main database smoothly. Then departments may duplicate functional people when actually, they just need one. Thus, building a tech center is a good method to solve this problem, especially for the STAR. Your analysis for STARS is fine but recognize that it doesn’t necessarily fit everywhere. Think of a holding company that has three businesses: one is an online shoe store, one makes specialty sauces for Italian food and one publishes a newspaper. These three businesses are so different that they will need very different things from IT. Trying to centralize everything would be a big mistake. Again, this should be thought abut at the very top of the organization, a decision taken and communicated to all about what they can and can’t do.However, I remember that someone said that building a tech center is not necessary because the consultant who works for the department may know their system well. Is this good or not? Could you please tell me why? It all depends on the types of business involved. In my old company we had one line of business with a 4% profit margin and another with at 75+% profit margin. They needed, and could afford, very different things.Finally, how to decide “right thing”?You give us an example about 7-people company build a 1 million CRM system. I know it is to expensive for a small company. However, it is also necessary for them because even they just have 7 people, they need organize their information to ensure that they never lose anything. Meanwhile, they can form a complete system for managing employee. If we do not form complete rules in the beginning, it would be hard for us to build in the future. Are they do a right thing or not? I think at beginning, they spend a lot in building a system will help solve many problems in the future, which means save more money. I think you misunderstood. The example was a business a $1 billion business with only 7 customers (Intel, Samsung, IBM, etc). There were teams of 10-30 of our people (mostly technical service people) at every one of their chip foundries. We didn’t need a CRM system to see who was buying what from which channel or saying things online about us, success in this industry was about getting you chemical specified during the development of a chip (scientific systems) and then never letting them run out of product (supply chain systems).Thank you for your help!Xiaodi Ji
Perhaps you’re familiar with blockchain technology which first came into the public domain in connection with Bitcoin. It’s a distributed ledger technology that has obvious potential uses beyond cryptocurrencies. People in the investment world became interested early because of the cumbersome way in which financial transactions are settled and recorded today – lots of middlemen resulting in many points at which something could go wrong, high costs and slow time frames. A perfect situation for a disruptive technology!
The article, http://finops.co/trading/blockchain-for-us-settlement-three-two-one-takeoff/, describes an initiative to form an industry advisory group to run a blockchain trial. This group will need to get it right: this is a new technology whose adoption will disrupt the old ways the financial markets. If their trial is robust and produces positive results, the benefits will be enormous. What is absolutely critical is that the trial not produce a false positive – that is, the conclusion that the trial has been successful when in fact the trial process was flawed in some way. In this case, the damage could also be enormous.
Suppose the advisory group reached out to you to ask your advice on how to structure the control environment for their trial program. What elements might you suggest they consider? For example, you might ask them to define the decision making process. In this case, would regulatory oversight from an established body such as the SEC be appropriate or does the past model not apply? How will the testing be conducted and how will weaknesses in the process be identified and addressed? Who should be responsible for reviewing results from a business perspective?
The point here is that in a fast-changing world, some of the most important IT governance challenges are complicated and have no established roadmap. The best we can do is stick with fundamentals: the right things done right will form the basis for a good governance structure.