Enterprise StrategyCorporate IT Governance Process
The phrase ‘IT Governance’ has become increasingly popular in the past few years. Also termed as administration, management or control, IT Governance can be defined as “a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes.”
Although IT is one of the most valuable assets for an organization, it is often the least understood. While business units formulate strategies to increase profits, the IT Function simply follows instructions from business units to deliver automated solutions to satisfy business requirements. To put it in a similar phrase, IT has always reacted to business needs rather than proactively worked with business needs.
The key business units in an enterprise are marketing, finance, operations, product development, personnel or human resources and sales. These business units interact with IT resources – applications, hardware, systems, data, people, processes and technology to increase profits. A considerable amount of time, money and effort is used in ensuring that IT resources deliver the required results to business units. the following figure shows the relationship between business units and associated IT resources.
Business Units and IT Resources
Over the past few years, increasing market competition, more demanding customers, regulatory laws and cutting edge technologies have forced enterprises to sit back and assess the role of IT. Enterprises are now increasingly involving IT in strategic planning and determining the direction of the company. Business units are getting more involved in the regular functioning of IT and vice-versa to help the organization leverage all benefits technology offers. IT Governance integrates and institutionalizes good practices to ensure that the enterprise’s IT supports the business objectives.
In particular, top management needs to know if information is being managed by the enterprise so that it is likely to achieve its objectives, resilient enough to learn and adapt, judiciously managing the risks it encounters and appropriately recognizing opportunities and acting upon them.
Ecomnets IT Governance Framework
Ecomnets has developed an IT Governance framework to enable maximum returns from investment in the Information Technology Division.
The IT Governance Framework adopted by Ecomnets achieves the following objectives-
- Provides a pre-configured solution that enables rapid implementation at client site
- Aligns business and IT Goals
- Creates an IT Process Framework
- Harvests existing resources in an enterprise
- Increases efficiency with use of emerging technologies like business rules, business processes and dashboards
- Ensures compliance with the Sarbanes Oxley Act
- Decreases time, money and effort spent to maintain a controlled environment.
Ecomnets IT Governance Methodology
The 5 Phase Methodology adopted by Ecomnets identifies key functional areas within the IT Division at every phase and creates a process framework for each of the identified areas.
The following figure shows the IT Governance Methodology adopted by Ecomnets. The solution is built and deployed to cater exclusively to client needs. In the progress versus maturity graph, as the coordinates increase along both axes, a robust IT Governance solution with the advantage of being Sarbanes Oxley compliant is deployed at the client enterprise.
Ecomnets IT Governance Methodology – Progress versus Maturity Graph
Information technology governance, or IT governance, is a subset discipline of organizational governance focused on information technology systems and their performance and risk management.
For agencies struggling with ensuring that risks associated with IT are mitigated, Ecomnets offers the IT Governance Solution. This enables an agency to implement an organization structure with well-defined roles for the responsibility of information, processes, applications, infrastructure, etc., while ensuring better control over IT costs, risks and resources to improve creditability.
It also ensures being able to meet proliferating compliance requirements by harnessing IT to automate processes and control, manage compliance projects and provide reliable audit trails, while aligning IT priorities and activities with agency objectives.
The Ecomnets Difference: EcomNets IT Governance Solution helps companies to effectively implement internal controls for the following key processes:
Access Controls -- Hardware/software controls regulating who has access to what financial-related information.
Audit Trails -- Application, operating system and other relevant logs that track who has accessed, modified or deleted financial information.
Computer and Media Disposal -- Minimum requirements for ensuring financial-related information is wiped before hardware and media leave the agency.
Data Backup -- Specific backup requirements to ensure financial data is properly protected.
Data Integrity Controls -- Hardware/software solutions to keep financial information from being inappropriately modified (i.e. IDS/IPS, rights management software, application controls to filter input and perform data validation, etc.).
Data Retention -- Minimum requirements for retaining critical financial data, especially supporting documentation, related communications, etc.
Document Destruction -- Requirements and steps to be taken (or not taken) when destroying hard copy information.
Information Classification -- Outlining how various types of financial information will be classified and protected based on levels of sensitivity.
Messaging Security -- Minimum requirements for protecting the transmission and storage of messages (e-mail and instant messaging) containing sensitive financial-related information.
Security Assessments and Audits -- How systems will be consistently tested and audited for security risks.
System Authentication -- Hardware/software controls ensuring that users accessing financial information are who they say they are.
System Monitoring -- Technologies and processes in place to detect and alert on financial information breaches.
User Provisioning -- Specific requirements and processes for adding and removing users who will have access to financial information.
Wireless networks -- Minimum security requirements for wireless systems connecting to corporate networks.
If you wish to ask EcomNets about consulting assistance for Enterprise Applications, call 1-866-410-9400 or email support@ecomnets.com
EcomNets Inc. • 107 Carpenter Drive Suite 200 • Sterling VA 20164 • Phone: 703.481.3035
© Copyright 2000-2008 EcomNets. All Rights Reserved. • info@ecomnets.com • Site Map Privacy Policy Terms of Use
