PART 2 CISA Domain 2 Governance and Management of IT

PART 2 CISA Domain 2 Governance and Management of IT
What is IT Balanced Score Card?
What are the roles and responsibilities for IT Governing Committee (IT Strategy and Steering Committee)?
What are the Maturity/Process Improvement models?
4.IT Balanced Scorecard (BSC).
BSC is a process management assessment technique that can be applied in the GEIT process to assess IT functions and processes
BSC is the best way to assist the IT strategy committee management in achieving IT Governance through proper IT and Business Alignment
Here are some points to keep in mind:
IT Balance Score Card is used to evaluate and monitor performance indicators such as customer satisfaction, internal processes, innovation capability, etc.
The IT BSC doesn’t measure the financial performance or the enterprise.
5.IT Governing committees:
Organizations generally have two committees
IT Strategy Committee
IT Steering Committee

It is important to have a clear understanding of the IT strategy as well as the IT steering committee
Role of the IT strategy committee
Recommends the board and management regarding IT strategy
The board delegated this role to provide input on the strategy and prepare it for approval.
It focuses on strategic IT issues that are current and future.
The board receives advice and insight on topics such:
The alignment of IT and business direction
The availability of the right IT resources, skills, and infrastructure to meet the strategic goals
Attaining strategic IT goals
Membership in the IT Strategy committee
The Board members are
Non-board specialists
Role of the IT Steering Committee:
Assists the executive with the delivery of the IT strategy
Oversees the day-to-day management and delivery of IT services and IT projects
Implementation is the focus
How IT costs will be divided and the overall IT spending to be determined
Approves project plans, budgets, and sets priorities and milestones.
Communicates strategic goals with project teams
Monitors resource and priority conflicts between enterprise divisions, the IT function, and between projects
Report to the board on IS activities.
Take decisions about centralization versus decentralization, and assign responsibility.
Remember: IT Steering committee is the best way to establish an enterprise’s risk appetite.
Sponsoring executives
Key users: Business executives
Chief information officer (CIO).
As needed, key advisors (IT, audit and legal, finance)
6.Maturity and Process Improvement models:
Implementing IT Governance requires continuous performance measurement of the organization’s resources, which contribute to the execution processes that provide IT services to the business.
Some of these process improvement models include:
The IDEAL model, which is a software improvement (SPI), program model, is used to plan and implement software process improvements programs. It consists of five phases.

Initiating,
Diagnosing,
Establishing,
Acting and
Learning

The COBIT Process Assessment Model (PAM) using COBIT 5.
Capability Maturity Model Integration is a process improvement approach that provides enterprises the essential elements for effective processes. It is based upon ISO/IEC 15504 Information Technology – Process Assessment standard. CMMI has five maturity levels. Level 1 – Initial – This is the most risky stage an organization can reach. It creates an unpredictable environment that increases inefficiency and risk.
Level 2 – Managed – Projects can be planned and executed, but there are many issues to address
Level 3 – Defined – Organizations at this level are proactive, not reactive. The processes are customized for each organization. The organization is aware of its shortcomings and has plans to improve them.
Level 4 – Quantitatively managed. This level is more controlled and measured. With more data-driven decisions, the organization is ahead of potential risks.