based on CobiT and ISO 38500201121785222

Document Sample
based on CobiT and ISO 38500201121785222 Powered By Docstoc
					 3 Day Event                                Kempinski Hotel Mall of the Emirates                                             28 Feb–2 Mar 2011
                                          Sheikh Zayed Road · 120679 Dubai · United Arab Emirates

                                  IT Governance                   based on CobiT and ISO 38500

This seminar assists delegates with the implementation of IT Governance using CobiT and ISO 38500,
together with other similar frameworks. Directors, CIOs, Governance, Management, Risk, Compliance and
Audit personnel will learn about the key activities and their responsibilities in implementing corporate
governance for information technology. Topics covered include the board’s responsibilities, the CIO’s role
and the leadership, organisational structure, processes and governance mechanisms needed for strategic
alignment, value delivery, risk management, resource optimisation and performance management.

      DAY ONE 9.00am – 11.00am – UNDERSTANDING IT GOVERNANCE                     DAY ONE 11.00am – 12.30pm – COBIT AND SIMILIAR MODELS

  •    Introduction to IT Governance                                         •     The importance of process orientation and a business focus
  •    Overview of ISO 38500 – Corporate Governance for IT                   •     Making use of frameworks like CobiT, ITIL and ISO 20000
  •    The relationship between corporate governance and IT governance       •     The background to the CobiT framework for IT Governance
  •    An accountability framework for assigning decision-making rights      •     CobiT – An integrated Process Model for IT Governance
         o Identify key process activities and the accountable persons       •     The CobiT Control Framework
         o Map current responsibilities via job/role descriptions to         •     The CobiT Domains and Processes
             underlying process model                                        •     The CobiT Information Criteria
         o Identify gaps in the allocation of roles and responsibilities     •     The CobiT Process Descriptions and Control Objectives
         o Accountability framework                                          •     The CobiT Management Guideline
  •    Develop and implement an IT governance charter and policies           •     The CobiT Control Practices and Assurance Guideline
         o What is the purpose of IT governance charter                      •     Assessing process capability using the CobiT maturity model
         o Select and define the right policies for IT                       •     Using CobiT to align IT activities with the business goals
  •    Suitable organisational structure and define terms of reference       •     Measuring performance using CobiT measurements
         o The purpose of oversight authorities and process owners           •     Implementing internal controls to manage inherent risks
         o Determining the terms of reference and role descriptions          •     Overview of Risk IT and Val IT
         o A framework of authorities – RACI workflow charts.                •     Applying CobiT, Val IT and Risk IT in Practice.

      DAY ONE 12.30pm – 2.30pm – GOVERNANCE FRAMEWORK                            DAY ONE 2.30pm – 16.00pm DESIRABLE BEHAVIOUR IN USE OF IT

  •    The Board’s role and responsibilities for IT governance               •    Establish an IT Governance Framework
  •    The Audit Committee, Risk Committee and CIOs responsibilities         •    Identifying current status / perform a gap analysis
  •    Establish a bridge between IT and the business                        •    Encourage the desirable use of IT by requiring managers to provide
         o Joint accountability for the corporate governance of IT                timely information, comply with the direction given and to conform
  •    Implement IT processes and governance mechanisms                           to the principles of good governance
         o Make use of an integrated process model - CobiT                   •    Implement an ethical IT governance and management culture
         o Identify and select the right governance mechanisms                      o Ethical leadership from the board based on: responsibility,
  •    Implement IT frameworks, policies, procedures and standards                      accountability, fairness and transparency.
         o Integrate IT process models (CobiT, ITIL, Risk IT, ISO 9000)             o Directors are to discharge their moral duties of: conscience,
         o Determining well-defined procedures                                          competence, commitment, courage and inclusivity of all
         o Integrate business process model and industry taxonomies                     stakeholders.
         o Selecting ISO standards and best practice guidelines              •    Incorporate IT governance in corporate governance
  •    Provide transparency through regular reporting to the board                  o Integration of IT and corporate governance mechanisms
         o Business, strategic and sustainability goals and objectives       •    Create an awareness of the maturity levels of governance
         o Balanced scorecard, dashboards                                           o Appropriate mechanisms for governance
         o Organisational capability and performance measures.                      o Maturity assessment.

      DAY TWO 9.00am – 11.00am – MAKING USE OF COBIT                             DAY TWO 11.00am – 13.00pm – STRATEGIC ALIGNMENT

  •    How to use the CobiT® Framework to define and build better IT         •     Have a strategic approach and facilitate the integration of IT into
       governance structures                                                       business strategic thinking
  •    Using CobiT® as the umbrella process model together with ISO          •     Understand business requirements and long-term strategy
       20000, ITIL, ISO 17799, ISO 38500 and other popular frameworks        •     Implement a strategic IT planning process that is integrated with
  •    Identifying the stakeholders and the drivers of IT governance               the business strategy development process
  •    Managing inherent IT risks through appropriate risk response and      •     Integrate IT plans with the business plans (at the strategic, tactical
       countermeasures (internal controls)                                         and operational levels)
  •    Aligning IT activities with business requirements so that the         •     Implement a robust process to identify and exploit, where
       business impact is maximised                                                appropriate, opportunities to improve performance and
  •    Performance management to maximise the value delivered by IT,               sustainability of the company in line with triple bottom line
       including the use of the balanced scorecard for IT and developing           objectives
       suitable metrics of performance                                       •     Sustain and enhance the company’s strategic objectives
  •    Building process capability through the implementation of CobiT®      •     Align IT operations with business operations
       based maturity roadmaps                                               •     Align IT activities with environmental sustainability objectives
  •    Planning the initiative, estimating the effort required, overcoming   •     Enable the improvement of the company’s performance and
       the barriers to success.                                                    sustainability while taking account of the negative impact of IT.
    DAY TWO 13.00pm – 14.30pm – VALUE DELIVERY                                        DAY TWO 14.30pm – 16.00pm – RESOURCE OPTIMISATION

•    The role of IT in achieving business strategies and objectives               •    The role and responsibility of the CIO to leverage IT resources and
•    Enable IT to add value to the business and mitigate risks                         ensure the effective management of information assets
•    Define, maintain and validate the IT value proposition                       •    The CIOs responsibility is to be business orientated, understand
•    Incorporate IT into the business processes in a secure, sustainable               business requirements and the long-term strategy for the business
     manner                                                                            of the company, and to translate this into effective IT solutions
       o Conduct operations in a manner that meets existing needs                 •    Identify customer requirements and determine when these are
           without compromising the ability of future generations to                   met – via capability and performance
           meet their needs                                                       •    Determine and deliver “fit for purpose” IT solutions
       o Maintain flexibility, interoperability and scalability                   •    Maintain sufficient quality and capability to meet current and
•    Ensure that the business value proposition is proportional to the                 future business requirements
     level of investment                                                          •    Understand the importance of continual improvement
       o Include in the process to manage IT investments                          •    Exercise care and skill over the design, development,
•    Deliver the expected return from IT investments                                   implementation and maintenance of sustainable IT solutions
•    Measure and manage the amount spent on and the value received                •    Deploy a single, holistic approach to compliance
     from technology                                                              •    An approach to plan, implement, monitor, review and improve the
       o IT procurement and account for IT expenditure                                 delivery and management of IT services and solutions

    DAY THREE 9.00am – 11.00am – RESOURCE OPTIMISATION                                DAY THREE 11.00am – 13.00pm- GOVERNANCE OF IT RISKS

•    Ensure all parties in the chain, from supply to disposal of IT services      •    Implement a risk management process based on the boards risk
     and goods, external and internal, apply good governance principles                appetite
•    Monitor and enforce good governance across all suppliers                     •    Select and use an appropriate framework for managing risk (e.g.
•    Optimise resources usage and leverage knowledge                                   COSO, Risk IT and ISO 31000)
       o Capacity management and performance measurement                          •    Design, implement and monitor the IT risk management plan
       o Build “organisational memory” and retain capability                      •    Maintain an IT risk register, including IT legal risks
•    Protect information and intellectual property                                •    Minimise risks through suitable mitigation strategies
       o Resource protection                                                      •    Implement a system of control for information and technology
       o Capture and record key information                                       •    Obtain assurance on the effectiveness of the IT control framework
•    Instil project governance and perform post-implementation                    •    Obtain independent assurance of the effectiveness of the internal
     reviews to learn from each implementation                                         controls framework implemented by service providers
•    Promote sharing and re-use of IT assets                                      •    Perform continual risk assessments
•    Maintain an effective and efficient internal control framework for           •    Consider and implement appropriate risk responses
     financial reporting, administrative effectiveness and efficiency, and        •    Address external regulations, requirements and concerns about
     delivering the company’s strategic objectives.                                    data privacy, information security, record retention, regulatory and
                                                                                       legal compliance.

    DAY THREE 13.00pm – 15.00pm – INFORMATION MANAGEMENT                              DAY THREE 15.00pm – 16.00pm – PERFORMANCE MANAGEMENT

•    Manage information assets effectively (life cycle & data privacy)            •    Implement processes that ensure reporting to the board is
•    Maintain an adequate information security management system in                    complete, accurate, timely, relevant and accessible
     accordance with an appropriate information security framework                •    Measure, manage and communicate IT performance in achieving
•    Ensure the integrity and          availability of information and                 sustainable economic, social and environmental goals
     information systems in a timely manner                                       •    Recognise and report on the organisation’s capability to perform,
       o Implement the necessary internal controls (application,                       performance and conformance – a balanced perspective!
           general, administrative, environmental and user-based)                 •    Monitor and report on the application of governance principles by
•    Implement information records management and ensure                               all parties, at all levels, at all stages of business operations, across
     information assets are stored, archived, protected and made                       organisational boundaries, from acquisition to disposal of IT
     available when required for business and legal purposes                      •    Report on the governance and internal controls supporting
•    Obtain independent assurance that outsourced service providers                    outsourced services
     have applied the principles of IT governance                                 •    Regularly demonstrate to the Board of Directors that the company
•    Obtain independent assurance that appropriate project                             has adequate business resilience arrangements in the event of a
     management principles are applied to all IT projects.                             disaster affecting IT
•    Maintain adequate business resilience arrangements in the event              •    Report on the negative impact that IT could have on the
     of a disaster affecting IT.                                                       environment.

                                                                                                                      Standard Terms and Conditions
 Seminar fee: Register & Pay before 28 Jan                         Register after 28 Jan 2011                  1. Cancellation within 2 weeks – no refund
                                                                                                               2. Substitution possible at any time
                   US$ 2 100.00                                            US$ 2 600.00                        3. Payment is required prior to start of event.
REGISTRATION DETAILS (e-mail to or fax: +44 208 1817163)
Company Name:                                                                                               Submit by Email                 Print Form
Postal Address:
Contact Person:                                                                Job Title:
Email Address:                                                                 Telephone Number:
Title:                  Name:                                                  Surname:
Phone No:                                                                      E-mail address:
Title:                  Name:                                                  Surname:
Cell Phone No:                                                                 E-mail address:
I hereby acknowledge that I have read and accept all the terms and conditions of
this registration
         Name:                                                 Signature: