Page 94 - DCAP307_PLANNING_AND_MANAGING_IT_INFRASTRUCTURE
P. 94
Planning and Managing IT Infrastructure
Notes Organisations that lack effective governance suffer from low performance, heightened risk
exposure, and resource allocation that may appear inappropriate, arbitrary, or political.
On the surface of it, it seems like IT Governance is a lot of trouble for no tangible return. Yet, if
we really take the time to think about it, a business runs on information. The decision-makers in
the company rely on the data collected, and the information generated by the information
systems to make their decisions. An information system that delivers timely and accurate
information is an invaluable asset to any company.
And yet, how many companies really have a proper IT policy? Many companies think an
information system is a sort of “fire and forget” system — that it can be installed and then left
alone to work. Like all systems, however, it will suffer from decay over time. Software becomes
obsolete, hardware ages and suffers from wear and tear, and even processes become old and
inefficient as new (and more efficient) ways of doing things are discovered.
!
Caution Proper processes need to be in place to ensure that obsolete software is properly
disposed of, and hardware stripped and securely disposed.
Staffs also need to be trained and retrained in the latest processes to ensure that the business
retains its competitive edge in the industry. There are few things more dangerous to the health
of a company than an improperly managed information systems network. An improperly
managed information systems network could leave any and all data vulnerable. If your data is
vulnerable, so is your company.
Self Assessment
Fill in the blanks:
8. Organisations that lack effective ........................... suffer from low performance, heightened
risk exposure, and resource allocation that may appear inappropriate, arbitrary, or political.
9. An ........................... that delivers timely and accurate information is an invaluable asset to
any company.
5.5 IT Governance Frameworks
While there is no single, complete, off-the-shelf IT governance framework, there are a number
of frameworks available that can serve as useful starting points for developing a governance
model. As a result, most IT organisations today are “rolling their own” models, but borrowing
heavily from existing frameworks. Most of the existing frameworks are complementary, with
strengths in different areas, and so, a mix-and-match approach is often taken. Three of those
frameworks are discussed in more depth below.
5.5.1 COBIT
Control Objectives for Information and related Technologies (COBIT) was developed in 1996 by
the Information Systems Audit and Control Association (ISACA) and is now issued and
maintained by the IT Governance Institute (ITGI) as a framework for providing control
mechanisms over the information technology domain.
COBIT has been extended to serve as an IT governance framework by providing maturity
models, critical success factors, key goal indicators, and key performance indicators for the
management of IT. At the heart of COBIT are high-level control objectives. These control objectives
88 LOVELY PROFESSIONAL UNIVERSITY
