IT Governance is defined as the leading and organizational constructions and processes that guarantee that the administrations IT sustains and extends the administration ‘s schemes and aims
Expanding farther, IT administration is the Management board ‘s ability to direct and command the endeavor ‘s usage of IT resources in line with strategic ends. Leadership, organizational construction and procedures are used to leverage IT resources and drive alliance, guarantee bringing of value, direction of hazard, optimization of resources and public presentation measuring.
Harley Davidson Motor Company began its operations in 1903 at Milwaukee, Wisconsin in the USA. It is good known to be the oldest maker of heavyweight bikes in the US and the rare differentiation of procuring record grosss for the past 20 old ages. Apart from the bikes themselves, the company besides deals with bike parts, accoutrements and other related services. This can so be classified into two major sectors in which the company operates: Motorcycle related sector and the fiscal services. The bike related sector trades chiefly with the production, gross revenues and services of heavyweight usage, touring or public presentation bike which Harley markets under its signature trade name names “ Buell ” and “ Cagiva ” .Apart from fabricating the five households of Harley Motorcycles, this sector besides deals with bike related accoutrements, public presentation parts, cosmetics and general accoutrements like vesture etc. The fiscal services sector trades with all fundss and loans to both the companies ‘ traders and costumiers
Need for IT Governance
In 2003, it was seen that Harley Davidson had a limited IT Controls in topographic point and a major ball of the staff had really small or no control cognition. The undermentioned spreads were observed.
No standardised user procedure to entree informations and IT applications, which made life hard for users and exposed the application to hackers.
No defined alteration direction procedure to capture information about who made alterations to IT substructure constituents and why.
There was no impact analysis of proposed alterations ; this caused even apparently test alterations to cascade into issues in other affiliated systems and cause unexpected concatenation reaction.
There was limited certification about procedures and most of the work done in IT was individual dependant.
There was no clear scheme of Backup and recovery procedure. Besides the recovery procedure was ne’er tested to guarantee seamless recovery after a catastrophe.
Overall at that place existed a really minimum organizational criterion.
The challenge was besides in acquiring direction, information engineering ( IT ) and audit talking the same linguistic communication and working toward increased control, while still esteeming the company ‘s alone civilization.
With the executions of the Sarbanes-Oxley Act, and the fact that ordinances became tighter worldwide, Harley Davidson created a wholly new section on IS conformities and began implementing many of the general conformities theoretical accounts sourced from sellers.Later Harley Davidson implemented COBIT. They converted their full control model into COBIT and were able to take single countries and command demands alternatively of making the full procedure at random.
IT has a important impact on the success or failure of an organisation. This impact was realized by the stakeholders and therefore the demand for IT to be used efficaciously for competitory advantage became paramount. Management needs to guarantee that Information is being handled efficaciously so that it is:
More likely to accomplish the coveted aims.
Presence of a uninterrupted betterment procedure to guarantee past acquisitions are incorporated.
Able to guarantee effectual Risk direction in its working.
Agile plenty to acknowledge new chances and act upon it.
IT Governance in Detail
Organization ‘s success depends upon how IT is efficaciously able to aline with the concern aims and scheme. Successful organisations have been able to leverage IT non merely as a support entity but besides to turn the concern.
For an organisation to hold an effectual IT section it needs to turn to assorted concerns:
Align with concern aims.
Able to mensurate the concern value of IT investings efficaciously.
Generate value from bing IT investings.
Maintain good relationship and communicating way between IT and Business.
Show the ability to pull off and extenuate hazard efficaciously.
Without a good Administration Model it is hard to accomplish the above aims. IT Governance needs a universally accepted theoretical account which is clearly understood by the assorted stakeholders. The Governance Framework should be able to:
Have a nexus to concern demands.
Transparency in mensurating public presentation against these concern demands.
Able to place resources that can be leveraged.
Specify the direction control objectives to be considered.
Administrations can utilize a figure of models as a footing to develop their ain administration theoretical account. The two best known theoretical accounts are IT Infrastructure Library ( ITIL ) and COBIT ( Control Objectives for Information and Related Technologies ) . Both Frameworks are complimentary to each other, ITIL focuses on supplying Best Practices about effectual IT Services such as helpdesk direction, web security and IT Operations. ITIL is utile in bettering IT operations efficiency and client services quality. COBIT provides guidelines around a whole scope of IT related activities including planning, acquisition, bringing, support and operations. COBIT is a utile tool to better the quality and quantifiability of IT Governance
Harley Davidson choose COBIT as the Governance Model for the undermentioned grounds.
It is an internationally recognized criterion for IT administration and control patterns.
It can be used by direction, terminal users, and IT audit and security professionals, and it provides a common linguistic communication.
It provides a agency for benchmarking controls conformity.
Use of the COBIT model, including tools and templets
Other prima criterions, including ISO 17799, ITIL and NIST, harmonize and map to COBIT.
The company was able to derive understanding with the external hearer on the same model and control aims.
The IT Governance Framework Model ( COBIT )
The Control Objectives for Information and related Technology ( COBIT ) is a set of best patterns ( model ) for information engineering ( IT ) direction, created by the Information Systems Audit and Control Association ( ISACA ) and the IT Governance Institute ( ITGI ) in 1996. COBIT provides directors, hearers, and IT users with a set of by and large accepted steps, indexs, procedures and best patterns, to help them in maximising the benefits derived through the usage of information engineering, and developing appropriate IT administration and control in a company. – ( Wikipedia )
Control Objectives for Information and related Technology ( COBITA® ) provides good patterns across a sphere and procedure model and nowadayss activities in a manageable and logical construction. COBIT ‘s good patterns represent the consensus of experts. They are strongly focused more on control, less on executing. These patterns will assist optimize IT-enabled investings, guarantee service bringing and supply a step against which to judge when things do travel incorrect.
For IT to be successful in presenting against concern demands, direction should set an internal control system or model in topographic point. The COBIT control model contributes to these demands by:
Making a nexus to the concern demands
Organizing IT activities into a by and large accepted procedure theoretical account
Identifying the major IT resources to be leveraged
Specifying the direction control objectives to be considered
Harley Davidson Motorcycle Company implemented COBIT into their concern environment as a agency of IT administration.
The usage of a globally accepted Governance Model – COBIT brought about an agreeable footings with the hearer on execution of control and administration. Different sectors within the company which even included non-technical staff like bike experts and builders were educated sing constructs of methods of controls and their importance. As the company urgently needed an effectual control system the execution of COBIT changed the perceptual experience among control proprietors that “ a batch means more ” to “ a few but effectual ” is much better in footings of concern. By this they received a better apprehension on the fact that a fewer resources and less sum of clip did n’t affair provided the concluding result was executable in footings of concern.
Prior to implementing the COBIT model, countries the external hearer audited were chosen indiscriminately or on loose justifications. Now the countries selected for scrutinizing are steadfastly based on concern value and control demands.
The comprehensiveness and deepness of COBIT have of course allowed it to be used successfully as a cardinal control theoretical account. In add-on, benefits Harley-Davidson has found by utilizing COBIT as a control theoretical account include:
IT administration forces can map models “ behind the scenes. ”
End users need to be cognizant of merely one criterion.
IT can easy demo conformity with multiple models.
It helps set up a consistent focal point.
It additions external audit understanding on the company ‘s control place.
It establishes the ability to utilize control aims to assist place root causes.
There is a comprehensive position of the hazard and control environment.
It provides a foundation for all future internal and Sarbanes-Oxley-related audits.
One of the biggest advantages of the execution of COBIT to Hardly Davidson Motorcycle Company was the fact that it became an priceless tool in the company ‘s internal comparing method. All the information was made available to the direction in a clearer prospective specially when it came to overall buy-in.
Peer comparing can be done in a much indifferent mode utilizing the COBIT model and has become a portion of IT audit. Most of all cardinal treatments about the company ‘s place were invited utilizing this model. Before the execution of COBIT the countries meant for audit were indiscriminately chosen and was based on ill-defined standards. Now they are steadfastly chosen on control demands and their concern value.
Normally the debut of an wholly new model would confound the work force and some of them might be quiet immune to the alteration, COBIT eliminates this issue as it is good organized and methodological aˆ¦ . The people in charge of taking their several squads in the Hardly Davidson work environment can easy follow these stairss and subsequently go through them on the remainder of the work force.
The key to the success of any Governance theoretical account is to hold direction engagement ; Harley Davidson had full executive sponsorship of this new Governance Model. Employees take parting in set uping the model demand to cognize the mensurable outcomes the controls and procedure put in topographic point. IT Governance utilizing COBIT was successful in Harley Davidson because it had direction engagement as a cardinal stakeholder. They besides did a good occupation of acquiring grass root degree employees involved in the procedure. This would non hold been possible without effectual communicating from the direction about the value of the new procedure. Harley Davidson besides maintained a good issue tracking mechanism to track and describe findings so that stairss are taken to guarantee follow up with Management action program proprietors to turn to the issues.
In my position most signifiers of Administration are by and large looked upon with cynicism by employees and hence it could ensue into employees acquiring a feeling that direction lacks trust. This could ensue in employees neglecting to be originative and taking inaugural. Management demands to affect employees from within the group instead than wholly driven by external advisers / hearers to convey about these alterations. The controls need to be driven easy instead than presenting it suddenly without taking employees into assurance. There needs to be a balance maintained between controls and still keeping an environment where creativeness is encouraged.