Topic 2 Flashcards
(16 cards)
What is the definition of enterprise governance according to ISACA?
A set of responsibilities and practices by the board and executive management to provide strategic direction, ensure objectives are achieved, risks managed, and resources used responsibly.
What are the two dimensions of enterprise governance identified by the International Federation of Accountants?
Conformance: corporate structure, roles, executive remuneration. Performance: strategy, value creation, risk appetite.
What are the six key assets that need to be governed under enterprise governance?
Human, Financial, Physical, IP, Information & IT, Relationship assets.
What are GEIT frameworks used for?
Best-practices to guide management in implementing IT governance processes.
What are the main GEIT frameworks for Governance and Management of Enterprise IT?
Governance: COBIT, ISO 38500. Management: CMMI, ISO 27001, ISO 9000, ISO/IEC 20000, ISO 31000:2009.
What other frameworks complement GEIT?
TOGAF, M_o_R, ITIL. COBIT aligns with these and can serve as the overarching framework.
What are typical pain points that drive the need for IT Governance?
Failed initiatives, rising IT costs, low business value, data loss, project failure, unmet SLAs, regulatory failure, limited innovation/agility.
What are additional IT governance pain points?
Audit findings, hidden spending, duplicated initiatives, lack of resources/skills, dissatisfied staff, delayed/over-budget projects, complex assurance, lack of support, decentralized IT.
What are examples of internal and external trigger events for GEIT efforts?
Mergers, market shifts, regulations, governance projects, new executives, audits, new strategy, desire for IT value.
What are the components that interact to support GEIT implementation?
Frameworks, Principles, Structures, Processes, Practices. Success needs a holistic approach.
What are the 7 COBIT components for achieving GEIT?
- Principles/policies/frameworks 2. Processes 3. Structures 4. Culture/ethics/behaviour 5. Information 6. Services/infrastructure/applications 7. People/skills/competencies.
Why is IT strategy important in implementing GEIT?
It must align with enterprise mission, vision, values. Use SWOT and BCG Matrix.
What does SWOT analysis help identify?
Strengths to develop, Weaknesses to mitigate, Opportunities to build, Threats to address.
What is the BCG Matrix?
Stars, Dogs, Cash Cows, Question Marks — categorize based on return and resources.
Why are organizational structures important in GEIT?
Ensure transparent decisions and communication between business and IT. Enabler in COBIT.
What is the purpose of the RACI chart in COBIT?
Assigns responsibilities (Responsible, Accountable, Consulted, Informed) to ensure full coverage.
