Governança de TIC – Uma Visão do Mercado

II Encontro Nacional de Auditores da Tecnologia da Informação-ENAUTI

Governança de TIC – Uma Visão do Mercado Claudio Chauke Executive Partner, Gartner LATAM Brasília, 06 de junho de 2013

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2012 Gartner, Inc. and/or its affiliates. All rights reserved.

What is Governance? •

Gartner defines "governance" as the process of: - Setting decision rights and accountability, as well as establishing policies that are aligned to business objectives (preservation and growth of shareholder value) - Balancing investments in accordance with policies and in support of business objectives (coherent strategy realization)

- Establishing measures to monitor adherence to decisions and policies (compliance and assurance) - Ensuring that processes, behaviors, and procedures are in accordance with policies and within tolerances to support decisions (risk management)

- Bottom Line: Who decides and by what process? 1

In Undisciplined Times, Successful CIOs Maintain a Continuous Planning Initiative Use Key Management Tools to Drive Focus and Discipline Objective

Focus

Discipline

Strategy

Dodge Threats, Leverage Opportunities, Meet Objectives

Strategy Process as a Focusing Exercise

Formal Development and Refresh Processes

Architecture

Agile and Flexible Evolution Path, Provide Resources

Standard, Open, Service-Oriented

Strongly Enforced Rules

Governance

Efficient and Effective Collaboration

The Right Links With Demand and Supply

Formal Roles, Responsibilities and Decisions

Leadership

Continued Vision and Guidance

Alignment, Coordination and Integration

The Right Balance between Trust and Control

Demand Governance is Dysfunctional for Most Public Sector Organizations (What Should IT Work On?)

IT Governance Strategy

(How Should IT Do What It Does?)

IT Governance • • • •

Demand Governance

Business Management Primary Responsibility Plan

Implement

Manage

Monitor

Business IT Strategy Validation

Develop Demand Governance Processes

Business Unit Prioritization

Spending/ Project Oversight

Business/IT Operational Planning

Demand Governance Implementation

Intra/Inter Enterprise Prioritization

Business Benefits Realization

Overall IT Investment & Expense

Councils/ Committees

Issue Escalation/ Resolution

IT Value Assessment

IT Investment Portfolios (PPM)

Funding/ Chargeback

IT Governance Effectiveness (Metrics, etc.)

Investment Evaluation Criteria

Board IT Governance

IT Service Chargeback

Supply Governance

Goals Domains Decision Rights Principles and Policies

IT Management Primary Responsibility IT Supply Governance Domains Security

Corporate Compliance

Sourcing

Etc.

• • • •

Plan Implement Manage Monitor Compliance

Architecture

• • • •

Plan Implement Manage Monitor Compliance

• • • •

Plan Project Implement Management Manage Monitor Compliance

• • • •

Plan Implement Manage Monitor Compliance

• • • •

Plan Procurement Implement Manage Monitor Compliance

• • • •

Plan Implement Manage Monitor Compliance

• • • •

Plan Implement Manage Monitor Compliance

A Changing Environment Changes Business Objectives Governance Frameworks Respond to Changes

Business Objective

Contractual Target

And Steer Processes toward Changing Objectives

Regulatory Compliance Undermines the Business! Compliance without a Business Focus

Business Objective

Restricts Business Agility and Flexibility

Regulatory Compliance Undermines the Business! Compliance without a Business Focus

Business Objective

Business Objective Actually Achieved Does Not Properly Support Business Objectives

IT Governance: From the Basic Concept, Two Perspectives, One Framework Business IT governance is the set of processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals

Alignment of decisions to business strategy and objectives

Regulatory Compliance Compliance with regulations, and accountability with transparency

IT Governance Framework Formal and verifiable description of:    

Principles Processes Relationships Decisions

Key Issues  How does IT governance support the

achievement of business objectives?  How can you integrate IT governance and

compliance?

Key Issues  How does IT governance support the

achievement of business objectives?  How can you integrate IT governance and

compliance?

Effective Governance Harnesses Different Perspectives Players have different objectives and perspectives over IT initiatives  Business: Solution  IT Area: Resources  GRC: Control

IT Governance must provide continuous, agile alignment with business objectives

Governance: a Business Perspective

Enterprises will strategically use IT governance to steer IT initiatives toward changing business objectives Governance Building Blocks Principles Process Framework Relationships

Decisions

Principles: The Guiding Ground Rules of Governance A set of guiding ground rules that clarify a strategy, expressed as simple statements of practical courses of action. Role:

Contrasting Examples:

 Establish culturally-

 Decisions about IT initiatives will be made

aligned governance style  Shape process

framework processes  Communicate

direction (transmit and share)

independently by business units, under general corporate directions and compliance requirements.  Individual decisions, favoring specific,

individual business units, are taken in collaborative decision processes, with diverse representation from corporate areas and business units.

The IT Governance Motherboard Is Collection of Processes A set of shared processes that enable the IT organization to continuously align IT initiatives to changing organizational goals.

1 Strategy: Alignment, objectives, policies, priorities 2 Resources: Knowledge, skills, sources of resources 3 Delivery: Workflow, operations, coordination, integration

4 Finance: Budget, funding, assets, costs, cashflow 5 Control: Business value, performance, risk, compliance 6 Feedback: Communication, reporting

Processes Establish Relationships between Demand and Supply

Demand Governance:

Supply Governance: Supports IT’s delivery patterns How should IT work? Relationships in an IT governance Framework:

Supports the user’s expectations

Match expectations and patterns according to each specific IT initiative

What should IT be working on?

How can IT initiatives continuously match business expectations?

Decisions Steer IT Initiatives toward Changing Business Goals Decision Method

Relationship Level

Typical Governance Tools

 Automatic

0

Rules, Controls

 Role Autonomy

1

Principles, Guidelines

 Processes

2

Workflow

 Collaborative Groups

3

Committees

 Projects

4

Methodology

Decisions Steer IT Initiatives toward Changing Business Goals – Examples  Role

Autonomy

 Simple Payment approval for external providers under ongoing contracts  Fast will made by a contract manager  Few information based on formal metrics requirements established by contract T&C.

 Processes

Selection of new technology will be approved by interested business user, after OK by chief architect followed by OK by budget committee, supported by business case.

 Logically

 Collaborative

Changes in project priority or resource allocation will be taken by business-IT initiatives committee, based on recommendations by CIO, supported by business cases.

 Leveled

Groups

sequential  Time-economic interventions

information  Binding  Slow and expensive

Key Issues  How does IT governance support the

achievement of business objectives?  How can you integrate IT governance and

compliance?

Regulatory Compliance Undermines the Business! Regulatory Compliance

Governance: Formal description of how people work together and make decisions

Business Drivers

 Principles  Processes  Relationships  Decisions

Predictability Regularity Transparency Control Auditability

Agility Flexibility Speed

What is Compliance, After All? Compliance is about controls and accountability in the fulfillment of a mandate. It is also predictable, consistent, transparent behavior. Know what to do

Establish what you know Do what you establish Say what you do

The Connection Between IT Governance and Compliance Governance

Compliance

Efficient & effective use of IT in enabling an organization to achieve its goals

… through predictable, consistent and transparent behavior

Aims at steering resources towards business goals

Is concerned with the process of how you do it

The governance framework defines mechanisms for steering resources

Makes sure that those mechanisms meet compliance objectives

The Many Flavors of Compliance  Regulatory

Compliance

 Commercial

Compliance

 Organizational

Compliance

Externally mandated regulations aiming ethical behavior, good corporate governance and financial transparency. Requirements established by, or jointly developed with, external trading partners, including ESPs, aiming at the proper distribution of roles and responsibilities in their shared business processes. A composite of vision, mission and bylaws aiming to shape organizational behavior and culture, with strong influence over business objectives, including CSR

There Are IT Initiatives Outside of Compliance (But Not Outside of IT Governance)  Business

Domain

Process Cycle Time

Efficiency, Quality

 Regulatory

BI Toolbox BPM Dashboard

 Commercial

Compliance

Compliance

Agility, Flexibility Innovation

Collaboration Workbench

 Organizational

Compliance

The Journey: Changing the Organization & Delivering Results along the Way The Map: Strategy  Sets objective  Sets path to follow

Equipment & Resources: Architecture  Defines equipment  Sets resource plan

The Vehicle: Governance    

Aims the destination Steers resources Provides agility, flexibility Comes with a dashboard The Road: Compliance

 Road characteristics and conditions  Regulations & sign posts  Radar and cameras

The Obsessed Cop: Constraints  Safe driving as priority over destination  Excessive, unjustified constraints  Tickets for everything

Key Steps in The Journey toward Success  Understand what your business

objectives are and how IT is going to achieve them.  Assess the current IT governance

framework, its strengths and weaknesses  Establish IT governance objectives  Assess current IT compliance requirements

 Integrate compliance requirements with

governance objectives  Develop the IT governance framework

II Encontro Nacional de Auditores da Tecnologia da Informação-ENAUTI

Governança de TIC – Uma Visão do Mercado Claudio Chauke Executive Partner, Gartner LATAM Brasília, 06 de junho de 2013

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2012 Gartner, Inc. and/or its affiliates. All rights reserved.

Trends in Government

26

Will Governments Be Able to Sustain Themselves? Excessive Debt

Natural disasters

Slow growth High unemployment

• Climate change • Depletion of nonrenewable resources

Civil unrest

Rapid economic growth New infrastructure

Five Key Trends That Will Shape Government IT in the Next Decade Seamless Socialization

Commoditization

Employee-Centricity

Information Continuum

Confluence of IT, OT, CT

Seamless Socialization: The Symmetry of Open Government 4 Community data Open Government

1

Transparency

2

Participation

3 Collaboration

5 Employee participation

Government 2.0

Information Continuum: New Challenges for Information Management Open Data

Social Data

Top-down

Creation

Bottom-up and sideways

Declassification, deidentification, transformation

Capture

Social network analysis, sentiment analysis

Taxonomies and ontologies

Categorization

Tagging, rating, usage, folksonomies

Formal and specialized

Maintenance

Informal by crowd

Information assurance

Trust

Trusted sources, reputation, social rating

Mostly text and structured data

Media

People, text, graphics, audio, video

At the Confluence of Information, Operational and Consumer Data Government Data Environment

Energy

Traffic

Citizen-Generated Data

• Air quality • Water quality • Water consumption

• Instant oil consumption/ carbon emission • Instant water consumption

• Instant power supply • Instant power demand • Energy consumption

• Instant home power demand • Active devices per type

• • • •

Traffic light map Number of vehicles per zone Parking lot status Traffic cameras

Crowdsourced Traffic Management

• Consumer GPS location • Traffic-related feeds & microblogs • Geolocated pictures & videos

Consumer Device to Government Infrastructure

Collaborative Environmental Management

The Evolution of Technology in Government Smart Government Open Government

Joined-Up Government

• Transparency, participation, collaboration • Community engagement

• Sustainability • Agility • Blending IT, OT, CT

• Life events • Back-office re-engineering • Benchmarking

2015+ 2010

E-Government • Online services • Multiple websites

2000

2005 • Integrates information, communication and operational technologies • to planning, management and operations • across multiple domains, process areas and jurisdictions • to generate sustainable public value

A Different Approach to Government IT Strategic Planning Political Agenda

Political Agenda FastChanging

Business Strategic Plan

Business Strategic Plan

Unclear or Ambiguous

Budget

Differentiate

Strategic Sourcing

IT

(Strategic) Sourcing& Record

Clients

ESP

Project Management Service Delivery & Operations

Budget

Business

Advice

Innovation

IT

ESP

Agile PM

Service Delivery & Operations

Smart Government and the Nexus of Forces

35

Not Just "the" Social Web — But a Dynamic Network of Networks Relationship leverage Cultivating weak ties

Social

Collective intelligence Pooling contributions

Flash coordination Organizing a mass

Expertise location Finding one in a million

Interest cultivation

Emergent structures

Sharing interests

Unearthing reality

Mobile Consumer Service Opportunities Proliferate High

Mobile

Ring tones

Mobile e-mail Video calling

Music (streaming and downloading)

Mobile TV

Mobile gaming

Maturity

Mobile search Social networking Mobile advertising

Mobile virtual worlds

Low

Consumer telepresence Low

Mobile payment Indoor navigation Mobile healthcare Consumer Impact

Likely rate of change:

faster

High slower

Many Elements Form a Context Impression Direction of movement

Speed of movement

Context

Light level

Temperature Process stage

Device orientation

MS Clipart

(pixelated)

Voice tone /stress

Sentiment Social network tie strength

Heart rate

Recent interactions

Location

Acceleration

Expose Your Data and Services to the Cloud — Get More Open Innovation for Your Customers

Cloud

Governance in the near future perspective • What are your challenges? • How do you think should be the better approach to deal with this scenario? • What change should be taken in Government regarding auditing?

40

II Encontro Nacional de Auditores da Tecnologia da Informação-ENAUTI

Governança de TIC – Uma Visão do Mercado Claudio Chauke Executive Partner, Gartner LATAM Brasília, 06 de junho de 2013

This presentation, including any supporting materials, is owned by Gartner, Inc. and/or its affiliates and is for the sole use of the intended Gartner audience or other authorized recipients. This presentation may contain information that is confidential, proprietary or otherwise legally protected, and it may not be further copied, distributed or publicly displayed without the express written permission of Gartner, Inc. or its affiliates. © 2012 Gartner, Inc. and/or its affiliates. All rights reserved.