Free Essay

It Frameworks

In: Computers and Technology

Submitted By benelli11
Words 1341
Pages 6
The abilities and advancements of Internet Technology are constantly evolving and growing. For corporations, this is as much a blessing as it is a curse. As the old saying goes, ‘with great power comes great responsibility.’ Look at any given corporation; most likely every department is in some way using IT to improve current processes, assist in financial reporting, expand and create new processes, etc. Given the extensive use of the advanced IT capabilities of today, a need for the IT security objectives and business objectives to align is created. The Information Technology Governance Institute (ITGI) illustrates this best in the statement, “While many organizations recognize the potential benefits that technology can yield, the successful ones also understand and manage the risks associated with implementing new technologies.” This is where IT Governance comes in to play. As highlighted in Dr. Steven Hornik’s September 22nd presentation on frameworks, there is a disconnect between the need for IT Governance and the practices of corporate executives. This research paper will be geared toward the education of corporate executives on IT Governance, various frameworks available for use, and the importance of knowledge and implementation due to accounting regulations. There will be 4 key elements covered: Introduction to Enterprise and IT Governance and the frameworks available, the importance of integrating accounting compliance regulations with IT security due to the Sarbanes-Oxley (SOX) act, a compare and contrast of the top frameworks with a compiled list of best practices from all the various frameworks, and finally a recommendation to executives.

PART I.
Stakeholders becoming increasingly concerned about the sound management of their interests have led to the emergence of governance principles and standards for overall enterprise governance. (Board Briefing on IT Governance) ITGI defines Enterprise (Corporate) Governance as, “a set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.” Widely used frameworks for enterprise governance due to requirement for SOX compliance are the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Internal Control – Integrated Framework or Enterprise Risk Management – Integrated Framework. A key component of the IT governance framework selected is its cohesiveness with the organization’s enterprise governance framework.
As noted in the introduction, for basically all organizations, IT is fundamental to support, sustain and grow the business. (ITGI) Along with the benefits of Information Technology, comes the risks and need to manage these risks. Given the extensive and critical impact of IT on the organization, IT Governance should not be a separate set of objectives and principles followed by only a certain group of the organization; it should be an integrated part aligned with the overall Enterprise Governance practices. As a result, IT Governance is accurately defined by the ITGI as “the leadership, organizational structures, and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies and objectives”.
Establishing an IT Governance process begins with identifying the IT objectives and principles the organization wishes to implement, the risks they wish to manage as well as the regulations they may legally be required to follow. All of these factors will assist in determining which framework they chose. Key business leaders have two broad options in framework selection: adopt a standard framework or create a framework based on best practices of these standard frameworks developed over the years. We will introduce several of the major frameworks then later compare the strengths and weaknesses of each to create a best practices framework as an organization may wish to do. Widely considered the leading IT governance and control framework with acceptance even spanning internationally, Control Objectives for Information and related Technology (COBiT) is an experienced framework originally established in 1996 by the Information Systems Audit and Control Association (ISACA). Since the original released version, there have been four editions and is now published by ITGI. As defined by ITGI, COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. “In particular, COBIT’s Management Guidelines component contains a framework responding to management’s need for control and measurability of IT by providing tools to assess and measure the enterprise’s IT capability for the 34 COBIT IT processes.” (ISACA.ORG) The tools include: (1) Performance measurement elements (outcome measures and performance drivers for all IT processes) (2) A list of critical success factors that provides succinct, nontechnical best practices for each IT process (3) Maturity models to assist in benchmarking and decision-making for capability improvements (ISACA.ORG) The passing of the Sarbanes-Oxley act further increased popularity of this framework as it is commonly known as the preferred framework for auditors. The tools and guidelines used to achieve control and measurability of IT assist organizations in meeting the requirements of SOX. We will further discuss this importance later on in the paper. Additionally, COBiT fits with and Supports COSO’s Framework, a key element for enterprise governance and IT governance cohesiveness. Another mature and internationally preferred framework is IT Infrastructure Library (ITIL). Originally developed in the 1980’s by the UK Government for their own use, ITIL has evolved and expanded across the world despite some criticisms due to governmental ownership. The key focus is Service Management. ITIL covers the organizational structure and skill requirements for an IT organization/area by presenting a comprehensive set of management procedures. These are intended to be supplier independent and apply to all aspects of IT infrastructure. (IT GOVERNANCE.politicalinfo…) ITIL’s structure consists of a collection of 8 books: Service Delivery, Service Support, Planning to Implement Service Management, ICT Infrastructure Management, Software Asset Management, The Business Perspective, Security Management, and Application Management. While ITIL is an excellent tool, many claim it is not sufficient for complete IT compliance with SOX due to its lack of focus on control. Ross Armstrong in his article SOX and ITIL: There Is No Dotted-Line Relationship!: “However, ITIL does not address governance in a comprehensive way and cannot be used on its own to ensure SOX compliance. This is largely because ITIL is heavily focused on the help desk and “IT as a service” and not on control objectives.”

The last major frameworks we will cover are the ISO 17799 and ISO/IEC 27001 which are complementing counter-parts for each other and certification in both ensures a certain level of compliance in the several layers and categories. ISO 17799 was originally published over a decade ago by a government department in the UK with a focus on information security and controls. From there it was published as BS7999 and eventually as ISO 17799 by the International Organization for Standardization (ISO) in December 2000 (IT GOVERNANCE.politicalinfo…) It was also later re-published in 2005 with a few updates due to technological advances. In 2002, BS7799-2 was published with a focus on information security systems. Following the ISO 17799 2005 revision, BS7799-2 became the ISO standard, ISO 27001. The main focus of the ISO standards is to serve as a single reference point for identifying a range of controls needed for most situations where information systems are used in industry and commerce (CIOINDEX) Depending upon the versions of these standards used, there are approximately ten to twelve sections: Security Policy, Organization of Information Security, Asset Classification, Human Resources Security, Physical and Environmental Security, Communications and Operations Management, Access Control, Systems Development, Business Continuity Management, Compliance, Risk Assessment, and IS Acquisition. A key component of the ISO standards is the ability for the Information Systems Management System to be certified as compliant by a third-party accredited certification body. The article Information Security and Sarbanes-Oxley
Compliance:An Exploratory Study states, “Prior research has suggested that organizations who implement the controls outlined by ISO 17799 will be “well on their way” toward complying with the security mandates of SOX.” Next, we will explore the importance of the framework selected to promote SOX compliance.…...

Similar Documents

Premium Essay

Project Framework

...Project Management Framework Version 1.0 The STFC Project Management Framework For further information contact: Steve Quinton, Technology Department (steve.quinton@stfc.ac.uk) Tony Medland, Science Programmes Office (tony.medland@stfc.ac.uk) Project Management Framework Version 1.0 Project Management Framework Version 1.0 Contents 1 Overview ......................................................................................................................................... 1 1.1 Introduction ............................................................................................................................ 1 1.2 Relationship to other standards ............................................................................................. 1 1.3 What is a project ..................................................................................................................... 1 1.4 What is a Programme ............................................................................................................. 2 1.5 STFC Programme Management Environment ........................................................................ 2 1.6 15 Key Principles for Project Success ...................................................................................... 4 STFC Project Lifecycle...................................................................................................................... 5 2.1 Description ...............................

Words: 8348 - Pages: 34

Free Essay

7s Framework

...Diagnostic Model The model I have chosen to apply to my two companies is the 7-S Framework model. I believe that this model is the best model to identify and measure the important aspects of my two organizations performances. Tom Peters and Robert Waterman developed the model in the early 1980’s. The 7-S Framework model helps to analyze the organizations position to achieve. It focuses on if they can achieve its intended objective or will it fall through. According to Mindtools.com, “The 7S model can be used in a wide variety of situations where an alignment perspective is useful, for example to help you: * Improve the performance of a company. * Examine the likely effects of future changes within a company. * Align departments and processes during a merger or acquisition. * Determine how best to implement a proposed strategy.” It is broken up into seven elements. Each element has a different meaning and purpose to help define, identify and descried what management and culture can influence. The purpose of the elements is to help aligned organizations in order for them to be successful. The elements are Strategy, Structure, Systems, Superordinate Goals, Skills, Style and Staff. Strategy is the element the will help you develop a plan that will have an advantage over the necessary change provided. It is the chosen route to competitive success. Structure is the overall design of the plan. It will present the way the organization is......

Words: 1731 - Pages: 7

Free Essay

Framework

...A Framework for Linking the Structure of Information Systems with Organizational Requirements for Information Sharing Author(s): Sunro Lee and Richard P. Leifer Reviewed work(s): Source: Journal of Management Information Systems, Vol. 8, No. 4 (Spring, 1992), pp. 27-44 Published by: M.E. Sharpe, Inc. Stable URL: http://www.jstor.org/stable/40397996 . Accessed: 18/03/2013 20:56 Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at . http://www.jstor.org/page/info/about/policies/terms.jsp . JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of content in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new forms of scholarship. For more information about JSTOR, please contact support@jstor.org. . M.E. Sharpe, Inc. is collaborating with JSTOR to digitize, preserve and extend access to Journal of Management Information Systems. http://www.jstor.org This content downloaded on Mon, 18 Mar 2013 20:56:30 PM All use subject to JSTOR Terms and Conditions A Framework Linking Structure for the of with Information Systems Organizational for Requirements Information Sharing LEE P. SUNRO ANDRICHARD LEDFER in candidate Management Information at Sunro Lee is a doctoral Systems Rensselaer His research interests include Institute. current issuesin methodological Polytechnic andtesting, decision......

Words: 6895 - Pages: 28

Premium Essay

Theoritical Framework

...autonomy allows for using the best performing contractors… / autonomy allows for the use of more managerial techniques …). Those causes can be arranged in a single path (less likely) or in multiple paths (equifinality or multiple causes) (see some paragraphs on this below in the section Causal mechanisms and process tracing). Deviant and typical cases are just illustration of the use of case studies; there are other possibilities not explored here. Secondly, in an area not very well explored from the quantitative point of view, case studies can be useful in order to generate hypotheses or to test hypotheses derived from theoretical frameworks aimed at other research topics. For instance, cases studies on the role of agencies in policy-making could be crafted as generating hypotheses out of well selected cases or as testing hypotheses from frameworks of policy-making stemming from other areas (i.e. politicians-bureaucrats relationships; intergovernmental relationships…). A case study typically covers three phases: design, carrying out the empirical work and drawing the implications of case findings for theory. This note focuses on the first phase and it draws materials from (George and Bennett, 2005). For more practical questions on sampling cases and the empirical work, (Gerring, 2007) and (Seawright and Gerring, 2008)will be selected. While the focus is on design, the text will also refer some theoretical aspects and concepts to be used in the case study. The......

Words: 6487 - Pages: 26

Premium Essay

Nz Framework

...Conceptual Framework 1. Two of the fundamental qualitative characteristics of accounting information as outlined in conceptual framework are ‘relevance’ and ‘representational faithfulness’. Provide a brief description of the meaning of these two characteristics. Do you think faithful representation is more important than relevance for accounting information? [ 3+3=6 marks] [Word limit 300] Suggested solution: The fundamental qualitative characteristics identified in the New Zealand Framework are ‘relevance’ and ‘faithful representation’. Relevance is a fundamental qualitative characteristic of financial reporting. Under the IASB Conceptual Framework, information is regarded as relevant if it is considered capable of making a difference to a decision being made by users of the financial statements. There are two main aspects to relevance. For information to be relevant it should have both predictive value and confirmatory value (or feedback value), the latter referring to information’s utility in confirming or correcting earlier expectations. The other primary qualitative characteristic is ‘faithful representation’. According to the IASB Conceptual Framework, to be useful, financial information must not only represent relevant phenomena but must also faithfully represent the phenomena that it purports to represent. According to paragraph QC 12 of the IASB Conceptual Framework: To be a perfectly faithful representation, a depiction would have three......

Words: 2093 - Pages: 9

Premium Essay

Framework

...Theoretical Framework Operations management is the business function that plans, organizes, coordinates, and controls the resources needed to produce a company’s goods and services. It involves the responsibility of ensuring that business operations are efficient in terms of using the least possible resources as needed, and effective in terms of meeting the customer needs. Needs are the basic forces that drives consumers to take actions and engaged in exchanges. The desire to satisfy these needs is what motivates a man to act, but the satisfaction of these needs must be done in the order of their priority so that a higher need does not strongly motivate a person unless the next preceding lower need has been substantially satisfied. For each society there is a set of needs perceived by the people that they feel should be satisfied as part of the development process. It is usually recognized that needs could be generated by physiological deprivation or by a positive desire to have something. It is also recognized that those needs generated by deprivation are typical and that usually one of needs is based on attaining certain goals. The humanistic approach espoused by Abraham Maslow, leader in Humanistic Psychology believes that Thus man is perpetually wanting animal. Ordinarily the satisfaction of these wants is not altogether mutually exclusive, but only tends to be. The average member of society is most often partially satisfied and partially unsatisfied in all of......

Words: 835 - Pages: 4

Premium Essay

Analytical Framework

...analytical framework for evaluating e-commerce business models and strategies Chung-Shing Lee The author Chung-Shing Lee is Director of Electronic Commerce Resource Center and an Assistant Professor of Information Systems and Technology Management in the School of Business at Pacific Lutheran University, Tacoma, Washington, USA. Keywords Internet, Economy, Innovation, Strategy Abstract Electronic commerce or business is more than just another way to sustain or enhance existing business practices. Rather, e-commerce is a paradigm shift. It is a ``disruptive’’ innovation that is radically changing the traditional way of doing business. The industry is moving so fast because it operates under totally different principles and work rules in the digital economy. A general rule in e-commerce is that there is no simple prescription and almost no such thing as an established business or revenue model for companies even within the same industry. Under such conditions, an analytical framework is needed to assist e-commerce planners and strategic managers in assessing the critical success factors when formulating e-commerce business models and strategies. This research develops an analytical framework based on the theories of transaction costs and switching costs. Both demand-side and supply-side economies of scale and scope are also applied to the development of this framework. In addition, e-commerce revenue models and strategies are also discussed. Based on the analytical framework......

Words: 6444 - Pages: 26

Premium Essay

Differentiation Framework

...Differentiation Framework Throughout our lesson we have learned about people decisions and how many different important factors play a part in becoming a successful manager. Understanding how to make strategic decisions and how its importance to a company is crucial, in order for growth and success to be produced. An important factor in a company success is having in the right people in the right positions. Differentiation is a way to manage people and businesses. Differentiation can be used as a management system to determine the right people and business strategies that will transform a company to be exceptional. Although, differentiation is a unique approach, it will separate the strong from the weak bottom performing people. Many companies fail because they don’t make it a priority to manage their people by a management system. Majority of the time the organization depends upon the personal style of the leader in charge to manage their people; they have no strategies in place to guide them. Companies should design a workforce in a particular way that will add value and grow the company strategic objectives. Differentiation is a management system that could help lead to the success of a company tremendously. 1. Discuss the strengths, pitfalls, and underlying assumptions of differentiating employees in the manner suggested in Jack Welch’s frameworks. According to Welch, companies suffer when every business and person is treated equally and bets are......

Words: 1037 - Pages: 5

Free Essay

Ea Framework

...ZACHMAN FRAMEWORK The Zachman Framework was created in 1987 with a publication in the IBM Systems Journal discussing the challenge/vision of architectures that would guide the field for the next 20 years and manage complexity of distributed systems. Mr. Zachman thought success of business would depend on information systems as a disciplined approach to managing the enterprise. The idea of Zachmans’ vision was for business value to increase with use of a holistic approach to systems architecture that addresses every perspective of the enterprise. Zachman was instrumental in the Department of Defense creating enterprise architecture (Sessions, 2007).  The methodology seems to be more of an architectural taxonomy that is a method of organizing and categorizing artifacts instead of a framework. The word” framework” does not adequately describe the Zachman Framework. The Zachman Framework method describes the relationships between charts and models design of a business system. “The primary strength of the Zachman Framework is that it explicitly shows the many views that need to be addressed by architecture” (Inmon, Zachman, & Geiger, 1997). The views are conceptionally designed for the users to understand. The ideas follow a concise roadmap for the enterprise to use as a guideline for business processes. John Zachman describes his framework as a logical structure for classifying descriptive representations of an Organization that contribute concepts to management of the......

Words: 1523 - Pages: 7

Premium Essay

Framework

...Operations Exam Framework Exam writing * Use headings and titles * Be short and clear * Executive summary is useful * Use exhibits + quantitative analysis * Don’t repeat case facts Strong Exams * Support claims with evidence * Are specific * Address root causes * Prioritize time and actions * Impact of actions * Organization of report * Use exhibits for assumptions * Actions consistent with analysis Read the Case Executive Summary – must do Think of Decision and make analysis lead to it Context * Role * Limitations of the role * Other stakeholders? * Issue: Write a sentence outlining the core problem * Prioritize the issues * Key issues symptoms outcomes (financial concerns = revenue/profit) * (Design (product/process matrix), Capacity, Inventory (SCM), Quality) * Goal: Long term plans and goals – motivation * Decision * Constraints and other considerations * Time, money, scope – tradeoffs External Economy: Implications Industry Size-up * Trends in the industry (growth?) Stage of growth (prospect if start-up but low revenues, if mature there is competition and revenues grow slower, if stable cost control is important and maybe look to differentiate) * What are customers looking for? * Political, Social, Technology * Where do we fit in the industry? * Nature of industry volume or niche? Operational......

Words: 2426 - Pages: 10

Premium Essay

Theoretical Framework

...1. Theoretical Framework of Dorothea Orem’s Nursing Theory, BSN 2. ……….BSN NUR/513 Theoretical Framework of Dorothea Orem’s Nursing Theory The purpose of this paper is to provide an overview of Orem’s theoretical framework and analyze the critical components of the conceptual nursing model. Orem’s Self Care Deficit Theory is widely used in models of nursing. Orem chaired the Nursing Development Conference Group which examined nursing problems and research. Orem’s interest in curriculum development arise ++her interest in formulating a conceptualization of nursing. Theoretical Framework Orem presented her conceptual framework consisting of four concepts about persons and two about nursing and theories derived from this model – the self care deficit theory. The theory of self care, and the theory of nursing system. Concepts in the model are self care, self care agency, self care demand, self care deficit nursing agency, and nursing system (Fitzpatrick & Hall, 2005). Orem sees nursing as a science, technology, art, and a helping service given to a person with a legitimate need for it by nurses who have specialized knowledge and skills. Nurses help clients meet existing or anticipated demands for self care in order to sustain life and health, recover from disease or injury and cope with their effects (Fawcett, 2005). When speaking of nursing, Orem uses the terms nursing and nursing agency. Orem described the human being as an integrated whole composed of an internal......

Words: 1322 - Pages: 6

Free Essay

Zachman Framework

...Zachman Framework Charles Moore American Military University Zachman Framework The Zachman Framework is composed of six columns and five rows. The rows take on a level of whose perspective the framework will possibly have on the enterprise. The five rows depict who is taking the action or the action taken will affect. The scope row is contextual and affects the planner of the enterprise. The Business model row is more conceptual and affects the person who owns the enterprise. The System Model row is logical and will design the enterprise. The Technology Model row is physical and will build out the physical systems. Finally, the Detailed Representations would be the subcontractors that will maintain the enterprise architecture. The columns are the “abstractions for the dimensions of the framework” that it will have on the person being designated (Zachman,2003). The Data column is the first column, this is the actual what to the framework. Depending on what row or person affected there will be a different level of interaction with in the enterprise. This could be as simple as a list of important business items for the planner to consider or the physical data model for the builder. This row is a material description of the structure. The Function column depicts the how the action will process. A business model for the owner to understand the key business operations or a simple program for the sub-contractor to maintain and control. The Network column shows where...

Words: 376 - Pages: 2

Premium Essay

Conceptual Framework

...A conceptual framework for financial reporting A conceptual framework, in the field we are concerned with, is a statement of generally accepted theoretical principles which form the frame of reference for financial reporting. The financial reporting process is concerned with providing information that is useful in the business and economic decision-making process. Therefore a conceptual framework will form the theoretical basis for determining which events should be accounted for, how they should be measured and how they should be communicated to the user. Although it is theoretical in nature, a conceptual framework for financial reporting has highly practical final aims. The danger of not having a conceptual framework is demonstrated in the way some countries' standards have developed over recent years; standards tend to be produced in a haphazard and fire-fighting approach. Where an agreed framework exists, the standard-setting body act as an architect or designer, rather than a fire-fighter, building accounting rules on the foundation of sound, agreed basic principles. The lack of a conceptual framework also means that fundamental principles are tackled more than once in different standards, thereby producing contradictions and inconsistencies in basic concepts, such as those of prudence and matching. This leads to ambiguity and it affects the true and fair concept of financial reporting. Another problem with the lack of a conceptual framework has become apparent in......

Words: 1910 - Pages: 8

Premium Essay

Conceptual Framework

...http://simplyeducate.me/2015/01/05/conceptual-framework-a-step-by-step-guide-on-how-to-make-one/ Step by Step Guide on How to Make the Conceptual Framework Before you prepare your conceptual framework, you need to do the following things: 1. Choose your topic. Decide on what will be your research topic. The topic should be within your field of specialization. 2. Do a literature review. Review relevant and updated research on the theme that you decide to work on after scrutiny of the issue at hand. Preferably use peer-reviewed and well-known scientific journals as these are reliable sources of information. 3. Isolate the important variables. Identify the specific variables described in the literature and figure out how these are related. Some abstracts contain the variables and the salient findings thus may serve the purpose. If these are not available, find the research paper’s summary. If the variables are not explicit in the summary, get back to the methodology or the results and discussion section and quickly identify the variables of the study and the significant findings. Read the TSPU Technique on how to skim efficiently articles and get to the important points without much fuss. 4. Generate the conceptual framework. Build your conceptual framework using your mix of the variables from the scientific articles you have read. Your problem statement serves as a reference in constructing the conceptual framework. In effect, your study will attempt to answer...

Words: 590 - Pages: 3

Premium Essay

Culture and Frameworks

...Culture and Frameworks Years ago, dealing with another country for a product might have been unusual. In today’s world, businesses are becoming more global in enterprise so in order to be successful it’s important to understand how to “talk” to a business or employee from another country. There are different social and psychological frameworks that can be used to help an organization understand different cultures and to better communicate. Kluckhohn and Strodtbeck developed a sociological framework which is made up of six dimensions: time orientation, space orientation, activity orientation, relationships among people, relations to nature, and basic human nature (Ahlstrom & Bruton, 2010, pp. 44-45). Different cultures will have different emphasis in the six dimensions. For example, the time orientation for people from South America may be vastly different than for people from North America. North Americans are more rigid and South Americans are more flexible when it comes to timing. So if you are given a time for something in North America, you’d better be on time if you don’t want to be rude. In South America, being late is the in thing to be. China and Japan are also very time conscious and the Chinese Business Etiquette Instructional Video shows how the two Americans show up early for their meeting with the Chinese section chief thus exhibiting a positive time orientation example (Liu, 2007). When looking at the Outsourced movie, Mr. Todd appears to be......

Words: 879 - Pages: 4

Lebe und denke nicht an morgen - Indian Love Story (Kal Ho Naa Ho) | The Boxcar Children: Surprise Island | sweep(15-30cm along the floor)