SEC 592 Week 2 Paper: Relationship Between IT Execution and IT Governance - Graded An A+

Document Content and Description Below

SEC 592 Week 2 Paper: Relationship between IT Execution and IT Governance What is the relationship between IT execution and IT governance Strategic planning gets more burn time in many meetin ... gs of the top brass. The best planning session in the history of planned sessions is wasted time if the execution is inadequate or nonexistent. According to Sun Tzu (1942), Strategy without tactics is the slowest route to victory. Tactics without strategy is the noise before defeat. The Oxford dictionary defines a strategy as a plan of action or policy designed to achieve a major or overall aim. While Oxford defines a tactic as an action or strategy carefully planned to achieve a specific end. Such an approach would mean there needs to be a balance between the IT governance strategy and the execution of those tactics to ensure that a company moves in the right direction for success. The Information System Audit and Control Association (ISACA) defines governance as the method by which an enterprise ensures that stakeholder needs, conditions, and options are evaluated to determine balanced, agreed-on enterprise objectives are achieved. It involves setting direction through prioritization and decision making and monitoring performance and compliance against agreed-on direction and objectives. Taking that strategy and adequately using the resources needed to achieve its objectives is where IT execution thrives. Knowing that it takes strategic planning and precise execution to formulate a successful end goal, why can the most excellent strategies founder during implementation? Confusion about which swim lane is the correct one for a particular side is generally to blame. IT governance and IT execution are on the same team, but sometimes their coordination is off and has to be tuned again. Governance should deal with the overall big picture while planning to mitigate potential risks. Risk, known or unknown, can derail any project or bring an entire network to a screeching halt. A risk mitigation plan that clearly and concisely explains how to remedy any newly identified risks is a necessity that improves IT execution. Another way to continue to improve IT execution is to ensure proper monitoring for performance and compliance against stated objectives. Monitoring oversees the moving parts of the plan’s execution. Once governance has laid out the clear and concise roadmap, monitoring will make sure that the execution of everything stays on track and within budget. In conclusion, there is a strong relationship between IT governance and IT execution, as outlined above. Among strategic planning, risk mitigation, and monitoring pieces, it is evident that IT governance and IT execution are quite the dynamic duo when done correctly and in balance. Describe how the COBIT framework institutes mechanisms to control IT risk COBIT 5: Formerly known as Control Objectives for Information and related Technology (COBIT); according to ISACA is defined as a complete, internationally accepted framework for governing and managing enterprise information and technology (IT) that supports enterprise executives and management in their definition and achievement of business goals and related IT goals (2021, ISACA). In terms that anyone could understand, COBIT 5 is a tool that offers guidance on how to organize the execution of the governance set forth by leadership that strategically helps steer the business towards a desired future state. The IT processes used within COBIT 5 are defined in four domains: Planning and Organization, Acquisition and Implementation, Delivery and Support, and Monitoring. The four domains that the COBIT 5 model are divided into are further explained as follows: • Planning and Organization – Business Strategy Alignment, IT Objective, Resource Optimization, Risk Mitigation Within the Organization • Acquisition and Implementation – IT budgets, Implementation, Projects in Relation to Business needs • Delivery and Support – IT services optimization, IT System Productivity • Monitoring – Issue Detection, Risk, Compliance, Control, and Performance reporting These four domains contain the processes that help mitigate IT-related risks. COBIT 5 provides the guidelines on how each process works and what to do in each process. These best practices ensure the company is putting time into completing each phase correctly, leading to the best possible output. COBIT 5 has another set of tools that are used in conjunction with the processes mentioned, and those revolve around auditing. Auditing is not well received by those in the field, the frontline troops of the war against desktop-related terrorism, and this is mainly due to how it is delivered. Auditing seems to be presented as an “Us vs. Them” narrative, while if delivered as a one team one fight narrative showing that it’s to be used to better the department being audited, it would be better received. Monitoring allows an organization to track that the alignment of IT and business goals stay in balance by managing risk more effectively. The monitoring best practice tools help mitigate risk in several areas with the below as a few examples: • Risk of wasted investment and expense • Risk of breached security • Risk of unreliable data integrity • Risk of loss of service In conclusion, the COBIT 5 framework intends to bring the non-technical components (people and hardware) together with the technical facets of the company. The success of the IT department that manages the IT execution depends on the strength of its underlying core processes. Those core processes derived from leadership, which formulated its strategy from the best practices and guidelines of the COBIT 5 framework, are the bedrock of that strength. COBIT provides leadership with a guide that allows them to see the 10,000-foot view of the security controls and practices being implemented without the need to have the in the weeds understanding of each process. COBIT 5 provides a check and balancing system across the enterprise infrastructure that provides a smooth and efficient playbook by which to measure the execution of the end goal. References (Use correct apa format) Birnie, Arthur, and J. F. Horrabin. The Art of War. T. Nelson, 1942. Editor. “COBIT 5 Components and Benefits in 2021 [Updated].” Henry Harvin Blogs, 31 Dec. 2020, www.henryharvin.com/blog/cobit-5-components-and-benefits. “Interactive Glossary & Term Translations.” ISACA, www.isaca.org/resources/glossary. Accessed 16 May 2021. Moeller, Robert. Executive’s Guide to IT Governance: Improving Systems Processes with Service Management, COBIT, and ITIL. 1st ed., Wiley, 2013. Raffoni, Melissa. “Three Keys to Effective Execution.” Harvard Business Review, Harvard Management Update, 26 Feb. 2008, hbr.org/2008/02/three-keys-to-effective-execut. [Show More]

Last updated: 2 years ago

Preview 1 out of 6 pages