5 IT Governance and IT Controlling

Question 1

5.1.1.1 Why do we need Corporate Governance?

Answer 1

Corporations have two important virtues (Tugenden):

• They allow shareholders (investors) to reduce risk by limiting their liability to the value of their investment.
• They allow shareholders to buy and sell their ownership interests easily.

But there is a big problem that creates a potential misalignment of interests between shareholders and managers:

**The Separation of Ownership and Control! **

Question 2

5.1.1.2 Corporate Governance

Answer 2

Corporate governance is the system by which business corporations are directed and controlled. The corporate governance structure specifies the distribution of rights and responsibilities among different participants in the corporation, such as the board, managers, shareholders and other stakeholders, and spells out the rules and procedures for making decisions on corporate affairs.

By doing this, it also provides the structure through which the company objectives are set, and the means of attaining those objectives and monitoring performance.

Question 3

5.1.1.2.1 Corporate Governance – Shareholder View

Answer 3

Corporate Governance is concerned with the way how leadership and control is being done. The challenge in Corporate Governance is to find an optimum of leadership within the legal context. The focus of shareholders’ needs is the control of the management board attending to shareholders’ interests.

Question 4

5.1.1.3 Compliance and Reinforcement

Answer 4

Sample laws and regulations:

• Handelsgesetzbuch (HGB)
• Abgabenordnung (AO)
• Aktiengesetz (AktG)
• Gesellschaft mit beschränkter Haftung Gesetz (GmbHG)
• Bundesdatenschutzgesetz (BDSG)
• Telekommunikationsgesetz (TKG), Teledienstegesetz (TDG), Teledienstdatenschutzgesetz (TDDSG)
• Sarbanes-Oxley Act (SOX)

Question 5

5.1.1.4 Corporate Governance and IT Governance

Sarbanes-Oxley Act (United States, 2002)

Answer 5

Higher focus on corporate governance to ensure proper fiscal accountability to shareholders and stakeholders

->

Reassessment of the underlying governance frameworks of each organizational function

->

Increased attention towards the governance of IT function (IT governance)

Question 6

5.1.1.6 IT Governance

Answer 6

“IT governance represents the framework for decision rights and accountabilities to encourage desirable behavior in the use of IT”

Question 7

5.1.1.6.2 Benefits

What are the Benefits of IT Governance?

Answer 7

• Flexibility
o Prepare for changes in business portfolio to allow movement into new customer segments or as a result of mergers (Fusion) and divestments (Veräußerung) (align processes and systems)

• Innovation
o Leverage technology for business innovation and competitive advantage, by providing better insight into the operation

• Value
o Manage IT project portfolio for value contribution and align IT investments with business priority

• Architecture
o Structure and plan the IT application and infrastructure landscape at times of increased uncertainty

• Sourcing
o Apply a sourcing strategy that balances critical internal business knowledge and market capabilities. Manage growing vendor relationships

• IT as a Business
o Manage IT services as a professional market focused organization competing on quality and price

• Compliance (Einhaltung / Konformität)
o Manage IT risks (accounting/controlling relevance)

Question 8

5.1.1.6.3 Downsides - Weaknesses and Cautions

What are the Downsides of IT Governance?

Answer 8

Takes more time and energy up front (but less redo and wasted time in the long run)

Requires effort to hone executive communication skills

Must be presented in the positive light or might be perceived (wahrnehmen) as dodging (ausweichen / abwedeln) responsibility

For others on IT Governance board: Their time is already short and their plates are already full → so this must be sold as …

Question 9

5.1.1.6.4 Tasks (Bild)

Answer 9

Siehe S. 37

Question 10

5. 2 IT Governance Frameworks
6. 2.1 Control Objectives for Information and related Technology (CobiT)

Answer 10

• Developed by Information Systems Audit and Control Association (ISACA) and IT Governance Institute (ITGI) since 1993
• CobiT 5 published in 2012
• 41 national and international standards implemented
• Three category groups:
  
  • Management guidelines,
  • Audit guidelines,
  • Control objectives.

Question 11

5.2.1.1 CobiT Pro’s & Con’s (Bild)

Answer 11

Question 12

5.2.2 Comparison of Frameworks I

Answer 12

Question 13

5.2.3 Comparision of Frameworks II

Answer 13

Question 14

5.2.4 IT Governance approach by Weill and Ross

Effective IT governance addresses 2 key questions:

Answer 14

What decisions must be made? → 5 interrelated areas of decision

Who should make the decision?
→ 6 types of shared responsibility (governance archetypes)

IT Governance Framework combines the aspects of IT decisions, governance archetypes and governance mechanisms and harmonizes them.

Question 15

5.2.5 IT Governance Archetypes

Answer 15

Question 16

5. 3 IT-Controlling
6. 3.1 Method: Metrics System

Answer 16

Metric: A quantitative judgment on a planned or actual value of a criteria of a steering object, at a certain point in time.

Types of metrics:

o Steering metrics
o Information metrics
o Benchmarks
o Quantitative vs. Qualitative metrics

o Retrospective vs. Predicting metrics