Moeller - Executives guide to IT governance: improving systems processes with service management, COBIT, and ITIL

Founded in 1807, John Wiley & Sons is the oldest independent publishing company in the United States. With offices in North America, Europe, Asia, and Australia, Wiley is globally committed to developing and marketing print and electronic products and services for our customers professional and personal knowledge and understanding.

The Wiley Corporate F&A series provides information, tools, and insights to corporate professionals responsible for issues affecting the profitability of their company, from accounting and finance to internal controls and performance management.

Cover image: Max Delson Martins Santos/iStockphoto
Cover design: John Wiley & Sons, Inc.

Copyright 2013 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.
Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600, or on the Web at www.copyright.com . Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions .

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com . For more information about Wiley products, visit www.wiley.com .

Library of Congress Cataloging-in-Publication Data:

Moeller, Robert R.
Executives guide to IT governance : improving systems processes with service management, COBIT, and ITIL / Robert R. Moeller.
1 online resource. (Wiley corporate F&A series)
Includes bibliographical references and index.
Description based on print version record and CIP data provided by publisher; resource not viewed.
ISBN 978-1-118-22495-3 (pdf) ISBN 978-1-118-23893-6 (epub) ISBN 978-1-118-26354-9 (mobipocket) ISBN 978-1-118-13861-8 (o-book) ISBN 978-1-118-54017-6 (cloth) 1. Information technologyManagement. 2. Information technologyAuditing. 3. Electronic data processing departmentsAuditing. I. Title.
HD30.2
004.0684dc23
2012050404

Dedicated to my best friend and wife, Lois Moeller.
Lois has been my companion and partner for over 40 years,
whether we are on our Lake Michigan sailboat,
skiing in Utah or elsewhere,
visiting museums and traveling to interesting places in the world,
vegetable gardening in the backyard,
or jointly cooking its produce .

Preface

IN TODAYS WORLD OF EVER-CHANGING ECONOMIC CONDITIONS and increased regulatory activities, governance is becoming an increasingly important issue for all sizes of enterprises, whether public corporations, not-for-profits, or private businesses. Enterprise governance concepts consist of a series of broad areas of enterprise activity, starting first with managements accountability and fiduciary responsibilities to its customers, employees, regulators, and all other stakeholders. This requires the implementation of guidelines and programs to ensure that management acts in good faith and that the overall enterprise is protected from wrongdoing or fraud. In addition, enterprise governance includes management processes and policies to promote strategic and economic efficiency. The management of economic efficiency involves how the corporate governance system intends to optimize results and meet its objectives. This promotion of strategic efficiency also calls for an enterprise to promote and establish public policy objectives that are not always directly measurable in economic terms but include such things as a strong ethics program, the promotion of quality, and employee welfare.

Effective enterprise governance, of course, requires strong management skills to make important decisions and provide leadership. There is also a very strong requirement for information technology (IT) systems and processes in particular. This important area, IT governance, is the overall topic of this executive guide.

In the earlier days of IT systems and processes, senior operations management often delegated many aspects of IT operations to specialists responsible for building, operating, and maintaining an enterprises IT resources. While there was frequent talk about engaging the management and users of IT systems with the specialists and developers of their IT resources, operations management often experienced disappointments. New IT initiatives often did not meet their planned objectives, were delivered late, had security and internal control vulnerabilities, or too soon became obsolete due to poor planning or assessments of management needs. To improve matters today, there is a need for better processes to manage and coordinate all aspects of an enterprises IT resourcesthe need for IT governance.

This book is an executives guide to this important concept of IT governance. Our focus is not on the IT specialist installing IT hardware, software, and network connections, nor on such important resources as internal auditors who test and review IT processes. Rather, this guide is directed to the enterprise executive who has some understanding of IT processes but is interested in learning more about the issues and processes that are important for efficiently managing and benefiting from these IT resources and systems in todays Internet-connected environment.

A goal of this book is to provide high-level background information on a variety of IT governance issues that are important to todays business enterprise and executive manager. We hope to provide that business executive with sufficient general information to allow him or her to have a greater understanding of important IT governance issues today and to be able to better ask questions that will achieve a greater understanding of these issues and better make effective decisions regarding these IT governance matters. For example, business literature today frequently makes reference to a concept called cloud computing . Chapter 9 will provide an overview of cloud computing and why it is important for effective IT governance. Similarly, we will introduce the concept of service level agreements (SLAs), often informal contracts between the users or owners of IT resources and IT management. Our objective here is to help the business executive better understand why SLAs are important, how to install and manage them in all sizes or types of enterprises, and how to use them to improve IT governance processes.