Free Essay

It Frameworks

In:

Submitted By benelli11
Words 1341
Pages 6
The abilities and advancements of Internet Technology are constantly evolving and growing. For corporations, this is as much a blessing as it is a curse. As the old saying goes, ‘with great power comes great responsibility.’ Look at any given corporation; most likely every department is in some way using IT to improve current processes, assist in financial reporting, expand and create new processes, etc. Given the extensive use of the advanced IT capabilities of today, a need for the IT security objectives and business objectives to align is created. The Information Technology Governance Institute (ITGI) illustrates this best in the statement, “While many organizations recognize the potential benefits that technology can yield, the successful ones also understand and manage the risks associated with implementing new technologies.” This is where IT Governance comes in to play. As highlighted in Dr. Steven Hornik’s September 22nd presentation on frameworks, there is a disconnect between the need for IT Governance and the practices of corporate executives. This research paper will be geared toward the education of corporate executives on IT Governance, various frameworks available for use, and the importance of knowledge and implementation due to accounting regulations. There will be 4 key elements covered: Introduction to Enterprise and IT Governance and the frameworks available, the importance of integrating accounting compliance regulations with IT security due to the Sarbanes-Oxley (SOX) act, a compare and contrast of the top frameworks with a compiled list of best practices from all the various frameworks, and finally a recommendation to executives.

PART I.
Stakeholders becoming increasingly concerned about the sound management of their interests have led to the emergence of governance principles and standards for overall enterprise governance. (Board Briefing on IT Governance) ITGI defines Enterprise (Corporate) Governance as, “a set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.” Widely used frameworks for enterprise governance due to requirement for SOX compliance are the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) Internal Control – Integrated Framework or Enterprise Risk Management – Integrated Framework. A key component of the IT governance framework selected is its cohesiveness with the organization’s enterprise governance framework.
As noted in the introduction, for basically all organizations, IT is fundamental to support, sustain and grow the business. (ITGI) Along with the benefits of Information Technology, comes the risks and need to manage these risks. Given the extensive and critical impact of IT on the organization, IT Governance should not be a separate set of objectives and principles followed by only a certain group of the organization; it should be an integrated part aligned with the overall Enterprise Governance practices. As a result, IT Governance is accurately defined by the ITGI as “the leadership, organizational structures, and processes that ensure that the enterprise’s IT sustains and extends the enterprise’s strategies and objectives”.
Establishing an IT Governance process begins with identifying the IT objectives and principles the organization wishes to implement, the risks they wish to manage as well as the regulations they may legally be required to follow. All of these factors will assist in determining which framework they chose. Key business leaders have two broad options in framework selection: adopt a standard framework or create a framework based on best practices of these standard frameworks developed over the years. We will introduce several of the major frameworks then later compare the strengths and weaknesses of each to create a best practices framework as an organization may wish to do. Widely considered the leading IT governance and control framework with acceptance even spanning internationally, Control Objectives for Information and related Technology (COBiT) is an experienced framework originally established in 1996 by the Information Systems Audit and Control Association (ISACA). Since the original released version, there have been four editions and is now published by ITGI. As defined by ITGI, COBIT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. “In particular, COBIT’s Management Guidelines component contains a framework responding to management’s need for control and measurability of IT by providing tools to assess and measure the enterprise’s IT capability for the 34 COBIT IT processes.” (ISACA.ORG) The tools include: (1) Performance measurement elements (outcome measures and performance drivers for all IT processes) (2) A list of critical success factors that provides succinct, nontechnical best practices for each IT process (3) Maturity models to assist in benchmarking and decision-making for capability improvements (ISACA.ORG) The passing of the Sarbanes-Oxley act further increased popularity of this framework as it is commonly known as the preferred framework for auditors. The tools and guidelines used to achieve control and measurability of IT assist organizations in meeting the requirements of SOX. We will further discuss this importance later on in the paper. Additionally, COBiT fits with and Supports COSO’s Framework, a key element for enterprise governance and IT governance cohesiveness. Another mature and internationally preferred framework is IT Infrastructure Library (ITIL). Originally developed in the 1980’s by the UK Government for their own use, ITIL has evolved and expanded across the world despite some criticisms due to governmental ownership. The key focus is Service Management. ITIL covers the organizational structure and skill requirements for an IT organization/area by presenting a comprehensive set of management procedures. These are intended to be supplier independent and apply to all aspects of IT infrastructure. (IT GOVERNANCE.politicalinfo…) ITIL’s structure consists of a collection of 8 books: Service Delivery, Service Support, Planning to Implement Service Management, ICT Infrastructure Management, Software Asset Management, The Business Perspective, Security Management, and Application Management. While ITIL is an excellent tool, many claim it is not sufficient for complete IT compliance with SOX due to its lack of focus on control. Ross Armstrong in his article SOX and ITIL: There Is No Dotted-Line Relationship!: “However, ITIL does not address governance in a comprehensive way and cannot be used on its own to ensure SOX compliance. This is largely because ITIL is heavily focused on the help desk and “IT as a service” and not on control objectives.”

The last major frameworks we will cover are the ISO 17799 and ISO/IEC 27001 which are complementing counter-parts for each other and certification in both ensures a certain level of compliance in the several layers and categories. ISO 17799 was originally published over a decade ago by a government department in the UK with a focus on information security and controls. From there it was published as BS7999 and eventually as ISO 17799 by the International Organization for Standardization (ISO) in December 2000 (IT GOVERNANCE.politicalinfo…) It was also later re-published in 2005 with a few updates due to technological advances. In 2002, BS7799-2 was published with a focus on information security systems. Following the ISO 17799 2005 revision, BS7799-2 became the ISO standard, ISO 27001. The main focus of the ISO standards is to serve as a single reference point for identifying a range of controls needed for most situations where information systems are used in industry and commerce (CIOINDEX) Depending upon the versions of these standards used, there are approximately ten to twelve sections: Security Policy, Organization of Information Security, Asset Classification, Human Resources Security, Physical and Environmental Security, Communications and Operations Management, Access Control, Systems Development, Business Continuity Management, Compliance, Risk Assessment, and IS Acquisition. A key component of the ISO standards is the ability for the Information Systems Management System to be certified as compliant by a third-party accredited certification body. The article Information Security and Sarbanes-Oxley
Compliance:An Exploratory Study states, “Prior research has suggested that organizations who implement the controls outlined by ISO 17799 will be “well on their way” toward complying with the security mandates of SOX.” Next, we will explore the importance of the framework selected to promote SOX compliance.

Similar Documents

Free Essay

Ea Framework

...ZACHMAN FRAMEWORK The Zachman Framework was created in 1987 with a publication in the IBM Systems Journal discussing the challenge/vision of architectures that would guide the field for the next 20 years and manage complexity of distributed systems. Mr. Zachman thought success of business would depend on information systems as a disciplined approach to managing the enterprise. The idea of Zachmans’ vision was for business value to increase with use of a holistic approach to systems architecture that addresses every perspective of the enterprise. Zachman was instrumental in the Department of Defense creating enterprise architecture (Sessions, 2007).  The methodology seems to be more of an architectural taxonomy that is a method of organizing and categorizing artifacts instead of a framework. The word” framework” does not adequately describe the Zachman Framework. The Zachman Framework method describes the relationships between charts and models design of a business system. “The primary strength of the Zachman Framework is that it explicitly shows the many views that need to be addressed by architecture” (Inmon, Zachman, & Geiger, 1997). The views are conceptionally designed for the users to understand. The ideas follow a concise roadmap for the enterprise to use as a guideline for business processes. John Zachman describes his framework as a logical structure for classifying descriptive representations of an Organization that contribute concepts to management of the Enterprise...

Words: 1523 - Pages: 7

Premium Essay

Conceptual Framework of Accounting

...Development Of A Conceptual Framework Accounting Essay ‘Developing a conceptual framework is an impossible possibility ‘it is hard to say that this statement is wrong or not. First, there is no accurate or definitive view of what constitutes a conceptual framework, but there is no doubt that conceptual framework helping a development of academic theory, meanwhile, it is also provide a great deal of prescription. Developing a conceptual framework is feasible and promising. In this issue, I explain what is the conceptual framework? Who needs them? And list the importance of conceptual framework to financial report prove my view. NEED FOR A CONCEPTUAL FRAMEWORK Why do we need to develop a conceptual framework? Of course, it is be useful, the body of concepts should to make rules and relate to financial report; a soundly developed conceptual framework enables the IASB to issue more useful and consistent pronouncements over time. It means a coherent standard should result. So, if framework have no a soundly development, the guidance by it will influent standard-setting based on individual concepts. In other words, standard-setting cannot base on personal conceptual frameworks; it will lead to wrong conclusions about identical or similar issues than it did previously. As a result, past decisions is not treat as future ones, standards cannot be consistent with one another. Furthermore, the conceptual framework should be paying attention to users’ understanding about financial reporting...

Words: 1223 - Pages: 5

Premium Essay

Zachman Framework

...approach to architecture is called Zachman framework for Information systems architecture (ISA). The first version of the framework was released in 1987 and has been revised multiple times after that. The framework draws on Zachman’s experience of how business processes are managed in complex products and requires as engineered approach to development and modification. The framework allows one to view how a same product can be described in multiple different ways by different participants depending on their perspective of product’s purpose. Zachman framework shows how different perspective exists and how they can fit together. Its more of a taxonomy than a framework. The easiest way to understand the Zachman Enterprise architecture framework is to view it as a classification scheme represented visually as a table or matrix, with 30 boxes or cells organized in to six columns. Each cell represents a unique mode and can be described using its own technique such as flowchart, entity -relationships diagram. The framework basically explains how cells in different columns and rows related to each other. Conceptual graphs are used to formally define the logical relationships between different cells. The decomposition into cells makes it easier to apply subject matter to each cell. Each row represents a distinctive from the perspective of different participants. Each column represents the questions that are asked to each participants. The framework comes with 7 rules that will help the...

Words: 1766 - Pages: 8

Premium Essay

Enterprise Architecture Framework Paper

...Enterprise Architecture Framework (FEAF) FEAF is business driven and is the U.S. Federal Government’s answer to enterprise architecture that provides a framework for complex established systems to be able to share information technology across agencies. We will be discussing a case analysis that covers the five interrelated reference models that is used to bring commonality and consistent enterprise architecture for the improvement of the government agencies adopting FEAF. Like the other frameworks FEAF is an abstract view and are covered by the 5 FEAF reference models. These models are designed to facilitate communication, cooperation, and collaboration. (4) The purpose of FEAF is to create a collaboration tool to improve and integrate various Federal Agencies. This also allows for the sharing of efforts and products lessening the cost of cutting edge systems. With the sharing of effort comes a better understanding common processes, lesson learned, and information exposing common needs and capabilities. The framework does not dictate what goes into the architecture but guides how to plan space for future services and where they should fall into. This allows for quick implementations due to a legitimate business need that allows for the growth of an Agency. The FEAF principles are dependent on the Agencies vision for the future, goals, business needs and strategic needs. Once identified they should remain the fundamental core of the EA structure framework. From this core the...

Words: 756 - Pages: 4

Free Essay

Arquitectura Orientada a Servicios

...SOA Arquitectura Orientada a Servicios Índice 1. Introducción 4 2. SOA (Service Oriented Architecture) 5 3. Historia de Soa 5 4. Beneficios 6 4.1 Para el Negocio 6 4.2 Para las tecnologías 6 5. ¿Por qué debo saber de SOA? 7 6. Valor aportado por SOA 8 7. SOA desde el punto de vista del negocio 8 8. Agilidad en el negocio articulada por SOA 9 9. SOA y la Cadena de Valor 10 10. Facilitadores tecnológicos clave de SOA 12 10.1 BPM o Business Process Management 12 10.2 La tecnología de Web Services 12 10.3 El ESB o Enterprise Service Bus 12 10.4 BAM o Business Activity Monitoring 12 10.5 El Gobierno de desarrollo el ESR o Enterprise Service Repositorio 13 10.6 El Gobierno de ejecución 13 11. Beneficios SOA para la Industria 13 12. Rol del Arquitecto SOA 14 13. Descripción del Problema 14 13.1 Solución Costosa (P2P) 15 13.2 Solución Óptima (BUS) 16 14. Bus de Servicios de Empresa (ESB) 17 14.1 ¿Por qué utilizar un ESB? 18 14.2 Funcionalidades de un ESB 18 15. Herramienta SOA: Mule ESB 19 15.1 Características 20 15.2 Ventajas 20 15.3 Historia 20 15.4 Anypoint Studio 21 16. Clientes de Mule 22 16.1 eBay Enterprise 22 16.2 Nespresso 22 17. Reportes: Cuadrante Mágico de Gartner 23 17.1 Criterios de Evaluación 24 17.2 Cuadrante Mágico para Plataformas de Integración Empresarial como Servicio (iPaaS) 26 17.3 Cuadrante Mágico para Gobernabilidad de Servicios de Aplicaciones 27 17.4 Cuadrante Mágico para Integración...

Words: 5247 - Pages: 21

Free Essay

Framework

...A Framework for Linking the Structure of Information Systems with Organizational Requirements for Information Sharing Author(s): Sunro Lee and Richard P. Leifer Reviewed work(s): Source: Journal of Management Information Systems, Vol. 8, No. 4 (Spring, 1992), pp. 27-44 Published by: M.E. Sharpe, Inc. Stable URL: http://www.jstor.org/stable/40397996 . Accessed: 18/03/2013 20:56 Your use of the JSTOR archive indicates your acceptance of the Terms & Conditions of Use, available at . http://www.jstor.org/page/info/about/policies/terms.jsp . JSTOR is a not-for-profit service that helps scholars, researchers, and students discover, use, and build upon a wide range of content in a trusted digital archive. We use information technology and tools to increase productivity and facilitate new forms of scholarship. For more information about JSTOR, please contact support@jstor.org. . M.E. Sharpe, Inc. is collaborating with JSTOR to digitize, preserve and extend access to Journal of Management Information Systems. http://www.jstor.org This content downloaded on Mon, 18 Mar 2013 20:56:30 PM All use subject to JSTOR Terms and Conditions A Framework Linking Structure for the of with Information Systems Organizational for Requirements Information Sharing LEE P. SUNRO ANDRICHARD LEDFER in candidate Management Information at Sunro Lee is a doctoral Systems Rensselaer His research interests include Institute. current issuesin methodological Polytechnic andtesting, decision information...

Words: 6895 - Pages: 28

Premium Essay

Framework

...Operations Exam Framework Exam writing * Use headings and titles * Be short and clear * Executive summary is useful * Use exhibits + quantitative analysis * Don’t repeat case facts Strong Exams * Support claims with evidence * Are specific * Address root causes * Prioritize time and actions * Impact of actions * Organization of report * Use exhibits for assumptions * Actions consistent with analysis Read the Case Executive Summary – must do Think of Decision and make analysis lead to it Context * Role * Limitations of the role * Other stakeholders? * Issue: Write a sentence outlining the core problem * Prioritize the issues * Key issues symptoms outcomes (financial concerns = revenue/profit) * (Design (product/process matrix), Capacity, Inventory (SCM), Quality) * Goal: Long term plans and goals – motivation * Decision * Constraints and other considerations * Time, money, scope – tradeoffs External Economy: Implications Industry Size-up * Trends in the industry (growth?) Stage of growth (prospect if start-up but low revenues, if mature there is competition and revenues grow slower, if stable cost control is important and maybe look to differentiate) * What are customers looking for? * Political, Social, Technology * Where do we fit in the industry? * Nature of industry volume or niche? Operational approach...

Words: 2426 - Pages: 10

Premium Essay

Framework

...Theoretical Framework Operations management is the business function that plans, organizes, coordinates, and controls the resources needed to produce a company’s goods and services. It involves the responsibility of ensuring that business operations are efficient in terms of using the least possible resources as needed, and effective in terms of meeting the customer needs. Needs are the basic forces that drives consumers to take actions and engaged in exchanges. The desire to satisfy these needs is what motivates a man to act, but the satisfaction of these needs must be done in the order of their priority so that a higher need does not strongly motivate a person unless the next preceding lower need has been substantially satisfied. For each society there is a set of needs perceived by the people that they feel should be satisfied as part of the development process. It is usually recognized that needs could be generated by physiological deprivation or by a positive desire to have something. It is also recognized that those needs generated by deprivation are typical and that usually one of needs is based on attaining certain goals. The humanistic approach espoused by Abraham Maslow, leader in Humanistic Psychology believes that Thus man is perpetually wanting animal. Ordinarily the satisfaction of these wants is not altogether mutually exclusive, but only tends to be. The average member of society is most often partially satisfied and partially unsatisfied in all of his...

Words: 835 - Pages: 4

Premium Essay

Framework

...Critique 1a.  What is the purpose in the Houck et al. (2011) study? The purpose of the Houck et al. (2011) study was to examine the relationship between behavior problems and self-concept in children and adolescents with ADHD. It also examined self-concept in relationship to gender, age, and ethnic background of the children and adolescents with ADHD. 1b. What is the problem (significance, background, and problem statement) being studied for any of the studies? Houck et al. (2011) According to the study ADHD is the most common mental health disorder affecting children yet there is little research providing information about how behavioral symptoms associated with ADHD impact their self-concept. 2a. What is the purpose of the Kravits et al. (2010) study? The purpose of the Kravis et al. (2010) study was to evaluate a psycho-educational program that assist nurses in developing self-care strategies to help in the prevention of burnout and stress. 2b. What is the problem (significance, background, and problem statement) being studied for any of the studies? Kravits et al. (2010) study According to Kravits et al. (2010) a critical shortage of nurses is threatening American healthcare as a result of nursing stress and burnout in acute care settings. Nurses are leaving these types of settings for less stressful working conditions. Also the idea arises that nurses who are burned out maybe less likely to be able to meet the needs of their patients which may adversely...

Words: 315 - Pages: 2

Premium Essay

Framework

...Environmental and Consumer Influences Paper A product that I am familiar with is the Apple Iphone. I will go over and analyze the factors that affect consumers purchasing decisions when it comes to considering to buy and actually purchasing the Apple Iphone. When it comes to consumers they just do not make decisions when it comes to purchasing a certain product or service. There are many internal and external factors that lead them to purchase something for a specific business or company. This paper will go over some of those internal and external factors that influences consumers desire to purchase certain products or services over others. When people Purchase and Apple Iphone many psychological and social factors come into play that leads up to a consumer choosing the Apple Iphone over another phone within another company. A consumer has motives when buying a certain product or service; they want a product that can live up to the name and reputation of selling and providing the consumer a high quality product. The consumer wants to achieve a certain outcome. If their motives are to purchase an Apple Iphone then they will not likely stop until they achieve that goal. Another factor is the personality of the consumer. This is usually made up of how the consumer interacts with others. Consumers have their own ways of thinking which may not be the same way of thinking others in their circle may or may not have regarding something. Reference groups are groups of people that...

Words: 1098 - Pages: 5

Premium Essay

Soot Framework

...the Java Virtual Machine. To take advantage of Java language and to speed up performance, sophisticated optimization techniques must be utilized. Among many methods of optimizations, such as directly manipulating the bytecode, or annotating the bytecode, “The Soot Framework” is a well developed tool for optimizing the java bytecode to improve performance. The Soot Framework manipulates and modifies any java code and generates an optimized bytecode. The optimized bytecode can be run on any Java Virtual Machine. The soot framework is designed in a way that java code can be optimized module by module, or the whole program. 2. The project Our team consists of Shivshankar Kanawade, Batbold Myagmarjav, and Taeghyun Kang. The project is to research the possibility of automatically detecting shared variables in a concurrent program utilizing The Soot Framework. The team also seeks to identify the shared variable characteristics with the help of intermediate representation provided by The Soot Framework. The team also aims to develop a host program to test the shared variables. The findings of the project are to be submitted at the end of the semester. 3. The Soot Framework The simplest way to use The Soot Framework is to install it on top of Eclipse IDE – an integrated IDE suited for java programming. The following describes the steps...

Words: 1674 - Pages: 7

Premium Essay

Business Frameworks

...Interview Marathon Workshop Victor Cheng’s Case Interview Core Frameworks v1.0 By Victor Cheng www.caseinterview.com These materials provided on an “as is” basis with no warranty or guarantee expressed or implied. You use them at your own risk. This information is provided to you for free for non-commercial use. You are welcome to forward this to your friends provided you do not alter any of the content and keep the entire document in tact. I retain copyright ownership over these materials © Victor Cheng www.caseinterview.com PROFITABILITY FRAMEWORK Revenue/ Unit Revenue # Units Sold For the problem branch (e.g., Revenue/Unit or # Units Sold) 1) SEGMENT the number, break it up into its component parts, compare to historical metrics to find where the shift is coming from 2) ISOLATE the key driver causing bulk of problem 3) EXPLORE possible resolutions Possible Segments to get data for, isolate & explore: * By product / product line * By distribution channel * By region * By customer type (new/old, big/small) * By industry vertical Once you know mathematically what's causing the problem, you need to understand WHY the number has declined in the context of the marketplace. This may be a "compound framework" problem requiring you to use a general market analysis framework. If so, most often you will want to start with the customer (demand side) analysis and potentially may have to use the entire framework. For problem branch (e.g, fixed or variable cost) SEGMENT...

Words: 1614 - Pages: 7

Premium Essay

A Framework for Jainism

...Running head: A Framework for Understanding A Framework for Understanding and Comparing Jainism Jacoven M. Staton Grand Canyon University INT 43 April 20, 2009 A Framework for Understanding and Comparing Jainism Jainism was the first religion that was formed from Hinduism. Jainism bares some similarities to Hinduism it eventually managed to become a religion all of its own. This reformation movement turned independent religion was based upon the teachings of its founder Mahavira. With the lessons taught by Mahavira and my interpretation of his lessons I was able to create the following framework for understanding and comparing of Jainism. What Does It Mean To Be Human? In Jainism the soul is thought of as uncreated and eternal, and is capable of obtaining a perfect divinity. Followers of Jainism should gain liberation from the continuous cycle of rebirth, by not stirring up any bad karma, particularly any bad karma stemmed from causing harm to any and all conscious beings. What Is the Basic Human Problem? The basic human problem as seen by the followers of Jainism is finding a way of finally stopping the continuous wheel of reincarnation. In short, how does one impede this circle of endless lives and come to an end so that they can live? What Is the Cause Of the Problem? The cause of the basic human problem is the continuous wheel of reincarnation, viewed by followers of Jainism, is the karma that they create. What Is the End or Goal of...

Words: 557 - Pages: 3

Premium Essay

Figueroa's Framework

...My essay will be making justified recommendations to the sport of Badminton’s general reputation by using statistics of Australian Children’s participation with references to the individual, interpersonal and institutional levels of Figueroa’s framework. Figueroa’s Framework is a structural foundation developed by Professor Peter Figueroa. His theory focuses on the different factors affecting an individual with regards to participation in health and physical activity such as a person’s race. His framework investigates social factors such as Individual, Interpersonal, Institutional, Structural and Cultural level of influence, of which are all connected in one way or another. The Individual level focuses on the individual’s personal values,...

Words: 1379 - Pages: 6

Premium Essay

Conceptual Framework

...A conceptual framework for financial reporting A conceptual framework, in the field we are concerned with, is a statement of generally accepted theoretical principles which form the frame of reference for financial reporting. The financial reporting process is concerned with providing information that is useful in the business and economic decision-making process. Therefore a conceptual framework will form the theoretical basis for determining which events should be accounted for, how they should be measured and how they should be communicated to the user. Although it is theoretical in nature, a conceptual framework for financial reporting has highly practical final aims. The danger of not having a conceptual framework is demonstrated in the way some countries' standards have developed over recent years; standards tend to be produced in a haphazard and fire-fighting approach. Where an agreed framework exists, the standard-setting body act as an architect or designer, rather than a fire-fighter, building accounting rules on the foundation of sound, agreed basic principles. The lack of a conceptual framework also means that fundamental principles are tackled more than once in different standards, thereby producing contradictions and inconsistencies in basic concepts, such as those of prudence and matching. This leads to ambiguity and it affects the true and fair concept of financial reporting. Another problem with the lack of a conceptual framework has become apparent in the...

Words: 1910 - Pages: 8