IT GovernanceThe CIO Calendar

Author: Marcel OrigerDate: July 27th, 2010

The CIO Calendar

An effective IT governance requires from the CIO a periodic intervention in three domains:- IT Projects / Architecture- IT Security- Internal Controls

The business environment determines whether the CIO takes a rather defensive or an offensive approach.

When the CIO is in a ‘defensive mode’ then he must deliver IT services in most reliable and cost-effective way. This determines a set of periodic actions listed on the first slide below.

When the CIO is strongly involved in the definition of the company’s business strategy, then he operates in an ‘offensive mode’. In this case IT is considered as an important component for developing innovative solutions and creating competitive advantages for the company. This implies that the CIO has to perform the ‘offensive governance’ actions listed on the 2nd slide below on top of the ‘defensive’ governance actions.

FEDIL ICT Group 2

IT Governance Calendar – DEFENSIVE Governance

IT Projects / Architecture Frequency

Receive update of strategic IT projects. Quartely

Receive update of technical architecture and review it. Semi-Annual

Ensure update of applications architecture and review it. Semi-annual

Perform budget planning for IT investments. Annual

IT Security

Audit IT security practices Annual

Perform Business Impact Analysis and appraise Disaster-Recovery capabilities (DR and BCP testing)

Annual

Review security policy and analyze new security related technology strategies

Internal Controls

Review IT-related audit-findings and verify remediation status. Semi-annual

Review audit strategy and adjust to regulatory and legal compliance Annual

3 FEDIL ICT Group

IT Governance Calendar – OFFENSIVE Governance

Strategic Technology Scanning Frequency

Stay informed and assess new technologies, applications, and systems that relate to or affect the company’s IT strategy or programs.

Continuously

Visit other companies to observe technology approaches and strategies. As needed

Engage outside experts to obtain third-party opinions about the company’s technology strategy.

Annual

Advisory Role

Advise CEO, COO, and CFO. Quarterly

Hold executive sessions with the board members to maintain awareness of IT strategy and related risks, opportunities, issues and concerns

Semi-annual

Receive business plan and update IT strategy to fulfill business objectives. Annual

Perform IT assessment and benchmarking; report results to the Board and propose actions. Annual

Business Strategy Alignment

Perform appropriate actions to ensure that the company’s IT programs effectively support the company’s business objectives and strategies.

Annual

4 FEDIL ICT Group