IT Governance

The global vision of corporate governance, essentially the result of legislation passed in the USA (Sarbanes-Oxley) and Europe (Basel II), has brought the management of IT systems to the fore, a topic which is called IT Governance. This entails the adoption of specific guidelines for the management of corporate IT processes and services.

“IT Governance can be defined as the organizational capacity brought to bear by the Board, executives and IT managers to control the formulation and implementation of IT strategies and ensure a seamless integration between business and IT.”

Van Grembergen, Introduction to the Minitrack: IT Governance and Its Mechanisms

This kind of IT systems management, achievable by creating an organizational structure which has clearly defined roles and responsibilities for hardware and software infrastructure, security, processes and applications, makes it possible to contain the risk of IT malfunctions or failures but also allows moment-by-moment monitoring of how well these solutions respond to the real business needs and objectives of the company.

Maximize opportunity by mitigating risk

IT Governance has two main objectives: To ensure that investments in IT generate value for the company and to contain IT risks.

The evolution in business models and technological innovation have created opportunities but have also brought risks that need to be managed. One key issue is operational continuity in the company where it is essential to marry internal business processes to potential crisis situations in order to identify, as an example, which IT infrastructure and procedures are vital in case of attacks from the outside and at what level of system malfunction is the company able to continue to do business.

Three key areas of risk for company data in IT are the availability, integrity and confidentiality of the data. PAT’s solutions are designed to provide peace of mind in all of these areas.

The automation, control and improvement to the effectiveness of company processes are attainable via the adoption of BrainBusiness which provides advanced management of business processes. By using this and other advanced platforms, PAT offers a complete suite of tools for corporate governance which bring immediate results in terms of effectiveness, fast ROI, lower training costs and reduced complexity of the corporate system.

The Corporate Governance crisis, the need to introduce new codes for self-regulation and legal obligations, drove the American legislature to pass the Sarbanes–Oxley Act in 2002.

The Sarbanes-Oxley Act brings modifications to the laws on governance, internal control and accounting for companies listed on the US stock exchange. In particular the Act tries to take on numerous current challenges including the need for increased investment in IT, administration, the need for greater collaboration between multiple parties, the simplification of reporting cycles with the elimination of red tape, an immediate mitigation of risk, a simplification of a range of corporate systems and finally a reduction in the amount of time necessary for employees to produce compliance documentation.

HelpdeskAdvanced provides a set of features which guarantees compliance with applicable norms and laws, a significant reduction in IT costs, the ability to manage complex documentation procedures and testing, as well as reduced risks and sign-off as described in paragraphs 302, 404 and 409 of the Sarbanes-Oxley Act.

HDA for ITSM complies with the Sarbanes-Oxley Act via the following features:

  • Project organization in terms of documentation, testing and sign-off for all internal controls
  • Testing procedures based on Risk Management principles as defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)
  • Workflow procedures oriented at reducing testing and sign-off times
  • Permissions administration
  • Automated creation and maintenance of rules
  • Proactive simulation and conformity
  • Mitigation of remediation risks
  • Drill-down analysis and reporting in real time
  • Management reporting

Over the last years the increase in complexity of IT systems and services has made companies aware of the importance of information management and its strategic value to company success.

ITIL (Information Technology Infrastructure Library) is a set of standards which are prevalent in the IT sector for the standardization of processes and services. ITIL provides a detailed description of important IT practices with complete checklists, tasks, procedures and responsibilities which can be adapted to suit all companies.

ITIL standards are organized into modules regarding particular organizations and operational aspects and are broken down into two macro areas: Service Support (including Service desk functions and their relative processes) and Service Delivery (with its relative processes).

The main objectives of ITIL in the IT environment are to improve effectiveness and efficiency and raise the quality of the service for business. By applying ITIL standards, detailed and highly systematic processes can be created and documented.

In order to guarantee greater efficiency in productivity for those companies that apply ITIL standards, these practices are constantly updated and improved internationally. Today ITIL version 3 is in place.

ITIL v3 is a project which was begun in 2004 and which involved thousands of public and private sector companies working in IT Service Management in a series of consultations which included producers, certifying bodies, training institutes and suppliers. In May 2007 ITIL version 3 was released confirming its international importance as the most credible structural system for IT Service Management.
Thousands of companies from around the world are already seeing measurable advantages from adhering to ITIL v3 best practices and offering a genuine support to their IT services.

ITIL v3 is based around five main principles:

  • Service Strategy
  • Service Design
  • Service Transition
  • Service Operation
  • Continual Service Improvement