ITWeb - The Technology News Site
FREE NEWS SERVICES
• Newsletters
• RSS feeds
• Alerts 		CAREERWEB
• Register
• Post your CV
• Find your job 		BRAINSTORM
• Subscribe
• Read online 		iWEEK
• Subscribe
• Read online
• Get into iWeek 		IT TRAINING
• TrainingWeb
ITWEB EVENTS
• Events Calendar 		FEEDBACK
• Post your feedback
• Send us a news tip
back to the ITWeb home page Sales info
SEARCH

Loading...
advertisement

Loading...
Section editor:
Ranka Jovanovic

Thu, 17 May 2012
New Page 1
 

IT Governance SA 2007 Survey

A joint ITWeb, Analytix and GIBS initiative

 


The overall objective of the IT Governance SA 2007 Survey, conducted for the 3rd year by ITWeb, Analytix and GIBS, is to track the current state of
IT governance in South Africa, by reviewing actions taken by local organisations relative to IT governance over the past two years.


Specific objectives of the IT governance SA 2007 survey project are as follows:

  • To survey and analyse the degree to which the concept of IT governance is recognised, formalised, established and accepted within South African organisations
  • To determine the level of IT governance expertise and to establish which
    IT governance and related frameworks and standards are being used
  • To measure the maturity of IT governance based on the COBIT framework, which will allow for benchmarking to be performed


The results of this survey will be invaluable to ITWeb readers involved in IT governance, and we would urge you to participate by filling in this questionnaire.

 

 

Complete the survey and WIN!

 

All respondents stand a chance to win:

 

  1. R5000 discount on a GIBS Executive Education course to be taken by 30 June 2008, courtesy of Gordon Institute of Business Science (GIBS).


  2. One user desktop license of the BarnOwl risk management and assurance solution, pre-configured with the COBIT control objectives – courtesy of Barnowl and Analytix.

Please ensure you fill in all the fields to become eligible for the draw.
 
 
 
Personal Details:
 
Title:
Name:
Surname:
Company:
Cell:
Email:
 
Survey Questions:
 
1. What is your job title / designation?
 
 
CIO
CTO
CEO
MD / GM
FD
IT Director
General manager IT
IT Manager
Other
* if other please specify:
 
2. What is your organisation’s business focus?
 
 
Finance / Insurance
Telecommunications / IT
Health / pharmaceutical
Retail / manufacturing
Public sector
Energy
Other
* if other please specify:
 
3. What is your organisation’s IT staff complement?
 
 
3 - 20
21 - 50
51 - 100
101 - 200
201 - 500
501 - 1 000
1 001 or more
 
4. How many PCs are there in your organisation?
 
 
3 - 20
21 - 50
51 - 100
101 - 200
201 - 500
501 - 1 000
1 001 - 2 001
2 001 - 5 000
5 001 or more
 
5. What is the annual turnover of your organisation?
 
 
0 - R50 million
R51 - R250 million
R251 million or more
 
6. How critical is IT to your organisation in sustaining its day-to-day operations?
 
 
Very important
Of high importance
Of average importance
Not very important
Not important at all
 
7. What are your organisation's most critical IT issues / priorities? Please list.
 
  1.
  2.
  3.
  4.
  5.
 
8. How important is Information Technology to enable growth and achievement of your organisation's strategic objectives?
 
 
Very important
Of high importance
Of average importance
Not very important
Not important at all
 
9. How effectively is your organisation addressing and managing IT objectives?
 
Very effectively
Moderately effectively
Adequately
With some effectiveness
Not effectively at all
 
10. Is IT governance an integrated part of your organisation’s corporate governance framework?
 
 
Yes
No
Don't know
 
11. How often is IT governance discussed during your organisation’s board / exco meetings?
 
 
Regularly
Sometimes
Irregular
Never
Don't know
 
12. Is IT Governance addressed by the members of your board / exco in a structured manner?
 
 
Yes
No
Don't know
 
13. What do you regard to be good IT Governance practices?
 
  1.
  2.
  3.
  4.
  5.
 
14. Which of the following aspects of  IT Governance are addressed by the members of your board / exco in a structured manner?
 
 
    Yes No
a) Disaster recovery and business continuity management
b) IT Performance management (IT Balanced Scorecards)
c) IT Resource and budget management
d) IT Risk assessment and management
e) IT portfolio management
f) Information security management
g) IT service management
h) Service level management
i) Measuring the ROI of major IT projects / programmes
j)

IT cost allocation
k) IT satisfaction surveys
 
15. Does your organisation have an IT strategy committee or IT council that reviews major investments on behalf of the board and executive management, and advises the board on strategic IT decisions?
 
 
Yes
No
Don't know
 
16. If "Yes", then does this IT strategy committee or IT council:
   
 
a) Involve the CIO and other most senior IT and senior business managers?
 
Yes
No
Don't know
 
b) Set priorities for IT Initiatives and assigns ownership for IT-enabled business opportunities?
 
Yes
No
Don't know
 
17. Is your organisation’s IT strategy influenced by your board / exco’s business objectives for IT alignment, and based on the organisation’s strategic plan?
 
 
Yes
Partially
No
Don't know
We don't have a defined IT strategy
 
18. The strategic value of IT is understood by my organisation’s board and executive management.
 
 
Fully agree
Agree somewhat
Do not agree
Don't know
 
19. All major IT investments in my organisation are taken in consultation with the board / exco, and are based on a risk and return perspective.
 
 
Fully agree
Agree somewhat
Do not agree
Don't know
 
20. Does your IT department fully understand the business needs of your organisation?
 
To a large degree
To some extent
Not really
Not at all
 
21. To whom does your organisation’s most senior IT director / manager report to?
 
 
CEO / MD
COO
FD
Other general management
Other
* if other please specify:
 
22. How good is your organisation’s board/executive management at getting assurance on the performance of IT and on the mitigation of IT risks?
 
 
Very good
Good
Adequate
Not good at all
Don't know
 
23. The IT Governance structures in my organisation are aligned to the overall corporate governance structure and process.
 
 
Strongly agree
Agree
Strongly disagree
Don't know
 
24. How effective is your organisation in managing IT risk?
 
 
Highly effective
Moderately effective
Partially effective
Ineffective
Don't know
 
25. What is the current status of IT Governance implementation in your organisation?
 
 
No plans to implement
We are currently considering
We are in the early implementation stage
Our initiative is at a mature deployment stage
Don't know
~ If not implemented, please proceed to question 30.
 
26. If your organisation has already implemented an IT Governance framework and solution, when was it deployed?
 
 
Less than a year ago
One to two years ago
Three or more years ago
Don't know
 
27. What was the key driver when deciding to implement an IT Governance initiative?
 
 
Achieving lower operating costs for IT
Compliance with legal and regulatory requirements
Enhance management control of the IT organisation
Manage IT Risk
To gain strategic advantage through effective management of IT
Improve the quality of the IT function and processes
* if other please specify:
 
28. How was the IT Governance solution implemented?
 
 
Own resources
External consultants
A combination of these two approaches
Don't know
 
29. How difficult / easy was the implementation of IT Governance?
 
 
Difficult
Moderately difficult
Easy
Don't know
 
30. Which of the following best practices / standard / frameworks / tools does your organisation use or plans to use?
 
 
a) COSO
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
b) COBIT (Control Objectives for Information Related Technology)
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
c) ISO 17799
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
d) ISO 27001
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
e) BS25999
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
f) ITIL
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
g) ISO 20000
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
h) Balanced IT Scorecard
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
i) IT Risk Assessment
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
j) IT Portfolio Management
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
k) External IT benchmarks
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
l) ROI / TCO
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
m) CMM-I
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
n) Prince / Prince 2
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
o) Pmbok
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
p) Togaf
Not Considering Consider implementation In process of implementing Have fully implemented Don't know
 
* if other please specify:
 
31. To what extent are you familiar with the contents and scope of application of the following best practices / standard / frameworks / tools?
 
 
a) COBIT (Control Objectives fro Information Related Technology)
Fully understand Some Understanding No Understanding Have not heard of
b) ISO 17799
Fully understand Some Understanding No Understanding Have not heard of
c) ISO 27001
Fully understand Some Understanding No Understanding Have not heard of
d) BS25999
Fully understand Some Understanding No Understanding Have not heard of
e) ITIL
Fully understand Some Understanding No Understanding Have not heard of
f) ISO 20000
Fully understand Some Understanding No Understanding Have not heard of
g) Balanced IT Scorecard
Fully understand Some Understanding No Understanding Have not heard of
h) IT Risk Assessment
Fully understand Some Understanding No Understanding Have not heard of
i) IT Portfolio Management
Fully understand Some Understanding No Understanding Have not heard of
j) External IT benchmarks
Fully understand Some Understanding No Understanding Have not heard of
k) ROI / TCO
Fully understand Some Understanding No Understanding Have not heard of
l) CMM-I
Fully understand Some Understanding No Understanding Have not heard of
m) Prince / Prince 2
Fully understand Some Understanding No Understanding Have not heard of
n) Pmbok
Fully understand Some Understanding No Understanding Have not heard of
o) Togaf
Fully understand Some Understanding No Understanding Have not heard of
 
* if other please specify:
 
 
32. If you are using COBIT, what are the current “as-is” IT process maturity levels of your organisation for the following COBIT processes, based on the COBIT maturity model, using the COBIT Management guidelines?
   
  Please rate the status of each of the IT processes used, using the following rating:

COBIT process maturity levels key:

0 Non-existent
1 Initial
2 Repeatable
3 Defined
4 Managed
5 Optimised

 
COBIT Process IT Process
COBIT Maturity Level
0 1 2 3 4 5
PO1 Define a strategic IT plan
PO2 Define the information architecture
PO3 Determine technology direction
PO4 Define the IT processes, organisation
and relationships.
PO5 Manage the IT investment
PO6 Communicate management aims and direction
PO7 Manage IT human resources
PO8 Manage quality
PO9 Assess and manage IT risks
PO10 Manage Projects
AI1 Identify automated solutions
AI2 Acquire and maintain application
software
AI3 Acquire and maintain technology infrastructure
AI4 Enable operation and use
AI5 Procure IT
AI6 Manage Changes
AI7 Install and accredit solutions and changes
DS1 Define and manage service levels
DS2 Manage third-party services
DS3 Manage performance and capacity
DS4 Ensure continuous service
DS5 Ensure systems security
DS6 Identify and allocate costs
DS7 Educate and train users
DS8 Manage service desk and incidents
DS9 Manage the configuration
DS10 Manage problems
DS11 Manage data
DS12 Manage the physical environment
DS13 Manage operations
M1 Monitor and evaluate IT performance
M2 Monitor and evaluate internal control
M3 Ensure compliance with external requirements
M4 Provide IT governance
 
 
33. Please rate how important the following IT processes are to your organisation. (even if not using COBIT)
   
  Key:

H = High
M = Medium
L = Low
N/A = Not Applicable
 
COBIT Process IT Process
Level of importance
H M L N/A
PO1 Define a strategic IT plan
PO2 Define the information architecture
PO3 Determine technology direction
PO4 Define the IT processes, organisation
and relationships.
PO5 Manage the IT investment
PO6 Communicate management aims and direction
PO7 Manage IT human resources
PO8 Manage quality
PO9 Assess and manage IT risks
PO10 Manage projects
AI1 Identify automated solutions
AI2 Acquire and maintain application software
AI3 Acquire and maintain technology infrastructure
AI4 Enable operation and use
AI5 Procure IT resources
AI6 Manage changes
AI7 Install and accredit solutions and changes
DS1 Define and manage service levels
DS2 Manage third-party services
DS3 Manage performance and capacity
DS4 Ensure continuous Service
DS5 Ensure systems security
DS6 Identify and allocate costs
DS7 Educate and train users
DS8 Manage service desk and incidents
DS9 Manage the configuration
DS10 Manage problems
DS11 Manage data
DS12 Manage the physical environment
DS13 Manage operations
M1 Monitor and evaluate IT performance
M2 Monitor and evaluate internal control
M3 Ensure compliance with external requirements
M4 Provide IT governance
 
 
34. What are the most important criteria when assessing the success of your company’s IT governance initiatives?
(Mark ONLY the three most important)
 
 
Achieving lower operating costs for IT
Compliance with legal and regulatory requirements
Enhance management control of the IT organisation
Manage IT risk
To gain strategic advantage through effective management of IT
Improve the quality of the IT function and processes
* if other please specify:
 
 
 
 
 


to the top of this page

Copyright (c) 1996 - 2012 ITWeb Limited. All rights reserved.
Would you like to see your news here? Contact us for more details at itnews@itweb.co.za
Striata Rackspace Sophos BBG Technologies