Understanding the Work of the IT Governance Board

 

In this final week of your internship, your rotation assignment takes you back to the Chief of Staff’s Office where you started out seven weeks ago.

Among other things, the Chief of Staff’s organization is responsible for organizing meetings and providing support to the various internal governance boards and executive committees that comprise the internal governance infrastructure. Last week, you had a brief introduction to the work of one of these boards — the IT Governance board — when you helped the Chief Financial Officer and CFO staff put together a briefing to inform the board’s members about a technology problem. 

The work of the company’s governance boards and committees is extremely important since these groups plan, design, negotiate, implement and provide oversight for the processes, policies, procedures, and other mechanisms used to guide,  monitor, control, and assess the operations of the company. Each board is comprised of executives who each represent their functional areas or a group of internal stakeholders. Usually, there is a chair position that rotates among the members. If you would like to learn more about corporate governance in general, Deloitte’s report Developing an effective governance operating model: A guide for financial services boards and management teams provides a brief but comprehensive overview (see ). You may also find this article , from the International Standards Organization, helpful as it explains what a management system is and why standards are needed to define repeatable steps that organizations can use to ensure the effectiveness and efficiency of their management activities.

The IT Governance board operates under authority delegated by the corporate governance board. This board’s charter gives it responsibility for governance, risk management, and compliance management (GRC) for corporate IT processes, policies, and technologies. Members of the board each serve for a three year term. Of the 24 members, 8 have just begun their terms.

The IT Governance board focuses upon ensuring that the company achieves maximum value for each dollar spent on information technology capabilities. The board’s members must exercise due diligence to ensure that the company complies with laws and regulations that apply to the use of Information Technology (including privacy and security requirements). The board is also charged with ensuring that the company complies with voluntary standards such as PCI-DSS since these have an impact on the company’s business operations (non compliance could result in the company not being permitted to receive payments via credit cards).

The next meeting of the IT Governance board will include a set of orientation briefings for the new members. Your assignment, as a support staffer, is to help prepare for this orientation meeting by developing a short (5-minute) briefing on one of the following IT management / IT security management frameworks, standards, and models.

  1. COBIT
  2. ITIL
  3. ISO 27001 (ISMS Program Management)
  4. NIST Cybersecurity Framework
  5. NIST Security and Privacy Controls (NIST SP 800-53)
  6. NIST Risk Management Framework (NIST SP 800-37)

See the weekly readings for information about your selected topic. Then, find additional sources on your own. (Each of these standards and frameworks is discussed in freely available materials on the Internet or in articles available through the university’s only library. There is no reason for you to pay for copies of any materials for this assignment.)

After you have researched your chosen framework, standard, or model, develop a written script for your briefing which you will deliver verbatim (as written). You should also prepare a one page handout for the board members to follow as you present your speech.