estudios de Moscú, Lenin- Lenin-grado, Kiev y Kharka trabajan

Office of the CIO – Recommendation 21

This paper does not insist on the existence of a CTO role. Rather, it is recommended that either the definition of the CIO role be broadly defined to incorporate the role of the CTO or the roles of the CTO and CIO be clearly segregated. The CIO role is rapidly changing and needs to be adjusted continually to keep up with new demands. Each organisation should define the CIO role to meet its strategic IT requirements. These requirements will determine the value IT should deliver and consequently the role of the individual leading the function.

Participant comment

Chief Technology Officer– Recommendation 22

It is recommended that the creation of a CTO role should be based on a strategic decision and the nature of the organisation. Not all organisations are able to justify a CTO role. Organisations which

CobiT ITIL PMBOK,  Prince2 ISO17799,  ISO27001 TOGAF Balanced  Scorecard Portfolio  Management King  III ISO38500

Strategic  alignment X X X X X X

Value  delivery X X X X X X

Risk  management X X X X X X

Resource  management X X X X X

Performance  measurement X X X X

have made a significantly higher investment in IT infrastructure than their peers, as well as telecommunications organisations, would probably find it easier to justify a CTO role.

Participant comment

Information Security Officer (ISO)– Recommendation 23

The ISO role should be clearly defined and segregated from the implementation and administration of these policies, procedures and standards, as the most senior information security oversight function.

If possible, it should be based outside IT.

Participant comment

Chief Enterprise Architect– Recommendation 24

It is recommended that organisations’ IT strategies make provision for the creation or maturing of the enterprise architecture role. Where feasible, this role should not be regarded as an IT function but rather be based closer to corporate strategy, with its technology-specific roles being resourced from IT.

Participant comment

IT Financial Manager– Recommendation 25

It is recommended that the IT financial management role be formally assigned in all environments, but that the feasibility of creating a full-time position around it be carefully evaluated based on the size and complexity of the environment.

Participant comment

IT Risk Officer – Recommendation 26

It is recommended that a formal IT risk officer role be created. Depending on the organisation it could then be decided whether to award this role as an additional responsibility to a senior IT official or to create a new position within IT for an operational risk manager. It is further imperative that all of the IT management team be made aware of their risk management responsibility.

Participant comment

Applications Manager– Recommendation 27

It is recommended that, where feasible, the role of applications manager not be combined with other formal roles in large IT departments.

Participant comment

Technical Manager – Recommendation 28

The proposed IT governance framework recommends that the technical management role be clearly defined and assigned to an individual who will then be responsible for all aspects of technical management. The framework does not dictate whether the technical manager or the applications manager owns and is responsible for the IT service support and IT service delivery processes, but requires these two roles to take responsibility for service support and service delivery between them.

Participant comment

Operations Manager – Recommendation 29

It is recommended that each organisation evaluate whether or not the size of its IT department justifies the appointment of an operations manager. If not, this role could be combined with that of the technical manager. This paper does not argue for any particular IT operations structure but recommends, (i) clear roles and responsibilities for each operational area, and (ii) a clear definition of the operations management role.

Participant comment

IT Strategy Committee– Recommendation 30

It is recommended that all organisations have an IT Strategy Committee comprising top executives and the CIO. In some organisations, this committee would also be responsible for areas assigned to the IT Steering Committee below.

Participant comment

IT Steering Committee– Recommendation 31

It is recommended that each organisation should have at least one IT governance body responsible for setting IT strategy (IT Strategy Committee) and one for overseeing the establishment of mechanisms for delivering the strategy (IT Steering Committee). Where feasible, these should be two different bodies but, provided the body does not involve itself in the actual implementation of strategy, the two could be one. Where the two bodies are segregated, the IT Strategy Committee membership should be as senior as possible, preferably Board level.

Participant comment

Enterprise Architecture Forum– Recommendation 32

It is recommended that some kind of governance body be set up to oversee the establishment and effectiveness of EA in the organisation. Where possible, this function should be situated outside IT, as a corporate strategy implementation enabler.

Participant comment

Programme Management Office (PMO)– Recommendation 33

Without being prescriptive as to where the IT PMO should reside, it is recommended that PMO principles be adopted to govern any significant IT projects. It is further recommended that a formal, standardised project management methodology be adopted, including a project management maturity model, whether for IT or at an enterprise level. The adopted project management methodology should contain a project management maturity model, indicating maturity targets for project management.

Participant comment

Summarised Recommendation on IT Governance Roles– Recommendation 34

To summarise the recommendations on IT management roles in this section, Table 2 maps the roles discussed in this paper to the IT governance major processes they are recommended to support.

CIO CTO ISO Applications  Manager Enterprise  Architect Technical  Manager Operations  Manager IT  Financial  Manager IT  Risk  Officer

Strategic  alignment A R I C R C I C R

Value  delivery A C C R C R R R C

Risk  management A R R R R R R R R

Resource  management A R C R I R R R C

Performance  measurement A R R R C R R R R

Table 2 –IT Management Roles per IT Governance Major Process Participant comment

Summarised Recommendation on IT Governance Structures - Recommendation 35

To summarise the recommendations on structures in this section, Table 3 maps the structures discussed in this paper to the IT governance major processes they are recommended to support.

Office  of  the  CIO IT  Steerig  Committee IT  Strategy  Committee Enterprise  Architecture  Forum Pogramme  Management  Office

Strategic  alignment R C A R R

Value  delivery R A C C R

Risk  management A I I C R

Resource  management A C I C R

Performance  measurement A I I C R

Table 3 – RACI Mapping for IT Governance Structures Participant comment