IT Governance Part-II
COSO
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is a joint initiative of the five private sector organizations listed on the left and is dedicated to providing thought leadership through the development of frameworks and guidance on enterprise risk management, internal control and fraud deterrence. This model for evaluating internal controls is from the Committee of Sponsoring Organizations of the Treadway Commission. It includes guidelines on many functions, including human resource management, inbound and outbound logistics, external resources, information technology, risk, legal affairs, the enterprise, marketing and sales, operations, all financial functions, procurement and reporting. This is a more business-general framework that is less IT-specific than the others.
CMM
The Capability Maturity Model Integration method, created by a group from government, industry and Carnegie-Mellon’s Software Engineering Institute, is a process improvement approach that contains 22 process areas. It is divided into appraisal, evaluation and structure. CMMI is particularly well-suited to organizations that need help with application development, lifecycle issues and improving the delivery of products throughout the lifecycle. This model became the foundation from which Carnegie Mellon created the Software Engineering Institute (SEI). The term "maturity" relates to the degree of formality and optimization of processes, from ad hoc practices, to formally defined steps, to managed result metrics, to active optimization of the processes.When the model is applied to an existing organization's software-development processes, it allows an effective approach toward improving them. Eventually it became clear that the model could be applied to other processes. This gave rise to a more general concept that is applied to business.
ISO 17799
The International Organization for Standardization has developed the third major governance framework, ISO 17799, titled “Information Technology — Code of Practice for Information Security Management.” It was first released by the ISO in December 2000. However, it is based on British Standard 7799, which was finalized in 1999. The intent of the standard is to focus on security and aid an organization in the creation of a IT security plan.
Six Sigma
Six Sigma at many organizations simply means a measure of quality that strives for near perfection. Six Sigma is a disciplined, data-driven approach and methodology for eliminating defects (driving toward six standard deviations between the mean and the nearest specification limit) in any process – from manufacturing to transactional and from product to service. Six Sigma is a set of tools and strategies for process improvement originally developed by Motorola in 1986. Six Sigma became well known after Jack Welch made it a central focus of his business strategy at General Electric in 1995, and today it is used in different sectors of industry. The fundamental objective of the Six Sigma methodology is the implementation of a measurement-based strategy that focuses on process improvement and variation reduction through the application of Six Sigma improvement projects. This is accomplished through the use of two Six Sigma sub-methodologies: DMAIC and DMADV. The Six Sigma process requires 99.99967% error free processes and products, (or 3.4 parts per million defects or less). Six Sigma processes resulted in $16–17 billion in savings to Motorola as of 2006.
The balanced scorecard (BSC)
The balanced scorecard is a strategic planning and management system used to align business activities to the vision and strategy of the organization, improve internal and external communications, and monitor organizational performance against strategic goals. It is perhaps the best known of several such frameworks (it is the most widely adopted performance management framework reported in the annual survey of management tools undertaken by Bain & Company, and has been widely adopted in English-speaking western countries and Scandinavia in the early 1990s).
Happy learning! We wish you good luck in your "CISM Certification Program" journey!
