Technology Governance: Concepts & Practices
()
About this ebook
The necessity of practicing technology governance as against IT governance has been discussed and proven.
The shortcomings in the standards, best practices and codes that relate to technology governance are discussed and recommendations have been made to enhance these to cater to technology governance.
The book also lays down a reference model for technology governance, a road map for the implementation of technology governance and gives guidance for the assessment of technology governance in an enterprise.
This book may prove to be the foundation of the new field of technology governance.
Azhar Zia-ur-Rehman
Azhar Zia-ur-Rehman is a seasoned technology professional with a very rich and wide background in a variety of industries and domains. His expertise spans the domains of IT, governance, compliance, risk management, security management, enterprise transformation, building information modelling (BIM) and 3D printing. He has worked on systems from the lowest level to large business systems for conglomerates. As a consultant, therefore, he can very comfortably mix and match these domains for the benefit of his customers and provide them with a solution that few other consultants can. Azhar Zia-ur-Rehman has been based in the GCC for more than 20 years working for prestigious companies and as a consultant. This book is the result of more than 36 years of experience in a variety of industries including telecommunications, petroleum, manufacturing, real estate, construction, heavy engineering, health, legal, facilities management, retail, government and utilities. Most of the ideas presented in this book are original and new and can form the basis of a very new domain of ‘technology governance’ – a domain that will soon become vital due to the increasing use of technology in enterprises.
Related to Technology Governance
Related ebooks
Towards Sustainable Artificial Intelligence: A Framework to Create Value and Understand Risk Rating: 0 out of 5 stars0 ratingsThe AI Book: The Artificial Intelligence Handbook for Investors, Entrepreneurs and FinTech Visionaries Rating: 0 out of 5 stars0 ratingsArtificial Intelligence Regulation: Fundamentals and Applications Rating: 0 out of 5 stars0 ratingsFintech and Islamic Finance: Digitalization, Development and Disruption Rating: 0 out of 5 stars0 ratingsThe Impact of Digital Transformation and FinTech on the Finance Professional Rating: 0 out of 5 stars0 ratingsService and Advanced Technology: Practical Essays Rating: 0 out of 5 stars0 ratingsArtificial Intelligence Basics: A Non-Technical Introduction Rating: 5 out of 5 stars5/5Machine Learning for Finance Rating: 0 out of 5 stars0 ratingsSecurity Testing Handbook for Banking Applications Rating: 5 out of 5 stars5/5Artificial Intelligence Safety: Fundamentals and Applications Rating: 0 out of 5 stars0 ratingsThingalytics Rating: 5 out of 5 stars5/5Cyber Risks for Business Professionals: A Management Guide Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: Cases Studies and Solutions Rating: 0 out of 5 stars0 ratingsHarnessing Technology for More Inclusive and Sustainable Finance in Asia and the Pacific Rating: 0 out of 5 stars0 ratingsInformation-Driven Business: How to Manage Data and Information for Maximum Advantage Rating: 0 out of 5 stars0 ratingsSECURITY AND PRIVACY IN AN IT WORLD: Managing and Meeting Online Regulatory Compliance in the 21st Century Rating: 5 out of 5 stars5/5The Benefits and Security Risks of Web-Based Applications for Business: Trend Report Rating: 0 out of 5 stars0 ratingsEmpowering Ethics in AI: A Guide for Everyone Rating: 0 out of 5 stars0 ratingsAI Ethics & Governance - A Legal Perspective Vol. 2: AI Ethics & Governance - A Legal Perspective, #2 Rating: 0 out of 5 stars0 ratingsApplications of Blockchain Technology in Business: Challenges and Opportunities Rating: 0 out of 5 stars0 ratingsData Analytics And Knowledge Management Rating: 0 out of 5 stars0 ratingsFintech with Artificial Intelligence, Big Data, and Blockchain Rating: 0 out of 5 stars0 ratingsCapitalizing Data Science: A Guide to Unlocking the Power of Data for Your Business and Products (English Edition) Rating: 0 out of 5 stars0 ratingsPrecision: Principles, Practices and Solutions for the Internet of Things Rating: 0 out of 5 stars0 ratingsInnovation's Crouching Tiger (Second Edition): 新創臥虎(第二版國際英文版) Rating: 0 out of 5 stars0 ratingsFortify Your Data: A Guide to the Emerging Technologies Rating: 0 out of 5 stars0 ratingsSummary of Harvard Business Review's The Year in Tech 2022 Rating: 0 out of 5 stars0 ratingsUnlock Lucrative Opportunities with Modern Technology Skills: A Comprehensive Guide to Earning Big Money Rating: 0 out of 5 stars0 ratingsViet Nam’s Ecosystem for Technology Startups Rating: 0 out of 5 stars0 ratings
Business For You
Your Next Five Moves: Master the Art of Business Strategy Rating: 5 out of 5 stars5/5The Richest Man in Babylon: The most inspiring book on wealth ever written Rating: 5 out of 5 stars5/5The Intelligent Investor, Rev. Ed: The Definitive Book on Value Investing Rating: 4 out of 5 stars4/5Emotional Intelligence: Exploring the Most Powerful Intelligence Ever Discovered Rating: 5 out of 5 stars5/5How to Write a Grant: Become a Grant Writing Unicorn Rating: 5 out of 5 stars5/5Confessions of an Economic Hit Man, 3rd Edition Rating: 5 out of 5 stars5/5Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5The Book of Beautiful Questions: The Powerful Questions That Will Help You Decide, Create, Connect, and Lead Rating: 4 out of 5 stars4/5The Everything Guide To Being A Paralegal: Winning Secrets to a Successful Career! Rating: 5 out of 5 stars5/5Becoming Bulletproof: Protect Yourself, Read People, Influence Situations, and Live Fearlessly Rating: 4 out of 5 stars4/5Carol Dweck's Mindset The New Psychology of Success: Summary and Analysis Rating: 4 out of 5 stars4/5Crucial Conversations Tools for Talking When Stakes Are High, Second Edition Rating: 4 out of 5 stars4/5The Catalyst: How to Change Anyone's Mind Rating: 4 out of 5 stars4/5Tools Of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers Rating: 4 out of 5 stars4/5Law of Connection: Lesson 10 from The 21 Irrefutable Laws of Leadership Rating: 4 out of 5 stars4/5Robert's Rules Of Order Rating: 5 out of 5 stars5/5Set for Life: An All-Out Approach to Early Financial Freedom Rating: 4 out of 5 stars4/5Collaborating with the Enemy: How to Work with People You Don’t Agree with or Like or Trust Rating: 4 out of 5 stars4/5Lying Rating: 4 out of 5 stars4/5Just Listen: Discover the Secret to Getting Through to Absolutely Anyone Rating: 4 out of 5 stars4/5The Five Dysfunctions of a Team: A Leadership Fable, 20th Anniversary Edition Rating: 4 out of 5 stars4/5Capitalism and Freedom Rating: 4 out of 5 stars4/5Ask for More: 10 Questions to Negotiate Anything Rating: 4 out of 5 stars4/5
Reviews for Technology Governance
0 ratings0 reviews
Book preview
Technology Governance - Azhar Zia-ur-Rehman
Technology
Governance
Concepts & Practices
Azhar Zia-ur-Rehman
44299.pngAuthorHouse™ UK
1663 Liberty Drive
Bloomington, IN 47403 USA
www.authorhouse.co.uk
Phone: 0800.197.4150
© 2017 Azhar Zia-ur-Rehman. All rights reserved.
OECD (2017), OECD Publishing, Paris.
No part of this book may be reproduced, stored in a retrieval system, or transmitted by any means without the written permission of the author.
Published by AuthorHouse 02/14/2017
ISBN: 978-1-5246-7815-9 (sc)
ISBN: 978-1-5246-7816-6 (hc)
ISBN: 978-1-5246-7822-7 (e)
Any people depicted in stock imagery provided by Thinkstock are models,
and such images are being used for illustrative purposes only.
Certain stock imagery © Thinkstock.
Because of the dynamic nature of the Internet, any web addresses or links contained in this book may have changed since publication and may no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect the views of the publisher, and the publisher hereby disclaims any responsibility for them.
Contents
Foreword
Preface
1. What is Corporate Governance
?
2. What is Technology
?
3. The Conglosphere
4. Corporate Governance Principles
& Codes
5. Governance of IT
6. Technology Governance
7. COSO & Technology Governance
8. King & Technology Governance
9. ISO38500 & Technology Governance
10. CobIT 5 to CoTiE
11. Technology Governance Process Reference Model
12. Implementing Technology Governance
13. Assessing Technology Governance
14. Conclusion
Foreword
I t is with great pleasure that I have accepted the invitation to write this foreword to the book Technology Governance Concepts & Practices
authored by my dear friend, and fellow governance professional, Azhar Zia-ur-Rehman. I can’t think of anyone more suitably qualified to write and publish this important work. Azhar has an outstanding track record of accomplishment in the field of technology, audit, assurance and governance. This includes 17 years with Etisalat UAE, the Emirates Telecommunications Corporation, one of the largest mobile network operators in the world, with a total customer base of more than 167 million in 17 countries. With Etisalat, Azhar was Director IT Assurance, and subsequently Group Director responsible for Technical, Process and Governance audits and Fraud Management within all companies in the G roup.
Why is this book timely, and why is Technology Governance so important? To answer that question, let’s reflect on the causes of the last financial crisis. During the height of the crisis there was an estimated USD $ 900 billion of bank bailouts, failures, crisis mergers and acquisitions. According to the Financial Crisis Enquiry Report
of the US Government it is stated: We conclude dramatic failures of corporate governance and risk management at many systemically important financial institutions were a key cause of this crisis.
The CCP Research Foundation reports that the global banking industry has incurred more than £166 billion in fines, settlement fees and provisions in the past 7 years as a direct consequence of their failures in the governance and risk areas. The IFC-World Bank Group noted that the central irony of the governance failures that became apparent in the crisis is that many took place in some of the most sophisticated banks operating in some of the most developed governance environments in the world, notably the US and the UK.
Now we are on the brink of the 4th Industrial Revolution (4th IR). In his book with this title, Klaus Schwab of the World Economic Forum describes the 4th IR as being characterized by a fusion of technologies blurring the lines between the physical, digital and biological spheres. By this he means advanced robotics and humanoids, artificial intelligence and machine learning, smart factories, gene sequencing, nanotechnology, renewable energy, quantum computing, self-driving cars, train, buses, and trucks, AgTech, FinTech, RegTech, MedTech, and the list goes on. These are all new technologies, driven mainly by young bright entrepreneurs, operating in a lightly regulated environment, with insufficient governance oversight. Last month saw the founding by several technology-world elites of the Ethics and Governance of Artificial Intelligence Fund
. The Fund has raised USD 27 million for research that hopes to protect humanity from the rise of AI. Prof Stephen Hawking believes we should be scared of robots and artificial intelligence because, as he says: The real risk with AI isn’t malice but competence. A super intelligent AI will be extremely good at accomplishing its goals, and if those goals aren’t aligned with ours, we’re in trouble
.
There is already sufficient evidence to demonstrate that IT Governance is sub-standard across the world in many corporations and governments. Recently we witnessed the hacking of the e-mail system of John Podesta, the Chairman of Hillary Clinton’s presidential campaign, with the resulting damage to the election process due to the release of thousands of messages. It is suggested that his computer password was in fact password
. In 2014, there was a massive data breach resulting from a cyber-attack against the US bank JPMorgan Chase that is believed to have compromised data associated with over 83 million accounts and 7 million small businesses. The data breach is considered one of the largest data breaches in history. In 2016 thieves stole $81 million from the central bank of Bangladesh by gaining access to the S.W.I.F.T. international bank messaging system. This month, a Turkish hacker, Ercan Findikoglu, was sentenced to eight years in a U.S. prison for his role as one the masterminds behind three cyber-attacks that enabled $55 million to be siphoned from automated teller machines globally. The message is clear. Criminals no longer need to enter a bank to rob it, money is now virtual, and the hackers are getting smarter. Client data has value, that is why Facebook is valued at USD 387 billion, so data is worth stealing.
Azhar starts his book with the following text: The concept of ‘technology governance’, or rather the lack of it, has been troubling me
. I can only echo that opinion. Fortunately, there is a solution. This book provides clarity on the definitions, the standards, and the framework for technology governance which is an important source of information for both students and practitioners. Then Azhar brings his expertise to the forefront in Chapter 11 - Technology Governance Process Reference Model, where he merges the key requirements and principles of COSO, King IV, ISO38500 and COBIT 5. These are then used as the basis for a proposed Model comprised of 24 Processes, each of which contains sub-processes, goals and activities. This leads the reader to Chapter 12 - Implementing Technology Governance, with a step by step guide to the implementation of technology governance, consisting in total of 12 Steps. So far so good. But having accomplished the implementation steps, how do we seek assurance that all is working as planned? This is covered in Chapter 13 Assessing Technology Governance, where Azhar recommends that the assessment of technology governance requires a framework that includes process reference and assessment models, and concludes that such framework is provided by the ISO/IEC33001 Information Technology -- Process Assessment standard.
I would like to commend Azhar Zia-ur-Rehman for this serious work that addresses Technology Governance, one of the most important topics we face today in our rapidly changing world, with so many new technology challenges and risks.
Philip Weights, Managing Director
Enhanced Banking Governance GmbH
CH-8636 Wald Zürich
Switzerland
weights@e-bkgov.com
February 13, 2017
Preface
T he concept of ‘technology governance’, or rather the lack of it, has been troubling me since the very beginning of my professional career in 1980. I was working in a company that was manufacturing sophisticated telecommunications equipment and was using state of the art technologies of that time. These technologies included at least three sets –firstly, those related to the conception, design and development of telecommunications equipment, secondly those dealing with the design, development and use of manufacturing and testing equipment for these telecommunications equipment, and, thirdly, technologies that helped manage the financial, material and human resources of the company. These three sets of technologies were handled without much synergy between them and no formal coordination except at the highest level. The term ‘information technology’ had not become common yet – ‘data processing’ in glass houses was the norm. With time, personal computers started becoming common and they were used all over the company – design and development, production planning and control, manufacturing, testing, etc. Although they were ‘PCs’ all over, there was no central control of their efficient and coordinated use. I always wondered why all technologies in an organization are not managed in a synergetic and coordinated manner.
As I gained familiarity with more industries and got involved in the use of computers in industries as diverse as telecommunications, electronics, heavy engineering, manufacturing, health, yarn, textiles, retail, real estate, petroleum, construction, banking, government and municipal administration, I witnessed the same state of affairs everywhere. Then I saw some method appear in the madness of the telecommunications industry. The Telemanagement Forum¹ was formed to view technology from a higher perspective and define best practices for its use. No other industry I know of, has been able to bring a similar method into its respective madness.
I was lucky to get interested and involved in corporate governance, a domain dominated by lawyers and finance professionals. I saw corporate governance from the IT governance aspect and noticed the narrow view that governing bodies have on technology. While they understand the legal and the financial aspects, they rely heavily on the managers on technology aspects. As a result, I witnessed technology decisions in many companies that served more to enrich the curriculum vitae of technology personnel than the business of the company. I also witnessed technology decisions being taken in silos of technology domains, resulting in duplicated investments and mutually contradicting projects.
The concepts and practices that I have developed over many years and have presented here