Cloud Computing Chapter 15 Governing the Cloud Learning Objectives • Define and describe corporate governance. • Define business strategy and provide examples of strategic goals. • Discuss how companies use the Capability Maturity Model (CMM) to measure their current capabilities. • Define and describe internal controls. • Define and describe IT governance. • Discuss the various types of governance a company must perform. • Discuss the role of Sarbanes-Oxley in corporate IT governance. • Discuss factors to consider when developing governance procedures for the cloud. The Need for True Financials • Following the DOT.com crash and corporate scandals such as Enron, Tyco, and WorldCom, pressures emerged from the government, shareholders, and numerous other stakeholders for companies to increase their financial oversight to reduce opportunity for fraud and to restore confidence in corporate financial reporting. Why IT Is Involved • Because most of the data that drive corporate financial reports originate within data centers, the new era of governance has brought greater visibility and a greater need for controls to IT departments. Corporate Governance • Corporate governance combines the processes, policies, laws, and controls that affect how a company operates. • The governance guides the company’s decision making and administrative processes. • Corporate governance, is complex and involves people, processes, systems, and more. Corporate-Governance Process • Components of the corporate-governance process. Real World: Organization for Economic Cooperation • In 1999, the Organization for Economic Cooperation and Development (OECD) published the Principles for Corporate Development. It has been revised to address corporate-governance issues. Understanding Business Strategy • A strategy is a plan of action designed to achieve one or more particular goals. • A business strategy comprises the plans a company executes to achieve business goals. Components of a Business Strategy • Maximizing shareholder value • Reducing or managing costs to maximize profits • Providing a high-quality work environment to attract and retain employees • Maintaining a high degree of customer satisfaction • Supporting environmentally friendly operations • Developing a sustainable, competitive advantage • Providing accurate reporting of company operations Real World: Capability Maturity Model (CMM) • The Capability Maturity Model (CMM) was developed at Carnegie Mellon University to help businesses measure and improve their current capabilities. • Over time, as a business matures and its skills improve, a company’s CMM scores should increase. • As scores increase, so too should the predictability and reliability of the business. Levels of CMM Inspect What You Expect • Once a company defines its business goals and metrics, it must inspect the underlying factors that drive business results. • In other words, rather than take its financials at face value, the company should examine the sources from which the values are derived to ensure that each is accurate and free from fraud. • This inspection process is known as auditing. Auditing • Companies must audit the source of the values they measure and report using internal or external auditors. Internal Controls • Internal controls allow a company auditor to inspect data values at key stages. Real World: Committee of Sponsoring Organizations of the Treadway Commission • A key aspect of corporate governance is internal controls. An internal control is a process that provides assurance that the objectives of a company’s operational goals and legal compliance requirements are being met, as well as confidence in the accuracy of the reporting of operations. • The Committee of Sponsoring Organizations of the Treadway Commission (COSO) has defined a model that companies can use to evaluate their internal controls. The Components of the (expanded) COSO Model Control Objectives for Information and Related Technology (COBIT) • Control Objectives for Information and Related Technology (COBIT) is an IT governance framework defined by the Information Systems Audit Control Association (ISACA). • COBIT defines dozens of processes an IT manager and staff can use to plan, acquire, implement, deliver, support, monitor, and evaluate IT solutions. IT Governance • IT governance is one of many key types of governance a company must consider. Real World: SarbanesOxley • In 2002, in the aftermath of the dot-com crash and corporate scandals that included Enron, Tyco, and WorldCom, Senator Paul Sarbanes of Maryland and Representative Michael Oxley of Ohio cosponsored a bill. • Once passed, the law became known as Sarbanes-Oxley. • The law’s goal was to improve confidence in the truthfulness of company reporting by requiring greater transparency and controls of the data that companies report. Real World: IT Governance Institute • The IT Governance Institute (ITGI) was formed in 1998 to assist businesses in aligning IT solutions with business strategies. • The institute conducts research on the global practices and perceptions of IT governance. The institute makes many of its best practices, case studies, and research papers available for sale or download from its website. SLA Governance Considerations • Who within the company can access the service? • Who within the cloud provider can access the service? • What can those who can access the service do? • Is the solution multitenant? • How is the service secured? • How is the service replicated or collocated? • How can the service be tested and validated? • What is the service uptime? SLA Governance Considerations Continued • How and when is the service maintained? • What controls can be implemented and at what stages of the service? • How are errors and exceptions logged? • How can performance be monitored? • What is the upgrading and versioning process? • What auditing support is provided? Key Terms Chapter Review 1. Define corporate governance. 2. Discuss the events that led up to the need for increased corporate governance. 3. Define business strategy. List five possible business strategies. 4. Discuss the purpose of the Capability Maturity Model. 5. Define auditing. Chapter Review Continued 6. Define internal control and provide an example of a control. 7. Discuss the role Sarbanes/Oxley has played with respect to corporate governance. 8. Define IT governance. 9. List factors one should consider with respect to governing the cloud.
Purchase answer to see full attachment