IS Governance Services

IT Advisory IS Governance Services

ADVISORY

As market pressures force companies to improve the performance of their information systems (IS), Sarbanes-Oxley and other legislation such as the new Hong Kong Corporate Governance requirements are mandating more effective IS risk management. Good IS governance can help balance the opposing forces of performance versus risk. However, according to a global KPMG survey, many organisations either do not possess any form of IS governance or it is out of alignment with business goals and strategies.

KPMG services strategy and goals and corporate According to a 2004 global KPMG KPMG can help align clients’ IS and culture; and we seek to understand the survey: business objectives so they can derive IS strategy, including the company’s • In a recent survey, 83 percent of enhanced value from their information view of IS, the current state of IS, and respondents believe there is room systems while maintaining control future IS plans. for improvement in the company’s over this critical function. Through our 2 Assessing IS governance activities IT governance structure. IS Governance Assessment (ISGA), • More than 50 percent said they In this step, we can perform one of the we can assist clients in managing believe there are risks in not following three reviews: regulatory risk by balancing appropriate aligning IT with the company’s controls with performance goals. • KPMG review, a blend of leading overall business goals. practices, including control An IS governance framework • only 59 percent said their objectives for information and related organisations take corporate There is no quick fix for good IS technology (CoBiT), IT Infrastructure governance seriously. governance and one size does not fit all. Library (ITIL), BS15000, and ISO Many factors come into play, including Source: KPMG Global Survey: Creating Stakeholder 27001 as well as KPMG proprietary Value in the Information Age, 2004 legislation, regulations, corporate criteria. structure, corporate culture, and the importance of IS to the organisation. ISGA provides a framework for IS Oversight Agreement on understanding both external and Committee objectives internal factors and implementing improvements. Our four-step approach Communication Accountability is described on this and the next page. Improving IS governance 1 Understanding IS governance Policies, procedures IS strategy context and strategy and standards We examine external factors such as Risk Performance Project industry regulations, market forces, and management management management competition; we also look at internal considerations such as business Source: KPMG Survey 2004

© 2008 KPMG, a Hong Kong partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International, a Swiss cooperative.All rights reserved. www.kpmg.com.cn www.kpmg.com.hk

• CoBiT review, a generally applicable Why KPMG? KPMG Risk Advisory Services and accepted standard for good IT KPMG has the people, knowledge, Risk Advisory Services assists clients security and control practices. and experience to help you fulfil IS to focus on fundamental business • ITIL review, a set of leading practices governance objectives and standards issues that help increase revenue, control costs, and identify and for IT processes, promoting a quality set by regulators and the marketplace: approach to achieving business manage risks, including the risks • A wealth of experienced resources effectiveness and efficiency in the inherent in the technology systems across our network of member firms used to support business objectives. use of information systems. • our extensive experience in Risk Advisory Services provides 3 Mapping process maturity regulatory environments, including clients with information to empower Sarbanes-Oxley, the Basel Accords, them to meet their strategic and IS governance depends on a collection financial goals. of processes that are in various stages U.S. and International GAAP, and of effectiveness or maturity. We will International Financial Reporting Contact us work with an organisation to develop Standards (IFRS) Beijing a process maturity model for each IS • A sound business approach to Danny Le governance process to help determine technology issues Partner where process weaknesses exist. • vendor independence. [email protected] 4 Recommending process +86 (10) 8508 7091 improvements What is IS Governance? Shanghai We propose recommendations to help • An integral part of corporate Ning Wright you bridge identified process maturity governance Partner gaps. We deliver a remediation plan [email protected] • The responsibility of board identifying tasks, dependencies, and +86 (21) 2212 3602 members and executives timelines. • A mechanism to deliver value, Guangzhou and Shenzhen Henry Lo Benefits manage performance, and mitigate Senior Manager • Helps align technology with business risk IT Advisory goals • A method to assign accountability [email protected] • Provides a framework for measuring for decisions and performance +86 (755) 2547 1209 and managing IS performance • dynamic in alignment with Hong Kong • Helps mitigate risks associated with business goals IS • Policies, procedures, management Thomas Wilson • Facilitates compliance with external Partner committees, performance IT Advisory legislation and regulations, e.g., metrics, and related management [email protected] Sarbanes-Oxley section 404 and techniques working in unison +852 2143 8648 Hong Kong Corporate Governance toward common business goals. provisions Source: KPMG Global Survey: Creating Stakeholder The information contained herein is of a general nature and is not intended to address the • Helps ensure valuable technology Value in the Information Age, 2004 circumstances of any particular individual or entity. Although we endeavour to provide accurate and solutions are delivered on time and timely information, there can be no guarantee that such information is accurate as of the date it is on budget received or that it will continue to be accurate in the • Facilitates effective communication future. No one should act upon such information without appropriate professional advice after a between IS and the business thorough examination of the particular situation. © 2008 KPMG, a Hong Kong partnership • Enhances internal and external and a member firm of the KPMG network of independent member firms affiliated with KPMG customer satisfaction with IS. International, a Swiss cooperative. All rights reserved. Printed in Hong Kong. KPMG and the KPMG logo are registered trademarks of KPMG International, a Swiss cooperative. Publication date: April 2008