IT Governance
(ICT407)
Assignment 4 Cover Sheet
Assessment Type: |
Invigilated Report |
Weighting: |
20% |
Due Date: |
Week 12, Sunday, 15 June
2024 |
Number of Attempt |
1 (One) |
Full Name |
|
Student ID |
|
Executive Summary
The university has many campuses in Perth it has recently concentrated its payroll system in the HR department compared to the earlier localised payroll management system in every single campus. Due to this change, it is necessary to revise the IT Governance framework to enhance its safety, and functionality and make it compliant with the university standards. The Business Proposal section of the report describes a communication plan to restructure the university's IT Governance to support the needed improvement in the payroll system processes.
Specific areas of concern include the evaluation of the current governance system and the establishment of a new governance system, the detection of risks, and the implementation of measures for tracking the achievement of performance indicators. Also, the selection of the COBIT 2019 framework as recommended within this proposal ensures that the university acquires a reputable and rigid governance structure that compliments the multiple and diverse campuses. Further, this paper presents a change management plan together with an appropriate implementation plan to facilitate a seamless transition. The availability of budget analysis and ROI proves the financial feasibility of the project and its utility in the future.
This proposal seeks to enhance IT governance in the areas that would help minimize the risks, enforce compliance, and optimize the university’s payroll data.
Business Context and Objective
Business Context
The university with several campuses across the city of Perth was formerly using uncoordinated payroll systems run by individual campuses. More recently, the university implemented a centralized payroll system in which the responsibility for all aspects of the compensation process for all campuses rests within the human resource department. Though this change has added efficiency to the operations of the payroll systems, it has raised new issues such as heightened data management issues security issues, and governance challenges.
Business Objective
The main aim of this proposal is to enhance the existing standards of the IT Governance framework in the university. This will ensure that pay movements made by the new payroll system will be regulated and coordinated properly and confirmed to the stated policies of the university and then to the overall operations of the university. By improving governance, the university can:
Improper access to data increases and risk to payroll information that requires special protection.
Payroll should be efficient to serve its basic function which is to pay employees promptly and in the correct amount.
They should define how the proposed system will allow for growth in the future.
Reduce the organizational operational risks and avoid leakage or system breakdowns.
Relative to this business proposal, it is hereby proposed that a governance framework that is conducive to the existing IT and administrative plans of the university be established.
The goal is to facilitate an effective, safe, and compliant payroll service for all campuses by improving instructions issued within the area.
Current State Assessment
The implementation of the change in the payroll systems that are in the university, the current system of governance of IT was fragmented because of the decentralised system of management of payrolls. Every campus had an individual centre responsible for payroll, which means that there were disparities in managing, filing, and saving payroll data. While this approach afforded each campus administrative flexibility to possibly customize their operations, there was no top-tier IT governance structure that implemented standardization, enforceability, and security in the whole university system.
Following the introduction of the centralized payroll system, several issues have been identified:
Inconsistent Security Protocols: Indeed there were many layers of security in the decentralized system, though most of them remain irrelevant today (ISACA, 2019). Electronic payroll processing at the university condenses the university-sensitive payroll data which opens up new threats that have to be controlled through enhanced governance.
Data Management Gaps: The lack of a good governance system to handle the bulk of payroll data has made it challenging to manage large data sets especially based on data integrity and security.
Compliance Challenges: With a centralized system, there is always the question of how to ensure that the regulatory and meeting compliance needs of all the campuses are well met (ISACA, 2019). The absence of a standard governance model to a certain extent minimizes the possibility of their compliance with all the existing policy and regulatory requirements.
Lack of Accountability: The transition to such a system has also left some holes in the public’s accountability system as well. Under the decentralized system, every campus had its team responsible for the payroll (ISACA, 2019). It has been observed for decades that while implementing new systems, a rather poorly defined line of authority at different campuses for handling the payroll process.
Proposed IT Governance
Based on the difficulties highlighted in the current state assessment, it is proposed to switch to the use of COBIT 2019 as a framework for developing IT Governance improvements (Curtis, 2019). COBIT 2019 being a recent model offers a reference framework through which enterprise IT assets are governed to achieve the enterprises’ objectives and manage risks whilst maximizing resources (Ghosh, 2024).
The COBIT framework is particularly suited to the university’s multi-campus, centralized payroll system for several reasons:
Risk Management: COBIT 2019 is informative on how best to reason out and manage IT risks which is crucial when handling payroll information (Ghosh, 2024).
Compliance and Security: COBIT emphasizes control objectives for compliance with the regulatory requirements, using those objectives in the management of the payroll data for a large organization like a university is very useful.
Alignment with Organizational Goals: By using COBIT, it is possible to give governance to the IT in such a manner that the strategic university’s goals are achieved and uphold the payroll system to be operational, efficient, and well compared to the governance policies(Ghosh, 2024).
Scalability and Flexibility: The framework is elastic and by its application, the university can be able to develop an elaborative IT governance model depending on the growth of the payroll system(Ghosh, 2024).
Governance Structure
The health of the centralized payroll system will be subjected to a sound governance structure to facilitate proper accountability and decision-making processes. The key components of the governance structure are as follows:
IT Governance Committee: This particular committee will be responsible for the overall IT governance of the university and business goals and responsibilities for the payroll system at the facility (Lano, 2024).
Roles and Responsibilities:
Chief Information Officer (CIO): This is in charge of overseeing the standard and practice of IT governance framework in all the campuses.
HR Team: Responsible for treating the daily activities of the payroll process.
Data Security Officer: Responsible for the payroll system to meet the general data protection regulations in place and protect against cybercrimes (Chow, 2022).
IT Compliance Manager: This is responsible for checking internal compliance with the university policies and external compliance with required standards.
Risk Management
To avoid potential risk factors resulting from a centralized payroll system risk management should be well developed. The following key risks have been identified:
Data Breach: Payroll information considered to be very sensitive is stored under the centralized system. Despite this, unauthorized access and loss of data are threats that are likely to surface in case of the absence of better security measures in place. To combat this, the university will deploy MFA, employ encryption, and conduct periodic security reviews (Charles, 2023).
System Downtime: Disruptions in this part cause payment disruptions and other problems that are associated with the payment of employees. The university will have a high level of availability of its infrastructures and systems with enterprise disaster recovery.
Compliance Risks: This system must also be compliant with data protection laws including the Australian Privacy Act. It means that the IT Compliance Manager will periodically assess system operations to confirm full compliance (Charles, 2023).
Internal Fraud: Internal fraud involving payroll systems is possible if monitoring of those systems is not properly checked. To mitigate this risk, the university shall institute the following controls, audit trails, segregation of duties, and; continuous monitoring.
Performance Metrics
To measure the success of the IT Governance changes, several Key Performance Indicators (KPIs) will be implemented:
System Uptime: Set an availability of 99.9% for the payroll system so that payroll processing does not suffer a lot.
Data Breach Incidents: about and aim at achieving compliance and an incident-free year without any data breaches (Secureframe, 2023).
Payroll Processing Time: Determine salary processing time normally taken in campuses, seeking to cut down the processing time across the various campuses.
User Satisfaction: Carry out periodic polls of Human Resources and academic staff to know the level of usefulness of the payroll system.
Compliance Audits: In this case, it is expected that compliance checks should be conducted on teams and these should always produce a 100% compliant result from the resort to the regulatory guidelines set (Secureframe, 2023).
Implementation Plan
The implementation plan outlines the steps needed to adopt the new IT governance framework:
Phase 1: Present an in-depth analysis of the inventory of the current IT governance practices existing in all the campuses. What would have been done differently?
Phase 2: Deploy and use the COBIT 2019 framework to begin formalisation to set up roles and responsibilities of the organisational governance structure (Multimatics, 2019).
Phase 3: Introduce the framework for the risk management policies, the protection of data, compliance, and testing of disaster recovery plans.
Phase 4: It consists of training sessions for key stakeholders, such as IT, HR, and compliance personnel (Multimatics, 2019)
Phase 5: Organization Development Evaluation before each department completes its detailed IT planning and before each annual planning. Monitor and measure organisational performance using the above-developed performance metrics.
Figure 1: Implementation Planning
Source: (Author, 2024)
Change Management Strategy
This paper concludes that implementing the new IT governance framework requires efficient management of change. The strategy includes the following components:
Stakeholder Engagement: In this project, get in touch with all the most crucial stakeholders which are the IT department, HR, and the campus administration right from the start (REALTECH, 2024).
Communication Plan: The following is made clear to ensure that all the various stakeholders are kept informed of the project: This will involve setting up a solid online and offline program to provide amongst others updates, workshops, and feedback.
Training Programs: Educate the IT and HR staff members fully on the new governance structure and how the system will function (REALTECH, 2024).
Managing Resistance: Minimize surety resistance by discussing the advantage of embracing the new governance framework through; enhanced security, efficiency, and statutory compliance (REALTECH, 2024).
Budget and ROI
The estimated budget for implementing the proposed IT governance framework includes:
Framework Implementation: AUD 150,000 would be required for the installation of COBIT 2019 and integration with university policies.
Training Costs: Current year AUD 50,000 for stakeholders’ training and outside consultants for conducting COBIT training.
Infrastructure Upgrades: AUD 100,000 for 2FA and encryption, disaster recovery plans, and second-site backup solutions.
Compliance Monitoring: AUD 20,000 on a yearly manner for sparing continual compliance audits and reviews.
The total cost of implementing it at the initial stage can range from AUD 300,000.
ROI: The enhancements in the centralized system give the idea that efficiency and compliance in data security and payroll processing will decrease and cut down potential threats of data breaches. The ROI is then expected within three years by the increase in cost savings on operation costs and improved system security to the university.
References
? Curtis, B. (2019). The Value of IT Governance. ISACA. https://www.isaca.org/resources/news-and-trends/industry-news/2020/the-value-of-it-governance/
? ISACA. (2019). Effective IT Governance at Your Fingertips. ISACA. https://www.isaca.org/resources/cobit
? Multimatics. (2019). COBIT 2019: The 7 Phases of Implementation Life Cycle. Multimatics.co.id. https://multimatics.co.id/insight/apr/cobit-2019-the-7-phases-of-implementation-life-cycle
? REALTECH. (2024, May 21). IT compliance and IT governance in Change Management. REALTECH. https://www.realtech.com/smart-itsm/change-management-it-compliance-it-governance/?lang=en
Charles, A. (2023, May). Understanding COBIT: COBIT Framework, Structure, Components & Benefits. Koenig-Solutions; Koenig Solutions. https://www.koenig-solutions.com/blog/learn-everything-about-the-cobit-and-cobit-framework?keyword=&device=c&utm_source=google&utm_medium=cpc&utm_device=c&utm_campaign=P-Max-adgroup-&gad_source=1&gclid=Cj0KCQjwjY64BhCaARIsAIfc7YZPhAsz2UdKonMRiobedOYWJonmQBsBIF6Kbeq82qSpJfUbRPyN1WkaAg9VEALw_wcB
Chow, C. (2022). IT Governance Roles and Responsibilities . Cybiant. https://www.cybiant.com/knowledge/it-governance-roles-and-responsibilities/
Ghosh, S. (2024, June 10). COBIT 2019: A Roadmap for Effective IT Governance in the Modern Age. Medium. https://medium.com/@siladityaghosh/cobit-2019-a-roadmap-for-effective-it-governance-in-the-modern-age-edc53e0e53f6#:~:text=Governance%20System%20Design%20Factors%3A%20COBIT,a%20well%2Drounded%20governance%20system
Lano. (2024). What is payroll governance? Lano.io. https://www.lano.io/academy/payroll/payroll-management/what-is-payroll-governance
Secureframe. (2023). Data Governance Metrics and KPIs. Secureframe. https://secureframe.com/hub/grc/data-governance-metrics
