Review the following case study and answer the questions at the end of the case study.
MoMP CobIT Case Study
While attending one of the ISACA continuous professional education (CPE) sessions related to optimizing IT spending using COBIT 5 practices, it was surprising to realize that many IT audit and assurance professionals who attended the session confided having difficulty in initiating governance of enterprise IT (GEIT) and wished they had more insight on where to begin when implementing GEIT in their respective organization. This article describes the experience of initiating GEIT at the
The Primary Stakeholders
The MoMP was established to regulate the labor market by providing stable work environments with a productive national workforce with the contribution from all three stakeholders (government, employers and employees) and to increase the percentage of national man power in the private sector to enhance its role in supporting the national economy. One of the objectives of MoMP is building an integrated labor market informational system and preparing the national labor force register with the aim of developing human resources (HR) in the country and ensuring their optimum utilization.
The Information Technology Authority (ITA), Sultanate of Oman, was established to implement national IT infrastructure projects and supervise all projects related to implementation of the Digital Oman Strategy while providing professional leadership to various other e-governance initiatives of the Sultanate. ITA serves as a competency center on best practices in e-governance and in harnessing information and communication technologies (ICTs), thereby offering efficient and timely services, integrating processes, and improving efficiency in service delivery.
The Background
In alignment with the eOman e-Transformation vision of 2020 as part of the Digital Oman Strategy, ITA mandated services provided by all the Ministries to be transformed into electronic format and, consequently, qualifying as many as 145 key government services that MoMP provides to the sponsors (companies), residents (expatriates) and citizens (Omani nationals) as part of the e-governance initiative.
As a response to the mandate, MoMP’s network and information security department and systems and applications development department set out to first implement an information security management system (ISMS) across the entire Ministry, adopting ISO/IEC 27001:2005 in 2010 and, subsequently, getting certified in 2011. It took the initiative until 2012 to setup a project management department as a provision to effectively and efficiently manage several IT projects associated with MoMP e-Transformation Strategy. The project management department adopted a combination of the Projects in Controlled Environments version 2 (PRINCE2) methodology and the Project Management Institute’s A Guide to the Project Management Body of Knowledge (PMBOK Guide) for the project management system (PMS). Additionally, it adopted Information Technology Infrastructure Library version 3 (ITIL V3), as an ITSM methodology to manage the IT services provided to the internal and external stakeholders, and to manage the e-services provided to the MoMP beneficiaries.
The Challenges
The biggest challenge was the unstructured awareness, absence of training and the knowledge gap of IT governance among the stakeholders within MoMP. The situation was made trickier due to the prevalence of inaccurate information and incorrect perceptions about the term “governance” itself. The “unlearning” and “relearning” was quite an uphill task, and it took a majority of the time and efforts.
ITA also acknowledged1 the challenges of obsolete technologies, lack of sharing of infrastructure and data, ad hocapplication development and manual government services. As a solution, it introduced an enterprise architecture framework specifically designed for ministries and other government entities. The framework was aptly titled the Oman e-Governance Architecture Framework (OeGAF), a set of standards/best practices and process management systems to enhance the delivery of government services in alignment with the mission of ITA.
At MoMP, the ISMS was already quite mature and generally accepted by the stakeholders; however, since the PMS and the ITSM were relatively new, there were mixed feeling about the effectiveness and value of additional systems. Furthermore, there were concerns raised about additional paperwork and documentation related to these 2 systems, which were perceived as a burden to an already overloaded MoMP staff of more than 5,000 employees across numerous branches, locations and directorates.
Another challenge was that while the ISMS was more prescriptive in nature, the PMS and the ITSM were more adaptive, more like guidelines. Hence, initially the ISMS team was somewhat reluctant to cooperate with the other two teams, fearing noncompliance in their control objectives.
Choosing a Framework
The PMS team realized that their current role needed enhancement to address the challenges at hand. Hence, it was transformed into a functional IT project and program management office (IT PMO), within the network and information security department and the systems and applications development department.
After conducting carefully facilitated workshops with the identified stakeholders, the IT PMO eased all fears and reluctance relating to common pain areas, and common functional and organizational objectives. Eventually, the ISMS and IT PMO teams joined hands forming the process engineering group (PEG) as a potential IT governance implementation team.
One of the critical points of initial discussions was how to integrate the external mandates, along with 3 somewhat divergent management systems (ISMS, ITSM and PMS). Some of the other points raised were: who would be held responsible and accountable for the different interdependent functional duties and who would provide direction for the strategies.
The PEG team was tasked to research, review and analyse the drivers and the pain areas. It determined that the gap or the missing piece was IT governance, especially since MoMP had already embarked on the e-governance journey. Various options for implementing IT governance and available frameworks were categorically and systematically reviewed and, finally, the PEG recommended COBIT 5 as the solution for the implementation of GEIT, specifically its 5 principles
⦁ Who are the stakeholders and how did they go about identify them? (what activity was conducted)
Review the following case study and answer the questions at the end of the case study.
MoMP CobIT Case Study
While attending one of the ISACA continuous professional education (CPE) sessions related to optimizing IT spending using COBIT 5 practices, it was surprising to realize that many IT audit and assurance professionals who attended the session confided having difficulty in initiating governance of enterprise IT (GEIT) and wished they had more insight on where to begin when implementing GEIT in their respective organization. This article describes the experience of initiating GEIT at the
The Primary Stakeholders
The MoMP was established to regulate the labor market by providing stable work environments with a productive national workforce with the contribution from all three stakeholders (government, employers and employees) and to increase the percentage of national man power in the private sector to enhance its role in supporting the national economy. One of the objectives of MoMP is building an integrated labor market informational system and preparing the national labor force register with the aim of developing human resources (HR) in the country and ensuring their optimum utilization.
The Information Technology Authority (ITA), Sultanate of Oman, was established to implement national IT infrastructure projects and supervise all projects related to implementation of the Digital Oman Strategy while providing professional leadership to various other e-governance initiatives of the Sultanate. ITA serves as a competency center on best practices in e-governance and in harnessing information and communication technologies (ICTs), thereby offering efficient and timely services, integrating processes, and improving efficiency in service delivery.
The Background
In alignment with the eOman e-Transformation vision of 2020 as part of the Digital Oman Strategy, ITA mandated services provided by all the Ministries to be transformed into electronic format and, consequently, qualifying as many as 145 key government services that MoMP provides to the sponsors (companies), residents (expatriates) and citizens (Omani nationals) as part of the e-governance initiative.
As a response to the mandate, MoMP’s network and information security department and systems and applications development department set out to first implement an information security management system (ISMS) across the entire Ministry, adopting ISO/IEC 27001:2005 in 2010 and, subsequently, getting certified in 2011. It took the initiative until 2012 to setup a project management department as a provision to effectively and efficiently manage several IT projects associated with MoMP e-Transformation Strategy. The project management department adopted a combination of the Projects in Controlled Environments version 2 (PRINCE2) methodology and the Project Management Institute’s A Guide to the Project Management Body of Knowledge (PMBOK Guide) for the project management system (PMS). Additionally, it adopted Information Technology Infrastructure Library version 3 (ITIL V3), as an ITSM methodology to manage the IT services provided to the internal and external stakeholders, and to manage the e-services provided to the MoMP beneficiaries.
The Challenges
The biggest challenge was the unstructured awareness, absence of training and the knowledge gap of IT governance among the stakeholders within MoMP. The situation was made trickier due to the prevalence of inaccurate information and incorrect perceptions about the term “governance” itself. The “unlearning” and “relearning” was quite an uphill task, and it took a majority of the time and efforts.
ITA also acknowledged1 the challenges of obsolete technologies, lack of sharing of infrastructure and data, ad hocapplication development and manual government services. As a solution, it introduced an enterprise architecture framework specifically designed for ministries and other government entities. The framework was aptly titled the Oman e-Governance Architecture Framework (OeGAF), a set of standards/best practices and process management systems to enhance the delivery of government services in alignment with the mission of ITA.
At MoMP, the ISMS was already quite mature and generally accepted by the stakeholders; however, since the PMS and the ITSM were relatively new, there were mixed feeling about the effectiveness and value of additional systems. Furthermore, there were concerns raised about additional paperwork and documentation related to these 2 systems, which were perceived as a burden to an already overloaded MoMP staff of more than 5,000 employees across numerous branches, locations and directorates.
Another challenge was that while the ISMS was more prescriptive in nature, the PMS and the ITSM were more adaptive, more like guidelines. Hence, initially the ISMS team was somewhat reluctant to cooperate with the other two teams, fearing noncompliance in their control objectives.
Choosing a Framework
The PMS team realized that their current role needed enhancement to address the challenges at hand. Hence, it was transformed into a functional IT project and program management office (IT PMO), within the network and information security department and the systems and applications development department.
After conducting carefully facilitated workshops with the identified stakeholders, the IT PMO eased all fears and reluctance relating to common pain areas, and common functional and organizational objectives. Eventually, the ISMS and IT PMO teams joined hands forming the process engineering group (PEG) as a potential IT governance implementation team.
One of the critical points of initial discussions was how to integrate the external mandates, along with 3 somewhat divergent management systems (ISMS, ITSM and PMS). Some of the other points raised were: who would be held responsible and accountable for the different interdependent functional duties and who would provide direction for the strategies.
The PEG team was tasked to research, review and analyse the drivers and the pain areas. It determined that the gap or the missing piece was IT governance, especially since MoMP had already embarked on the e-governance journey. Various options for implementing IT governance and available frameworks were categorically and systematically reviewed and, finally, the PEG recommended COBIT 5 as the solution for the implementation of GEIT, specifically its 5 principles
⦁ Who are the stakeholders and how did they go about identify them? (what activity was conducted)
