Executive's Guide to IT Governance: Improving Systems Processes with Service Management, COBIT, and ITIL


Praise for Executive's Guide to IT Governance

Improving Systems Processes with Service Management, CobiT, and ITIL

"The SOx Act has become a major challenge and an opportunity for most complying organizations. Mr. Moeller presents an excellent discussion of disparate topics such as SOx, internal and external audits, IT, internal controls, risk management, quality audits, and ISO standards."

?S. Rao Vallabhaneni, author, Corporate Management, Governance, and Ethics Best Practices...

See more details below
Other sellers (Hardcover)
  • All (8) from $43.28   
  • New (7) from $43.28   
  • Used (1) from $49.24   


Praise for Executive's Guide to IT Governance

Improving Systems Processes with Service Management, CobiT, and ITIL

"The SOx Act has become a major challenge and an opportunity for most complying organizations. Mr. Moeller presents an excellent discussion of disparate topics such as SOx, internal and external audits, IT, internal controls, risk management, quality audits, and ISO standards."

—S. Rao Vallabhaneni, author, Corporate Management, Governance, and Ethics Best Practices

"Having managed several dozen consultants assisting numerous clients to become SOX-compliant, I can say Bob Moeller truly knows his stuff. This book should be read as much as a technical reference source as for its value as a pragmatic how-to guide. It's packed with winning methods that can be implemented immediately."

—Michael Shapow, Regional Vice President–Consulting Services, Robert Half International

Exploring IT governance and why it is important to general, financial, and IT managers—along with tips for creating a strong governance, risk, and ompliance IT systems process—Executive's Guide to IT Governance explores:

  • Fundamental governance concepts and Sarbanes-Oxley rules
  • Enterprise governance and GRC tools
  • IT governance and COSO internal controls
  • COBIT and the IT Governance Institute
  • ITIL and IT service management guidance
  • IT governance standards and issues
  • Cloud computing, virtualization, and portable mobility computing
  • Impact of social media computing

Straightforward and practical, Executive's Guide to IT Governance provides a no-nonsense framework for identifying, planning, delivering, and supporting exceptional IT services to your business.

Read More Show Less

Product Details

  • ISBN-13: 9781118138618
  • Publisher: Wiley
  • Publication date: 2/11/2013
  • Series: Wiley Corporate F&A Series , #637
  • Edition number: 1
  • Pages: 416
  • Sales rank: 724,351
  • Product dimensions: 7.30 (w) x 10.10 (h) x 1.60 (d)

Meet the Author

ROBERT R. MOELLER, CPA, CISA, ITIL-F, CISSP, is an internal audit specialist and project manager with a strong understanding of information systems, corporate governance, and security. He has over thirty years of experience in corporate gorvernance activities, ranging from launching new internal audit functions in several companies to serving as audit director of a Fortune 50 corporation. He has held positions with Grant Thornton (National Director of Computer Auditing) and Sears Roebuck (Audit Director). Moeller also launched an ethics function for Sears Roebuck, rewrote their corporate code of conduct, and re-engineered their internal control processes. He is the author of six books, also published by Wiley. Moeller is the former president of the Institute of Internal Auditors' Chicago chapter and has served on the IIA's International Advanced Technology Committee. He is also the former chair of the AICPA's Computer Audit Subcommittee.

Read More Show Less

Table of Contents

Preface xiii


Chapter 1: Importance of IT Governance for All Enterprises 3

Chapter 2: Fundamental Governance Concepts and Sarbanes-Oxley Rules 9

Sarbanes-Oxley Act 10

Other SOx Rules—Title II: Auditor Independence 18

SOx Title III: Corporate Responsibility 22

Title IV: Enhanced Financial Disclosures 24

What Is IT Governance? 28

Notes 35

Chapter 3: Enterprise Governance and GRC Tools 37

The Road to Effective GRC Principles 38

Importance of GRC Governance 39

Risk Management Component of GRC 40

GRC and Enterprise Compliance 42

Importance of Effective GRC Practices and Principles 45


Chapter 4: IT Governance and COSO Internal Controls 49

Importance of Effective Internal Controls and COSO 50

COSO Internal Control Systems Monitoring Guidance 65

Wrapping It Up: Importance of COSO Internal Controls 66

Notes 66

Chapter 5: COBIT and the IT Governance Institute 67

An Executive’s Introduction to COBIT 68

The COBIT Framework and Its Drivers 70

COBIT Principle 1: Establish an Integrated IT Architecture Framework 72

COBIT Principle 2: Stakeholder Value Drivers 74

COBIT Principle 3: Focus on Business Context 75

COBIT Principle 4: Governance and Risk Management Enablers 78

COBIT Principle 5: Governance and Management Performance

Measurement Structures 80

Putting It Together: Matching COBIT Processes and IT Goals 81

Using COBIT in a SOx Environment 84

COBIT in Perspective 85

Notes 86

Chapter 6: ITIL and IT Service Management Guidance 87

ITIL Fundamentals 88

ITIL Service Strategy Components 91

ITIL Service Design 94

ITIL Service Transition Management Processes 99

ITIL Service Operation Processes 102

IT Governance and ITIL Service Delivery Best Practices 106

Note 107

Chapter 7: IT Governance Standards: ISO 9001, 27002, and 38500 109

ISO Standards Background 110

ISO 9000 Quality Management Standards 112

ISO IT Security Standards: ISO 27002 and 27001 115

ISO 38500 IT Governance Standard 118

Notes 123

Chapter 8: IT Governance Issues: Risk Management, COSO ERM, and OCEG Guidance 125

Risk Management Fundamentals 126

COSO ERM Definitions and Objectives: A Portfolio View of Risk 134

COSO ERM Framework 136

Other Dimensions of the COSO ERM Framework 152

The OCEG GRC “Red Book,” Risk Management, and IT Governance 153

Notes 157


Chapter 9: Cloud Computing, Virtualization, and Portable, Mobility Computing 161

Understanding Cloud Computing 162

IT Systems and Storage Management Virtualization 168

Smartphone and Handheld IT Device Governance Issues 175

Note 176

Chapter 10: Governance, IT Security, and Continuity Management 177

Importance of an Effective IT Security Environment 177

Enterprise IT Security Principles: Generally Accepted Security Standards 178

Importance of an Effective, Enterprise-Wide Security Strategy 185

IT Continuity Planning 186

The Business Continuity Plan and IT Governance 188

Notes 193

Chapter 11: PCI DSS Standards and Other IT Governance Rules 195

PCI DSS Background and Standards 196

Gramm-Leach-Bliley Act IT Governance Rules 203

HIPAA: Health Care and Much More 208

Notes 216

Chapter 12: IT Service Catalogs: Realizing Greater Value from IT Operations 217

Importance of IT Service Catalogs 219

Role of a Service Catalog in the IT Service Provider Organization 221

An IT Service Catalog’s Content and Features 223

IT Service Catalog Management 224


Chapter 13: Importance of IT Service-Oriented Architecture for IT Governance Systems 231

SOA Applications and Service-Driven IT Applications 232

SOA Governance, Internal Control Issues, and Risks 235

Planning and Building an SOA Implementation Blueprint 236

SOA and IT Governance 242

Chapter 14: IT Configuration and IT Portfolio Management 247

IT Configuration Management Concepts 248

ITIL Best Practices for IT Configuration Management 250

The Configuration Management Database: An Often Difficult Concept 254

Establishing an Enterprise CMDB 255

IT Portfolio Management 259

Chapter 15: Application Systems Implementations and IT Governance 263

The Systems Development Life Cycle: A Basic Application Development Technique 264

IT Rapid Development Processes: Prototyping 266

Enterprise Resource Planning and IT Governance Processes 268

Chapter 16: IT Governance Issues: Project and Program Management 275

The Project Management Process 275

PMBOK Standards 277

Another Project Management Standard: PRINCE2 280

IT Systems Portfolio and Program Management 280

The Program Management Office (PMO), a Strong Governance Resource 284

Project Management, the PMO, and IT Governance 286

Note 286

Chapter 17: Service Level Agreements, itSMF, Val IT, and Maximizing IT Investments 287

ITIL Service Management Best Practices and the itSMF 288

Open Compliance and Ethics Group (OCEG) Standards 292

Val IT: Enhancing the Value of IT Investments 298

Notes 305


Chapter 18: Enterprise Content Management 309

ECM Characteristics and Key Components in the Enterprise Today 310

ECM Processes and IT Governance 310

Creating an Effective ECM Environment in the Enterprise 314

Chapter 19: Internal Audit’s Governance Role 319

Internal Auditing History and Background 320

Internal Auditing and the IT Auditor 323

Internal Audit’s IT Governance Activities and Responsibilities 323

Internal Audit IT Governance Standards 329

Internal Audit IT Governance Procedures 329

Note 334


Chapter 20: Creating and Sustaining an Ethical Workplace Culture 337

Importance of Mission Statements 337

Enterprise Codes of Conduct 340

Whistleblower and Hotline Functions 347

Launching an Ethics Program and Improving

Enterprise Governance Practices 352

Note 353

Chapter 21: Impact of Social Media Computing 355

What Is Social Media Computing? 356

Social Media Examples 358

Enterprise Social Media Computing Risks and Vulnerabilities 365

Social Media Policies 367

Notes 370

Chapter 22: IT Governance and the Audit Committee’s IT Role 371

The Enterprise Audit Committee and IT Governance 371

Audit Committee IT Governance Responsibilities 374

Audit Committee Briefings and IT Governance Issues 375

About the Author 377

Index 379

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)