Transcription
MOPANI DISTRICT MUNICIPALITYINFORMATION TECHNOLOGYIT GOVERNANCE FRAMEWORKVersion 1.1
IT Governance FrameworkTABLE OF CONTENTSDescriptionPagesVersions Control3Definitions of Abbreviations and Terms41. Introduction62. What is Corporate Governance63. What is ICT Governance64. Purpose of the ICT Governance Framework75. Scope of the Framework76. Legislative Framework87. Objectives of the ICT Governance Framework88. Benefit of ICT Governance89. The Framework and Standards Base810. The ICT Governance Principles911. Mopani District Municipality ICT Governance Enabling Structures1012. ICT Governance Oversight Structure1113. Roles and Responsibilities11Implementation1314. Approach1315. High Level Implementation Process1416. ICT Governance Processes (COBIT )1417. IT Processes1518. References17Annexure A: Full Description of the Public Service ICT Governance principles18 Mopani District Municipality 20122
IT Governance FrameworkVERSION ekgala MJFirst Draft1.12015/07/20Rasekgala MJAlignment to other policiesGrammar improvementYearly review Mopani District Municipality 20123
IT Governance FrameworkDEFINITIONS OF ABBREVIATIONS AND TERMSAccountabilityEnsuring that the actions of an entity or individual may be traceduniquely to that entity or individual, who may then be held responsiblefor that action.AG or AGSAAuditor General of South AfricaAuthenticationAuthentication is the act of verifying the identity of a user or process. Itis the process of determining whether someone or something is, in fact,who or what it is declared to be. It answers the question: “Are you whoyou say you are?”AuthorisationThe function of specifying access rights to information technologyresourcesAvailabilityBeing accessible and useable upon demand by an authorised entityCIOChief Information OfficerCOBIT Control Objectives for Information TechnologyConfidentialitythe principle that information is not made available or disclosed tounauthorised individuals, entities or processesCorporate Governance “ the set of responsibilities and practices exercised by the board andexecutive management with the goals of providing strategic direction,ensuring that objectives are achieved, ascertaining that risks aremanaged appropriately and verifying that the enterprise resources areused responsibly”. (IT Governance Institute Glossary:5)Information &applications and systems to support the business, utilising informationCommunicationtechnology as an enabler or toolSystemsGovernance of ICT“The system by which the current and future use of IT is directed andcontrolled. It involves evaluating and directing the plans for the use of ITto support the organisation and monitoring this use to achieve plans. Itincludes the strategy and policies for using IT within an organisation”(ISO 38500: 2008:9)Governance principles The vehicle to translate the desired behaviour into practical guidancefor day-to-day management (COBIT 5 Framework Exposure Draft:29)ICTInformation and Communication TechnologyICTGFICT Governance FrameworkInformation Technology any equipment or interconnected system or subsystem of equipment,that is used in the automatic acquisition, storage, manipulation,management, movement, control, display, switching, interchange,transmission or reception of vocal, pictorial, textual and numerical dataor informationInstitutionNational and provincial departments and public entities reporting tothese departments, including their subsidiaries and trading entities;municipalities and municipal entities, and independent institutionsestablished in terms of the constitution of the Republic of South AfricaISACAInformation Systems Audit and Control AssociationITInformation TechnologyITGI IT Governance InstituteITOInformation Technology Office, manned by the ICT practitioners. Mopani District Municipality 20124
IT Governance FrameworkKing IIIMANCOMDMMMMonitoringThe King Code of Corporate Governance for Southern Africa 2009Management Committee, composed of senior managers and MMMopani District MunicipalityMunicipal Managerperformance measurement to ensure the confidentiality, availability andintegrity of operational systems and informationMTEFMunicipalityMedium Term Expenditure FrameworkMopani District Municipality, established in terms of Constitution ofSouth AfricaRisk AppetiteThe amount of residual risk that the institution is willing to accept.(PSRMF 2012:15)Risk ManagementA systematic and formalised process to identify, assess, manage, andmonitor risks (PSRMF 2010:16)SLAService Level AgreementSITAState IT AgencyWhere reference is made to one gender in this policy it also includes and refers to the othergender. Mopani District Municipality 20125
IT Governance Framework1.INTRODUCTION1.1.1In the recent years there has been a growing realisation of the importance ofcorporate governance of IT, as emphasised by King III (Chapter 5)1, the PRC2 reportand AG findings.ICT Governance as being an integral part of corporate governance also needs to be address as animportant aspect.1.2.1.3.Political (executive authority) and Senior (executive) Management leadership of themunicipality need to extend governance as a good management practice to ICT andevaluate, direct, and monitor the execution of ICT in line with the strategies of themunicipality.1.4.There are international and national mechanism available that provides guidance andframeworks for the implementation of governance of ICT, such as:a) King IIIb) ISO 38500c) COBIT 1.5.It is therefore important that the municipality understands and manage the risks,benefits, and constraints of ICT. As a consequence, the executive leadership andmanagement should understand the strategic importance of ICT, assumeresponsibility for the ICT governance and place it on the strategic agenda. In order toachieve this, the municipality needs to implement a governance system for the ICTFramework (ICTF).2. WHAT IS CORPORATE GOVERNANCE2.1.2.2.2.3.The purpose of corporate governance is to create value for the stakeholder of PublicService. It consists of a governance system that effect the way the Public ServiceInstitutions are managed and controlled. It also defines the relationships betweenstakeholders and the strategic goals of the Public Service and Institutions.Corporate governance is a vehicle through which value is created within Institutionalcontext. Value creation means realizing benefits at an optimal resource cost whilstoptimizing risk. This value creation takes place within a governance system that isestablished through this Framework.Corporate Governance is also concerned with individual accountability andresponsibilities within an Institution; it describes how the instruction institution isdirected and controlled. It is in particular concerned with the Organisationmanagement and policies.3. WHAT IS ICT GOVERNANCE3.1.3.2.12The ICT Governance is a subset of corporate governance and is an integral part ofthe governance system within an institution.The ICT Governance is defined as “the system by which the current and future use ofIT is directed and controlled. It involves evaluating and directing the plans for the useKing III Report on Good Corporate Governance, Chapter 5: The Governance of ICTPresidential Review Commission Report: 1998 Mopani District Municipality 20126
IT Governance Framework3.3.3.4.of IT to support the organisation and monitoring this use to achieve the plans. Itincludes the strategy and policies for using IT within an organisation”. (SANS 38500:2008:9)The executive authority (i.e. Council) and the executive management (i.e.Management Committee) of Mopani District Municipality are accountable andresponsible to ensure that governance of ICT is implemented in line with thisframework.Effective governance of ICT in the municipality will be effected by:a) Assigning responsibilities to executive and/or senior managers with decisionmaking authority,b) Utilizing appropriate governance mechanisms,c) Aligning ICT goals with business (municipality) goals and ensuring that business(municipality) benefits are realised and risk managed,d) Investing in ICT to enable the municipality in the realization of business(municipality) value,e) Ensuring that appropriate business ownership of ICT projects are established,f) Providing the necessary capacity and capability in ICT to support business(municipality), andg) Ensuring that ICT is monitored and measured.4. PURPOSE OF THE ICT GOVERNANCE FRAMEWORK4.1.The purpose of this ICTGF is to institutionalize the ICT governance as an integralpart of corporate governance within the municipality in order to:a) Align the ICT of the municipality with the strategy of the municipality;b) Provide an on-going means to solicit the broad range of professional expertiseand insight that are necessary to enable high-quality enterprise ICT planning andmanagement;c) Define roles and responsibilities that are necessary to ensure proper ICTgovernance;d) Enable new strategic capabilities that allow Mopani District Municipality and all itsbusiness units to operate efficiently, effectively, economically, and sustainably;e) Identify and manage risks and protect Mopani District Municipality resources; andf) Appropriately balance the need for coordinated action at municipal level.5. SCOPE OF THIS FRAMEWORK5.1.5.2.This ICT Governance Framework applies to Mopani District Municipality and all of itsentities as per prescription of the Constitution of the Republic South Africa Act No.108 of 2006, Municipal Finances Management Act No. 56 of 2003, and MunicipalStructures Act No. 32 of 2000.The framework looks at a number of aspects of ICT governance, namely Structures,Processes, Communications, Roles and Responsibilities, and Implementation. Mopani District Municipality 20127
IT Governance Framework6. LEGISLATIVE REQUIREMENTS6.1.The following are the legislations applicable to and within the context of thegovernance of ICT within Mopani District Municipality:a)b)c)d)Municipal Finances Management Act No. 56 of 2003,Municipal Structures Amendment Act No. 33 of 2000Municipal Systems Act No. 32 of 2000, andState Information Technology Agency Act No. 108 of 19987. OBJECTIVES OF THE ICT GOVERNANCE FRAMEWORK7.1The following are the framework objectives:a)b)c)d)Establish ICT Governance implementation guideline for the municipality;Embed governance of ICT as a subset of corporate governance within MDM;Create business value through ICT enablement;Achieve ICT service delivery performance by conforming to relevant internal andexternal frameworks, standards, and practices;e) Implement governance of ICT in the municipality based on COBIT ; andf) Function of Management of ICT as an integral part of the Executive Management(Management Committee) of the municipality.8. BENEFIT OF ICT GOVERNANCEa)b)c)d)e)f)g)h)Improve public service delivery;Increased productivity;Increased access to information and services;Improved return on investment in ICT;Improved management of risks associated with ICT;Improved communication;Improved delivery of ICT service;Improved trust between ICT unit and the business (other units of themunicipality);i) Increased alignment of investments in ICT and strategic goals of the municipality;j) Continuous improvement of business and ICT alignment; andk) Improved ICT programme and project management.9. THE FRAMEWORK AND STANDARDS BASE9.1.From the governance perspective this framework is based on the following:a) The King Report on Good Corporate Governance (currently in its thirditeration). King III Report is the most commonly accepted corporate governanceframework in Southern Africa and also applicable in Public Service. It has alsobeen used to provide the governance of ICT principles and establishes therelationship between corporate governance and the governance of ICT. King III isapplied on a comply-or-else-explain basis, and is therefore adaptable to anycorporate environment. Mopani District Municipality 20128
IT Governance Frameworkb) ISO/IEC 385003 is internationally accepted as the standard for governance of ICTand provides governance principles and model. This international standard isadopted by South Africa as SANS 38500.c) COBIT is an internationally accepted process framework for theimplementation of governance of ICT.9.2.Considering the size and the complexity of the ICT operations, MDM elected to adoptthe following related standards and frameworks:a)b)c)d)e)Enterprise Architecture (e.g. GWEA/TOGAF)ICT Security (e.g. ISO 27 000 set)Service Management (e.g. ITIL)Interoperability Standards (e.g. MIOS)Portfolio, Programme, and Project Management (e.g. PRINCE 2/PMBOK)9.3.Training plans are to be developed and implemented in order to skill the relevant ITpersonnel in order to ensure proper implementation of the above mentionedframeworks and/or standards.10.THE ICT GOVERNACE PRINCIPLES10.1.The ICT Governance Framework (ICTGF) of MDM is based on principles asexplained in the international standard for IT governance, ISO/IEC 385003, King IIIReport, and COBIT .10.2.Table 1. Governance of ICT PrinciplesPrincipleNumber1.Principle DescriptionExecutive Mayor/Executive Authority is accountable to ensurethat:f)2.An ICT Governance Framework is implemented in themunicipality, andg) The business and ICT strategic goals/intents of MDM arealigned with political mandate.Accounting Officer (Municipal Manager) is accountable for:a) The implementation of the governance of ICT in themunicipality,b) Ensuring that the management practices embrace theconcepts of delegation of authority, personal responsibility,accountability, and performance management,c) The development of an ICT management policy for theinstitutional management of ICT,d) Monitor the effectiveness of the governance of ICT, ande) Ensuring that IT is aligned with the performance andsustainability objectives of the municipality.3ISO/IEC 38500 Mopani District Municipality 20129
IT Governance Framework3.4.Executive/Senior Management (Management Committee) isaccountable to ensure:a) ICT is aligned with the strategic and business objectives of themunicipality,b) Business related ICT goals are cascaded throughout themunicipality for implementation,c) A fit for purpose ICT capacity and capability is created to meetcurrent and future business requirements,d) Monitoring and evaluation of significant ICT investments andexpenditure,e) Proper management of critical ICT resources,f) Information assets are managed efficiently, andg) Performance management by tracking and monitoring strategyimplementation, project success, resource usage, processperformance, and service delivery.The Risk Management Committee and The Audit Committeeshould assist the Accounting Officer and the Executive Authority incarrying out their ICT accountability and responsibilities.Management of risks associated with ICT should form an integralpart of the management of risks in the municipality.Risks associated with ICT should be managed by addressing thesafeguard of ICT assets, developing and implementing disasterrecovery and continuity of business operations of the municipality.11.11.1MOPANI DISTRICT MUNICIPALITY ICT GOVERNANCE ENABLING STRUCTURESTo give effect to the recommendations of this governance framework and to improvethe delivery of ICT service in the municipality, different structures/entities have to beestablished: These include:a) The IT Division (also referred to as IT Office or ITO), located within theCorporate Services Directorate, headed by the Assistant Director at post levelthree, reporting to Director for Corporate Services, was established to align andexecute ICT service delivery with the strategic plans/intent and managementplans of the municipality;b) Contracted Service Providers (such as SITA, Fujitsu (Pty) Ltd, PayDaySoftware Systems (Pty) Ltd, etc.) as appointed from time to time, are utilized asthe ICT execution arms of the municipality for delivery of ICT service;c) Mopani District ICT Forum, composed of ICT and related practitioners withinMopani district municipalities, established to share challenges, successes,standards, and for benchmarking amongst municipalities within Mopani Districtand beyond. The forum has also been established with a view of enabling sharingof ICT resources were economics of scale will benefit all municipalities. Projectsthat are of common interest and benefit to all municipalities within Mopani Districtwill also be identified, discussed, and implemented through this forum to realizebenefit of economics of scale. A Shared Services Centre business case study willalso be done through this forum. Mopani District Municipality 201210
IT Governance Frameworkd) The ICT Steering Committee is to be established to bring about and promoteprinciples of good ICT governance, coordinate inputs into development ofstandards, identify value adding IT projects and mobilize for resources forimplementation of such projects. The committee will also consider requests formajor changes to MDM ICT environment, act as the Change Management Boardto MDM, and carry out all other roles and responsibilities as set out in the ICTSteering Committee Terms of Reference or as directed by the accounting officeror Council. This committee should ideally be constituted by members ofExecutive/Senior Management, and may include stakeholders such asCoGHSTA, SALGA, etc.e) The Website Content Management Committee is to be established to assist themunicipality in developing, publishing, and maintaining a dynamic website that iscurrent and relevant to all stakeholders and in compliance to legislationrequirements applicable to the municipality. This committee will also develop,implement and carry out any other roles and responsibilities as outlined in theMDM Website Management Policy.11.2. These structures/entities, however, does not negate the accountability and/orresponsibilities of the Executive Mayor, the Accounting Officer (Municipal Manager),and/or members of The Executive (Senior) Management to direct, evaluate, andmonitor ICT service delivery of the various directorate of their responsibility.12.ICT GOVERNANCE OVERSIGHT STRUCTUREMopani District Municipality has formal governance mechanism and structuresestablished as per prescripts of the applicable legislations. The mechanism andstructures are in place to ensure good IT governance, and governance in general,within Mopani District Municipality.ICT Governance Oversight Structures include:a.b.c.d.e.f.g.h.i.The Auditor General of South Africa;The Accounting Officer (Municipal Manager);MDM Management Committee (MANCO);The ICT Steering Committee;Internal Audit Unit;The Mayoral Committee;Risk Management CommitteeThe Audit CommitteeCouncil13. ROLES AND RESPONSIBILITIES13.1To ensure proper coordination between stakeholders, the following oversightstructure will be considered: Mopani District Municipality 201211
IT Governance FrameworkROLES and RESPONSIBILITIESRolesResponsibilitiesThe Auditor General ofSAConducts compliance and performance audits and reportsthe findings to the relevant authoritiesThe ExecutiveMayor/Authority(EM/Council) To be involved in all major municipality business relatedstrategic ICT decision-making and its expenditure; Approval of policies to be implemented in themunicipality to ensure ICT governance; Delegation of duties to the relevant oversightstructures/entities as per King III, COBIT , and otherrelevant frameworks, guidelines, and polices, to ensureGovernance of ICTThe Accounting Officer(Municipal Manager)Is responsible to ensure that: ICT is aligned with the strategic and business objectivesof the municipality; Plays an important role in setting up strategic goals ofthe municipality; Management of risks associated ICT form integral partof the municipal risk management; Ensure the establishment and functioning of the ICTSteering Committee, Website Content ManagementCommittee, and District ICT Forum; Create a suitable environment for implementation of ICTgovernance.MDM Executive/SeniorManagement(MANCO) Mopani District Municipality 2012 Create a sustained enabling environment forimplementation of the ICT Governance; Ensure that the governance of ICT is monitored andmanaged in such a way as to achieve continuousimprovement of ICT enabled service delivery; Ensure that governance of ICT is on the strategicagenda of Mopani District Municipality; Support and provide advice to the Accounting Officer indefining and formulating ICT strategic goals; Delegate and communicate governance of ICT to therelevant management (business and ICT management); Clearly define, implement, enforce, and evaluate thenecessary culture, structures, policies, procedures,guidelines, processes, standards, mechanisms, andcontrols regarding all aspects of ICT use (municipalbusiness and ICT); Ensure that everyone in MDM understands and acceptstheir responsibilities and the link between municipalbusiness and ICT objectives with respect to the demandand supply of ICT services; Effectively manage ICT assets, privacy, and security;12
IT Governance Framework Ensure that significant ICT investments and expenditureare informed by the enterprise architecture, motivated(by business cases), monitored and evaluated; and Ensure that the use of ICT demonstrates understandingand respect for human behavior.ICT SteeringCommitteeWebsite ContentManagementCommittee Advise the Accounting Officer on ICT governanceimplementation; Manage major changes to the ICT environment of themunicipality; Mobilize for resources for implementation of ICT projectsto ensure governance of ICT, efficient and effective ICTservice delivery; More detailed responsibilities of the ICT SteeringCommittee are outlined in the separate Terms ofReference for the committee. Develop and or foresee development of themunicipality’s website. Consider documents and materials presented byvarious business units of the municipality for relevanceand compliance to legislation before publishing. Publish onto or foresee publishing or relevantstakeholder information required as per legislation. Ensure compliance to this IT framework will be used to implement the ICT governance within the contextof this framework.Mopani District Municipality will follow a phased approach in implementing ICTGovernance since it is a huge task, requiring extensive resources, skills, and changemanagement capacity, which the municipality does not fully have in-house.The implementation of the ICT governance can be achieved through the followingmeans and mechanism:14.3.1.Means and Sponsorship; ande)Structures.14.3.Decision making mechanisms:a)Roles and responsibilities;b)Processes; andc)Practices.14.4. The above creates the direct, monitor, and compliance context for strategic alignmentof ICT to municipal business strategy and goals.14.5. The high level approach to implementation consists of the following four steps: Mopani District Municipality 201213
IT Governance Framework Step 1: Current State of Maturity (‘where we are’)o What governance controls have we got in place? Step 2: Desired Future State of Maturity (‘where do we want to be’)o Are they appropriate for the municipality and in tune with best practice?o Where do we need to or want to improve in future and by how much?15. Step 3: Aggregate GAP analysis Step 4: Report Performance, Recommendations, and Improvements (‘how do weget there’)HIGH LEVEL IMPLEMENTATION PROCESSa. Develop and approve ICT Governance Policies;b. Create the necessary structures and assign roles and responsibilities;i) Establish ICT Steering Committeeii) Establish District ICT Forumc. Position the Management of ICT (i.e. Assistant Director for InformationTechnology) as an integral part of the Executive (Senior) Management;d. Define the necessary processes and procedures;i. Project management methodology and processes;ii. System development methodology;iii. Infrastructure standardization; andiv. Procurement processes.e. Provide relevant skills and competencies;i. Assessing people skills and competenciesii. Provide training (COBIT , ITIL, TOGAF, MIOS, ISO 27000, PMBOK,ISO/IEC 385003)f.Apply change management, andg. Continuous improvement of the ICT governance through the following iterativeprocesses as mentioned on a high level implementation approach.i. Conducting assessments to determine the ‘as-is’ situation;ii. Develop and implement roadmaps to achieve the desired state; andiii. Embed monitoring and evaluation as a continuous responsibility. Mopani District Municipality 201214
IT Governance Framework16.ICT GOVERNANCE PROCESSES (COBIT )COBIT provides the process and structure that ICT management can use toassess, manage, and minimize risk across every aspect of an organization.COBIT describes the IT lifecycle with the help of four domains, namelyi.ii.iii.iv.16.1Plan and OrganizeAcquire and ImplementDeliver and SupportMonitor and EvaluatePlan and OrganizeIt is concerned with ICT usage and how best it can be utilized in helping anorganization realize its goals and objectives. It also highlights both the organizationaland infrastructural shape ICT must take.16.2Acquire and ImplementThis domain is mainly about ICT requirements and purchasing of technology. It alsofocuses on implementation of ICT within existing business processes. The domain isalso involved with the development of the maintenance plan for the ICT systems.16.3Deliver and SupportThis domain focuses mainly on the delivery side of ICT. It also looks at how ICTsystems are being supported.16.4Monitor and EvaluateThis domain focuses mainly on the effectiveness of the internal controls. It looks athow is the ICT performance delivering value to the Mopani District Municipality. Itgives an insight on the effectiveness of the governance controls. The domain alsodeals with issues related to independent assessment of ICT systems in meetingmunicipal objectives. It keeps checks and balances on compliance with legislativerequirements.17.IT PROCESSESThe following IT processes will be put in place within Mopani District Municipality inconjunction with the applicable framework. Mopani District Municipality 201215
IT Governance FrameworkTable 3. IT Processes in MDMDOMAINAll IT PROCESSIT PROCESS tobe followed inMDMPO1: Define aStrategic ICT plan;PO2: Define theInformationArchitectureFRAMEWORKTOGAFPO3: Determinetechnologicaldirection;PO4: Define theICT organizationand relationshipsPO5: Manage theICT investmentPLAN andORGANISEPO6:Communicatemanagement aimsand directionPO7: Managehuman resourcesPO8: Ensurecompliance withexternalrequirementsPO9: Assess andmanage ICT risksPO10: ManageProjectsPO11: ManageQualityISO 27000Prince2AI1: IdentifyautomatedsolutionsAI2: Acquire andmaintainapplicationsoftwareAI3: Acquire andmaintaintechnologyinfrastructureAI4: Develop andmaintainproceduresACQUIRE ANDIMPLEMENT (AI)CMMI inconjunction withITILAI5: Install andaccredit systems;and managechanges. Mopani District Municipality 201216
IT Governance FrameworkDS1: Define andmanage servicelevels.DS2: Manage thirdparty servicesDS3: Manageperformance andcapacity.DS4: EnsurecontinuousservicesDS5: Ensuresystem securityDS6: Identify andallocate costsDELIVER ANDSUPPORT (DS)DS7: Educate andtrain usersITILDS8: Assist andadvise customers.DS9: Manage theconfigurationDS10: Manageproblems andincidents;Manage servicedesk.DS11: ManageDataDS12: ManageFacilitiesDS13: manageoperationsME1: Monitor theprocesses.Monitor andEvaluate ICTPerformanceME2: Assessinternal controlsadequately.MONITOR ANDEVALUATEISO 9000Monitor andevaluate internalcontrols.ME3: Obtainindependenceassurance.ME4: Provide forindependent audit. Mopani District Municipality 201217
IT Governance Framework18.RERENCESi. National ICT Governance Frameworkii. IT Governance Institute, 2011 COBIT 5: The Framework Exposure Draft Mopani District Municipality 201218
IT Governance FrameworkANNEXTURE A: FULL DESCRIPTION OF THE PUBLIC SERVICE ICT GOVERNANCEPRINCIPLES.ISO/IECV 38500PrinciplesPrinciple 1: All withinthe organization haveto understand andaccept theresponsibility inrespect of both supplyof, and demand forIT.Principle 2: Theorganisation’sbusiness strategytakes into account thecurrent and futurecapabilities of ITRelated King III PrinciplesPrinciple 1 - Board (Council) Reasonability: The board (council)should be responsible for information technology (IT) governance. The board (council) should assume the responsibility for thegovernance of IT and place it on the board (council) agenda; The board (council) should ensure that an IT charter, and policiesare established and implemented; The board (council) should ensure promotion of an ethical ITgovernance culture and awareness and of a common IT language; The board (council) should ensure that an IT internal controlframework is adopted and implemented; The board (council) should receive independent assurance on theeffectiveness of the IT internal controls.Principle 3 - IT Governance Framework: The board (council) shoulddelegate to management the responsibility for the implementation of anIT Governance Framework. Management should be responsible for the implementation of thestructures, processes, and mechanisms for the IT GovernanceFramework; The board (council) may appoint an ICT Steering Committee orsimilar function to assist with its governance of IT; The CEO (Accounting Officer- Municipal Manager) should appoint aChief Information Officer (CIO) responsible for the management ofIT. The CIO should be a suitably qualified and experienced person whoshould have access and interact regularly on strategic IT matterswith the board (council) and/or appropriate board (council)committee and executive (senior) management (MANCO).Principle 2 - Performance and Sustainability: IT should be alignedwith the performance and sustainability objectives of the company(municipa
c) COBIT is an internationally accepted process framework for the implementation of governance of ICT. 9.2. Considering the size and the complexity of the ICT operations, MDM elected to adopt the following related standards and frameworks: a) Enterprise Architecture (e.g. GWEA/TOGAF) b) ICT Security (e.g. ISO 27 000 set)
