Professional Documents
Culture Documents
ADVISORY
Jan, 20XX
Index
Page Executive Summary Plan and Organize Gap Analysis Acquire and Implement Gap Analysis Deliver and Support Gap Analysis Monitor and Evaluate Gap Analysis 2 3 20 42 57
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
Executive Summary
This document illustrates the analysis made as a result of the validation process of the controls based on the COBIT Quick Start framework, related to the current practice of the IT Department.
Its purpose is to present the analysis of the current situation / current work practices, issues identified and recommendations in order to improve the IT control environment under the COBIT Quick Start framework.
This report should be used to generate an IT High-Level Work Plan that will close the gaps identified, and take corrective action in a cost-benefit manner, in the context of implementing an internal control system.
This report present the controls for each four domain that comprises COBIT Quick Start framework.
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
Business-IT Alignment
IT Manager was involve during the process of the strategic planning. IT Manager established the initiatives which are aligned and integrated to business strategies.
User areas prepare their own initiatives and they sometimes do not communicate that to IT department. IT department knows about that when user areas are requesting a quick answer to implement the initiatives and take action as soon as possible.
System tools are not used on a regular basis to evaluate the current capability and performance.
Ensure that IT management contributes to business strategy planning and identifies capabilities available to support enterprise goals and other opportunities to contribute to business value. Make the scope of the IT strategic and planning initiatives enterprise wide such that they address, document and consider all business and support activities.
Ensure that enterprise management and key stakeholders discuss with IT management future business directions and enterprise goals to collaborate and develop a common understanding of the potential for IT to enable business goals. For actual requirements, compare the actual IT capabilities (systems, resources, people) with future requirements, in order to deliver the required solutions and services in a timely manner.
IT Department evaluates the current capability and performance of its services only when the budget is being prepared.
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
IT Strategic Plan
Some business requirements are not incorporated into the IT Plan, and must be treated separately , because they are reported to IT manager out of time.
Ensure that IT has established a process to identify, document and adequately address organizational changes, technology evolution, regulatory requirements, business process re-engineering, staffing, in- and outsourcing opportunities, etc., in the planning process. Formally approve and communicate the IT strategic plan and ensure that it is clearly understood by those who need to translate it into budgets, tactical plans, sourcing and acquisition strategies, processes, and organizational structures.
Translate the approved IT strategic plan into tactical plans. Ensure that the content of the tactical plans includes clearly stated project definitions for all programmes, project time frames and deliverables, required resources, and business benefits to be monitored . Develop and promulgate prioritization schemes relating prioritization criteria to business goals and technical requirements. Project prioritization may be modified due to the availability of scarce resources, implementation alternatives, funding methods, risks, and timing of competing or complementary projects. Communicate projects that will be delayed, postponed or not continued so that business and IT management can use resources in an efficient and effective manner.
IT Tactical Plans
Lack of IT tactical plans that should be sufficiently detailed to allow the definition of project plans.
IT Portfolio Management
IT initiatives have been defined and planned to be deployed during the period 2010-2012. Each IT initiatives have a specific beginning and end date
Even if each IT initiatives have a specific beginning and end date, execution could not be performed on time due to lack of enough personnel.
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
A data dictionary is in place for some systems such as balance, SIAF, Accounting.
Establish and maintain data syntax guidelines that are valid throughout the organization. Implement data dictionary management software to manage and maintain the organization's data dictionary and data syntax rules .
Define data classification levels for each of the defined attributes. Identify business owners accountable for information (data owners). Ensure that the data owner classifies all information using the defined scheme and levels. Classification covers the whole life cycle of information from creation to disposal. Where an asset has been assessed as having a certain classification, any component inherits the same classification. Implement procedures to manage and maintain data integrity and consistency throughout the complete data process and life cycle.
Data classification scheme is not defined and implemented. Data ownership is assigned to C-Level but it is not formally established.
Integrity Management
Some procedures to ensure the integrity and consistency of all data are documented. However, these procedures have not been formalized and communicate to Exploration Department who manages their own systems.
Lack of procedures to manage and maintain all data integrity and consistency in Exploration Department.
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
Law/regulatory conditions are managed by Legal Department. Future trends to acquire technical software and hardware are reviewed by both IT Department and Exploration Department.
C-Levels has not established a process to monitor future trends and regulatory conditions.
Technology Standards
IT Manager has established standards to acquire notebooks, PCs / Servers and office software.
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
Lack of working procedures and documentation supporting the feasibility study and the establishment of alternative solutions in a technical manner.
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
11
No control identified.
Conduct reviews of contracts (Ucs) on impacted parties to effective and are in objectives.
SLAs and Underpinning a regular basis with all ensure that they remain alignment with business
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
12
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
13
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
14
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
15
2010 Caipo y Asociados S. Civil de R. L., sociedad civil peruana de responsabilidad limitada y firma miembro de la red de firmas miembro independientes de KPMG afiliadas a KPMG International Cooperative (KPMG International), una entidad suiza. Derechos reservados. Impreso en el Per
16