ISO 38500 Governance of IT

This five-day intensive course enables participants to develop the necessary expertise and knowledge to support an organization in implementing and managing Corporate Governance of IT as specified in ISO/IEC 38500:2008. Participants will also gain a thorough understanding of best practices used to appropriately govern a Corporate Governance of IT system across all the principles of ISO/IEC 38500. ISO/IEC 38500 applies to the governance of management processes (and decisions) relating to the information and communication services used by an organization. These processes could be controlled by IT specialists within the organization or external service providers, or by business units within the organization. This training is consistent with COBIT 5 (Control Objectives for Information and Related Technology) and CGEIT (Certified in the Governance of Enterprise IT).

Who should attend?

  • Project managers or consultants wanting to prepare and to support an organization In the implementation of Corporate Governance of IT
  • ISO 38500 auditors who wish to fully understand the Corporate Governance of IT implementation process
  • CxO and Senior Managers responsible for the IT governance of an enterprise and the management of its risks
  • Members of groups monitoring the resources within the organization
  • External business or technical specialists, such as legal or accounting specialists, retail associations, or professional bodies
  • Vendors of hardware, software, communications and other IT products
  • Internal and external service providers (including consultants)
  • Members of an information security and/or IT team
  • Expert advisors in information technology
  • Technical experts wanting to formalize, amend, and/or extend the organizations IT-related objectives

Learning objectives

  • To understand the implementation of the Corporate Governance of IT by adhering to the governance framework and principles of ISO/IEC 38500
  • To gain a comprehensive understanding of the concepts, approaches, standards, methods and techniques required for the effective management of a Corporate Governance of IT
  • To understand the relationship between the components of a Corporate Governance of IT, including responsibility, strategy, acquisition, performance, conformance, and human behavior
  • To acquire the necessary expertise to support an organization in implementing, managing and maintaining a Corporate Governance of IT as delineated in ISO/IEC 38500
  • To acquire the necessary expertise to manage a team implementing  a Corporate Governance of IT
  • To develop the knowledge and skills required to advise organizations on best practices in the management of Corporate Governance of IT
  • To improve the capacity for analysis and decision making in the context of the management of Corporate Governance of IT
     

Course Agenda

Day 1: Introduction to IT Governance and ISO/IEC 38500

  • Introduction and a brief history of Corporate Governance of IT
  • Presentation of the standards ISO/IEC 38500, COBIT 5, and CGEIT
  • Overview of the fundamental principles of the Corporate Governance of IT
  • Governance model for the Corporate Governance of IT
  • Assigning roles and accountabilities
  • Establishing the GEIT Project Team and drafting the GEIT Project Plan
  • The difference between governance and management
     

Day 2: IT Strategy and Acquisition

  • Strategic alignment of IT-related objectives with enterprise objectives through goal cascading
  • Meeting stakeholder needs through benefits realization, risk optimization, and resource optimization
  • Formulating a strategy through:
    - Mapping out the big picture
    - Deciding how to get there
    - Acting effectively to manage risk
    - Evaluating changes
  • Effectively managing changes in business strategy which are due to the dynamic nature of a business environment
  • Establishing an IT strategy committee with the focus on offering advice on IT value, risk, and performance.
  • Acquisition – Balancing benefits opportunities, costs, and risks
  • Categorizing IT investments
  • Managing investments through
    - Business case
    - Program management
    - Benefits realization
  • Preparing an acquisition and procurement process
  • Calculation of benefits using financially-oriented and nonfinancially-oriented cost-benefit techniques
  • Drafting and implementing cost optimization strategies
     

Day 3: Performance and Risk Management

  • Implementation of an IT service management system
  • Continuous improvement through the following frameworks:
    - Six Sigma
    - Total Quality Management (TQM)
    - Plan-Do-Check-Act (PDCA)
  • Interoperability of diverse systems and organizations
  • Risk management: identification, analysis and treatment of risk (drawing on guidance from ISO 31000)
  • Implementing a Business Continuity Management System and a Recovery Strategy
     

Day 4: Resource Management, Conformance, and Human Behaviour

  • Establishing an effective Human Resource Management
  • Drafting and incorporating HR strategies
  • Contract Management, Relationship Management, and Asset Management through SLAs and OLAs
  • Management and governance of data
  • Record and monitor IT resource utilization and availability
  • Outsourcing practices: Onsite, Offsite, and Offshore
  • Measure continuous performance of service delivery
  • Governance of conformance to legal requirements and other standards
  • Governance of human behavior and management of organizational and cultural change
     

Day 5: Certification Exam

Prerequisites

ISO 38500 Foundation Certification or a basic knowledge of ISO 38500 is recommended.

Educational approach

  • This training is based on both, theory and practice:
    - Sessions of lectures illustrated with examples based on real cases
    - Practical exercises
    - Review exercises to assist the exam preparation
    - Practice test similar to the certification exam
  • To benefit from the practical exercises, the number of training participants is limited

Examination and Certification

  • The “PECB Certified ISO/IEC 38500 Lead Manager” exam fully meets the requirements of the PECB Examination and Certification Program (ECP). The exam covers the following competence domains:
    - Domain 1: Principles for good Corporate Governance of IT
    - Domain 2: Evaluate-Direct-Monitor Model of ISO/IEC 38500
    - Domain 3: Guidance for the Corporate Government of IT
    - Domain 4: Evaluate the need and applicability of each principle
    - Domain 5: Direct the adherence to each principle
    - Domain 6: Monitor all or key activities related to all the principles
     
  • The “PECB Certified ISO/IEC 38500 Lead Manager” exam is available in different languages (the complete list of languages can be found in the examination application form)
  • Duration: 3 hours
  • For more information about the exam, refer to PECB section on ISO/IEC 38500 Lead Manager Exam
     
  • After successfully completing the exam, participants can apply for the credentials of PECB Certified ISO/IEC 38500 Lead Manager, depending on their level of experience
  • A certificate will be issued to the participants who successfully pass the exam and comply with all the other requirements related to the selected credential
  • For more information about ISO/IEC 38500 certifications and PECB certification process, refer to PECB section on ISO/IEC 38500 Lead Manager

General information

  • Exam and certification fees are included in the training price
  • A student manual containing over 500 pages of information and practical examples will be distributed to the participants
  • A participation certificate of 31 CPD (Continuing Professional Development) credits will be issued to the participants
  • In case of failure of an exam, the participants are allowed to retake the exam for free under certain conditions