According to the DPSA, a Governance and Management of ICT system should be able to establish, assign and manage individual accountability and responsibilities with regards to the ICT function and its operations in accordance with the Corporate Governance of ICT Policy Framework implementation Guide.  

The following is to form part of the Governance and Management of ICT system:

  • Integration with the CGICT Policy Framework
  • CGICT Policy and Charter
  • CGICT Assessment Standard
  • COBIT 5 Processes:
    • APO01: Manage the ICT management framework
    • APO02: Manage strategy
    • APO10: Manage Suppliers
    • APO12: Manage Risk
    • APO13: Manage security
    • BAI01: Manage programmes and projects
    • DSS01: Manage operations
    • DSS04: Manage continuity
    • MEA01: Monitor, evaluate and assess performance and conformance
  • Mapping to the MPAT assessment criteria.

Better governance and management is to be achieved through implementing structures and functions, assigning roles and responsibilities, and building capability within a governance system that can implement:  

  • Minimum COBIT 5 Processes
  • Principles and policies
  • Organisational structures
  • Skills and competencies
  • Culture and behaviour
  • Service capabilities
  • Information management.

A Governance and Management system should also be capable of being expanded to address future requirements, including the following:

  • Service delivery structure of the ICT unit with its related functions, responsibilities, delegations and authorities
  • Stakeholders and other role players
  • Supplier Management
  • ICT Strategy management
  • ICT Plan implementation
  • ICT Risk management
  • ICT conformance and performance audit
  • Adhere to applicable ICT prescriptive requirements
  • ICT Program and Project (portfolio) management
  • ICT Continuity management
  • ICT Security management
  • ICT Service management.

Deliverables provided:

  • A fully functional, role based, Governance and Management of ICT system able to assign and manage individual responsibilities within the ICT unit
  • Process flow diagrams for each of the priority COBIT processes
  • Customisation of the COBIT 5 process activities for each of the priority COBIT processes in a manner suitable to implement governance and management of ICT within the ICT unit
  • Work package assignment
  • Workflow management indicating start and end times, planned and spent time
  • Progress reporting
  • Continuous improvement road map
  • Governance and Management system service desk.

CGICT policy framework