 Hello, and welcome to this session in which we will discuss the five principles of COVID. Now, what is COVID? COVID is the control objective for information and related technology. We discussed this topic in the prior session, which is a framework for managing information and technology, IT, governance and management. They use five key principles. And what are principles? Principles are general rules that use a framework. Basically, you follow and establishing specific rules. What are those five key principles? Those are meeting stakeholder needs. One, covering the enterprise end to end. Two, applying a single integrated approach, enabling holistic approach and separating governance from management. Now, if you know anything about Farhat, I'm going to go over each of these principles separately, explaining what entails each principle in order to understand what are the five principles of COVID. Before we proceed any further, I have a public announcement about my company, farhatlectures.com. Farhat Accounting Lectures is a supplemental educational tool that's going to help you with your CPA exam preparation as well as your accounting courses. My CPA material is aligned with your CPA review course such as Becker, Roger, Wiley, Gleam, Myles. My accounting courses are aligned with your accounting courses, broken down by chapter and topics. My resources consist of lectures, multiple choice questions, true-false questions, as well as exercises. Go ahead, start your free trial today. No obligation, no credit card required. Starting with the first principle, which is meeting the stakeholder needs, which is principle one of five. Well, COVID focuses on meeting the need of stakeholders by aligning with the overall goals of the organization to create value. Now, first we need to know who are the stakeholders and what is aligning means moving in the same direction. The stakeholders benefit and the company's IT should move in the same direction to do what? To create value. Now, we have different stakeholders. Who are the stakeholders? Well, we could have many. The first could be the investors or the owners. Customers are stakeholders. Government is a stakeholder. Suppliers, employee, regulator. The list is, this is not a complete list. Practically, everyone is a stakeholder except the competition. You don't care about the competition. Everyone else is a stakeholder. So, COVID says you need to meet so your IT framework, whatever you do in your IT, it has to be aligned the stakeholder interest with your interest. Now, what do you have to do? You have to communicate effectively with stakeholders, not stockholders. Stockholders is only part of stakeholders. Stakeholder to understand their expectation and concern and keep them in form of the progress of any issue that arise. What does that mean? It means those are the stakeholders. There's some sort of a relationship between you and them and you have to keep them aware, communicate effectively with them about what's going on. What's their expectation? What's their concern? Now, the question is, what is the need of this different stakeholders? Well, they have different needs. Let's take a look at their needs. Well, for example, what is the need of the investors or the shareholders or the stockholders, not stakeholders, stockholders, because stockholders are part of the stakeholders. Well, generally speaking, investors, they want to increase their stock price or increase the shareholder wealth. They want to be better. Customers, what's their need? Sales and quality product. That's what they want. They want to receive good product and they want to meet their sales need. Government, they want their tax payment. Supplier, they want you to pay them on time. Employees, they want job safety, work and life balance. Regulator, public safety. Now, when I say their needs, those needs may not be communicated explicitly, but implicitly, this is what you need to do. You need to meet those needs, whether they are explicit. For example, in terms of investors, it is implicit and explicit. You need to increase the shareholders wealth. Now, also you need to manage conflict between the different stakeholders, because the stakeholders of investors is totally different than the stakeholders of employees. Employees, they want job safety. They want work-life balance. They want you to pay them bonus. Investors, on the other hand, want, on the contrary, cut-down costs be more efficient, increase the shareholders wealth. So, this COVID IT system will have to balance between those two, managing the conflict. Why? Well, because there's some conflicting objective, some conflicting need between the stakeholders. But let's see, what is the enterprise goal? What's the company's goal when it comes to different shareholders? For example, when we say increase stockholders price, how do you do that? Give me some steps. Well, you're going to generate more profit. You're going to have to generate more sales, more sales and hopefully more profit. Customers, how do you do this? You make sure they are happy, customer satisfaction. Government, well, the need is to make payment. But from your perspective, when you file your taxes, you want to have no errors, no delays, no penalties. So, your information system should help you meet those goals. Your suppliers, well, you want to make timely payment. Guess what? Your IT system should maintain a friendly relationship. What do I mean by friendly relationship? For example, you should let your suppliers know about your level of inventory so they can log into your system, know exactly where you stand and be ready to supply you in a moment notice or on time or just in time delivery. Your employees, they want job and safety. Well, the goal overall is to increase retention. Keep them happy. Keep them with you. Regulators, the needs for them is public safety. What do you need to do as an IT system? You need to increase compliance. Somehow, make sure your rules and regulations don't violate any federal, state or local laws. So, this is how you manage the conflict because each stakeholder will have a different need and the company, the enterprise will have to set goals to meet those needs. Bear in mind, stakeholders need evolve. It means change with time. They're not fixed. You could have cultural changes within the company. You could have technological changes. They change all the time. Now, also bear in mind that COVID-5 has 17 generic enterprise goals that are tied, not tried, tied to the balance scorecard. If you know what a balance scorecard is, make sure to view the balance scorecard. So, you do have specific goals, but let's take a look at some IT department goals just to get the big picture. How do we meet stakeholder need with IT? Now, some of these IT department goals will repeat themselves, but the point is to get an idea. So, we're not talking in vague or just basically in theory. For example, investors are interested in security, availability and capacity. What do you mean by security? You're providing them financial statement. Your information is secure. The information is available and you have capacity to operate in order to increase the stock price. What are customers interested in? Security, availability and capacity. What does that mean? Well, when they place an order, they want to make sure it's secure when they submit their credit card. Your website is available. You have the capacity ease of use of your product or ease of use of your website where they can place an order. Government, how does the IT help? Well, proper alignment between your accounting information system and tax return. So, your accounting information system can feed automatically your tax return. So, you have no errors, no delays, no penalties in preparing your taxes. And this is what the IT department should do. Suppliers, again, security, availability, capacity and make sure you have what's called ERP, Enterprise Risk Planning or Enterprise, sorry, not risk, Enterprise Resource Planning. And this is a software that can connect you with your supplier. So, you could communicate with your suppliers electronically. Employees, again, you want to increase their retention, security, availability, capacity and make sure you keep track of the work of their performance. Regulators, you want to make sure from an IT perspective, your system comply with regulations such as HIPAA, data privacy, banking privacy, so on and so forth. As I said, when you look at COVID itself, it has 17 enterprise goals, enterprise goals that are aligned with your balance scorecard, which is it has specific rules, not specific, actually principles, but principles that are specific enough that could be applied to any situation. So, this is one of five, one of five COVID principles. The second COVID principle is covering the enterprise end to end. What does that mean? It refers to the idea that COVID, not COVID, COVID covers all aspects. It's a comprehensive approach of IT governance and management across the entire organization from strategy to planning to operation and implementing an operation. So, COVID says when you create a principle, when you create something, make sure it touches upon strategy, planning and operation. What is a strategy or IT governance? Basically, you are aligning the IT with your business goal. This is the big picture. Is your IT aligned with your overall goals? Then you have IT management. Well, the process that managed the delivery and support of the IT services. Basically, this is on a management level. Does your IT comply with your management need, with your management service? And the third one is IT operation. Well, does your process, your IT process support day-to-day operations? So, notice, you look at the big picture, the smaller picture and day-to-day. Your IT should be able to be aligned with all three aspects to ensure that IT related activity are managed and coordinated because remember the big picture, the medium and the smaller or coordinated and in a consistent way from developing IT strategies to delivering the IT services to the stakeholders. So, it covers the organization end-to-end. It's nothing as separate. Apply a single integrated framework. What does that mean? It refers to the idea that COVID provides a single integrated framework for their IT and governance rather than treating each unit or each process as a separate. So, rather than a collection than an isolated control, it's an integrated framework. So, rather than treating payroll separately as an IT system, payroll is part of HR. Payroll is part of your payroll expenses. Payroll is part of your accounting. So, it's an integrated approach. It includes a set of best practices, regardless of the software and hardware you use, processes and control that are designed to manage the entire IT function. So, the practices that you will use will be comprehensive, integrated, the entire IT function. So, the best practices, processes and control are organized into a consistent and coherent framework that can be easily understood and applied by the organization. Again, those are very general rules, but the idea is you don't involve a hardware, software unless it can be integrated through the whole organization. That's the point. So, one of the key benefits of a single integrated integrated framework is that it helps ensure consistency and alignment. So, whatever you are introducing, as long as you take into account, the big picture, the medium and the small and consistently using this, it's consistent and aligned with across the organization. So, to help the organization at this point, identify and manage IT-related risk and ensure compliance with relevant laws and regulation because you're not introducing a foreign body. Everything that you're introducing, you're making sure it's aligned, it's integrated with everything else. Principle four, enabling a holistic approach. To a great degree, all these principles are somehow related and the overall idea is your IT should be aligned with your overall business goal. That's the overall idea. What is enabling a holistic approach? It means it's referring to the idea that COVID-enabled approach to IT governs and management by addressing it. Addressing means taking into account both the technical and the non-technical aspect of IT. You don't only look at the technical. What is the technical? Your IT infrastructure, your application, your technologies, hardware, software, network, that support the organization you take into account the technical, as well as the non-technical, non-technical aspect, which are your policies, procedures, governance process to ensure, to ensure that IT, to ensure that your technical aspect is aligned with the organizational goals and objective. Again, we go back, IT and organizational goal and objective are aligned. So, align your IT with your business goal and not the other way around. You don't figure out what's your, first you see these are my business goals. I need an IT infrastructure, IT hardware, software, network that's going to be aligned with my business goal and not the other way around. Also, COVID, the one of the principles of COVID 2019 is separating governance from management. And this is a basic internal control. Basically, the people that are in charge should be kind of different than management. This should be a little bit different. COVID separate governance, which is people in charge from people who carry the operations day to day. So, governance refers to the oversight and decision making responsibilities. Who are we talking about here? We're talking about the board of directors. And usually, governance process responsible for three processes and we abbreviate them as EDM. What is EDM stands for? E-evaluate. So, the board of directors should evaluate and agree on objectives to achieve. And to make this simple example, just because it's easier than just to say identify and agree, we want to build a new website or a new e-commerce system for our business. Two, direct. E-for evaluate, D-for direct, D-for direct. Prioritize and manage objective through decision making. Say, this is the priority, our e-commerce website. We are directing the process after we prioritize. This is our first priority. Three is monitor the process. Review performance against objectives. So, now we're going to review whatever we decided to do in step one. So, this is the job of the governance, which is the board of directors. Now, we have management. Those two have to be separate. Management, executive management, and let's think about the CEO. On the other hand, management refers to the operational responsibilities. People that carry the main, the activities of the company on day-to-day basis. Although I say the CEO, I mean the CEO and I mean the employees, okay? And those are all interrelated with the IT services. And the management, usually they have four responsibilities and they're abbreviated by PBRM. They must be aligned with EDM. So, what is PBRM? Starting with PPS plan. What is plan? Well, identify the resources and capabilities needed to support the strategy and developing plan to implement the strategy. Remember, the board of directors says we need a new e-commerce site, e-commerce. Now, as managers, so they gave us the big picture, we need to plan, identify the resources. Do we have the resources internally? Do we have the capabilities internally to build a new e-commerce? Or do we have to outsource this process? So, plan on a day-to-day basis. Second is B for build. What is build? It's designing and developing the system and infrastructure needed to support the IT strategy. Now, we're looking at designing the website, building a blueprint, building the site map of the website. It includes activities such as system development, which we're going to see that. We're going to talk about system development much, much more in details in a later session. Testing same concept and deployment of the strategy. This is the B. So, P is for plan. B is for build. R is for run. We're going to run. Operating and maintaining the system and infrastructure in order to deliver the services and capabilities required by the business. Now, we have the website up and running. We're going to operate the e-commerce. We're going to maintain it. It includes activities such as incident management. If the system is down, the system is not processing sales properly. It's not allowing customers to to log in. Problem management and service level management. And what's left? So, so far, we cover P, B, R, M. And what is M stands for? Same thing as M and EDM. And that's always a good thing is monitor. Monitoring means reviewing. Monitoring and evaluating the performance of IT system and infrastructure in order to identify areas of improvements. Now, the e-commerce website is running. What's going on? Is it slow? Is it not accepting all orders? Are the customers being logged out by mistake? So on and so forth. It includes activities such as performance monitoring. How long it's taking for a customer for the website to respond to a customer click, compliance monitoring. Are we complying? Are we protecting the customer's data such as credit card and risk management? Well, are we protecting the website from cyber securities? So those are the five principles that we need to discuss or that you need to know about COVID. There are five principles. Now, what should you do? Sorry, I clicked to the next slide. Go to Farhat Lectures and look at additional MCQs, additional resources. That's going to help you whether you are a CPA exam candidate or a CMA exam candidate or a CSA candidate or an accounting information system. Understanding COVID, the five principle of COVID is extremely critical to your success. Good luck, study hard and stay safe.