IT Governance behöver inte vara någon svår konst



Similar documents
Assessment of IT Governance - A Prioritization of Cobit -

ICTEC. IT Services Issues HELSINKI UNIVERSITY OF TECHNOLOGY 2007 Kari Hiekkanen

Certified Software Quality Assurance Professional VS-1085

Designing a Data Governance Framework to Enable and Influence IQ Strategy

ITIL AND COBIT EXPLAINED

Tutorial: Towards better managed Grids. IT Service Management best practices based on ITIL

Project Management and ITIL Transitions

BCS Specialist Certificate in Business Relationship Management Syllabus. Version 1.9 March 2015

Enabling IT Performance & Value with Effective IT Governance Assessment & Improvement Practices. April 10, 2013

The Role of ITIL in IT Governance

IT and Business Process Performance Management: Case Study of ITIL Implementation in Finance Service Industry

executive white paper

ITSM Reporting Services. Enterprise Service Management. Monthly Metric Report

IT Governance. Infocom India Presentation. Pathfinder Technology Solutions. December 6, 2006

COBIT 5 For Cyber Security Governance and Management. Nasser El-Hout Managing Director Service Management Centre of Excellence (SMCE)

Achieving Business Imperatives through IT Governance and Risk

ITIL v3 Service Manager Bridge

The Future of Best Practices in IT Service Management - ITIL Version 3 Explained

COBIT 5 and the Process Capability Model. Improvements Provided for IT Governance Process

Preparation Guide. Side entry to the EXIN Expert in IT Service Management based on ISO/IEC 20000

Using COBiT For Sarbanes Oxley. Japan November 18 th 2006 Gary A Bannister

Contract management roles and responsibilities

Auditors Need to Know June 13th, ISACA COBIT 5 for Assurance

Preparation Guide. IT Service Management Foundation Bridge based on ISO/IEC 20000

Benchmark Against Best Practice Service Delivery Metrics

Combine ITIL and COBIT to Meet Business Challenges

ITIL: Service Design

BEST PRACTICES. March 29, 2005 IT Governance Framework. by Craig Symons. Helping Business Thrive On Technology Change

ITIL Service Lifecycle Design

Beyond Mandates: Getting to Sustainable IT Governance Best Practices. Steve Romero PMP, CISSP, CPM IT Governance Evangelist

2009 Solvay Brussels School and IT Governance institute

Criticism of Implementation of ITSM & ISO20000 in IT Banking Industry. Presented by: Agus Sutiawan, MIT, CISA, CISM, ITIL, BSMR3

Dallas IIA Chapter / ISACA N. Texas Chapter. January 7, 2010

The ITIL Foundation Examination

INFORMATION TECHNOLOGY FLASH REPORT

Tutorial on Service Level Management in e- Infrastructures State of the Art and Future Challenges. The FedSMProject Thomas Schaaf & Owen Appleton

IPMA 2006 ITIL in Practice The Alignability Process Model and HP OpenView Service Desk

Somewhere Today, A Project is Failing

ITIL Foundation. 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals. Language(s): Corporate Short Course

Architecture Governance

Measuring IT Governance Maturity Evidences from using regulation framework in the Republic Croatia

Information Technology Engineers Examination. Information Technology Service Manager Examination. (Level 4) Syllabus

IS SCA ALLIGNED? BUSINESS APPROACH TO SDR DEVELOPMENT. Rafael Aguado Muñoz (Indra Sistemas S.A., Aranjuez, Madrid, Spain;

Security & IT Governance: Strategies to Building a Sustainable Model for Your Organization

Information Technology Governance in the Malaysian Electronics Manufacturing Industry

Information Technology Auditing for Non-IT Specialist

Practical Approaches to Achieving Sustainable IT Governance

Formulating and Implementing an HP IT program strategy using CobiT and HP ITSM

COBIT Helps Organizations Meet Performance and Compliance Requirements

Foundation. Summary. ITIL and Services. Services - Delivering value to customers in the form of goods and services - End-to-end Service

Information Technology Governance. Steve Crutchley CEO - Consult2Comply

Service Strategy. Process orientation Terminology Inputs and outputs Activities Process flow / diagram Process Roles Challenges KPIs

Continuous Improvements using Metrics for ITSM

BADM 590 IT Governance, Information Trust, and Risk Management

IS Management, ITIL, ISO, COBIT...

IT governance in Brazil:

Universiteit Leiden ICT in Business

WHITE PAPER. Sarbanes - Oxley Section 404: How BMC Software Solutions Address General IT Control Requirements

Certified Information Security Manager (CISM)

Cisco IT Technology Tutorial Overview of ITIL at Cisco

Which statement about Emergency Change Advisory Board (ECAB) is CORRECT?

BCS Specialist Certificate in Service Desk & Incident Management Syllabus

Free ITIL v.3. Foundation. Exam Sample Paper 3. You have 1 hour to complete all 40 Questions. You must get 26 or more correct to pass

Introduction to ITIL for Project Managers

IT Organisation in Change

COBIT 4.1 TABLE OF CONTENTS

COPYRIGHTED MATERIAL. Contents. Acknowledgments Introduction

BUYER S GUIDE. flexible service delivery. Top 5 reasons for adopting SAP Managed Services. Remixing SLA s! Managing the post merger IT landscape

Getting In-Control - Combining CobiT and ITIL for IT Governance and Process Excellence. Executive Summary: What is the business problem?

April 20, Integrating COBIT into the IT Audit Process (Planning, Scope Development, Practices)

BSM Transformation through CMDB Deployment. Streamlining the Integration of Change and Release Management

IT Governance: framework and case study. 22 September 2010

IT Customer Relationship Management supported by ITIL

ITSM 101. Patrick Connelly and Sandeep Narang. Gartner.

Gobierno de TI Enfrentando al Reto. IT Governance Facing the Challenge. Everett C. Johnson, CPA International President ISACA and ITGI

EXIN IT Service Management Foundation based on ISO/IEC 20000

An IT Governance Framework for Universities in Spain

The Value of ITIL to IT Audit

Introduction to ITIL: A Framework for IT Service Management

Readme10_054.doc page 1 of 7

1 What does the 'Service V model' represent? a) A strategy for the successful completion of all service management projects

10 Best-Selling Modules For Home Information Technology Professionals

SAM Standards: A Review of ISO and 2

The ITIL Foundation Examination

CobiT Strategy and Long Term Vision

ITIL applied to Network Operations

ITIL: Continual Service Improvement

Global Technology Audit Guide. Auditing IT Governance

Course # 55011A. The ITIL Foundation Certificate in IT Service Management

Strategic IT audit. Develop an IT Strategic IT Assurance Plan

ITIL: What is it? How does ITIL link to COBIT and ISO 17799?

Transcription:

IT Governance behöver inte vara någon svår konst Cases & Projects 1

Agenda Cases: Master theses on ITG A comprehensive ITG definition ITG concerns in literature, of practitioners & in Cobit Case: Cobit implementation Current project: Cobit-based Modeling and assessment of IT organizations 2

ITG for Administrative Systems (AS) & Operation Support Systems (OSS) Master thesis at Vattenfall. Emma Hultgren, 2004 Findings AS IT processes better documented and formalized Lack of IT process monitoring to ensure compliance with standards and legislations OSS better at IT Governance of e.g. security, system continuity, performance and capacity issues OSS focus more on the business impact of changes to the system Possible Improvements: Documentation of procedures system level Monitoring, internal audit and metrics to support business objectives at group level Risk analysis group level 3

ITG at Föreningssparbanken (FSB) Master thesis by Fredrik Berg, 2005 Purpose: To benchmark existing IT management processes and review the use of performance metrics. Findings: FSB is a considerably mature organization regarding ITG Cobit simplifies legislatory compliance Monitoring and IT audits are performend in a satisfactory manner 4

ITG at Föreningssparbanken (FSB) 5

IT Direction Assessment at AcandoFrontec Master thesis by Jonas Kihlgren, 2005 Development of a framework for ITG-assessments for consultancy firms Assessment methodology verified by 31 ITG experts Result: Survey questions on ITG for different IT stakeholders ITG at SCA Master thesis by Erik Haglund, 2006 Findings: Differences in ITG maturity within different departments at SCA Ortviken. 6

IT Governance vs Corporate Governance Source: Weill, P., Ross, J.W. IT governance -How Top Performers Manage IT Decision Rights for Superior Results. Harvard Business School Press, 2004 7

Generally agreed upon: IT should provide the business with correct information Using IT Resources Through IT Activities This requires governance Performance Information security Compliance Modifiability Availability Usability Data Quality Cost efficiency 8

Useful Support for IT Governance Implementation: Buzzword Bingo Balanced Scorecards ISO/IEC 20000 IT Infrastructure Library (ITIL) ITG is used & abused Which frameworks Internal Control provide BS7799/ISO17799 the best support, and where to start? IT Auditing Sarbanes & Oxley Act of 2002 (SOX) Risk Management Basel II Svensk Kod för Bolagsstyrning Control Objectives for IT and Related Technology A lot 9

Literature search on ITG Literature search ->102 academic articles Common view of IT governance (surprise): IT governance is the preparation for, making of and implementation of ITrelated decisions regarding goals, processes, people and technology on a tactical or strategic level. 10

Representation of IT governance as the making of IT decisions Domain Goal Technology People Scope Process Decision-making phase Tactics Strategy Monitor Decide Understand Based on analysis of 102 articles. Described in e.g. Assessment of IT Governance - A Prioritization of Cobit, Simonsson, M., Johnson, P., Proceedings of Conference of Systems Engineering Research (CSER), Los Angeles, April 7-8, 2006. 11

Domains Domain Policies IT Strategy Alignment with corporate strategy Control Objectives Infrastructure Applications Information storage, structure and use Roles Responsibilities Stakeholder groups Corporate structure Processes Activities Procedures 12

Phases of the Decision- Making Process Scope 13

Scope of IT Decision Litt prio 14

Literature s Prioritization ~60 sources were classified 100% IT Governance Prioritization according to Literature Priority according to literature 80% 60% 40% 20% 0% Process Goal Technology People Understand Decide Monitor Strategy Tactics Domain Decision-making Phase Scope 15

Practitioners Prioritization ~20 Swedish ITG experts 100% IT Governance Prioritization according to Practitioners Priority according to Practitioners 80% 60% 40% 20% 0% Process Goal Technology People Understand Decide Monitor Strategy Tactics Domain Decision-Making Phase Scope Cobit 16

COBIT 4.0 Released in December 2005 Control framework for IT governance Process-based 17

Affärsmål Möjliggör affären, maximera nyttan Kostnadseffektivt IT används förnuftigt Hantera IT-risker, följ lagar & regler Cobit Overview STYR STYRMÅL FÖLJER UPP IT-aktiviteter Plan & Organize Acquire & Implement Deliver & Support Monitor & Evaluate 34 IT processer 18

IT Process According to Cobit Styrmål CSF: Kritiska framgångsfaktorer Mål IT-process Möjliggörare KGI: Resultatmått CMM Processmognad KPI: Processmått 19

Alignment between standards Balanced Scorecards BS7799/ISO 17799 ITIL Enterprise Architecture Compliance requirements (e.g. SOX) Supported in COBIT 20

COBIT 4.0 s prioritization 100% IT Governance Prioritization according to Cobit 4.0 Priority according to Cobit 4.0 80% 60% 40% 20% 0% Process Goal Technology People Understand Decide Monitor Strategy Tactics Domain Decision-Making Phase Scope 21

Comparison Focus of Literature 100% 80% 60% 40% 20% Priorities according to Literature, Practitioners, and Cobit 4.0 Literature Practitioners Cobit 4.0 0% Process Goal Technology People Understand Decide Monitor Strategy Domain Decision-making Process Scope Tactics 22

Conclusions Domain Goal Technology People Process Decision-making phase Tactics Strategy Monitor Decide Understand Scope IT governance is prioritized differently in literature, by practitioners, and in COBIT. Practitioners: Fire extinguishing rather than monitoring and working proactively Cobit: Process based. Lacks hands-on support for establishment of decision-making structures 23

Case: Cobit Implementation Small company with outsourced IT operation and support organization Low end user satisfaction with provided services Unclear SLAs Unclear what was agreed upon IT operation personnel misfocus A few, but serious incidents indicated lack of control over IT processes 24

15 IT Processes to Monitor PO 1: Define a strategic IT plan PO 4: Define the IT processes, organization, and relationships PO 5: Manage the IT investment AI 2: Acquire and maintain application software AI 3: Acquire and maintain technology infrastructure AI 7: Install and accredit solutions and changes DS 1: Define and manage service levels DS 3: Manage performance and capacity DS 4: Ensure continuous service DS 5: Ensure systems security DS 7: Educate and train users DS 8: Manage service desk and incidents DS 9: Manage the configuration DS 11: Manage data ME 1: Monitor and evaluate IT performance 25

Change initiation Define Roles & Responsibilities Maturity level goals per process 2-4 performance indicators per process Action plan: Write SLAs Introduce weekly status mail, quarterly audit, regular meetings, etc 26

Documentation Weekly status Email Checklist for User Account Removal Date Revision Responsible 2006-03- This document was created. M. Simonsson 03 2006-03- 10 Added email list removal procedure to list M. Simonsson Activity scope Att ta bort alla behörigheter för en användare så snart hon eller han lämnat avdelningen. Input for activity Mail från Judy med information om att en exjobbare/doktor/doktorand är färdig med sin uppgift/har slutat. Följande steg ska då vidtagas. Checklist Ta bort serverkonto Ta bort mapp på servern Ta bort kort ur passersyste Om personen vars konto läggs till eller tas bort är anställd skall även EE-epost listan på webben uppdateras Quality of Service SLA Specifies the availability of the service, including maximum downtown per time unit, minimum time to repair, required performance of the service, etc. K: Kritisk tjänst IK: Icke-kritisk tjänst Tillgänglighet Oplanerade avbrott K: Maximalt fyra (4) timmar avbrott per kalendermånad IK: Maximalt åtta (8) timmar avbrott per kalendermånad Planerade avbrott K: Maximalt fyra (4) timmar per kalendermånad IK: Maximalt åtta (8) timmar per kalendermånad Antal avbrott K: Maximalt ett (1) avbrott per månad IK: Maximalt två (2) avbrott per månad Avbrottens längd K: Maximalt fyra (4) timmar per avbrott. IK: Maximalt åtta (8) timmar per avbrott. 27

Company X IT Governance Maturity ME 1: Monitor and evaluate IT performance DS 11: Manage data DS 9: Manage the configuration DS 8: Manage service desk and incidents DS 7: Educate and train users DS 5: Ensure systems security DS 4: Ensure continuos service DS 3: Manage performance and capacity DS 1: Define and manage service levels AI 7: Install and accredit solutions and changes AI 3: Acquire and maintain technology infrastructure AI 2: Acquire and manitain application softw are PO 5: Manage the IT investment PO 4: Define the IT processes, organisation, and relationships PO 1: Define a strategic IT plan 0 1 2 3 4 5 28

Result Better communication and understanding of costs Clearly visible goals Better support Lower cost IT service provider & consumer Improved user satisfaction with IT 29

Current project: IT Organization Modeling & Assessment 30

Questions? martens@ics.kth.se Working papers and publications on IT Governance and Enterprise Architecture availible at www.ics.kth.se 31

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information