Govern IT! Possible ways for R+D+i on Computer and Management Sciences, together Professor Carlos Juiz Universitat de les Illes Balears UIB, Spain Industrial experience Programmer TUI (1989-90), Systems Analyst at Xerox (1990-1999) University Experience Associate Professor at UIB Visiting Researcher (Universität Wien, 2003) Visiting Professor (Stanford University, 2011) IT Management and Governance Experience Vicerrector for IT (2007-13) IEEE Senior Member, ACM Senior Member, ITU Invited Expert, Spanish IT Governance Committee, ISACA Academic advocate 2 1
Govern IT is much more complex than govern other assets, because : Pressure forces from the business units seeking new solutions Low perception of IT services Uncertainty of the value of IT Undefined roles CIO / CTO IT is not just about money! 3 Successful organizations exploit the benefits of IT, through: Aligning IT strategy with business strategy Clearing IT strategy and objectives throughout the organization Providing organizational structures that facilitate the implementation of this strategy and these objectives Creating constructive relationships and effective communication Insist on the adoption and implementation of a framework for IT Governance IT supports and extends the business strategies and objectives 4 2
When the communication between the board and IT staff of an organization is not effective, the image the board has about IT is that they arrive always late, are expensive and not entirely competent (AT Kearney) 5 IT Governance Framework? More R+D+i on this! 6 3
? 7 Governance frameworks must provide (Weill & Ross): Effective communication through Valorization of IT Layered instruments Alignment of strategy and goals with Explicit links with project portfolio and service catalog Structures of governance Defined roles Competences Determination of stakeholders 8 4
9 10 5
Project Tracking BU/IT Relation Management 12 6
13 7
15 Profit Chain of IT Value Disciplines Seguimiento Proyectos Gestión Relaciones BU/IT 16 8
17 18 9
19 20 10
21 PM Office IT branding Seguimiento Proyectos Gestión Relaciones BU/IT La cadena de valor de TI Disciplina de Valor 22 11
23 24 12
PMO Seguimiento Proyectos Gestión Relaciones BU/IT La cadena de valor de TI Disciplina de Valor 25 Waltzing with the Elephant, Toomey 26 13
Principles of IT: to clarify the role of IT within the business. Architecture: trying to define the requirements of integration, standardization and core businesses. Infrastructure: determining the assets that make up the services offered, permitted and shared. Need for Applications: which specifies the demands of the business units, acquiring them or develop them. Investment and prioritization of IT: to select which initiatives are funded and how much is spent on them. 27 PMO Seguimiento Proyectos Gestión Relaciones BU/IT La cadena de valor de TI Disciplina de Valor 28 14
IT managers have to implement the practices and processes required to maximize the value of IT to the business units. IT investments should be made based on the balance between risks and benefits within appropriate budgets. The projects are finished on time and within budget IT activities should provide the client / user trust (allowing time to market). Technical staff should improve the reputation of IT through IT product leadership. 29 The infrastructure must ensure processing, storage, security and disclosure of the organization. The infrastructure and architecture operate and support business applications and processes. IT activities include planned services, consulting and training. The trained personnel for the catalog of services is crucial to the operation of IT. Plan, develop, acquire, purchase, test and implement the infrastructure for continuous improvement of the business through IT. 30 15
IT Operation/Services Performance and Conformance PMO Seguimiento Proyectos Gestión Relaciones BU/IT La cadena de valor de TI Disciplina de Valor 31 32 16
33 34 17
Project Portfolio Flowchart Project Portfolio Flowchart 18
Application 69731 - IT Project Application (state 0) Date 28/10/2011, 10:22 pm Applicant Name Description Implementation of a SSO access system to corporate applications. Gradual deployment to pilot production of "Single Sign On" to have unified access to different services through the Intranet credentials. The project involves the deployment of the pilot evaluation during the last months of 2011. Recommended implementation 15/08/2012 Deadline implementation 30/11/2012 Arguments for project approval Justification Offering a step further to cover the entire cycle dynamic applications of digital identity credentials based on corporate DA. How much value does the project provide? Increase the functionality offered to the user, to obtain a single point of introduction of credentials for applications integrated corporate SSO system, during its work session. Risk of not doing the project Having a corporate identity management incomplete Beneficiaries Administration and Services Staff, Professors and Research Staff, and students, in general, all users of ICT services. Costs saving This would save users time when accessing to corporate applications. Comment Continuation of pilot project IDD01 started in 2011. ITC: Technical validation (state 1) 02.11.2011 13:56 pm, technical person in charge of validation Technical Review Description Implementation of a system of unified access SSO to different corporate applications through Intranet credentials. Excluded Components Only web technology applications will be integrated into the SSO system, and its integration will be gradual. Only a subset of applications currently accessible through UIBdigital credentials will be integrated during the project development. Resolution Technical validation - Agreement Applicant: Applicant s approval (state 2) 02.11.2011 20:21 pm, Applicant s Name Applicant Review Resolution Agreement and sponsorship proposal Sponsorship IT Vice rector Sponsor: Sponsorship acceptance (state 3) 04.11.2011 4:03 pm, Sponsor`s Name Sponsor Review Expectations Project aligned with tactical objective 7.4. Project benefits must be clearly explained to users. Functional responsible Functional responsible name Resolution Sponsorship acceptance ITC: Functional responsible (state 5) 04.11.2011 13:30, Technical Name Report back to responsible functional 19
Report back to responsible functional Responsible functional e-mail xxxxxx@uib.es Resolution Functional responsible assigned ITC: Assessment (state 6) 24.11.2011 17:31 pm, Technical Name Project Overview Project Code 12ILOIDG01 Project Title Establishment of a unified system of access to corporate applications. Project Description Implementation of a unified system of access Single-Sign-On, which should allow the gradual integration of the different corporate applications. The project is developed by the CAS software open, to have unified access to different services through the Intranet credentials. Program Logical Infrastructure Areas of the project (project objectives, quality criteria, personnel, project risks, ICT services affected) Project evaluation (Tasks to do, dedication (ICT team, value)) Resolution Application assessed IT Vice rector: Classification (state 7) 28.11.2011 12:48 pm, IT Vice rector name IT Vice rector classification Planned Strategic Objective 7. Ensuring information security Tactical Objective 7.4 Provide a system of "unique login" applications for university management Resolution Application classified Board: Board s approval (state 8) 09.01.2012 13:46 pm, IT Vice rector Name Board decision Resolution Accepted project STRATEGIC OBJECTIVES TACTICAL OBJECTIVES PROJECT CODE 1. Change organizational culture by approaching to IT governance and IT management standard 2. Progress in integrated management of the EHEA 2.5 Deployment of services for UIBdigital users 3. Develop common IT values 4. Improve use of resources to develop research and transfer 5. Improve software applications for university management and Governance processes 6. Promote institutional knowledge-based management 7.1 Define IT security policy. Dispose of a secure and available infrastructure as well as reliable and scalable architecture. 7. Improving information security 7.2 Provides a contingency plan in case of IT disaster. 7.3 Make appropriate actions to enforce compliance of National and EU laws and regulations. 7.4 Provide a system of "unique login" for users of university applications. 12ILOIDG01 8. Promote use of appropriate, ethical and supportive of IT 20
STRATEGIC OBJECTIVE 7: Improving information security TACTICAL OBJECTIVES 0.0 2.5 7.1 7.2 7.3 7.4 TOTAL Planned 5 1 21 1 0 1 29 Subjected to availability 0 0 3 1 0 0 4 Unplanned 0 0 2 0 0 0 2 TOTAL 5 1 26 2 0 1 35 STRATEGIC OBJECTIVES 0 (Unaligned) 1 2 3 4 5 6 7 8 TOTAL Planned 5 4 9 6 0 14 4 29 0 71 Subjected to availability 4 0 14 1 2 20 2 4 0 47 Unplanned 9 0 5 1 1 13 0 2 1 32 TOTAL 18 4 28 8 3 47 6 35 1 150 21
ISACA COBIT 5: Enabling Processes, ISBN 978-1-60420-241-0 United States of America 43 44 22
45 46 23
47 48 24
ISO 38500 framework and COBIT5 BSC Congreso Académico ITGSM13 Diapositiva 49 ISO 38500 framework and COBIT5 BSC Congreso Académico ITGSM13 Diapositiva 50 25
ISO 38500 framework and COBIT5 BSC Congreso Académico ITGSM13 Diapositiva 51 ISO 38500 framework and COBIT5 BSC Congreso Académico ITGSM13 Diapositiva 52 26
Governance Structures Strategy Alignment Commmunication Corporate Strategy CIO Office Relationship Management BU/TI Personal TI PMO y Operación Rendimiento y Conformidad Seguimiento Proyectos Gestión Relaciones BU/IT La cadena de valor de TI Disciplina de Valor 5 Governance decisions Performance and Conformance Personnel and IT Services/Operation ISO/IEC 38500 COBIT 5 and IT Value Project tracking/pmo IT branding 53? 54 27
Personal TI PMO y Operación Rendimiento y Conformidad Seguimiento Proyectos Gestión Relaciones BU/IT La cadena de valor de TI Disciplina de Valor 55 The governance framework should highlight what is IT: Support: infrastructure and architecture. Link: connect various business activities. Competition: raise levels of efficiency. Added value: enhance the value of a product or service. Innovation: How can be applied in the business of the company. Productivity: adjust the size of the business. Transformation: tasks, people, structure and technology are closely linked, changes in one dimension make an impact on others. Alignment: with the institution/corporate strategy Service: to the clients/citizens/taxpayers 28
Juiz, C.: New engagement model of IT Governance and IT Management for the communication of the IT value at enterprises - Communications in Computer and Information Science Proceedings of Digital Enterprise and Information Systems, Volumen: 194 Páginas, inicial: 129 final: 144 Año: 2011 ISSN: 1865-0929 Juiz, C.: Business/IT Alignment through the Project Portfolio Approval Process as IT Governance Instrument - Procedia Social and Behavioral Sciences Año: 2012 ISSN: 1877-0428 Juiz, C.; Gómez, M.; Barceló, M.I.: Implementing Business/IT Projects Alignment through the Project Portfolio Approval Process - Lecture Notes in Electrical Engineering Volumen: 180 Páginas, inicial: 1 final: 8 Año: 2012 ISSN: 1876-1100 Vicens, J.; Pérez, C.; Jiménez, J.; Juiz, C.: Una herramienta simple para la implementación del Alineamiento en el Gobierno de las Tecnologías de la Información y las Comunicaciones (TIC): IV International Congress: 'Evolving from IT Service Management to IT Governance'Año: 2009 ISBN: 978-84-692-9919-7 Vicens, J.; Jiménez, J.; Pérez, C.; Juiz, C.: AlineaTIC: A Tiny Tool for IT Governance Aligment at Universities, Proceedings EUNIS'09, Servizo de Publicacións e Intercambio Científico, Universidade de Santiago de Compostela Volumen: 148 Páginas, inicial: 60 final: 61 Año: 2009 ISBN: 978-84-9887-138-8 29
Juiz, C.; Vicens, J.; Melia, M.: A new model for the communication of IT value coming from IT Governance and IT Management, ITGSM 2010 - V International Congress on IT Governance and Service Management: 'Proposals for Tough Economics Times' Año: 2010 Juiz, C.: Decisiones relacionadas con las TI: qué decidir? quién decide?, Libro: Gobierno de las TI para universidades, Conferencia de Rectores de las Universidades Españolas (CRUE),Fernández, A.; Llorens, F. (eds.) Páginas, inicial: 89 final: 102 Año: 2011 ISBN: 978-84-935509-8-1 Melià, M.; Vicens, J.; Juiz, C.: AlineaTIC v2: New features for ICT Governance and ICT Management at Universities, Libro: University Information Systems, Selected Problems, Editorial: DIFIN Páginas, inicial: 193 final: 208 Año: 2010 ISBN: 978-83-7641-356-3 Juiz, C.; Barceló, M.I.; Gómez, M.: Project Portfolio Approval Process, a case of study of a Mechanism for Implementing IT governance at Universities, Proceedings EUNIS'12, Universidade de Trás-os-Monte e Alto Douro Páginas, inicial: 103 final: 104 Año: 2010 ISBN: 978-989-704-086-3 Fernández, A.; Barro, S.; Llorens, F.; Juiz, C.: SEGUNDA FASE DEL PROYECTO DE ARRANQUE DEL GOBIERNO DE LAS TI EN EL SUE, Libro: UNIVERSITIC 2012: Descripción, gestión y gobierno de las TI en el Sistema Universitario Español, Conferencia de Rectores de las Universidades Españolas (CRUE) Páginas, inicial: 88 final: 114 Año: 2012 ISBN: 978-84-938807-4-3 Grazie mille! Email: cjuiz@uib.es Web: http://governti.uib.es http://acsic.uib.es Twitter: @CarlosJuiz Linkedin: Carlos Juiz 30