The people side of Risk Intelligence Aligning talent and risk
Aligning Risk Management with ITIL
-
Upload
austin-v-songer- -
Category
Technology
-
view
414 -
download
0
Transcript of Aligning Risk Management with ITIL
Management of Risk
(M_o_R)
What is M_o_R®?
M_o_R® is a route map
for risk management.
What is ITIL?
Information Technology
Infrastructure Library (ITIL) , is a set of
practices for IT Service
Management (ITSM) that focuses
on aligning IT services with the
needs of business.
What is Risk Management?
Risk management is the systematic application of principles, approaches and processes to the tasks
of identifying and assessing risks and then planning and implementing risk responses
What is a risk?
“an uncertain event which, should it occur, will have an effect on the objectives
achievement of objectives”
Could be:
Good
OPPORTUNITY
Bad
THREAT“Expect the best, plan for the
worst, and prepare to be surprised”
Dwight Eisenhower
Risk is a combination of:
Probability of a perceived threat or opportunity occurring, and magnitude of itsimpact on objectives
ADDITIONAL DEFINITIONS:
Risk Appetite
Risk Tolerance
An opportunity or not?
Would you do it once?
Would you do it again?
Programme
Project
Operational
StrategicLong term(continuous, ad-hoc)
Medium term(all programs)
Short term(all projects)
Business as usual(continuous, ongoing, everyday)
Top-downApproach
When and where risk management should be applied?
Decisions
required for
implementing
actions
Decisions
transforming
strategy into
action
Decisions
on Business
Strategy
What does M_o_R offer?
M_o_R® Principles - derived from corporate governance principles in the recognition
that risk management is a subset of any organization's internal controls.
M_o_R® processes that describe the inputs, outputs and activities involved in ensuring
that risk are identified, assessed and controlled.
M_o_R® Approach needs to be agreed and defined using:
Embedding and Reviewing
M_o_R Framework
Risks in ITIL
Implementing Risk Management in ITIL
Process Critical Analysis
Problem Management There is a proactive and reactive management, with the goal of reducing the impact of service outages.
There is no specification how the actions
that need to be done (e. g. disaster covered
plan) are predicted and implemented.
Change Management Good change management techniques and approach help reducing risks, minimize the potential negative impact of change, and reduce the risk of an undesirable outcome.
What techniques and approaches should be
implemented?
Service Delivery Services must be maintained, so it is important to have a careful design.
Besides the careful design, how to maintain service delivery must be specified as well as plans to recover from threats.
Availability Management Focuses on reliability and on how to put in place alternative options to ensure the service continues.
IT service Continuity Assesses risk to ensure overall continuity for the business.
There is no specification on how to implement risk management across all modules.
M_o_R Principles
Aligns with objectives
Fits the context
Engages stakeholders
Provides clear guidance
Informs decision-making
Facilitates continual improvement
Creates a supportive culture
Achieves measurable value.
M_o_R Approach
Central to the approach is the creation of a set of documentation comprising:
Risk management policy
Risk management process guide
Risk management strategies for each organization activity
Three Categories of documentation
Records
Plans
Reports
M_o_R Processes
Identify
Assess
Plan
Implement
M_o_R Process Broken Down
IDENTIFY and ASSESS
Identify
- Context
- Risks
Assess
- Estimate
- Evaluate
PLAN and IMPLEMENT
Plan Responses
Implement
Embedding Risk Management
Starts with the principles
Changing the culture for risk Management
Measuring the Value
Overcoming the common Barriers to Success
Mapping M_o_R
to
ITIL Process
M_o_R on Service
Strategy
M_o_R on Service Strategy
M_o_R
on
Service
Design
M_o_R in
Service Portfolio
Management
Sub-Process
- Embedding the principles;
- Changing the culture for risk management;
- Measuring the value;
- Overcoming the common barriers to success;
- Identifying and establishing opportunities for change.
Aligning of M_o_R
Embedding &
Reviewing with ITIL
Continual Service
Improvement
Design By
Austin
Songer
Service Strategy -
Example
Service Strategy - Service Portfolio
Management
Service Portfolio Management is all about managing the service portfolio.
M_o_R SPM Sub-Processes
- Identify, Assess and Plan on Defining and Analyzing new or changed Services;
- Assess and Plan on Approve new or changed Services;
- Implement on Service Portfolio Review.
Critical Success Factors are:
- Create planned and unplanned services that fit customer necessities;
- Determine the capability of services and adjust it according to the number of customers;
- Keep the Service Portfolio up-to-date.
Service Portfolio Management (Cont.)
POTENTIAL RISK KEY RISK FACTOR STRATEGIC RESPONSE
Creation of a service that is not aligned with
the organization‘s strategy or
organization/customer.
Decrease/Increase of customers satisfaction.
Decrease /Increase of customers.
Analyze the impacts on existing services and
the creation of new services in the
organization and determine the assets
required to offer the service.
Not keeping the Service Portfolio up-to-date. Number of services registered in the services
portfolio.
Frequency of activity on the Service Portfolio.
After approved the service must be formally
identified in the Service portfolio and
communicated to organization.
Creation of a Service Portfolio Review
Report, a document containing the results
and findings from a Service Portfolio Review.
Service Transition -
Example
Service Transition
The objective of ITIL Service Transition is to build and
deploy IT services. Service Transition also makes sure that
changes to services and Service Management processes
are carried out in a coordinated way while controlling the
risks of failure and disruption.
Associated Risks
Change in accountabilities;
Alienation of some key support;
Additional unplanned costs;
Resistance to change;
Excessive costs to the business;
Knowledge sharing;
Lack of maturity and integration of systems;
Poor integration between the processes;
Loss of productive hours.
Service Transition - Evaluation
M_o_R, the following sub-steps are mapped in Evaluation
- Identify and Plan on Change Evaluation prior to Planning;
- Assess on Change Evaluation prior to Build;
- Assess and Implement on Change Evaluation prior to Deployment;
- Assess and implement on Change Evaluation after Deployment.
Service Transition - Service Asset and Configuration
Management
- Identify on Configuration Identification;
- Assess and Plan on Configuration Control;
- Implement on Configuration Verification and Audit.
The Challenges of Risk Management
To Measure Risk Properly
To Structure a good Risk Management transversally to the entire
organization
To sensitize the organization to the importance of having a well-
structure and documented risk management process.
Recommendations
ITIL should develop a “Risk Management” process
There would be two new processes created
Risk Management – Scope Identification
Risk Management
SERVICE STRATEGY SERVICE DESIGN
Risk Management – Scope
Identification
Risk Management
References
Management of Risk M_o_R . (2009). London: The Stationary Office.
ITIL Service Strategy . (2011). London: The Stationary Office.
ITIL Service Design . (2011). London: The Stationary Office.
ITIL Service Operations . (2011). London: The Stationary Office.
ITIL Service Transitions . (2011). London: The Stationary Office.
ITIL Continual Service Improvement . (2011). London: The Stationary Office.