APMG International Webinar

How COBIT® 5 & BiSL® address governance and management of information

Tuesday 16 December 2014 / 15:00 GMT (London, UK)

Presenters:Steven de Haes (Antwerp Management School)

Mark Smalley (ASL BiSL Foundation)

SUPPORTING WEBINAR RECORDING AVAILABLE AT: WWW.APMG-INTERNATIONAL.COM/WEBINARS

Agenda

• Welcome & introduction– Mark Constable, APMG International

• How COBIT 5 & BiSL address governance and management of information– Steven de Haes, Antwerp Management School– Mark Smalley, ASL BiSL Foundation

• Q&A

• Further information

• Close

• Twitter @stevendehaes @marksmalley @APMG_Inter

About APMG International

• Global examination & accreditation institute• Examination Institute (EI) for the AXELOS Global Best Practice

portfolio (ITIL® , PRINCE2® , MSP® , etc.)• Extensive portfolio of professional management certification schemes aimed

at improving business processes, capability and results• Complete portfolio of IT Service Management, Governance & Security

certifications • Work with key industry partners (e.g. AXELOS, ASL BiSL Foundation,

IAITAM, ISACA & itSMF) to develop and promote best practice• 300+ Accredited Training (ATOs) and Consulting (ACOs) organizations

with 1000+ approved trainers and consultants• 1000s of candidates every month• Full details at www.APMG-International.com

Our IT/Cyber Portfolio…

Your presenters…

Mark SmalleyThe IT Paradigmologist, Smalley.ITAmbassador-at-large, ASL BiSL FoundationASL BiSL Product Champion, APMG-InternationalBookStore Delivery Partner & Lead Trainer, GamingWorksInaugural member, Taking Service ForwardReviewer, COBIT 5 Enabling Information publication

Prof Dr Steven de HaesAssociate Professor in Information Technology Governance, Alignment and ValueUniversity of Antwerp - Antwerp Management SchoolChairman COBIT 5 IRM Task ForceAcademic Director Executive Master of IT Governance & Assurance Enterprise IT Architecture Information Technology Management

The ‘knowing’ is high…

• Topics such as IT governance and business/IT alignment have been on the top-priority list of organizations the past decade. (SIM-CIOnet, 2014)

• Promising results: "Firms with superior IT governance have at least 20% higher profits...than firms with poor governance given the same strategic objectives." (Weill and Ross, 2004)

But what about the ‘doing’?

I hate IT !

We hate IT too !

You get the IT that you

deserve!

Too much IT…

• Due to the focus on ‘IT’ in the naming of the concept, the IT governance discussion mainly remained a discussion within IT.

• The Paradoxical Role of IT in Leading IT Governance

(De Haes & Van Grembergen, Enterprise Governance of IT: Achieving Alignment and Value, Springer, 2015)

A shift towards Enterprise Governance of IT

Enterprise governance of IT (EGIT) is an integral part of corporate governance exercised by the Board overseeing the definition and implementation of processes, structures and relational mechanism in the organisation that enable both business and IT people to execute their responsibilities in support of business/IT alignment and the creation of business value from IT-enabled business investments.

(De Haes and Van Grembergen, 2015)

Also in ISO...

Principles for “Corporate Governance of IT”1.Responsibility2.Strategy3.Acquisition4.Performance5.Conformance6.Human Behaviour

(ISO 38500)

Also in COBIT 5

COBIT 5 provides a comprehensive framework that assists enterprises to achieve their objectives for the governance and management of enterprise IT. COBIT 5 enables IT to be governed and managed in a holistic manner for the whole enterprise, taking in the full end-to-end business and IT functional areas of responsibility, considering the IT-related interests of internal and external stakeholders.

(ISACA, 2012)

Source:  COBIT® 5, figure 2. © 2012 ISACA®  All rights reserved.

COBIT 5: Principles

COBIT 5: Principles

Enterprise Goals

IT related Goals

COBIT 5 Enablers

COBIT 5 Enabling Processes

• Guidance on the management of the “Information Enabler”

• Guidance on typical “Information Governance & Information Management” issues

COBIT 5 Enabling Information

Guidance on the “Information Enabler”

• Demand side/use of information• Big data, covering three areas: - Marketing situational awareness (variety of information) - Fraud detection (volume of information) - IT Predictive analytics (velocity of information)• Master and reference data management• End-user computing• Disintermediation• Regulatory compliance• Data privacy

Important Governance/Management Issues

Mark SmalleyThe IT Paradigmologist, Smalley.ITAmbassador-at-large, ASL BiSL FoundationASL BiSL Product Champion, APMG-InternationalBookStore Delivery Partner & Lead Trainer, GamingWorksInaugural member, Taking Service ForwardReviewer, COBIT 5 Enabling Information publication

Prof Dr Steven de HaesAssociate Professor in Information Technology Governance, Alignment and ValueUniversity of Antwerp - Antwerp Management SchoolChairman COBIT 5 IRM Task ForceAcademic Director Executive Master of IT Governance & Assurance Enterprise IT Architecture Information Technology Management

Your presenters…

• Demand side/use of information• Big data, covering three areas: - Marketing situational awareness (variety of information) - Fraud detection (volume of information) - IT Predictive analytics (velocity of information)• Master and reference data management• End-user computing• Disintermediation• Regulatory compliance• Data privacy

Important Governance/Management Issues

Identify

Demand and Use

Mgmt AD/AM

Users ITSM

Benefit

Use

Demand

Supply

Consume

Provide

Evaluate

Apply

Specify

Develop

Deploy

Run

Support

Info Syst

How well do your users use their information systems, apply the information and achieve business benefits?•Don’t know•Worse than average •About average •Better than average

POLL

How well do your users use their information systems, apply the information and achieve business benefits?•Don’t know•Worse than average •About average •Better than average

Average ~ 3-5% productivity loss

POLL

• Managers don’t know or don’t care

• Staff don’t know where to get help and learn more from co-workers than the service desk

Sources: • Ctrl Alt Delete: Lost productivity due to IT

problems and inadequate computer skills in the workplace, Van Deursen, A.J.A.M. & Van Dijk, J.A.G.M. (2012)

• Insight into IT skills (Dutch), Van Deursen, A.J.A.M. & Van Dijk, J.A.G.M. (2013)

Poor IT skills cause productivity losses, but users are left to their own devices

► 6-10% productivity loss is caused by IT, of which half by poor use

► 47% of managers have no insight into their staff’s IT skills

► 41% of managers consider their staff’s IT skills insufficient

► 35% of managers do not invest in formal improvement of IT skills

► 48% of staff take no initiative to improve IT skills, say managers

► 71% of staff are not monitored for adequate IT skills

► 25% of staff say their IT skills are insufficient

► 61% of staff are uncertain that IT help is available

► 59% of staff get help from co-workers► 44% of staff learn more from co-workers

than the helpdesk

So what do people actually do with information?

So what do people actually do with information?

So what do people actually do with information?

What guidance is there for demand and use?

COBIT®ISO 20000

ITIL®BiSL®

DMBOK

• Process model ‘Business Information Management’• ‘Library’ of best practices from BiSL users• Implementation guidance• Publications (free and commercial)• Foundation level training by accredited partners• Certification by APMG• Origins in 1998, provided by ASL BiSL Foundation• Knowledge sharing community• Used by private and public organizations

Business Information Services Library

Business•Fewer disruptions of service delivery to customers•Improved business productivity•Easier integration with another company during merger

Business-I&T•Better governance and (financial) management of I&T•Improved business satisfaction with I&T•Better alignment of I&T with business needs•Better response to users’ problems and requests•More improvement proposals from users

I&T•Fewer surprises in project planning•Projects more often on time and within budget•Lower I&T costs and risks •Fewer escalations

Reported benefits from using BiSLAnnual ASL BiSL Award

Manage resources and quality

Define information

strategy

Organize information management

Change functionality

Supportuse

Use management Functionality management

Information strategyI-organization strategy

Connectingprocesses

ManagementProcesses

Connectingprocesses

Man

agin

gSt

rate

gic

Ope

ratio

nal

Planning and resourcemanagement

Financialmanagement

Demandmanagement

Contract management

Use management Functionality management

Information strategyI-organization strategy

Connectingprocesses

Changemanagement

Transitionmanagement

End usersupport

Business datamanagement

Operational supplier

management

Specifyinformation

requirements

Design non-automated

informationsystems

Prepare transition

Review and testing

Establishbusiness process

developments

Establish information

chain developments

Establishtechnologicaldevelopments

ManagementProcesses

Connectingprocesses

Infor-mationcoor-

dination

Strategic user relationship

management

Strategic supplier

management

Define I-organization

strategy

Strategic information

partnermanagement

Informationlifecycle

management

Informationportfolio

management

Stra

tegi

cM

anag

ing

Ope

ratio

nal

BiSL enhances COBIT® Enablers, and interfaces with ISO 20000, ITIL® etc.

I-Organization

Strategy Cluster CP

Information Strategy Cluster

Management processes

Use Mgt Cluster

CP Functionality Mgt

Cluster

Stra

tegi

c us

er r

elat

ions

hip

man

agem

ent

Stra

tegi

c su

pplie

r m

anag

emen

t

Def

ine

I-org

aniz

atio

n St

rate

gy

Stra

tegi

c in

form

atio

n pa

rtne

r m

anag

emen

t

Info

rmat

ion

Coor

dina

tion

Esta

blis

h In

form

atio

n Ch

ain

Dev

elpm

ents

Esta

blis

h Te

chno

logi

cal D

evel

opm

ents

Info

rmat

ion

Life

cycl

e M

anag

emen

t

Info

rmat

ion

Port

folio

Man

agem

ent

Esta

blis

h Bu

sine

ss P

roce

ss D

evel

opm

ents

Plan

ning

and

Res

ourc

e M

anag

emen

t

Fina

ncia

l Man

agem

ent

Dem

and

Man

agem

ent

Cont

ract

Man

agem

ent

End

Use

r Sup

port

Busi

ness

Dat

a M

anag

emen

t

Ope

ratio

nal S

uppl

ier

Man

agem

ent

Chan

ge M

anag

emen

t

Tran

sitio

n M

anag

emen

t

Spec

ify In

form

atio

n Re

quire

men

ts

Des

ign

non-

auto

mat

ed in

form

atio

n sy

stem

s

Revi

ew a

nd T

estin

g

Prep

are

Tran

sitio

n

Aan

tal B

iSL

proc

esse

n w

aarin

cob

it pr

oces

s ge

rege

ld k

an w

orde

n

Aan

tal g

emee

nsch

appe

lijke

act

ivit

eite

n

EDM

EDM01 Ensure Governance Framework Setting and Maintenance

0 0

EDM02 Ensure benefits delivery 3 3 6 3 12

EDM03 Ensure risk optimisation 0 0

EDM04 Ensure resource optimisation 5 4 2 9

EDM05 Ensure stakeholder transparency 3 1 3

APO

APO01 Ensure stakeholder transparency 9 8 8 3 1 1 6 30

APO02 Manage Strategy 5 3 11 11 5 5 35

APO03 Manage Enterprise Architecture 5 1 2 6

APO04 Manage Innovation 4 3 7 3 4 17

APO05 Manage Portfolio 5 1 7 2 4 15

APO06 Manage Budget and Costs 8 1 8

APO07 Manage Human Resources 15 1 15

APO08 Manage Relationships 5 5 1 9 1 1 6 22

APO09 Manage Service Agreements 5 1 5

APO10 Manage Suppliers 6 2 2 6 4 16

APO11 Manage Quality 3 1 3

APO12 Manage Risk 4 4 2 8

APO13 Manage Security 0 0

BAI

BAI01 Manage Programmes and Projects 9 9 4 1 4 23

BAI02 Manage Requirements Definition 3 2 3 2 7 1 6 18

BAI03 Manage Solutions Identification and Build 3 3 3 5 5 5 19

BAI04 Manage Availibility and Capacity 1 1 3 3 5

BAI05 Manage Organisational Change

Enablement 1 1 1

3 3

BAI06 Manage Changes 1 5 1 3 7

BAI07 Manage Change Acceptance and

Transitioning 2 2 1 3 6

5 14

BAI08 Manage Knowledge 1 1 1

BAI09 Manage Assets 0 0

BAI10 Manage Configuration 0 0

DSS

DSS01 Manage Operations 3 4 2 7

DSS02 Manage Service Requests and Incidents 8 1 8

DSS03 Manage Problems 1 1 1

DSS04 Manage Continuity 4 1 4

DSS05 Manage Sercurity Services 0 0

DSS06 Manage Business Process Controls 1 1 2 2

MEA

MEA01 Monitor, Evaluate and Asess Performance and Conformance

4 4 2 4

4 14

MEA02 Monitor, Evaluate and Asess the System of

Internal Control 1

1 1

MEA03 Monitor, Evaluate and Asess Compliance

With External Requirements

0 0

Aantal Cobit processen waaraan BiSL (enige) aandacht geeft 3 1 1 2 0 3 2 5 6 3 10 8 13 6 2 1 5 3 2 3 2 3 1

Aantal gemeenschappelijke activiteiten 17 6 8 13 0 10 6 33 30 9 44 42 24 22 9 1 14 8 3 11 6 9 6

• Badly informed business decisions are hazardous and affect competitive advantage

• Misuse of systems or information undermines the analysis of costs and benefits in the business case

• When information or IT is handled badly, disclosure of sensitive information may accidentally occur

• Poor training leads to substantial productivity loss• Business users abandon poor solutions, causing

frustration with IT, unnecessary costs and other risks

Source: COBIT®5 Enabling Information

Don’t underestimate poor Demand & Use

►COBIT 5 offers comprehensive and rigorous guidance for governing and managing information by using seven enablers

►COBIT Enabling Information refers to BiSL for more detailed guidance

►BiSL focuses on the processes involved in demand and use of information and related technology

►COBIT and BiSL can be used to create an effective way of working for individual organizations

Summary + Q&A

Questions?

• COBIT 5 Enabling Information, ISACA

• BiSL, A Framework for Business Information Management, Van Haren Publishing

• Steven de Haes @stevendehaes steven.dehaes@uantwerpen.be www.antwerpmanagementschool.be

• Mark Smalley @marksmalley mark.smalley@aslbislfoundation.org www.aslbislfoundation.org

Further information

Further information

• APMG International website:• www.APMG-International.com

• ASL BiSL Foundation website:• www.aslbislfoundation.org

• BiSL qualification scheme:• www.APMG-International.com/BISL

• COBIT 5 qualification scheme:• www.APMG-International.com/COBIT5

http://www.linkedin.com/company/apmg-international @APMG_Inter

International