IT Governance Framework
-
Upload
sherri-evans -
Category
Technology
-
view
84 -
download
3
Transcript of IT Governance Framework
IT GOVERNANCE FRAMEWORK TOOLKIT
IT BEST PRACTICES Why its significant?• A demand on better return from IT investments and a concern over the generally increasing amount of IT expenditures.
• The need to meet regulatory requirements for IT controls in areas such as financial reporting and healthcare.
• The selection of service providers and the management of service outsourcing and acquisition.
IT BEST PRACTICES • Having complex IT-related risks, such as network security
• IT governance help monitor and improve critical IT activities to increase business value and reduce business risk.
• The need for enterprises to assess how they are performing against accepted standards and against their peers.(benchmarking)
THE GUIDELINES FOR GOOD IT GOVERNANCE 1• Strategic Alignment: Alignment of IT goals align with the
enterprise goals. 2. IT Value: It delivers value to business, increase Org.
profits. 3. Performance Measurement: Its performance is
measured // no guessing here, 4. Resource Management: IT resources properly allocated, 5. Risk Management: How the risks being managed
GUIDELINES-CONT’DIT governance is a continuous life cycle that can be entered at any point. Usually one starts with the strategy and its alignment throughout the enterprise. Then implementation occurs, delivering the value the strategy promised and addressing the risks that need mitigation. Its recommended that strategy needs to be monitored continuously and the results need to be: a. measured, b. reported and c. acted upon.
Strategy must be re-evaluated and realigned annually, if needed. This life cycle operates in an environment that is influenced by: • Stakeholder values• The mission, vision and values of the enterprise
• The community and Co. ethics and culture
• laws, regulations and policies
• Industry practices
IT GOVERNANCE FRAMEWORK
ITIL
CMMI
COBITVal IT
COBIT, ITIL, VAL IT1. COBIT was designed as an IT governance model,
It tells you what you should be doing,
COBit is “Control Objectives for Information and Related Technology (COBIT) is a framework created by ISACA for (IT) and IT governance. It is a supporting toolset that allows:
managers to bridge the gap between control requirements, technical issues and business risks.”
COBIT, ITIL, VAL IT2. while ITIL tells you How it should be done
Put them together, and you will have a very powerful model.
3- Val IT: how to do the right things in the right way and doing them well and are we getting the value?Val IT talks about strategy (how well is it aligned) & its value.
COBITTo govern IT effectively, it is important to appreciate the activities and risks within IT that need to be managed. These can be summarized as follows.
COBIT Framework subdivides IT into four domains Plan and Organize, POAcquire and Implement, AIDeliver and Support, DSMonitor and Evaluate, ME
PLAN AND ORGANISE (PO) Provides direction to solution delivery
Ask the questions: • Is IT and the business strategy aligned and is the
usage of ressources optimized?• Does everyone in the organisation understand the IT
objectives and the risks?• Are these properly managed?
CONT’D(AI) Acquire and Implement: Provides the solutions and passes them to be turned into services
Ask the question:
Will the new projects deliver solutions
that meet business needs
in time and within the budget?
DSDeliver and Support (DS)
Ask the questions:
• Are IT costs optimized and employees using IT efficiently and safely?
• Are Security measures such as confidentiality, integrity and availability in place?
MEMonitor and Evaluate (ME)
Ask the questions:
• Is IT performance being measured to detect problems before it is too late ?
• Are risks, control, compliance and performance being measured and reported?
COBIT USES TWO TYPES OF METRICS• Outcome measures, key goal indicators (KGIs)
What is measured here:• is the information needed available all the time to support the business needs?• Are integrity and confidentiality risks Absent?• Is the information & resources reliable?
PERFORMANCE INDICATORS,
Performance indicators, orkey performance indicators (KPIs), indicate whether goals are likely to be met.
How? for example: Sales TargetMeasure the number of wins over a specific time period and compare it to a future target and past performance to motivate your sales team.
Wins: The number of new customers over a certain time period.
Revenue: Income received through sales activities
INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY(ITIL) The Information Technology Infrastructure Library (ITIL) is a set of guidance developed by the United Kingdom’s Office Of Government Commerce (OGC) ITIL does not doc how to do things, But tells you what can and should be done.
It shares with us what other people found to be the best way to approach IT as a service provider.
ITIL CONSISTS OF 5 CORE STRATEGIES:
1. Service Strategy volume:Provide guidance in developing a strategy for IT service management.
This involves understanding ur market, ur customers, ur capabilities & resources & financial constraints under which services must be delivered and supported.
PROCESSES WITHIN SERVICE STRATEGY ARE:
1. Service StrategyService portfolio management: is the process of maximizing the ROI while managing risks.
Financial management:Evaluates investments in services to assist with strategic decision-making.
Demand management: works closely with the business to identify & understand patterns of business demand.
2. Service Design volume:
Service Design begins with a set of business requirements and ends with a solution designed to meet these business needs.
3. Service Transition:Looks at managing change, risk and quality assurance during the deployment of service into operation.
4. Service Operation volume: is concerned with daily activities, provide guidance on the effective & efficient operation of the service.
Its where the value of the service is realized & strategy of the organization is executed.
ITIL –CONT’D
•5. Continual Service Improvement volume (CSI) :Provide guidance to improve the overall process and how its executed.
This should be integrated into all the other lifecycle stages. This is a continual activity
Based on this report, org strive for improvements.
BENEFITS OF ITIL • Improve Resource Utilization • Be More Competitive • Decrease Rework • Eliminate Redundant Work • Improve upon project deliverables and
time • Improve availability, reliability and
security of critical IT services • Justify the cost of service quality
BENEFITS OF ITIL –CONT’D• Provide services that meet business,
customer and user demands • Integrate central processes • Document and communicate roles and
responsibilities in service provision • Learn from previous experience • Provide performance indicators
COBIT VS ITIL • ITIL was designed as a service management framework to help you understand how you support processes, & how you deliver services • COBIT was designed as an IT governance model, particularly and initially with audit in mind to give you control objectives and control practices on how that process should behave
COBIT VS ITIL CONT’D The difference between the two is, COBIT tells you what you should be doing, while ITIL tells you how you should be doing it • Put them together, and you have a very powerful model of what you need to be doing and how to do it.
None of these frameworks are in competition with each other, in fact, it is best if they are used together. – ISO 17799 outlines security controls, but does not focus on how to integrate them into business processes – ITIL focuses on IT processes/services, not on security – COBIT focuses on controls and metrics, not as much on security So, a combination of all three is usually the best approach.
HOW CAN THEY BE USED?COBIT can be used to determine if the company's needs (including security) are being properly supported by IT. ISO 17799 can be used to determine and improve upon the company's security posture. And ITIL can be used to improve IT processes & services to meet the company's goals (including security).
TOOLKITStart investigating possible tools for strategic planning and aligning IT with the organization’s strategic plan. For toolkit If you don’t know where to start, do a web search on SWOT analysis (strengths, weaknesses, opportunities and threats), metrics, analytics and the balanced scorecard. Describe what you find here and share as appropriate on the D2L discussion topic for IT Toolkits.
Answer these questions for each tool you want to include:
How is the tool accessed?How is the tool used?What is the value of the tool for the IT manager?General comments on the tool:
END