LECTURE 1LECTURE 1
The ProblemThe ProblemSolutions: Standards & FrameworksSolutions: Standards & Frameworks
The ProblemThe Problem
… ?
PROJECT & PRODUCE …
… & then MANAGE !• Longer time (20+ years vs. 9 months)
• More & more complex relations (school/companions/b-g.friend/… vs. gynecologist)
• More expensive (… ask your father …)
• More risks (car/drugs/alcohol/depression/unemployment/… vs. abortion)
• …
• Less & weaker “instructions” !!!
Managing an ICT Factory … how much experience gained?Managing an ICT Factory … how much experience gained?
The Heroic Years
Becoming an Industry
ICT: exact science or still ICT: exact science or still artistic handicraftartistic handicraft?
… in theory … … actually …
An example: Capacity Planning …
Trans. Rate
DB W/R Ratio
# U
sers
RA
M CP
U
Bandwidth
Transactions? What kind? From where? When? How many? …
Users? What channel through? What trend? What service? …
DB access? How many records? How much big? What update frequency? …
NOW … and tomorrow? … and next year? …
Ever-Increasing Complexity …Ever-Increasing Complexity …
… … under a more under a more and more easy and more easy skin, at everyone’s skin, at everyone’s fingertips!fingertips!
CMM CMM (Capability Maturity Model):(Capability Maturity Model): Maturity LevelsMaturity Levels
5. Optimizing. Continuous process improvement.
4. Managed. Detailed measures of the software process and product quality are collected.
3. Defined. Management and engineering activities are documented, standardized, institutionalized.
2. Repeatable. Basic project management tracks cost, schedule, and functionality. Successes can be repeated for similar projects.
1. Initial. Ad hoc. Success depends on individual effort and heroics.
The The ICT Management Process ICT Management Process Maturity Model Maturity Model (Gartner, 1999) … (Gartner, 1999) … or or “Trying to Run Before Walking”“Trying to Run Before Walking”
Reactive
Proactive Analyze trends Set thresholds Predict problems Measure appli-
cation availability Automate Mature problem,
configuration, change, asset and performance mgt processes
Fight fires Inventory Desktop SW
distribution Initiate
problem mgt process
Alert and event mgt
Measure component availability (up/down)
IT as a service provider
Define services, classes, pricing
Understand costs Guarantee SLAs Measure & report
service availability Integrate processes Capacity mgt
Service
Value IT as strategic
business partner IT and business
metric linkage IT/business
collaboration improves business process
Real-time infrastructure
Business planning
Level 2
Level 3
Level 4
Chaotic Ad hoc Undocumented Unpredictable Multiple help
desks Minimal IT
operations User call
notification
Level 1
Tool Leverage
Manage IT as a Business
Service Delivery Process Engineering
Operational Process Engineering
Service and Account Management
Level 5
Approaches Currently In Approaches Currently In UseUse
Business As Usual - “Firefighting”Business As Usual - “Firefighting”
Legislation - “Forced”Legislation - “Forced”
Best Practice Focused Best Practice Focused
Confusing the 'Means' With Confusing the 'Means' With the 'End'the 'End'
This Is Not the Goal!
ITIL
Six Sigma
CMM-IMalcolm Baldrige
"Certification"
Etc.
Certification Does Not Guarantee Good Outcomes!
Beware of Process for Its Own Sake!
Process Improvement Is About Better Outcomes and Experiences for Customers
Best PracticesBest Practices
••What is not What is not defineddefined cannot be cannot be controlledcontrolled••What is not What is not controlledcontrolled cannot be cannot be measuredmeasured••What is not What is not measuredmeasured cannot be cannot be improvedimproved
Define Define -- Improve-- Improve MeasureMeasure -- Control And Stabilize-- Control And Stabilize
Quality & Control Models• ISO 900x• COBIT• TQM• EFQM• Six Sigma• COSO• Deming• etc..
Process Frameworks• IT Infrastructure Library• Application Service Library • Gartner CSD• IBM Processes• EDS Digital Workflow • Microsoft MOF• Telecom Ops Map• etc..
CobIT
IT OPERATIONS
Audit Models
Quality Systems & Mgmt. Frameworks
Service M
gm
t.
Ap
p. D
ev. (SD
LC
)
Pro
ject Mg
mt.
IT P
lann
ing
IT S
ecurity
Qu
ality System
IT Governance ModelIT Governance Model
COSO
ISO17799
PMI
ISO
SixSigma
TSOIS
Strategy
ASL
CMMi
Sarbanes- Oxley
US Securities & Exchange Commission
ITIL
BS 15000
ISO 20000
CMMi
ITIL
BS 15000
ISO 20000
Look at the Regulatory Storm We Look at the Regulatory Storm We All FaceAll Face
Missing:• PCI• FERPA• Security breech reporting (CA SB 1386)• CA SB 25 re SSN use•Graham Leach Bliley• DMCA• CAN-SPAN• Fed Privacy Act 1974 – RMP-8• Electronic Gov Act of 2002• OMP Circular A-130• NIST security standards – FIPS 200, 800-53A• Cyber Security R&D Act
Relationship of Control Relationship of Control RegimesRegimes
OperationsApplicationsFinanceStrategy
COCO
COSO
COBIT
ITIL
University control regimes are derived from frameworks originally developed for businesses and need tweaking to fit comfortably.
Committee of Sponsoring Organizations Committee of Sponsoring Organizations (COSO) – The (COSO) – The ComponentsComponents
Monitoring
• Assess control system performance over time
• Ongoing and separate evaluations
• Management and supervisory activities
Control Activities
• Policies that ensure management directives are carried out
• Approval and authorizations, verifications, evaluations, safeguarding assets security and segregation of duties
Control Environment
• Sets “tone at the top”
• Foundation for all other components of control
• Integrity, ethical values, competence, authority, responsibility
Information and Communication
• Relevant information identified, captured and communicated timely
• Access to internal and externally generated information
• Information flow allows for management action
Risk Assessment
• Identify and analyze relevant risks to achieving the entity’s objectives
COSO Enterprise Risk COSO Enterprise Risk Management (ERM) ModelManagement (ERM) Model
Monitoring
ControlActivities
RiskAssessment
ControlEnvironment
Information&
Communication
Information&
Communication
Graphical Representation
The COSO ERM FrameworkThe COSO ERM Framework Entity objectives can be
viewed in the context of four categories Strategic Operations Reporting Compliance
ERM considers activities at all levels of the organization Enterprise-level Division or subsidiary Business unit processes
Source: COSO Enterprise Risk Management Framework; Draft Version, July 2003
CobIT:CobIT:Control Objectives for ITControl Objectives for IT
CobIT is an open standard control framework CobIT is an open standard control framework for IT Governance with a focus on IT Standards for IT Governance with a focus on IT Standards and Auditand Audit
Based on over 40 International standards and is Based on over 40 International standards and is supported by a network of 150 IT Governance supported by a network of 150 IT Governance Chapters operating in over 100 countriesChapters operating in over 100 countries
CobIT describes standards, controls and CobIT describes standards, controls and maturity guidelines for four domains, and 34 maturity guidelines for four domains, and 34 control processescontrol processes
Deliver & Support(DS Process Domain)
Deliver & Support(DS Process Domain)
Monitor(M Process Domain)
Monitor(M Process Domain)
Acquire & Implement(AI Process Domain)
Acquire & Implement(AI Process Domain)
Plan & Organize
(PO Process Domain)
Plan & Organize
(PO Process Domain)
CobiT DomainsCobiT Domains
CobiT Processes by DomainCobiT Processes by Domain
Delivery &Support
Monitoring Planning &Organization
Acquisition &Implementation
Positioning the Positioning the Frameworks Frameworks
Level of Abstraction HighLow
ITRelevance
Holistic
Specific
TCO
ITIL CMMI
CobiT
Six Sigma
ISO 9000
National Awards(e.g., Baldrige)
People CMM
Scorecards
ISO 20000
CMM =capability maturity model
CobiT =Control Objectives for Information and Related Technology
ITIL =IT Infrastructure Library
TCO =total cost of ownership
IS0 20000 = IT service mgt standard
ISO 9000 = quality mgt standard
Point solutions are useful, but a broader, holistic approach to process and quality
improvement is POWERFUL.
Process Framework - ITILProcess Framework - ITIL
ITIL is a best-practice process framework.ITIL is a best-practice process framework. Service deliveryService delivery Service supportService support Others (application management, security management)Others (application management, security management)
Initiated by the U.K.'s government Central Computing Initiated by the U.K.'s government Central Computing and Telecommunication Agency (CCTA). CCTA is and Telecommunication Agency (CCTA). CCTA is merged into the Office of Government Commerce.merged into the Office of Government Commerce.
Shows the goals, general activities, inputs and outputs of Shows the goals, general activities, inputs and outputs of the various processes.the various processes.
Does not "cast in stone" every action you should do on a Does not "cast in stone" every action you should do on a day-to-day basis.day-to-day basis.
ITIL Refresh or "Version 3" is in delivered.ITIL Refresh or "Version 3" is in delivered.
Hype Surrounding ITILHype Surrounding ITIL ITIL makes the business ITIL makes the business
love the IT group!love the IT group! ITIL is easy!ITIL is easy! Buy our tool and have ITIL!Buy our tool and have ITIL! Everybody is doing it …Everybody is doing it …
What's next …What's next … ITIL cures cancer!ITIL cures cancer! ITIL solves world hunger!ITIL solves world hunger!
Technology Trigger
Peak ofInflated
Expectations
Trough of Disillusionment Slope of Enlightenment
Plateau of Productivit
y
time
visibility
ITIL 2005
ITIL 2012
ITIL 2006
ITIL 2008
ITIL 2010
IT Operations Management Hype Cycle
0% 20% 40% 60%
"Completed" adoption
Implementing 2+ years
Implementing 0-2 years
Plan to start in next 18 months
No plans at this time
2006
Source: Audience polling survey at 2006 Gartner Data Center conference in November 2006 (n=171)
Polling Results – ITIL Adoption
0% 20% 40% 60%
Improve quality of service
Lower cost of deliveringservice
Improve agility to respond tobusiness requirements
Address compliance or riskissues
None of the above
2006
Polling Results – Primary Driver for ITIL
Source: Audience polling survey at 2006 Gartner Data Center conference in November 2006 (n=180)
0% 20% 40% 60%
Lack of guidance onorganization and roles
Process definitions too highlevel to implement
Requires too much change inculture
Cannot justify ROI
Too much focus on tools inyour organization
Lack of experienced ITILconsultants
2006
Polling Results
Biggest Hurdle Implementing ITIL
Source: Audience polling survey at 2006 Gartner Data Center conference in November 2006 (n=164)
ITIL: The ITIL: The GoodGood and the and the BadBad Service Delivery:Service Delivery:
Service-level Service-level managementmanagement
Financial managementFinancial management Capacity managementCapacity management IT service continuityIT service continuity Availability managementAvailability management
Service Support:Service Support: Incident managementIncident management Problem managementProblem management Change managementChange management Configuration Configuration
managementmanagement Release managementRelease management
Service DeskService Desk
Core Benefits:Core Benefits: Standard process language Standard process language Emphasis on process vs. technologyEmphasis on process vs. technology Process integrationProcess integration Standardization enables cost and Standardization enables cost and
quality improvementsquality improvements Focus on customerFocus on customer
Limitations:Limitations: Not a process improvement Not a process improvement
methodologymethodology Specifies "what" but not "how"Specifies "what" but not "how" Doesn't cover all processesDoesn't cover all processes Doesn't cover organization issuesDoesn't cover organization issues Hype driving unrealistic expectationsHype driving unrealistic expectations
Assuming Tools Will Solve Assuming Tools Will Solve Your ProblemsYour Problems
Be wary of vendor hypeBe wary of vendor hype Focus on process firstFocus on process first Tools can be enablers or inhibitorsTools can be enablers or inhibitors Assess capabilities of yourAssess capabilities of your
current toolscurrent tools Review new tools where they Review new tools where they
would pay significant dividendswould pay significant dividends Buy what you need, as you need itBuy what you need, as you need it
"Man is a tool-using animal. Nowhere do you find him without tools; without tools he is nothing, with tools he is all." (Thomas Carlyle)
The next lecturesThe next lectures
Lect. # 2 – ITIL insight / part 1Lect. # 2 – ITIL insight / part 1 Lect. # 3 – ITIL insight / part 2Lect. # 3 – ITIL insight / part 2
Lect. # 4 & # 5 – complying to ITIL Lect. # 4 & # 5 – complying to ITIL principles, a Primary IT Market principles, a Primary IT Market Leader evidenceLeader evidence
Thank Thank YouYou
Top Related