Embed Size (px)
Citation preview
Moira Edwards, Ellipsis Partners Sam Farajian, Toastmasters International
IT Governance – With Great Power Comes Great Responsibility
Why are you here?
WHY IS “IT GOVERNANCE” SO IMPORTANT?
Only four years ago we were wondering if we should let people bring their own devices
http://kaboompics.com/one_foto/1000/smartphone-acer-jade-s-in-the-hands-of-a-man-on-a-background-of-yellow-flowers#
Thad Lurie, COO, Educause
“
You make the business decisions and we make the technology decisions
“
audi r8 spider Maria Georgieva CC https://www.flickr.com/photos/mimoza291/8105102478/in/photostream/
WHAT IS “IT GOVERNANCE”?
IT Governance is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. (Gartner)
https://www.flickr.com/photos/pagedooley/3042418642/sizes/l/in/set-72157603419233445/
ITSG - how IT should do what it does - is concerned with ensuring that the IT organization operates in an effective, efficient and compliant fashion, and it is primarily a CIO responsibility.
IT Supply-side Governance
http
s://
ww
w.fl
ickr
.com
/pho
tos/
dum
bled
ad/3
2767
5642
6/siz
es/l/
in/p
hoto
stre
am/
ITDG - what IT should work on - is the process by which organizations ensure the effective evaluation, selection, prioritization, and funding of competing IT investments; oversee their implementation; and extract (measurable) business benefits.
IT Demand Governance
ITDG is a business investment decision-making and oversight process, and it is a business management responsibility.
http
://s
tart
upst
ockp
hoto
s.co
m/p
ost/
1008
5464
0206
/gra
vita
te-d
es-m
oine
s-ia
-che
ck-o
ut-t
heir-
web
site
Tailored to Fit • People: Culture of the organization,
organizational structure • Processes: Complexity of IT and services,
complexity of the organizational offerings • Resources: Current level of IT Governance,
IT staff, skills, leadership
HOW: FORMAL AND INFORMAL PROCESSES
• COBIT 5 (Control Objectives for Information and Related Technology)
• ITIL (Information Technology Infrastructure Library)
• ISO (International Organization for Standardization) 27002
Formal
CASE STUDY
Toastmasters International • We empower individuals to become more
effective communicators and leaders. • Since 1924 (90 Years) • 350,000 members • 16,000 Clubs • 135 Countries
Need For Structure • To Manage Projects/Requests • IT Audit Process
Providing the Structure • Wanted to adopt a framework • Selected COBIT5
– ISACA (Information System Audit and Control Association)
• Boiled the Ocean • Start Small, But Start
Cascading Framework
Cascading Framework
Cascading Framework
Cascading Framework
BAI 09: Manage Assets • Purpose:
Account for all IT assets and optimize the value they provide.
• Process Description: Manage IT assets through their life-cycle to make sure they: – deliver value at optimal cost – remain operational – are accounted for & physically protected – are reliable and available, particularly those that are critical Manage software licenses to ensure: – optimal number are acquired, retained and deployed as dictated by
business need – software is installed in compliance with license agreements.
BAI 09: Manage Assets Key Management Practices BAI09.01 Identify and record current assets BAI09.02 Manage critical assets BAI09.03 Manage the asset life cycle BAI09.04 Optimize asset costs BAI09.05 Manage licenses
BAI09.01: Identify and record current assets
Activities Maintain up-to-date and accurate record of all IT assets required to deliver services. 1. Identify all owned assets in a register that records current status. 2. Identify legal, regulatory or contractual requirements that need to be
addressed when managing this asset. 3. Perform regular physical and logical inventory checks and reconciliation,
including use of software discovery tools. 4. Verify that assets are fit for purpose (i.e. in a usable and useful condition) 5. Review on a regular basis to determine if each asset provides value and if
so, expected useful life. 6. Ensure accounting for all assets.
• Don’t lose sight of your goals.
• It’s not about doing everything listed, do what’s right, and excluding that which doesn’t make sense or apply.
• The advantage of COBIT 5 is that when used as a resource, you don’t have to worry about missing anything.
• Its about being EFFECTIVE!
COBIT5 5 principles 7 enablers 2 domains
37 processes 17 goals
Demo • SharePoint Environment • IT Management practices • Documents and forms
What worked well • Helping the organization how to initiate a
project • Build our first Roadmap • Proper documentation
– Business Case – Program Charter – Project Plan
Challenges • Where to start • Who else needs to know • Time consuming • Boring!
INFORMAL IT GOVERNANCE
The patient doesn't care how much you know until they know how much
you care.
Kyle Vickers, CIO - National Quality Forum
“
Listening is a key IT Governance Tool
Common Understanding
of Priorities
Regular meetings of Senior Staff
More frequent meetings with Departmental
Staff Daily
conversations with
stakeholders everywhere
An Informal Framework
• Involve senior people • Have regular meetings • Avoid existing meetings • Reach out broadly for the details • Build relationships one-on-one
An Informal Framework
Be Transparent
ppmexecution.com
Shadow IT http
s://
ww
w.fl
ickr
.com
/pho
tos/
timyp
enbu
rg/6
2045
4783
2/siz
es/l/
in/p
hoto
stre
am/
Staff want things!
http://startupstockphotos.com/post/95693282436
It’s OK to have well managed silos of technology purpose built for a
specific need.
Bill Bruce, CTO - AAOS
“
• Exercise SOME Control • Find ways to meet Needs • Ensure Security • Make it a Management Issue • Make it a Performance Issue
Managing Shadow IT
Your direction will be questioned
Take the organizational perspective
TYING IT ALL TOGETHER
Summary • Technology and business are intertwined • Formal methods are needed to manage
great complexity • Informal methods help build trust • Collaboration and transparency are key in
both approaches
WRITE DOWN THREE THINGS YOU WILL DO WHEN YOU GET BACK TO YOUR OFFICE
What would work for you?
Sam Soheil Farajian Chief Information Officer Toastmasters International [email protected] Moira H. Edwards, MS, CAE President Ellipsis Partners LLC [email protected]
Contact Us
