Upload
sam-farajian
View
98
Download
0
Embed Size (px)
Citation preview
Moira Edwards, Ellipsis Partners Sam Farajian, Toastmasters International
IT Governance – With Great Power Comes Great Responsibility
Only four years ago we were wondering if we should let people bring their own devices
http://kaboompics.com/one_foto/1000/smartphone-acer-jade-s-in-the-hands-of-a-man-on-a-background-of-yellow-flowers#
Thad Lurie, COO, Educause
“
You make the business decisions and we make the technology decisions
“
audi r8 spider Maria Georgieva CC https://www.flickr.com/photos/mimoza291/8105102478/in/photostream/
IT Governance is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals. (Gartner)
https://www.flickr.com/photos/pagedooley/3042418642/sizes/l/in/set-72157603419233445/
ITSG - how IT should do what it does - is concerned with ensuring that the IT organization operates in an effective, efficient and compliant fashion, and it is primarily a CIO responsibility.
IT Supply-side Governance
http
s://
ww
w.fl
ickr
.com
/pho
tos/
dum
bled
ad/3
2767
5642
6/siz
es/l/
in/p
hoto
stre
am/
ITDG - what IT should work on - is the process by which organizations ensure the effective evaluation, selection, prioritization, and funding of competing IT investments; oversee their implementation; and extract (measurable) business benefits.
IT Demand Governance
ITDG is a business investment decision-making and oversight process, and it is a business management responsibility.
http
://s
tart
upst
ockp
hoto
s.co
m/p
ost/
1008
5464
0206
/gra
vita
te-d
es-m
oine
s-ia
-che
ck-o
ut-t
heir-
web
site
Tailored to Fit • People: Culture of the organization,
organizational structure • Processes: Complexity of IT and services,
complexity of the organizational offerings • Resources: Current level of IT Governance,
IT staff, skills, leadership
• COBIT 5 (Control Objectives for Information and Related Technology)
• ITIL (Information Technology Infrastructure Library)
• ISO (International Organization for Standardization) 27002
Formal
Toastmasters International • We empower individuals to become more
effective communicators and leaders. • Since 1924 (90 Years) • 350,000 members • 16,000 Clubs • 135 Countries
Providing the Structure • Wanted to adopt a framework • Selected COBIT5
– ISACA (Information System Audit and Control Association)
• Boiled the Ocean • Start Small, But Start
BAI 09: Manage Assets • Purpose:
Account for all IT assets and optimize the value they provide.
• Process Description: Manage IT assets through their life-cycle to make sure they: – deliver value at optimal cost – remain operational – are accounted for & physically protected – are reliable and available, particularly those that are critical Manage software licenses to ensure: – optimal number are acquired, retained and deployed as dictated by
business need – software is installed in compliance with license agreements.
BAI 09: Manage Assets Key Management Practices BAI09.01 Identify and record current assets BAI09.02 Manage critical assets BAI09.03 Manage the asset life cycle BAI09.04 Optimize asset costs BAI09.05 Manage licenses
BAI09.01: Identify and record current assets
Activities Maintain up-to-date and accurate record of all IT assets required to deliver services. 1. Identify all owned assets in a register that records current status. 2. Identify legal, regulatory or contractual requirements that need to be
addressed when managing this asset. 3. Perform regular physical and logical inventory checks and reconciliation,
including use of software discovery tools. 4. Verify that assets are fit for purpose (i.e. in a usable and useful condition) 5. Review on a regular basis to determine if each asset provides value and if
so, expected useful life. 6. Ensure accounting for all assets.
• Don’t lose sight of your goals.
• It’s not about doing everything listed, do what’s right, and excluding that which doesn’t make sense or apply.
• The advantage of COBIT 5 is that when used as a resource, you don’t have to worry about missing anything.
• Its about being EFFECTIVE!
COBIT5 5 principles 7 enablers 2 domains
37 processes 17 goals
What worked well • Helping the organization how to initiate a
project • Build our first Roadmap • Proper documentation
– Business Case – Program Charter – Project Plan
The patient doesn't care how much you know until they know how much
you care.
Kyle Vickers, CIO - National Quality Forum
“
Common Understanding
of Priorities
Regular meetings of Senior Staff
More frequent meetings with Departmental
Staff Daily
conversations with
stakeholders everywhere
An Informal Framework
• Involve senior people • Have regular meetings • Avoid existing meetings • Reach out broadly for the details • Build relationships one-on-one
An Informal Framework
Shadow IT http
s://
ww
w.fl
ickr
.com
/pho
tos/
timyp
enbu
rg/6
2045
4783
2/siz
es/l/
in/p
hoto
stre
am/
It’s OK to have well managed silos of technology purpose built for a
specific need.
Bill Bruce, CTO - AAOS
“
• Exercise SOME Control • Find ways to meet Needs • Ensure Security • Make it a Management Issue • Make it a Performance Issue
Managing Shadow IT
Summary • Technology and business are intertwined • Formal methods are needed to manage
great complexity • Informal methods help build trust • Collaboration and transparency are key in
both approaches
Sam Soheil Farajian Chief Information Officer Toastmasters International [email protected] Moira H. Edwards, MS, CAE President Ellipsis Partners LLC [email protected]
Contact Us