Upload
lisa-dimond
View
215
Download
2
Tags:
Embed Size (px)
Citation preview
IT GovernanceIT Governance
Infocom India PresentationInfocom India Presentation
December 6, 2006December 6, 2006
Pathfinder Technology SolutionsPathfinder Technology Solutions
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
AgendaAgenda
Why have IT Governance?Why have IT Governance? What is IT Governance?What is IT Governance? Various elements of IT GovernanceVarious elements of IT Governance Frameworks for IT GovernanceFrameworks for IT Governance How Frameworks interactHow Frameworks interact How IT processes underpin IT GovernanceHow IT processes underpin IT Governance Example of Framework integrationExample of Framework integration Metrics to measure IT process healthMetrics to measure IT process health
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Why Bother About IT Governance?Why Bother About IT Governance?
Decline of Business Readiness
Lack of Effective Governance Can Lead to Catastrophic Failures!!Lack of Effective Governance Can Lead to Catastrophic Failures!!
Desired Level
Major Effort
for Recovery
CatastrophicFailure!!
IT Readiness
Time
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
This is not a Rhetorical Conjecture!This is not a Rhetorical Conjecture!
Some Examples:Some Examples: Largest Asian Stock Exchange suspended Largest Asian Stock Exchange suspended
trading in November, 2005 due to incorrect trading in November, 2005 due to incorrect software patchsoftware patch
Payroll of millions of customers of a major Payroll of millions of customers of a major North American bank was affected in June, North American bank was affected in June, 2004 due to incorrect system update2004 due to incorrect system update
Erroneous changes to Airline Ticketing Erroneous changes to Airline Ticketing system caused hundreds of international system caused hundreds of international travel tickets being sold for less than $100travel tickets being sold for less than $100
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
IT Governance – The DefinitionIT Governance – The Definition
ITIT GovernanceGovernance is a system that: is a system that: Directs and controls to administer necessary Directs and controls to administer necessary
IT services to its clientsIT services to its clients Specifies rights and responsibilities of Specifies rights and responsibilities of
parties*parties* involved involved Defines the policies and procedures;Defines the policies and procedures; Provides the structure to achieve the aboveProvides the structure to achieve the above
* Customers, Regulators and Stakeholders
The above closely follows corporate governance definition outlined by OECD (Organization for Economic Cooperation and Development) located in Paris, France.
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
IT Governance – Differing ViewpointsIT Governance – Differing Viewpoints
Three Parties & Three Areas of InterestThree Parties & Three Areas of Interest RegulatorsRegulators – in Regulatory Compliance – in Regulatory Compliance
Regulators are Government AgenciesRegulators are Government Agencies CustomersCustomers – in Effectiveness of IT Services – in Effectiveness of IT Services
and somewhat in Regulatory Complianceand somewhat in Regulatory Compliance Customers are recipients of IT ServicesCustomers are recipients of IT Services
StakeholdersStakeholders – in Efficiency and Effectiveness – in Efficiency and Effectiveness of IT Services and Regulatory Complianceof IT Services and Regulatory Compliance
Stakeholders are managers and employees of an Stakeholders are managers and employees of an IT organizationIT organization
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Interest Areas of the Three PartiesInterest Areas of the Three Parties
Stakeholders
Customers
Regulators
ComplianceEfficiency Effectiveness
Stakeholders
Customers
Regulators
StakeholdersStakeholders
CustomersCustomers
RegulatorsRegulators
ComplianceEfficiency Effectiveness ComplianceComplianceEfficiencyEfficiency Effectiveness
Efficiency, Effectiveness and Compliance are only possible through Deployment and Management of a
Process Environment of Best Practices
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Eff
icie
ncy
EFF
ECTI
VENESS
COM
PLI
ANCE
Managed Process Environment
Governance
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Elements of GovernanceElements of Governance
StandardStandard against which Governance can against which Governance can be assessedbe assessed
ProvenProven Set Set ofof PracticesPractices for the processes for the processes of an organizationof an organization
ComplianceCompliance for government regulations for government regulations ContinuousContinuous ImprovementImprovement to address to address
EfficiencyEfficiency
Governance is NOT just compliance of Government Regulations for Financial Disclosure
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Frameworks impacting IT Frameworks impacting IT Governance –Governance – The Alphabet Soup The Alphabet Soup
Standards FrameworksStandards Frameworks ISOISO ( (Int. Org. for Standardization) – for Int. Org. for Standardization) – for QualityQuality
Adoption for competitive reason and is optionalAdoption for competitive reason and is optional SOXASOXA (Sarbanes-Oxley Act) – for (Sarbanes-Oxley Act) – for ComplianceCompliance
Regulatory requirements make adoption mandatoryRegulatory requirements make adoption mandatory
Compliance Compliance FrameworkFramework COBITCOBIT (Control Objectives for Information (Control Objectives for Information
and Related Technology) – for Controlsand Related Technology) – for Controls
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Frameworks impacting IT Frameworks impacting IT Governance –Governance – The Alphabet Soup The Alphabet Soup
Best Practices Best Practices FrameworksFrameworks CMMICMMI (Capability Maturity Modeling (Capability Maturity Modeling
Integration) – for IT DevelopmentIntegration) – for IT Development ITILITIL (Information Technology Infrastructure (Information Technology Infrastructure
Library) – for IT Infrastructure SupportLibrary) – for IT Infrastructure Support Continuous Improvement Continuous Improvement FrameworkFramework
Six SigmaSix Sigma
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Governance Elements -Governance Elements -Also Underpinned by Best PracticesAlso Underpinned by Best Practices
BestPractices
Standards
Controls& Audit
QualityStandard
RegulatoryStandard
Sarbanes-Oxley Act
Sarbanes-Oxley ActSarbanes-Oxley Act
Sarbanes-Oxley Act
ITILITILITILITILITILITILITILITIL
ContinuousImprovement
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Processes Underpin Governance Processes Underpin Governance ElementsElements
ITIL processes are necessary for ISO 20000 ITIL processes are necessary for ISO 20000 certificationcertification
ITIL helps to provide controls for COBIT ITIL helps to provide controls for COBIT ITIL processes underpin CMMI for support ITIL processes underpin CMMI for support
and maintenanceand maintenance Continuous Improvement & Six Sigma is only Continuous Improvement & Six Sigma is only
possible through deployment of ITIL best possible through deployment of ITIL best practicespractices
ITIL Best Practices allow addressing of ITIL Best Practices allow addressing of Effectiveness, EfficiencyEffectiveness, Efficiency and and ComplianceCompliance
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
UsersDifficulties, InquiriesService Requests
Change Requests
Service Support
Change Management
Communication,Updates, Workarounds
Incidents Releases
Incident Management
Problem Management
Release Management
Service Desk
The Business, Customers
Service Level Management
Queries, Inquiries Communication`
Service Delivery
Availability Management
Capacity Management
FinancialManagement
for IT Services
IT ServiceContinuity
Management
Requirements, Targets, Achievements
Availability Management
Capacity Management
FinancialManagement
for IT Services
IT ServiceContinuity
Management
Requirements, Targets, Achievements
Configuration Management
ITIL ITIL (IT Infrastructure Library(IT Infrastructure Library))
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
ITIL and ISO - Achieving ISO 20000 ITIL and ISO - Achieving ISO 20000 Certification Certification
In-House Procedures
ITILIT Infrastructure Library
ISO 20000-2Code of Practice
ISO 20000-1Specification
Deployed Solutions
Process Definition
Management Overview
Benchmarking Certification
Requires
Requires
Requires
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Necessary Tasks for SOXANecessary Tasks for SOXA* * ComplianceCompliance
1.1. Display the Business ProcessDisplay the Business Process
2.2. Define Control ObjectivesDefine Control Objectives
3.3. Identify Risks (or “what-can-go-Identify Risks (or “what-can-go-wrong”) in the processwrong”) in the process
4.4. Define specific Controls that are in Define specific Controls that are in place to mitigate the above Risks, and,place to mitigate the above Risks, and,
5.5. Produce Evidence to prove that the Produce Evidence to prove that the above Controls are effectiveabove Controls are effective
ITIL BestPractices
ITIL BestPractices
*Sarbanes-Oxley Act – enacted by US Congress in 2002
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
ITIL and COBITITIL and COBIT
While While ITILITIL is about process best is about process best practice, practice, COBITCOBIT is about control points is about control points
Procedures are mapped by Procedures are mapped by ITILITIL best best practicespractices
Risks can be defined through MetricsRisks can be defined through Metrics Software tool for Software tool for ITILITIL management management
provide Control Evidence and Audit Logsprovide Control Evidence and Audit Logs
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Integration of Development and Integration of Development and Support Best PracticesSupport Best Practices
Application Management Lifecycle Elegantly Integrates ITIL and CMMI
Requirements
Deploy
Optimize
Operate Build
Design
Application Development
Service Management
CMMIDomain
ITILDomain
Source: ITIL: Application Management (2002, p.7)
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
ITIL and Six SigmaITIL and Six Sigma
ITIL Best Practice allows rapid adoptionITIL Best Practice allows rapid adoption No need to develop from scratchNo need to develop from scratch
ITIL defines metrics used as Six Sigma ITIL defines metrics used as Six Sigma CTQs (“y”) and also for causes (“x”)CTQs (“y”) and also for causes (“x”)
ITIL process management software tool ITIL process management software tool provides data for necessary analysesprovides data for necessary analyses
Application of Six Sigma require mature Application of Six Sigma require mature environment environment
CTQ – “Critical to Quality” (as defined by customer)
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Deployment of FrameworksDeployment of Frameworks
Parts of Frameworks can be applied as needed Parts of Frameworks can be applied as needed and incrementallyand incrementally Even partial implementations of Frameworks can Even partial implementations of Frameworks can
provide major benefits for superior Governanceprovide major benefits for superior Governance
Business goals decide what to adoptBusiness goals decide what to adopt Any Framework implementation is a major effortAny Framework implementation is a major effort Strong and committed leadership is not just Strong and committed leadership is not just
crucial, it is absolutely mandatory to achieve crucial, it is absolutely mandatory to achieve superior governancesuperior governance
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Support Infrastructure is a Must for Support Infrastructure is a Must for Deployed FrameworksDeployed Frameworks
Successful deployments require that the processes be:Successful deployments require that the processes be: AlignedAligned – ensuring process objectives address business – ensuring process objectives address business
needsneeds StreamlinedStreamlined – through adoption of best practice – through adoption of best practice MappedMapped – through mapping of tasks for workflows and role – through mapping of tasks for workflows and role
assignmentsassignments VerifiedVerified – by various organizational functions to meet their – by various organizational functions to meet their
business requirementsbusiness requirements OwnedOwned – by assigning formal roles for accountability – by assigning formal roles for accountability DocumentedDocumented – for consistency of implementation throughout – for consistency of implementation throughout
the organizationthe organization MeasuredMeasured – to ensure that the process is effective and efficient – to ensure that the process is effective and efficient
while meeting compliancewhile meeting complianceA support infrastructure essentially includes a number of formal roles such as the A support infrastructure essentially includes a number of formal roles such as the champions, process owners, process managers and others – depending on the champions, process owners, process managers and others – depending on the
nature of the framework and the organizationnature of the framework and the organization
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Integration of Frameworks – An Integration of Frameworks – An Example in an ITIL ProcessExample in an ITIL Process
Problem Management
Process
Design, Deploy & Document based on
Best Practices
ITILApply “Cause-and-Effect”, FMEA, Stat
Tools for Analyses to Determine Root Cause
6s
Develop “What-can-Go-Wrong” and Controls
COBIT
If Root Cause is a Design issue, Hand over
to Application Development
CMMI
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Metrics – Crucial to Manage Metrics – Crucial to Manage Processes and FrameworksProcesses and Frameworks
Metrics Determine Process Health or Metrics Determine Process Health or Framework MaturityFramework Maturity
3M3M Principle – Measure-to-Monitor-to- Principle – Measure-to-Monitor-to-ManageManage To manage, one needs to monitorTo manage, one needs to monitor To monitor, one needs to measureTo monitor, one needs to measure
ITILITIL Best Practices also provide relevant Best Practices also provide relevant and well-defined Metrics for IT processesand well-defined Metrics for IT processes
Continuous improvement is NOT possible without appropriate metricsContinuous improvement is NOT possible without appropriate metrics
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Examples of Applying Examples of Applying 66σσ Based Based MetricsMetrics
Traditional Chart for Outage
Out a
ge D
ur a
t ion (
Min
.)
06 Ja
n
05 D
ec
05 Nov
05 O
ct
05 S
ep
05 A
ug
05 Ju
l
05 Ju
n
05 M
ay
05 A
pr
05 M
ar
05 Feb
05 Ja
500
400
300
200
100
0
Boxplot of Monthly Outage Duration
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Examples of Applying Examples of Applying 66σσ Based Based MetricsMetrics
Outa
ge D
ura
tion (
Min
.)
06 Ja
n
05 D
ec
05 Nov
05 O
ct
05 S
ep
05 A
ug
05 Ju
l
05 Ju
n
05 M
ay
05 A
pr
05 M
ar
05 Feb
05 Ja
n
500
400
300
200
100
0
Boxplot of Monthly Outage Duration
Statistical Chart (Boxplot) for Outage
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Examples of Applying Examples of Applying 66σσ Based Based MetricsMetrics
Traditional Outage Chart by Platform
Out a
ge T
ime (
Min
.)
Internal-OtherInternal-ServerInternal-MVSInternal-MidExternal
500
400
300
200
100
0
Boxplot of Outage Time by Platform
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Examples of Applying Examples of Applying 66σσ Based Based MetricsMetrics
Outage Boxplot by Platform
Outa
ge T
ime (
Min
.)
Internal-OtherInternal-ServerInternal-MVSInternal-MidExternal
500
400
300
200
100
0
Boxplot of Outage Time by Platform
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Examples of Applying Examples of Applying 66σσ Based Based MetricsMetrics
Sample
Sam
ple
Mean
51464136312621161161
300
200
100
0
__X=51.6
UB=105.7
LB=2.5
Sample
Sam
ple
Range
51464136312621161161
2000
1500
1000
500
0
_R=360
UCL=721
LCL=0
1
1
1
111
1
1
11111
Xbar-R Chart of Outage Duration (Min) - All Outages Internal
Xbar-R Control Chart – Internal Outages
Weeks
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
Examples of Applying Examples of Applying 66σσ Based Based MetricsMetrics
Xbar-R Control Chart – Int. & Ext. Outages
Sample
Sam
ple
Mean
51464136312621161161
240
180
120
60
0
__X=51.6
UB=105.7
LB=0
Sample
Sam
ple
Range
51464136312621161161
2000
1500
1000
500
0
_R=431
UCL=863
LCL=0
1
11
1
1
1
Xbar-R Chart of Outage Duration (Min) - for Both Int & Ext
Sample
Sam
ple
Mean
51464136312621161161
240
180
120
60
0
__X=51.6
UB=105.7
LB=0
Sample
Sam
ple
Range
51464136312621161161
Sample
Sam
ple
Mean
51464136312621161161
240
180
120
60
0
__X=51.6
UB=105.7
LB=0
Sample
Sam
ple
Range
51464136312621161161
2000
1500
1000
500
0
_R=431
UCL=863
LCL=0
1
11
1
1
1
Xbar-R Chart of Outage Duration (Min) - for Both Int & Ext
Weeks
Path
fin
der
Path
fin
der
Tech
nolo
gy
Tech
nolo
gy
Solu
tion
sS
olu
tion
s
AgendaAgenda
Why have IT Governance?Why have IT Governance? What is IT Governance?What is IT Governance? Various elements of IT GovernanceVarious elements of IT Governance Frameworks for IT GovernanceFrameworks for IT Governance How Frameworks interactHow Frameworks interact How IT processes underpin IT GovernanceHow IT processes underpin IT Governance Example of Framework integrationExample of Framework integration Metrics to measure IT process healthMetrics to measure IT process health