Microsoft Operations Framework(MOF) 4.0

GRC and the IT Service Lifecycle

microsoft.com/MOF

What’s Included in This Presentation• Take a comprehensive look at governance, risk, and

compliance through MOF 4.0GRC in MOF 4.0

• Get a basic understanding of how the MOF model can help show you immediate results

Service Management Functions

• Learn more about how MOF fits into the bigger pictureMOF in Context

• Look at new compliance challenges and how MOF deals with themCompliance Challenges

• Understand how addressing GRC affects your organizationGRC Guidance

• See how MOF connects and addresses governance, risk, and compliance

Connect Governance, Risk, and Compliance

• Learn how MOF incorporates GRC into each lifecycle phase

GRC Throughout the Lifecycle

• Get a closer look at governance, risk, and compliance Focus on G, R, and C

• See how the elements of GRC are applied and integrated into the lifecycle phasesGRC Applied & Integrated

• Learn how MOF’s features produce resultsMake GRC Work for You

• Link to helpful GRC resources Resources

MOF 4.0 – Addressing the IT Service Lifecycle

MOF 4.0 Connects Service Management Standards to Practical Applications for the Community

Industry Standards

Control Frameworks

Concepts, Practices

MOF 4.0Guidance

Processes + Guidance + Tools(for Specific Scenarios)

Infrastructure Automation

Community

Goals and objectives: ISO 20000

Management perspective: COBIT

Process description: ITIL v3

Process guidance: MOF 4.0

Solution Accelerators

System Center

GRC Guidance

Risk Management

Governance

Compliance

More prescriptive

Directives, Policy, Controls

Connect Governance, Risk, and Compliance

GovernanceAddresses

strategic planning, business/IT alignment,

policy creation, and vision setting

RiskAddresses system threats,

system vulnerability, protection of IT assets, and

risks to management objectives

ComplianceAddresses adherence to

laws, regulations, policies, standards,

best practices, and frameworks

Risk tradeoff decisions(how they were made)

Impact of not complying

Risk tradeoff decisions

Compliance with governance rules

Risk tolerance

rules

Who decides,

and process

to follow

• Aiding decision making, balancing risk/benefit tradeoffs, identifying accountabilities

• Creating a strategy that manages risks and ensures risk management is appropriate for the activities at hand

• Establishing guardrails for behaviors, communicating expectations, and validating performance

GRC Influences All Lifecycle Phases

Governance• Identifies decision makers and stakeholders• Determines accountability for actions and responsibility

for outcomes• Addresses how expected performance will be evaluated

Risk• Employs risk management throughout the IT lifecycle:

• Business decisions • Policy adherence• Application development • Operational procedures

Compliance• Guides behavior to make sure what takes place is what

was intended• Shows how IT is performing against objectives

Governance, Risk, and Compliance Applied

IT Governance

Governance determines how IT makes investments, contributes to value, and achieves goals and management objectives

Good Governance: • Manages IT services in a regulatory

environment• Focuses on cost efficiencies and value

contribution• Provides insight into organizational processes

that result in continuous improvement and optimization initiatives

Risk Management

Risk management drives a structured approach to identifying, assessing, and managing potential threats to assets or the achievement of strategic goals

Good risk management: • Drives consistent, recurring, and comprehensive

reviews of IT plans, initiatives, projects, and activities

• Results in clear risk management decisions• Produces activities and internal controls that

reduce risk likelihood or impact

Compliance

Compliance establishes rules, guidelines, and communications to ensure an organization’s requirements are known and followed

Good compliance: • Ensures management intentions are realized• Establishes evaluation when expectations are set• Allows for effective monitoring

Make MOF GRC Work for You

Features:• Specific goals, outcomes, and measures in each SMF• Clearly identified accountabilities and role types for

each SMF• Objectives, risks, and controls outlined for each phase• Management reviews function as management

controls

Benefits:• Clearly established accountabilities• Effective risk management• Compliance with policies, laws, and

regulations

Resources

• MOF Home Page: www.microsoft.com/mof

• Compliance Home Page: www.microsoft.com/compliance

• IT Compliance Management Guide: www.microsoft.com/downloads/details.aspx?FamilyId=BD930882-0D39-4900-9A79-B91F213ED15D&displaylang=en

• Solution Accelerators Home Page: www.microsoft.com/solutionaccelerators

• Contact Email: MOFpm@microsoft.com

www.microsoft.com/mof