Post on 14-Jun-2015
description
Frameworks For Predictability: COBIT, ITIL and PMBOK
Terrance Knecht, MBA, PMP, CISSP, CGEIT, COBIT, ITILtlk@terranceknecht.com
Terrance KnechtCurrently Consultant to ZS Associates
working on a project for Amgen (Phama)Previously head of Information Technology
for organizations 5 timesWorked in Information Technology in the
following industries: Government, Healthcare, Banking, Retail, Media, Telemarketing, Financial Services, Insurance, Education, Pharmaceuticals
Most successful in turnaround/troubled environments
Information Technology Organizations Are ReviewedScheduled AuditEvent/problem triggeredManagement questions IT ‘s directionMerger/Acquisition
Are You Organized?If someone comes in to review your
organization and actions are not tied to a process, each action is often reviewed
15 years ago if you had a system that tied individual actions to processes which themselves were tied to the high level summary, there was a general acceptance of your departmentCapitalized projects – outside auditProcesses - sale of organization
Next Level – International StandardsToday there are several internationally accepted
standards [FRAMEWORKS] for accomplishing functions within organizations. Use a standard framework:To eliminate the need to “invent” one’s own
standardsTo have predictability in resultsTo have acceptance of the framework by
outside entitiesTo have portability of a person’s skillsSenior Management is now responsible
FrameworksCOBIT (Control Objectives for Information
and Related TechnologyITIL (Information Technology Infrastructure
Library)PMBOK (Project Management Body of
Knowledge)COSO (Committee of Sponsoring
Organizations of the Treadway CommissionISO27001/ISO27002 (Security)CMMI (Capability Maturity Model
Integration)
COBIT (Control Objectives for Information and Related Technology)Key elements of enterprise governance:
Need for assurance about the value of IT (VALUE)
Management of IT risk (RISK)Increased requirements for control over
information (CONTROL)
COBIT Objectives
COBIT FrameworkCOBIT has information as the core value As a control and governance framework for
IT, COBIT focuses on two key areas:Providing the information required to
support business objectives and requirements
Treating information as the result of the combination of the application of IT-related resources that need to be managed by IT processes
Process OrientedCOBIT is Process Oriented – These processes
control IT resourcesApplicationsInformation – 9 Information CriteriaInfrastructurePeople
COBIT – Information: DimensionsEffectivenessEfficiencyConfidentialityIntegrityAvailabilityComplianceReliability
These Resources Are Controlled Within 4 Domains
MONITOR & EVALUATE
PLAN & ORGANIZE
ACQUIRE AND
IMPLEMENT
DELIVER AND
SUPPORT
Total of 34 Processes Supporting the 4 DomainsMonitor & Evaluate
Monitor & Evaluate IT performanceMonitor & evaluate internal controlsEnsue compliance with external requirementsProvide IT governance
Plan & OrganizeDefine a strategic IT PlanDefine the information architectureDetermine technological directionDefine the IT Processes, organization and relationshipsManage the IT investmentsCommunicate management aims and directionManage IT human resourcesManage qualityAssess and manage IT risksManage projectsAcquire & Implement
Identify automated solutionsAcquire & maintain application softwareAcquire & maintain technology infrastructureEnable operation and useProcure IT resourcesManage changesInstall & accredit solutions and changes
Deliver & SupportDefine & manage service levelsManage third party servicesManage performance and capacityEnsure continuous serviceEnsure systems securityIdentify & allocate costsEducate & train usersManage service desk and incidentsManage the configurationManage problemsManage dataManage the physical environmentManage operations
COBIT – Example – Strategic IT Plan Identify Primary, Secondary & Other for
InformationEffectiveness - PrimaryEfficiency - SecondaryConfidentialityIntegrityAvailabilityComplianceReliability
Primary
COBIT – Example – Strategic IT Plan Identify Primary, Secondary & Other for IT
Governance Focus Areas
Secondary
Secondary
COBIT – Example – Strategic IT Plan Identify Primary, Secondary & Other for IT
resourcesApplications - PrimaryInformation - PrimaryInfrastructure - PrimaryPeople - Primary
COBIT – Example – Strategic IT Plan ID InputsID OutputsCreate RACI Chart (Responsible,
Accountable, Consulted, Informed)Create Goals and Metrics
COBIT – Example – Strategic IT Plan Fill in the blanks:
Control over the IT Process of Define a Strategic Plan
That stratifies the business requirements of IT of _______
By focusing on ________Is achieved by ________And is measured by _______
Maturity ModelThe current status (in evolution) can be rated
on a maturity scale (CMMI)0 Non-existent1 Initial / Ad Hoc2 Repeatable but Intuitive3 Defined4 Managed and Measurable5 Optimized
COBIT: EvaluationCOBIT/ISACA has an online COBIT evaluation
system to determine at what level (maturity) an organization is regarding its implementation of COBIT
ITIL – Information Technology Infrastructure LibraryITIL is centered on Service Management
(ITSM) – this is the back office or operational concerns of IT to insure that the focus is on the relationship with the customer
A service is a means of delivery of value to customers by facilitating outcomes the customers want to achieve without their ownership of specific costs or risks
Service Management is a set of specialized organizational capabilities for providing value to customers in the form of a service
ITIL Life CycleService Strategy defines, maintains and
implements objectives & goalsService Design focuses on setting pragmatic
service blueprints which convert strategy into reality
Service Transition aims to bridge the gap between projects and operations
Service Operations ensures that there are strong end-to-end practices that insure stable services
Continuous Service Improvement enables improvement by supporting change
ITIL
Service
Design
Service Transitio
n
Service Operatio
n
SERVICESTRATEG
Y
CONTINUOUS SERVICE IMPROVEMENT
CONTINUOUS SERVICE IMPROVEMENT
COBIT & ITIL & PMBOKCOBIT is concerned with WHAT processes
are covered in its frameworkITIL provides the detailed best practices on
HOW processes should be designedPMBOK provides the framework HOW to
implement projects which result in change
ITIL – One of 5 Key Stages of Service – An Example Service Transition Is Composed of:
Change ManagementService Asset and Configuration
ManagementKnowledge ManagementRelease and Deployment Management
Specific (detailed) best practices are provided
PMBOK – Project ManagementProject Management is concerned with
creating “new” in a predictable mannerProjects are uniqueRepeatable is not project management – it is
maintenance
PM StepsInitiating
Get a sponsorCreate a project charterIdentify stakeholders
PlanningFinalize requirementsCreate Project Scope statementDetermine TeamCreate project planGain formal approval of plan
PM StepsExecuting
Execute according to planRequest ChangesPerform quality assuranceUse issues logs
Monitoring & ControllingMeasure performancePerform Risk AuditsReport on Project Performance
PM StepsClosing
Confirm work is done to requirementsUpdate lessons learnedHand off completed projectRelease resources
Project Management ProcessesUse issues logs (RAID)
RiskActionsIssuesDecisions
Mapping FrameworksCOBIT to ITILCOBIT to PMBOKITIL to Prince2 (PMBOK)
COBIT, ITIL & PMBOKMost processes/projects to not reach their
potential (fail)Most process implementations do not result
in pushing an individual forwardWorking with an international framework
allows one to skip explaining why and what the rules are and only deal with how well one is executing the process