#325 - CobiT and Service Delivery Debra Mallette, CISA, CSSBB Kaiser Permanente IT.

Slides:



Advertisements
Similar presentations
Alignment of COBIT to Botswana IT Audit Methodology
Advertisements

Course: e-Governance Project Lifecycle Day 1
Alignment of Enterprise Governance and IT Governance
Analisa Proses. Terjemahan model analisis menjadi desain software.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
TI BISNIS ITG using COBIT &
COBIT Framework Source:
Centro de Convenciones, August 22-23, 2006
COBIT - II.
IT Governance Capability Maturity within Government
Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
IT Infrastructure Library ITIL vs COBIT. ANDRIAN EDUARD BANGGA IKHSAN BASKARA JOOVANNY PASUHUK RANGGA FAJARULLAH TEAM.
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
SOX and IT Audit Programs John R. Robles Thursday, May 31, Tel:
By Collin Smith COBIT Introduction By Collin Smith
ISS IT Assessment Framework
CISB444 - Strategic Information Systems Planning
Managing the Information Technology Resource Jerry N. Luftman
Overview of IT Governance and
Quality evaluation and improvement for Internal Audit
COBIT Framework Introduction. Problems with IT? – Increasing pressure to leverage technology in business strategies – Growing complexity of IT environments.
How can projects be controlled?
Introduction to IT Auditing
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
Information Security Governance 25 th June 2007 Gordon Micallef Vice President – ISACA MALTA CHAPTER.
Optimize ITIL ® Implementations With processes automation ITIL is a Registered Trademark by the OGC Dimitri Mizernik
Continual Service Improvement Process
Developing an IS/IT Strategy
INFORMATION ASSURANCE USING C OBI T MEYCOR C OBI T CSA & MEYCOR C OBI T AG TOOLS.
The Challenge of IT-Business Alignment
Chapter Three IT Risks and Controls.
Overview:  Different controls in an organization  Relationship between IT controls & financial controls  The Mega Process Leads  Application of COBIT.
Logistics and supply chain strategy planning
Roles and Responsibilities
1. IT AUDITS  IT audits: provide audit services where processes or data, or both, are embedded in technologies.  Subject to ethics, guidelines, and.
CSI - Introduction General Understanding. What is ITSM and what is its Value? ITSM is a set of specialized organizational capabilities for providing value.
Service Transition & Planning Service Validation & Testing
Roadmap to Maturity FISMA and ISO 2700x. Technical Controls Data IntegritySDLC & Change Management Operations Management Authentication, Authorization.
An Integrated Control Framework & Control Objectives for Information Technology – An IT Governance Framework COSO and COBIT 4.0.
Committee of Sponsoring Organizations of The Treadway Commission Formed in 1985 to sponsor the National Commission on Fraudulent Financial Reporting “Internal.
IT Governance: COBIT, ISO17799 & ITIL. Introduction COBIT ITIL ISO17799Others.
Introduction to the Continual Service Improvement Toolkit Welcome.
Example Incident Mgmt Initiation No recording of Incidents Users can approach different departments Solutions of previous incidents are not available.
Institute of Internal Auditors COBIT Presentation October 9, 2001.
COBIT®. COBIT® - Control Objectives for Information and related Technology. C OBI T was initially created by the Information Systems Audit & Control Foundation.
Kathy Corbiere Service Delivery and Performance Commission
The Implementation of BPR Pertemuan 9 Matakuliah: M0734-Business Process Reenginering Tahun: 2010.
C OBI T and slides © 2007 IT Governance Institute. Used with permission. An Overview of C OBI T ®
Internal Auditing Effectiveness
12-CRS-0106 REVISED 8 FEB 2013 APO (Align, Plan and Organise)
CSI - Introduction ITIL v3.
© | Hansan Global | All Rights Reserved 1 INTRODUCTION TO IT SERVICE MANAGEMENT Hansan Global Pte Ltd.
Driving Value from IT Services using ITIL and COBIT 5 July 24, 2013 Gary Hardy ITWinners.
IT Auditor’s Role in IT Governance Fred C. Roth, CISA MIS Training Institute Session 425.
Change Management and COBIT®. Estonia & Finland Chapters Presentation Friday, November 5 th 2004 Charles Mansour CISA Tere päevast! ©Charles Mansour.
ForrTel: IT Governance Frameworks
COBIT. The Control Objectives for Information and related Technology (COBIT) A set of best practices (framework) for information technology (IT) management.
1 Using CobiT to Enhance IT Security Governance LHS © John Mitchell John Mitchell PhD, MBA, CEng, CITP, FBCS, MBCS, FIIA, CIA, CISA, QiCA, CFE LHS Business.
Service Design.
#245 - CobiT and Software Development Debra Mallette, CISA, CSSBB Kaiser Permanente IT & Monica Jain, CSQA Convansys.
EECS David C. Chan1 Computer Security Management Session 1 How IT Affects Risks and Assurance.
ISACA Willamette Valley Chapter Luncheon Thursday, March 20, 2008 Practical Auditors Guide for CobiT Steve Balough, CISA.
BIL 424 NETWORK ARCHITECTURE AND SERVICE PROVIDING.
Integrated Management System and Certification
Alignment of COBIT to Botswana IT Audit Methodology
Bringing technology and leadership together.
Change Management and COBIT®. ISACA London Chapter Presentation
Portfolio, Programme and Project
Presentation transcript:

#325 - CobiT and Service Delivery Debra Mallette, CISA, CSSBB Kaiser Permanente IT

2 Outline Business, IT and IT Service Delivery ITIL best practices and CobiT overview How CobiT maps to ITIL best practices –Results of recent joint research between the ITGI and the OGC (the owners of ITIL) on harmonizing CobiT and ITIL and using them together effectively How to use CobiT and ITIL to: –focus on business and improve service definitions and SLA’s –apply metrics and maturity models assess performance –Develop and implement targeted process improvements Conclusion

3 Why is Improvement with Best Practices Important? Effective use of IT is critical to the success of enterprise strategy Best practices and standards help to enable effective governance of IT activities Big Benefits, reliably, implementable for organization

4 Aligning IT Services to the Business Business Strategy IT Strategy Specific IT Objectives IT Service Requirements Are they aligned?

5 IT Services need to be: Defined according to customer requirement Prioritized according to overall business needs Measurable in terms meaningful to the customer Specified in terms of operational requirements Capable of being delivered adequate resources and processes in place Managed and controlled so objectives are met and risks are managed Cost effective so scarce resources can be optimised, and service providers can be profitable

6 What’s needed to make this work? Business Strategy IT Strategy Specific IT Objectives IT Service Requirements Are they aligned? Clear and measurable statements of business’s operational requirement from IT Service Definitions Operational Level Agreements Service Level Agreements Best Practices

7 And... Business Strategy IT Strategy Specific IT Objectives IT Service Requirements Are they aligned? Clear and measurable statements of business’s operational requirement from IT Service Definitions Operational Level Agreements Service Level Agreements Best Practices Capability Assessment (make sure it is achievable) Governance and Control Framework (make sure it is managed)

8 CobiT and ITIL Business Strategy IT Strategy Specific IT Objectives IT Service Requirements Are they aligned? Clear and measurable statements of business’s operational requirement from IT Service Definitions Operational Level Agreements Service Level Agreements Best Practices Capability Assessment (make sure it is achievable) Governance and Control Framework (make sure it is managed) ITIL CobiT

9 Service Delivery –Capacity Management –Availability Management –Financial Mgt. for services –Service Level Management –Service Continuity Mgt. ITIL Best Practices Overview Service Support –Incident Management –Problem Management –Configuration Management –Change Management –Release Management Activities to Define and Develop IT Processes –Application and Software Asset Management –Design and planning ICT Infrastructure –Security Management –Business Perspective

10 Objectives of ITIL Holistic Service Management –Assure the consideration of functional and non- functional requirements –Ensure that Services are appropriately tested before live operational use –Assess the possible risks and impact on existing infrastructure caused by new or modified systems –Define future Service Requirements

11 Objectives of ITIL, cont. Customer orientation - IT services provided at a level of quality that allows permanent reliance on them. Responsibility is assigned to individuals who: –Consult the users, help them use services optimally –Collect and forward user opinions & recommendations –Resolve incidents –Monitor performance of the services delivered –Manage Change

12  Framework for IT governance aligning IT with business requirements  An IT process classification scheme  Generic control objectives for each IT process  Management guidelines enabling management to align IT activities and priorities with business requirements:  Set objectives and metrics (Goal Indicators- ‘KGIs’ and Performance Indicators – ‘KPIs’)  Consider critical success factors  Assess capability using maturity models – identify critical gaps CobiT Provides

13 u Premise: IT needs to deliver the information that the enterprise needs to achieve its objectives. u Promotes process focus and process ownership u Divides IT into 34 processes belonging to four domains, provides a high level control objective for each u Addresses fiduciary, quality and security needs of enterprises. u Seven information criteria to generically define what business requires from IT u 300+ detailed control objectives & control practices u Metrics for measuring goals and processes u Maturity models for gap analysis and benchmarking u Critical success factors for implementation u Effectiveness u Efficiency u Availability, u Integrity u Confidentiality u Reliability u Compliance. u Planning u Acquiring & Implementing u Delivery & Support u Monitoring What does CobiT consist of?

14 HOW DO THEY RELATE ? IT Processes IT Resources IT Resources Business Requirements  Data  Information Systems  Technology  Facilities  Human Resources  Planning and organisation  Aquisition and implementation  Delivery and Support  Monitoring  Effectiveness  Efficiency  Confidentiality  Integrity  Availability  Compliance  Information Reliability How IT is organised to respond to the requirements What the stakeholders expect from IT The resources made available to - and built up by - IT

15 PO AI DS MO IT Governance Model IT Governance helps: --simplify operations --cut costs --increase revenue Needs an IT Control Framework

16 DS1 Define service levels DS2 Manage third party services DS3 Manage performance and capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify and attribute costs DS7 Educate and train users DS8 Assist and advise IT customers DS9 Manage the configuration DS10 Manage problems and incidents DS11 Manage data DS12 Manage facilities DS13 Manage Operations PO1 Define a strategic IT Plan PO2 Define the information architecture PO3 Determine the technological direction PO4 Define the IT organization and relationships PO5 Manage the IT investment PO6 Communicate management aims and direction PO7 Manage human resources PO8 Ensure compliance with external requirements PO9 Assess risks PO10 Manage Projects PO11 Manage Quality A I 1 Identify automated solutions A I 2 Acquire and maintain application software A I 3 Acquire and maintain technology infrastructure A I 4 Develop and maintain IT procedures A I 5 Install and accredit systems A I 6 Manage changes M1 Monitor the process M2 Assess internal control adequacy M3 Obtain independent assurance M4 Provide for independent audit IT RESOURCES IT RESOURCES data application systems technology facilities people data application systems technology facilities people PLANNING AND ORGANISATION PLANNING AND ORGANISATION ACQUISITION AND IMPLEMENTATION ACQUISITION AND IMPLEMENTATION DELIVERY AND SUPPORT MONITORING effectiveness efficiency confidentiality integrity availability compliance reliability effectiveness efficiency confidentiality integrity availability compliance reliability Criteria Business Objectives CobiT Framework

17 CobiT provides over-arching process framework covering all IT activities, linked to business requirements, that ITIL can fit into ITIL is focused mostly on service management (CobiT’s Delivery & Support domain) ITIL is more detailed and practices oriented CobiT helps link ITIL best practices to real business requirements and IT process owners CobiT’s Control Objectives provide a Control Framework CobiT’s metrics help define SLA & OLA criteria CobiT’s Maturity Models provide basis for assessing capability & planning improvements CobiT plus ITIL and other standards provide a more complete set of best practices CobiT and ITIL are complementary

18 Senior management more aware and involved – more direction Process focus enables process ownership - more accountability Common language and reference model - better communication Metrics and SLAs more business oriented, understandable to users, and therefore more realistic – stakeholder ownership IT more focused on what the user / business wants – prioritized ITIL best practices applied where they are most needed – effective Control framework conforms to SOX – easier compliance Necessary improvements will be easier to justify – better ROI Efficiencies should be gained – cost optimized Benefits of a combined approach

19 Research project between ITGI & OGC  ITGI is IT Governance Institute:   OGC is UK’s Office of Government Commerce:  ogc.gov.uk  Both ITGI & OGC would like to see greater harmonization between CobiT and ITIL  We have agreement to initiate joint research  Coming Soon: First deliverable:  Executive summary aimed at management what’s needed, what’s provided, how they work together  Appendix showing relationship between CobiT’s 34 Processes, Controls and ITIL  This mapping from Work-in-progress  Other deliverables likely to follow  Results will be used in both CobiT and ITIL planned update projects

20 How CobiT maps to ITIIL ITIL best practice guidance for CobiT processes ITIL guidance by CobiT domain CobiT guidance beyond ITIL

21 CobiT Processes mapped to ITIL Best Practices

22 CobiT Guidance beyond ITIL

23 Using CobiT’s Maturity Models to improve Self-Assess Priorities and opportunities for improvement. Evaluate the expected benefit from the improvement - see metrics. Choose for leverage: CobiT, ITIL, Both? Plan: –Desired improvement –IT-wide balanced Maturity Level. –Planning and Monitoring feedback loops

24 Key Process Components Process Inputs Outputs IT Resource IT Resource Information Criteria Information Criteria Key Goal Indicators (KGIs) Key Goal Indicators (KGIs) Key Performance Indicators (KPIs) Key Performance Indicators (KPIs) Critical Success Factors (CSFs) Critical Success Factors (CSFs) Control Objectives Control Objectives Maturity Model Maturity Model Purpose

25 Assessing Maturity and Prioritizing Opportunities

26 Using Metrics to drive Improvement Plan: Use CobiT Online –Benchmark and/or Self Assess –Select Process(es) (look at Goals, Criteria and Resources) –Align with Business: Key Goal Indicator –IT Performance: Key Performance Indicator Implement –Select and implement best practices –Check Critical Success Factors Control: Monitor and Feedback –Monitor Key Goal Indicators & Key Performance Indicators –Assess Internal Control Adequacy Act

27 CobiT Maturity Levels Benchmark and/or Self-Assess Optimized: Best Practices Non-Existant: Management Processes not applied at all Ad Hoc: Ad hoc and disorganized Repeatable: Regular patterns Defined: Documented and communicated Managed: Monitored & Measured See CobiT Management Guidelines or CobiT Online

28 Assessing Maturity and Prioritizing Opportunities Selected DS3: Manage Performance and Capacity

29 Select DS3: Manage Performance and Capacity Key Goal Indicators to Align with Business

30 Select DS3: Manage Performance and Capacity IT Key Performance Indicators to Monitor

31 CobiT Processes mapped to ITIL Best Practices Selected DS3: Manage Performance and Capacity

32 Select and Implement CobiT DS3 maps to ITIL Best Practice: Service Delivery –Capacity Management –Availability Management –Financial Mgt. for services –Service Level Management –Service Continuity Mgt.

33 Select and Implement Address CobiT DS3 Critical Success Factors

34 DS3: Manage Performance and Capacity Implementation Critical Success Factors

35 Case Study: Monitored Results IT Staff reduced by >50% while customer staffing reduced by 40%. Capital equipment and leasing costs reduced by 80%. Site consolidations for floor space reductions including off-site storage reductions for approx. 40% reduction. Computer room construction upgrade projects funded as required to meet OSHA. Network availability maintained at average of 3.5 “9’s” over the year. SLA’s response rate sustained to target with “very satisfied” customer rating.

36 Summary Performance Improvement is Business & IT imperative. Business is at risk if IT Performance not sustained with continuous improvements and controls. CobiT and ITIL have compatible and synergistic strengths for optimal IT and Business results.

37 For More Information See:

38 And For Even More Information: Debra Mallette, CISA, CSSBB Kaiser Permanente IT Gary Hardy CobiT Steering Committee IT Winners

Thank you!