Presentation is loading. Please wait.

Presentation is loading. Please wait.

#245 - CobiT and Software Development Debra Mallette, CISA, CSSBB Kaiser Permanente IT & Monica Jain, CSQA Convansys.

Published byEmory Holmes Modified over 8 years ago

Similar presentations

Presentation on theme: "#245 - CobiT and Software Development Debra Mallette, CISA, CSSBB Kaiser Permanente IT & Monica Jain, CSQA Convansys."— Presentation transcript:

1 #245 - CobiT and Software Development Debra Mallette, CISA, CSSBB Kaiser Permanente IT & Monica Jain, CSQA Convansys

2 2 Outline Business and IT performance improvement Maturity models and Six Sigma Software development improvement and SEI CMM IT improvement and Cobit Compare and contrast SEI CMM and Cobit How to improve performance with maturity model(s) Case study Conclusion

3 3 Performance Improvement

4 4 Improving Performance with Maturity Model(s) Process Technology People Maturity Models

5 5 Six Sigma and Maturity Models Ad Hoc Repeatable But Intuitive Defined Process Managed and Measurable Optimized Business Program XX Process Project XXX Statistical Tool(s) XXXX

6 6 Software Engineering Institute’s Capability Maturity Model (sm) for Software

7 7 SEI CMM (SM) Key Practice Areas

8 8

9 9

10 10 DS1 Define service levels DS2 Manage third party services DS3 Manage performance and capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify and attribute costs DS7 Educate and train users DS8 Assist and advise IT customers DS9 Manage the configuration DS10 Manage problems and incidents DS11 Manage data DS12 Manage facilities DS13 Manage Operations PO1 Define a strategic IT Plan PO2 Define the information architecture PO3 Determine the technological direction PO4 Define the IT organization and relationships PO5 Manage the IT investment PO6 Communicate management aims and direction PO7 Manage human resources PO8 Ensure compliance with external requirements PO9 Assess risks PO10 Manage Projects PO11 Manage Quality A I 1 Identify automated solutions A I 2 Acquire and maintain application software A I 3 Acquire and maintain technology infrastructure A I 4 Develop and maintain IT procedures A I 5 Install and accredit systems A I 6 Manage changes M1 Monitor the process M2 Assess internal control adequacy M3 Obtain independent assurance M4 Provide for independent audit IT RESOURCES IT RESOURCES data application systems technology facilities people data application systems technology facilities people PLANNING AND ORGANISATION PLANNING AND ORGANISATION ACQUISITION AND IMPLEMENTATION ACQUISITION AND IMPLEMENTATION DELIVERY AND SUPPORT MONITORING effectiveness efficiency confidentiality integrity availability compliance reliability effectiveness efficiency confidentiality integrity availability compliance reliability Criteria Business Objectives CobiT Framework

11 11 SEI CMM Vs. CobiT SEI CMMCobiT Improvement Focus Software Engineering IT Size of target Population and Model Complexity Portion of IT Complex Model Quality Language All of IT Clear, Concise Controls Language SynergiesIntegral and Functional KPA’s Internal Audit

12 12 CobiT and SEI CMM CobiT provides over-arching process (controls) framework for all IT activities. CobiT links SEI CMM KPA’s to business goals as follows: –CobiT processes link SEI CMM key practice areas to IT process owners and business goals –CobiT metrics help define SEI CMM goals and objectives –CobiT maturity models provide basis for assessing IT capability & planning improvements beyond SEI CMM KPAs SEI CMM provides software engineering detailed best practices, including functional and integral practices. SEI CMM provides guidance for CobiT’s acquisition and implementation domain processes.

13 13 CobiT vs. SEI CMM Goals CobiT for ITSEI CMM for Software Engineering Effectiveness Efficiency Confidentiality Compliance Reliability Improved control Effectiveness Efficiency Improved Software Quality

14 14 SEI CMM and CobiT

15 15 CobiT and SEI CMM

16 16 COBIT and SEI CMM Levels

17 17 Using a Maturity Model to improve Identify opportunities for improvement. Evaluate the expected benefit from the improvement. Choose for leverage: CobiT, SEI CMM, Both? Full SEI CMM assessment? Plan: –Desired improvement –IT-wide balanced Maturity Level. –Planning and Monitoring feedback loops

18 18 Case Study: Background Timeframe: Jan. 2001- June 2003 IT organization providing Products and Services for around-the-clock, around-the-globe Engineering. Solid line reporting to Engineering/Sector, dotted Line to Corporate IT 300 +/- people serving more than 12000+ engineers at 6 sites on 2 continents Cost reductions over 2 years: All contractors gone. 40% of headcount laid off. No capital spending approved. Computer rooms consolidated as leased space vacated. New CIO, new CFO. IT outsourcing looming.

19 19 Organization Background Corporate Six Sigma renewal initiative SEI CMM (and SEI CMMi) initiative active in Engineering (IT’s customers). SEI CMM usage required by IT Policy Another sector working on Baldrige Award (awarded). Security concerns - pre and post 9/11. Intellectual Property Concerns. Financial controls concerns (pre Sarbanes/Oxley)

20 20 14% 16% 66% 4% Planning & Organization Acquisition & Implementation Delivery & Support Monitoring Organizational Fit Resources to be Leveraged? IT Effort Expenditure Percentages Planning & Organization Delivery & Support Monitoring Acquisition & Implementation

21 21 IT Leadership Team: Reduce efforts to prep for audits (3500 man-hours for one site!) and “keep the lights on” Corporate Finance: Maintain Satisfactory compliance. Corporate IT Management: Mitigate Security vulnerabilities, reduce costs by minimum of 50% and continuously improve quality and maturity performance. Customer Management: TL/9000 and ISO 9001 compliance. Less “keep the lights on” investment, more availability to support product development and more “engagement” to increase productivity. Customer and Stakeholder Expectations for IT Organization’s Performance

22 22 Goal: “Defined” Level 3 Gap Analysis and Planning 14% L2 16% L2 66% L2 4% L2 Planning & Organization Acquisition & Implementation Delivery & Support Monitoring Self-Assessment “Repeatable”: Level 2 Planning & Organization Delivery & Support Monitoring Acquisition & Implementation

23 23 Performance Improvement Program PO1: Develop and deploy Strategic Planning Process including a strategic roadmap baseline, monthly alignment of strategy to projects and quarterly re- assessment of strategy. M1: Monitor performance against strategy using strategic roadmap and balanced score card goals. M2: Assess Internal audit readiness - improve just enough to sustain audit compliance at minimal cost.

24 24 PO1: Results Strategic roadmap baselined: top down with corporate data architecture (PO2) and bottom-up with IT project list in 3 months. Started with less than 10% project alignment and changed to greater than 80% alignment over period of 6 months. Stable strategy achieved in 3 review cycles. Continuous Improvement: –Strategy enhanced to include technology architecture (PO3) and customer alignment in 2nd year. –Roadmapping process not jettisoned in re-orgs!

25 25 M1: Results IT Staff reduced by >50% while customer staffing reduced by 40%. Capital equipment and leasing costs reduced by 80%. Site consolidations for floor space reductions including off-site storage reductions for approx. 40% reduction. Computer room construction upgrade projects funded as required to meet OSHA. Network availability maintained at average of 3.5 “9’s” over the year. SLA’s response rate sustained to target with “very satisfied” customer rating.

26 26 M2: Results 5 site reviews conducted. Reviews assessed the each site’s readiness for internal audit of compliance with Standards of Internal Control, Security, and Proprietary Information Protection practices. 100% “Satisfactory” findings for internal audits. Continuous Improvement: –Self-assessment Process, eliminating need for on-site visits of assessment teams, successfully deployed in 2nd year.

27 27 Improvement Investment Approximately 3% of organization’s resources over the year with the bulk of the investment in 3 FTE’s to sustain forward momentum on the program. Strong sponsorship and oversight by IT Director and Leadership Team including Site Managers. Travel expense budget to deploy readiness assessments.

28 28 Summary Performance Improvement is Business & IT imperative. Business is at risk if IT Performance not sustained with continuous improvements and controls (e.g. audits). Capability Maturity Level improvement is a step above continuous and requires investment and monitoring. Maturity Models can minimize risks to existing performance and reliably and predictably reproduce Performance Improvement results. CobiT and SEI CMM have compatible and synergistic strengths for optimal IT and Business results.

29 29 For More Information: Debra Mallette, CISA, CSSBB Kaiser Permanente IT debra.mallette@kp.org Monica Jain, CSQA Convansys MJain@convansys.com

30 Thank you!

Download ppt "#245 - CobiT and Software Development Debra Mallette, CISA, CSSBB Kaiser Permanente IT & Monica Jain, CSQA Convansys."

Similar presentations

Service Delivery – your ticket to play

Service Delivery – your ticket to play
Course: e-Governance Project Lifecycle Day 1

Course: e-Governance Project Lifecycle Day 1
Alignment of Enterprise Governance and IT Governance

Alignment of Enterprise Governance and IT Governance
Analisa Proses. Terjemahan model analisis menjadi desain software.

Analisa Proses. Terjemahan model analisis menjadi desain software.
IT Governance Infocom India Presentation December 6, 2006.

IT Governance Infocom India Presentation December 6, 2006.
Auditing Corporate Information Security John R. Robles Tuesday, November 1, 2005 Tel: 787-647-396.

Auditing Corporate Information Security John R. Robles Tuesday, November 1, Tel:
9 th Annual Public Health Finance Roundtable November 3, 2012 Boston, MA Peggy Honoré.

9 th Annual Public Health Finance Roundtable November 3, 2012 Boston, MA Peggy Honoré.
ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.

ACG 6415 SPRING 2012 KRISTIN DONOVAN & BETH WILDMAN IT Security Frameworks.
©2006 OLC 1 Process Management: The Foundation for Achieving Organizational Excellence Process Management Implementation Worldwide.

©2006 OLC 1 Process Management: The Foundation for Achieving Organizational Excellence Process Management Implementation Worldwide.
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
COBIT Framework Source:

COBIT Framework Source:
COBIT - II.

COBIT - II.
IT Governance Capability Maturity within Government

IT Governance Capability Maturity within Government
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.

AUDIT COMMITTEE FORUM TM ACF Roundtable IT Governance – what does it mean to you as an audit committee member July 2010 The AUDIT COMMITTEE FORUM TM is.
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Aust. AM Collaborative Group (AAMCOG) An introduction to ISO 55000 “What to do” guide 20th October 2014.

Aust. AM Collaborative Group (AAMCOG) An introduction to ISO “What to do” guide 20th October 2014.

Similar presentations

Ads by Google