Download presentation
1
Using COBIT and ITIL Robert E Stroud CGEIT
International Vice President, ISACA VP Service Management & Governance Service Management, Governance & Cloud Computing Evangelist CA Technologies MaMay 16-20, Copyright © 2010 CA. All rights reserved.
2
robert e stroud (CGEIT)
Vice President, Service Management Service Management and Governance Evangelist 27 years Industry Experience 15+ years Banking Industry ITSM Treasurer, itSMF International Executive Board Director Audit, Standards and Compliance Former Director, itSMF USA Member ITIL V3 Advisory Group (IAG) Mentor ITIL V3 Service Transition Contributor ITIL Business Perspectives Volume II Author ITIL\COBIT\ISO17799 Management Overview IT Governance International Vice President ISACA\ITGI Chair COBIT Steering Committee IT Governance Committee Contributor to COBIT and VAL IT Contributor to Basel II Guidance BLOG: Copyright © 2010 CA - Robert E Stroud – - BLOG:
3
trademark notice COBIT® is a registered trademark of ISACA
ITIL® is a registered trademark and a registered community trademark of the UK Office of Government and Commerce (OGC) and is registered in the U.S. Patent and Trademark Office. COBIT® is a registered trademark of ISACA DISCLAIMER CA nor it’s speaker warrant or guarantee the concepts or the accuracy of information provided herein. No part of this publication may be reproduced in any form by print, photo print, microfilm or any other means without written permission by CA. Copyright © 2010 CA - Robert E Stroud – - BLOG:
4
risk & compliance lifecycle
Blissful Unawareness Phase Reactive Fragmented Implementation Phase Consolidation Phase Operational Excellence Phase Create inventory of governance, risk, and compliance initiatives MATURITY Continuous process improvement Start on a unified GRC approach Ad hoc, “must-do” activities only Rush projects to react to mandate TIME
5
benchmark data Best Outcomes (19%) 2 in 10 Organizations
Operating Results Worst Normative Best Top-line Financial Results -12% 0% +8% Loss/Theft of Customer Data More than 16 3 to 16 Less than 3 Hours of Downtime due to IT More than 60 4 to 60 Less than 4 IT Audit deficiencies N: 3,280 Source: IT Policy Compliance Group, 2009
6
sustainable operations
Ongoing use and management of the IT infrastructure: • Business Added Value • Quality • Change • Capacity • Cost • Control high IT service value of IT capabilities to the business Implementation of the IT improvement strategy: • Quality • Domain • Effort • Output & effect • Feedback IT service low low high control over IT capabilities Copyright © 2010 CA - Robert E Stroud – - BLOG:
7
risk posture Impact Likelihood H Mitigating controls M L
L M H Likelihood Copyright © 2010 CA - Robert E Stroud – - BLOG:
8
operational compliance
COBIT Corporate Governance of IT ISO 38500 Governance Framework Certifiable Defensible position with audit community (internal & external) Predictable Risk Model Operational Excellence Corporate Governance of IT ISO 27000 Enterprise Development Portfolio Mgmt. Service & Support TOGAF Dev.Meth ITIL Development Mythology ITIL Service Management ISO 20000 Compliance February Quelling the Perfect Storm within IT Copyright © 2009 CA
9
IT governance “IT governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of the leadership and organisational structures and processes that ensure that the organisation’s IT sustains and extends the organisation’s strategies and objectives.” Source: Board Briefing on IT Governance, 2nd Edition. © 2003 ITGI. All rights reserved. Copyright © 2010 CA - Robert E Stroud – - BLOG:
10
governance solves Meets the increasing risks (security, compliance, projects etc.) Ensures continuity of critical business processes depend on information and systems Integrates organizational objectives with the growing dependence on service providers, third parties and cloud computing IT is enabling organizations to rapidly innovate andtransform business practices to create new opportunities and reduced cost Ensures continuity of IT knowledge which is essential to sustain and grow the business. Copyright © 2010 CA - Robert E Stroud – - BLOG:
11
enterprise governance of IT domains
Strategic Alignment Value Delivery Resource Management Risk Management Performance Measurement Strategic alignment, focuses on ensuring the linkage of business and IT plan; on defining, maintaining and validating the IT value proposition; on aligning IT operations with the enterprise operations; and establishing collaborative solutions to add value and competitive positioning to the enterprise’s products and services. Contain costs while improving administrative efficiency and managerial effectiveness Value delivery is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimising expenses and proving the value of IT, and on controlling projects and operational processes with practices that increase the probability of success (quality, risk, time, budget, cost, etc) Risk management requires risk awareness of senior corporate officers, a clear under- standing of the enterprise’s appetite for risk and transparency about the significant risks to the enterprise; it embeds risk management responsibilities in the operation of the enterprise and specifically addresses the safeguarding of IT assets, disaster recovery and continuity of operations Resource management covers the optimal investment, use and allocation of IT resources and capabilities (people, applications, technology, facilities, data) in servicing the needs of the enterprise, maximising the efficiency of these assets and optimising their costs, and specifically focusses on optimising knowledge and the IT infrastructure and on where and how to outsource Performance measurement, tracking project delivery and monitoring IT services, using balanced scorecards that translate strategy into action to achieve goals measur-able beyond conventional accounting, measuring those relationships and knowledge-based assets necessary to compete in the information age: customer focus, process efficiency and the ability to learn and grow. Source: COBIT 4.1. © ITGI. All rights reserved. Copyright © 2010 CA - Robert E Stroud – - BLOG:
12
COBIT™ - the roadmap Globally accepted set of tools and good practices that ensures IT is working effectively Provides common language to communicate goals, objectives, expected results Based on industry standards and good practices in: Strategic alignment of IT with business goals Value delivery of services and new projects Risk management Resource management Performance measurement The COBIT mission is to research, continuously update, publicize and promote an authoritative, internationally accepted IT governance control framework for adoption by enterprises and day-to-day use by business managers, IT professionals and assurance professionals. Now in its 4.1 release, the framework has been used successfully by IT organizations and business executives in many industries and of many sizes. Copyright © 2010 CA - Robert E Stroud – - BLOG:
13
COBIT Framework Governance Drivers Business Goals PLAN AND ORGANISE
PO1 Define a strategic IT plan PO2 Define the information architecture PO3 Determine the technological direction PO4 Define the IT processes, organisation and relationships PO5 Manage the IT investment PO6 Communicate management aims & direction PO7 Manage IT human resources PO8 Manage quality PO9 Assess and manage risks PO10 Manage projects Information Criteria Effectiveness Efficiency Confidentiality Integrity Availability Compliance Reliability ME1 Monitor & evaluate IT performance ME2 Monitor & evaluate internal control ME3 Ensure regulatory compliance ME4 Provide IT governance IT RESOURCES Applications Information Infrastructure People PLAN AND ORGANISE MONITOR AND EVALUATE ACQUIRE AND IMPLEMENT DS1 Define service levels DS2 Manage third-party services DS3 Manage performance and capacity DS4 Ensure continuous service DS5 Ensure systems security DS6 Identify and attribute costs DS7 Educate and train users DS8 Manage service desk and incidents DS9 Manage the configuration DS10 Manage problems DS11 Manage data DS12 Manage the physical environment DS13 Manage operations DELIVER AND SUPPORT AI1 Identify automated solutions AI2 Acquire and maintain application software AI3 Acquire & maintain technology infrastructure AI4 Enable operation and use AI5 Procure IT resources AI6 Manage changes AI7 Install and accredit solutions and changes Source: COBIT 4.1. © ITGI. All rights reserved.
14
who is doing what? RACI Source: COBIT 4.1. © ITGI. All rights reserved. Copyright © 2010 CA - Robert E Stroud – - BLOG:
15
measurement of processes
Source: COBIT 4.1. © ITGI. All rights reserved. Copyright © 2010 CA - Robert E Stroud – - BLOG:
16
maturity model 5 4 3 2 1 as-is Maturity Attributes Overall Process
Awareness and Policies, Responsibility Goal Setting and Process Tools and Skills and Expertise Standards Maturity and Automation Communication Procedures Accountability Measurement 5 4 3 2 1 as-is Copyright © 2010 CA - Robert E Stroud – - BLOG:
17
maturity model 5 4 3 2 1 to-be improvement measures as-is
Maturity Attributes Overall Policies, Responsibility Process Awareness and Tools and Skills and Goal Setting and Maturity Standards and and Communication Automation Expertise Procedures Accountability Measurement 5 4 3 2 1 to-be improvement measures as-is Copyright © 2010 CA - Robert E Stroud – - BLOG:
18
ITIL processes 18 SERVICE DESIGN SERVICE STRATEGY
Service Catalogue Management Service Level Management Capacity Management Availability Management IT Service Continuity Management Information Security Management Supplier Management SERVICE DESIGN Financial Management Return on Investment Service Portfolio Mgmnt Demand Management SERVICE STRATEGY Event Management Incident Management Request Fulfilment Problem Management Access Management SERVICE OPERATION Transition Planning and Support Change Management Service Asset & Configuration Management Release & Deployment Management Service Validation Evaluation Knowledge Management SERVICE TRANSITION 7-Step Improvement Process CONTINUAL SERVICE IMPROVEMENT Copyright © 2010 CA - Robert E Stroud – - BLOG: 18 18
19
relationship between COBIT & ITIL
COBIT is an IT Governance and Control framework and focuses on WHAT should be addressed to ensure good governance of all IT related processes, including service management processes. COBIT provides guidance, framework and tools on achieving desired levels of conformance and performance of IT Processes required to satisfy business needs. ITIL provides best practices describing HOW to plan, design and implement effective service management processes. By leveraging COBIT guidance, an enterprise can ensure that its service management effort is aligned with its overall business, governance and internal control requirements. Copyright © 2010 CA - Robert E Stroud – - BLOG:
20
using frameworks together
Governance COBIT Measurement COBIT Align with roles RACI Responsible, Accountable, consulted and informed IT Operational Processes - ITIL Establish the work Application Development Processes - CMMI Project & Portfolio Management - PMBOK Governance for your ITSM Environment © CA, Inc. All rights reserved.
21
the COBIT user guide for service managers
Explains importance of governance of the focused area Defines the need for good practices Provides an overview of the specific role Explains the relationship between COBIT and the best practices for the role Explains how to use the COBIT and ITIL support the governance of IT enabled business services Provides a roadmap for getting started. Provides a table of key service manager activities based on ITIL V3 x-referenced to COBIT 4.1 and ISO20000 Copyright © 2010 CA - Robert E Stroud – - BLOG:
22
RACI for the service manager – DS1 manage service levels
CobiT® User Guide for Service Managers © 2009 IT Governance Institute. All rights reserved Copyright © 2010 CA - Robert E Stroud – - BLOG:
23
generic role descriptions an aid to areas of responsibility
CobiT® User Guide for Service Managers © 2009 IT Governance Institute. All rights reserved Copyright © 2010 CA - Robert E Stroud – - BLOG:
24
coverage of ITIL to COBIT processes
CobiT® User Guide for Service Managers © 2009 IT Governance Institute. All rights reserved Copyright © 2010 CA - Robert E Stroud – - BLOG:
25
key processes in the lifecycle – example service operation
ITIL V3 Service Operation ITIL V3 COBIT 4.1 Event Management DS3, DS8, DS13 Incident Management DS8 Request Fulfilment Problem Management DS10 Access Management DS5 Operation Management DS13 Copyright © 2010 CA - Robert E Stroud – - BLOG:
26
mapping IT goals to IT process
CobiT® User Guide for Service Managers © 2009 IT Governance Institute. All rights reserved Copyright © 2010 CA - Robert E Stroud – - BLOG:
27
goals and metrics for DS1 – managing service levels
CobiT® User Guide for Service Managers © 2009 IT Governance Institute. All rights reserved Copyright © 2010 CA - Robert E Stroud – - BLOG:
28
control practices (DS1)
CobiT® User Guide for Service Managers © 2009 IT Governance Institute. All rights reserved Copyright © 2010 CA - Robert E Stroud – - BLOG:
29
mapping of COBIT DS1.1 to ITIL
CobiT® User Guide for Service Managers © 2009 IT Governance Institute. All rights reserved Copyright © 2010 CA - Robert E Stroud – - BLOG:
30
achieve governance of IT services
CobiT® User Guide for Service Managers © 2009 IT Governance Institute. All rights reserved Copyright © 2010 CA - Robert E Stroud – - BLOG:
31
linking COBIT, ITIL & governance of IT services
CobiT® User Guide for Service Managers ISBN © 2009 IT Governance Institute. All rights reserved Copyright © 2010 CA - Robert E Stroud – - BLOG:
32
example financial management
4. Financial Management (Service Strategy – 5.1, 5.2) Service Manager Key Activities Based on ITIL v3 ITIL V3 x-ref COBIT 4.1 x-ref ISO 20000 Key Deliverables R A C I FM1. Understand the business and IT culture and attitude towards financial management, and any regulatory or compliance requirements Plan PO1.1 IT value management 7.2 7.3 Service Business Case BPO SM CFO CIO FM2. Identify all internal and external contacts that provide and/or receive IT financial information. Define financial reporting and analysis requirements. PO5.1 Financial management framework Financial management requirements. FM3. Guide the financial reporting outputs to meet the business and IT needs. Analyse PO5.4 Cost management 6.4 Financial Reports FM4. Maintain awareness of the value of the services and of the current costs and use this information when considering the business case for new services. PO5.5 Benefit management DS6.1 Definition of services SPM FM5. Define together with the business and IT, financial measures of success. Measure DS6.2 IT accounting Cost allocations. FM6. Ensure financial information about the service is presented clearly to business and IT management. DS6.3 Cost modelling and charging DS6.4 Cost model maintenance Cost model. Copyright © 2010 CA - Robert E Stroud – - BLOG:
33
example: change management
Create RFC AI6.1Change Standards and Procedures CobiT Control obj AI6.2 Impact Assessment, Prioritisation and Authorisation AI6.4 Change Status Tracking and Reporting AI6.5 Change Closure and Documentation Change Proposal (optional) Record the RFC 10.1.2 Change management ISO Control requested Review RFC ready for evaluation Assess and evaluate Change ready for decision Work orders Authorise Change proposal Authorise Change Update change and configuration information in CMS authorized Plan updates scheduled Work orders Co-ordinate change implementation ITIL v3 activity implemented Evaluation report Review and close change record closed Copyright © 2010 CA - Robert E Stroud – - BLOG: 33
34
detailed mapping (excerpt)
Copyright © 2010 CA - Robert E Stroud – - BLOG:
35
next steps Purchase the COBIT User Guide for Service Managers
Identify your target areas for implementation Implement Communicate the value Move onto the next implementation target ISACA guidance is available at Copyright © 2010 CA - Robert E Stroud – - BLOG:
36
value of governance Reliable services Transparency
Responsiveness of IT to business Management confidence Higher Return on Investment (ROI) Business and IT Integration Benefits IT Governance Copyright © 2010 CA - Robert E Stroud – - BLOG:
37
more information Email: Robert.Stroud@ca.com
Web: Twitter: BLOG: Copyright © 2010 CA - Robert E Stroud – - BLOG:
38
Governance for your ITSM Environment Robert E Stroud
Blog:
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.