Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Problem Solutions: Standards & Frameworks

Published byBruce McGee Modified over 9 years ago

Similar presentations

Presentation on theme: "The Problem Solutions: Standards & Frameworks"— Presentation transcript:

1 The Problem Solutions: Standards & Frameworks
LECTURE 1 The Problem Solutions: Standards & Frameworks

2 !!! The Problem … ? PROJECT & REALIZE … … & then MANAGE !
Longer time (20+ years vs. 9 months) More & more complex relations (school/companions/b-g.friend/… vs. gynecologist) More expensive (… ask your father …) More risks (car/drugs/alcohol/depression/unemployment/… vs. abortion) Less & weaker “instructions” !!!

3 Ever-Increasing Complexity

4 CMM (Capability Maturity Model): Maturity Levels
5. Optimizing. Continuous process improvement. 4. Managed. Detailed measures of the software process and product quality are collected. 3. Defined. Management and engineering activities are documented, standardized, institutionalized. 2. Repeatable. Basic project management tracks cost, schedule, and functionality. Successes can be repeated for similar projects. 1. Initial. Ad hoc. Success depends on individual effort and heroics.

5 Trying to Run Before Walking
Key Issue: What pitfalls should be avoided when implementing ITIL? Strategic Planning Assumption: Through 2012, 30 percent of large enterprises will achieve end-to-end IT service management, up from fewer than 15 percent today (0.8 probability). Reactive Proactive Analyze trends Set thresholds Predict problems Measure appli-cation availability Automate Mature problem, configuration, change, asset and performance mgt processes Fight fires Inventory Desktop SW distribution Initiate problem mgt process Alert and event mgt Measure component availability (up/down) IT as a service provider Define services, classes, pricing Understand costs Guarantee SLAs Measure & report service availability Integrate processes Capacity mgt Service Value IT as strategic business partner IT and business metric linkage IT/business collaboration improves business process Real-time infrastructure Business planning Level 2 Level 3 Level 4 Chaotic Ad hoc Undocumented Unpredictable Multiple help desks Minimal IT operations User call notification Level 1 Tool Leverage Manage IT as a Business Service Delivery Process Engineering Operational Process Engineering Service and Account Management Level 5 The IT Management Process Maturity Model shows how, over time, IT organizations evolve toward increasing levels of management process maturity. Gartner first presented the model in 1999 to aid IT organizations in plotting a course toward service management and value creation. By understanding where it is positioned in the IT Management Process Maturity Model, an IT organization will be more capable of charting its path to higher levels of maturity, including investing in people, process re-engineering and tools. It is important to note that each maturity level provides the foundation for the higher levels. People, processes and tools must be in place at one level before the organization can proceed to the next. You can't skip steps, although you can focus your efforts on improving the process maturity for a specific IT service or business application, rather than trying to do it for every aspect of the IT infrastructure. Even as IT organizations move up, there will always be additional work, continuous engineering and improvements under way at each level. Action Item: Understand your position in the IT Management Process Maturity Model and set a goal of the level you need to reach to best support the business. Use the model to help plot a strategy for sequential improvement by investing in IT operations management tools, people and processes to achieve higher maturity levels.

6 Approaches Currently In Use
Business As Usual - “Firefighting” Legislation - “Forced” Best Practice Focused

7 Confusing the 'Means' With the 'End'
Tactical Guideline: Leaders must ensure they never lose focus on the underlying goals and objectives for their ITIL initiative. This Is Not the Goal! ITIL Six Sigma CMM-I Malcolm Baldrige "Certification" Etc. Certification Does Not Guarantee Good Outcomes! Beware of Process for Its Own Sake! Process Improvement Is About Better Outcomes and Experiences for Customers Key Issue: What pitfalls should be avoided when implementing ITIL? The notion of business process improvement is at the peak of its Hype Cycle, and IT is not immune. Many standards, such as ITIL, CobiT and CMM-I, exist for IT, yet their differences, their benefits, and the overall rationale and impact of a process program for IT are poorly understood. Never lose focus that implementing ITIL is a means to an end. Don't stress the importance of achieving a particular level of maturity, or earning an external certification more than the underlying reasons that ITIL is being utilized. Process improvement can take on a life of its own and staff members can become resistant if they perceive ITIL is simply adding more bureaucracy to their daily jobs. Focus, instead, on the benefits the users or customers of IT will receive such as lower costs, higher quality and consistency, or the ability to respond more quickly to changing requirements.

8 Best Practices Quality & Control Models ISO 900x COBIT TQM EFQM
Six Sigma COSO Deming etc.. Process Frameworks IT Infrastructure Library Application Service Library Gartner CSD IBM Processes EDS Digital Workflow Microsoft MOF Telecom Ops Map etc.. •What is not defined cannot be controlled •What is not controlled cannot be measured •What is not measured cannot be improved Define -- Improve Measure -- Control And Stabilize

9 Look at the Regulatory Storm We All Face
Missing: PCI FERPA Security breech reporting (CA SB 1386) CA SB 25 re SSN use Graham Leach Bliley DMCA CAN-SPAN Fed Privacy Act 1974 – RMP-8 Electronic Gov Act of 2002 OMP Circular A-130 NIST security standards – FIPS 200, A Cyber Security R&D Act

10 Relationship of Control Regimes
Strategy Finance Applications Operations COCO COSO COBIT ITIL University control regimes are derived from frameworks originally developed for businesses and need tweaking to fit comfortably.

11 US Securities & Exchange Commission
IT Governance Model CobIT Sarbanes- Oxley US Securities & Exchange Commission Audit Models COSO Service Mgmt. App. Dev. (SDLC) Project Mgmt. IT Planning IT Security Quality System Quality Systems & Mgmt. Frameworks ISO CMMi CMMi Six Sigma ITIL BS 15000 ISO 20000 ITIL BS 15000 ISO 20000 ASL ISO 17799 PMI TSO IS Strategy IT OPERATIONS

12 Committee of Sponsoring Organizations (COSO) – The Components
Monitoring Assess control system performance over time Ongoing and separate evaluations Management and supervisory activities Control Activities Policies that ensure management directives are carried out Approval and authorizations, verifications, evaluations, safeguarding assets security and segregation of duties Information and Communication Relevant information identified, captured and communicated timely Access to internal and externally generated information Information flow allows for management action Risk Assessment Identify and analyze relevant risks to achieving the entity’s objectives Control Environment Sets “tone at the top” Foundation for all other components of control Integrity, ethical values, competence, authority, responsibility

13 COSO Enterprise Risk Management (ERM) Model

14 The COSO ERM Framework Entity objectives can be viewed in the context of four categories Strategic Operations Reporting Compliance ERM considers activities at all levels of the organization Enterprise-level Division or subsidiary Business unit processes Source: COSO Enterprise Risk Management Framework; Draft Version, July 2003 14

15 CobIT: Control Objectives for IT
CobIT is an open standard control framework for IT Governance with a focus on IT Standards and Audit Based on over 40 International standards and is supported by a network of 150 IT Governance Chapters operating in over 100 countries CobIT describes standards, controls and maturity guidelines for four domains, and 34 control processes

16 The CobiT Cube 4 Domains 34 Processes 318 Control Objectives
(Business Requirements) 4 Domains 34 Processes 318 Control Objectives

17 CobiT Domains Plan & Acquire & Implement Organize Monitor
(AI Process Domain) Plan & Organize (PO Process Domain) Monitor (M Process Domain) Deliver & Support (DS Process Domain)

18 CobiT Processes by Domain
Monitoring Planning & Organization Delivery & Support Acquisition & Implementation

19 The 34 Defined CobiT Processes
1 3 2 4

20 The 7 CobiT Principles

21 Positioning the Frameworks
Key Issue: What is ITIL and how can it serve as a guide to transforming operations? Level of Abstraction High Low IT Relevance Holistic Specific TCO ITIL CMMI CobiT Six Sigma ISO 9000 National Awards (e.g., Baldrige) People CMM Scorecards ISO 20000 CMM = capability maturity model CobiT = Control Objectives for Information and Related Technology ITIL = IT Infrastructure Library TCO = total cost of ownership IS = IT service mgt standard ISO 9000 = quality mgt standard Point solutions are useful, but a broader, holistic approach to process and quality improvement is POWERFUL. ITIL is one of many frameworks designed to help facilitate improvement. It is useful to understand how ITIL compares to other popular frameworks. To select a set of process improvement models, you must honestly assess the organizational scope of the improvement initiative — for example, whether it covers the IT organization or the entire company — and the ultimate goal: operational process improvement or business transformation. This awareness, combined with a solid understanding of the various process improvement models (that is, their purposes, strengths, weaknesses, philosophical orientations and shared attributes), will make it easier to select and integrate appropriate models to achieve the desired results. The models in the upper left of the figure are extremely relevant to the IT organization and can be powerful tools for improving performance, but the tools themselves will have little meaning to anyone outside the IT organization. The models in the lower right of the figure have achieved high degrees of credibility with business people, so the IT organization that can employ them successfully will earn credibility. Deciding which approach to take will depend on a variety of cultural factors, including enterprise predilection for following the "proven path" or charting an independent course; power, influence and role of the champion; governance maturity; and organizational vision. No "best practice bundle" of approaches will work for every company or IT organization.

22 Process Framework - ITIL
Strategic Planning Assumption: Through 2010, most organizations will implement as little as 20 percent of the total ITIL framework (0.7 probability). ITIL is a best-practice process framework. Service delivery Service support Others (application management, security management) Initiated by the U.K.'s government Central Computing and Telecommunication Agency (CCTA). CCTA is merged into the Office of Government Commerce. Shows the goals, general activities, inputs and outputs of the various processes. Does not "cast in stone" every action you should do on a day-to-day basis. ITIL Refresh or "Version 3" is in delivered. Key Issue: What is ITIL and how can it serve as a guide to transforming operations? Although the ITIL has some information relevant to security, application management and so on, the vast majority of organizations focus their attention on the service delivery and service support processes listed on the following slide. ITIL is intentionally a high-level framework, describing "what" should be done, but not providing prescriptive guidance on "how" to do it. There is currently a new version of ITIL being developed. One of the purposes of the refresh is to offer more prescriptive guidance. The new version is planned to roll out in 2007 and will impact the current certification process for individuals. Action Item: ITIL is a process framework. Successful implementation of ITIL requires that organizations identify and expand process areas as appropriate (for example, adding process views for asset management, systems and network monitoring).

23 Hype Surrounding ITIL ITIL makes the business love the IT group!
Tactical Guideline: In 2006, ITIL has progressed well beyond the Peak of Inflated Expectations on the IT Operations Hype Cycle, but user organizations should still be wary of the significant hype resulting in confusion and unrealistic expectations. ITIL makes the business love the IT group! ITIL is easy! Buy our tool and have ITIL! Everybody is doing it … What's next … ITIL cures cancer! ITIL solves world hunger! Technology Trigger Peak of Inflated Expectations Trough of Disillusionment Slope of Enlightenment Plateau of Productivity time visibility ITIL 2005 ITIL 2012 ITIL 2006 ITIL 2008 ITIL 2010 IT Operations Management Hype Cycle There has been a great deal of hype surrounding the Information Technology Infrastructure Library (ITIL). Much of this is being generated by vendors jumping on the ITIL bandwagon in an attempt to generate additional revenue. The fact that more and more organizations are leveraging ITIL, oftentimes with budget funds being specifically allocated to acquire improved tools, is reinforcing the vendors' heavy marketing of their systems management tools as enablers of ITIL. Coverage in the technology press has also fueled interest level in ITIL, albeit typically with oversimplified examples that give a false sense of how easy it is to reap the benefits of ITIL. Gartner's IT Operations Management Hype Cycle tracks the annual progress of various technologies and processes in terms of client expectations. In mid-2005, ITIL was judged to be just past the Peak of Inflated Expectations, and by the latest publication in July 2006 had progressed significantly toward the Trough of Disillusionment. Based on the continued increase in interest by organizations in leveraging ITIL, we are projecting that ITIL will start to come out of the trough in 2008, be in the Slope of Enlightenment in 2010 and be approaching the Plateau of Productivity in 2012.

24 Polling Results – ITIL Adoption
Source: Audience polling survey at 2006 Gartner Data Center conference in November 2006 (n=171)

25 ITIL: The Good and the Bad
Service Delivery: Service-level management Financial management Capacity management IT service continuity Availability management Service Support: Incident management Problem management Change management Configuration management Release management Service Desk Core Benefits: Standard process language Emphasis on process vs. technology Process integration Standardization enables cost and quality improvements Focus on customer Limitations: Not a process improvement methodology Specifies "what" but not "how" Doesn't cover all processes Doesn't cover organization issues Hype driving unrealistic expectations Key Issue: What is ITIL and how can it serve as a guide to transforming operations? The ITIL framework does not cover the full service management spectrum, nor does it cover the processes at the procedural level. In fact, most IT organizations will have slightly different interpretations of ITIL and comfort levels to which they will vary from adhering to strict ITIL terminology. Therefore, groups seeking to maximize their investments in ITIL will use those elements they deem appropriate (for example, change management), bolstered by other processes (for example, configuration management) with additional processes and integration points (for example, production acceptance/control) to effectively build a more complete and relevant work structure. Indeed, it is not uncommon for organizations to leverage as little as 20 percent of the strict ITIL framework, adding processes/tasks and significant process variations to define the remaining 80 percent of the work structure. Action Item: IT operations groups must recognize those elements of the ITIL framework that can be leveraged and not be afraid to embellish the framework with tasks and processes that help to create a more complete work structure.

26 Polling Results – Primary Driver for ITIL
Source: Audience polling survey at 2006 Gartner Data Center conference in November 2006 (n=180)

27 Biggest Hurdle Implementing ITIL
Polling Results Biggest Hurdle Implementing ITIL Source: Audience polling survey at 2006 Gartner Data Center conference in November 2006 (n=164)

28 Assuming Tools Will Solve Your Problems
Strategic Planning Assumption: Through 2010, at least 50 percent of organizations' primary focus for ITIL implementation projects will be tools acquisition (0.8 probability). "Man is a tool-using animal. Nowhere do you find him without tools; without tools he is nothing, with tools he is all." (Thomas Carlyle) Be wary of vendor hype Focus on process first Tools can be enablers or inhibitors Assess capabilities of your current tools Review new tools where they would pay significant dividends Buy what you need, as you need it Key Issue: What pitfalls should be avoided when implementing ITIL? One of the major contributors to hype surrounding ITIL is the marketing strategies of systems management tools vendors. While the lack of effective tools can certainly be an inhibitor to the full exploitation of IT service management principles, tools should not be the primary focus. Tools that support the integration of ITIL processes are beneficial, but most IT operations organizations are not fully utilizing the systems management tools they already have licensed. The implementation of new tools involves not only money on tools licenses, but a significant amount of time to plan and implement the new tools. It is unlikely that a single vendor offers a suite of tools that completely satisfies the requirements of an IT operations organization; therefore, additional time and effort will be spent on integrating tools from different vendors. Action Item: Start by reviewing the capabilities of your current tools and only invest in new tools that will significantly improve your ability to achieve your overall IT service management goals.

29 Thank You The next lectures
Strategic Planning Assumption: Through 2010, at least 50 percent of organizations' primary focus for ITIL implementation projects will be tools acquisition (0.8 probability). Lect. # 2 (March 29th) – ITIL insight / part 1 Lect. # 3 (April 5th) – ITIL insight / part 2 Lect. # 4 (April 12th) – ITIL in action, an example Lect. # 5 (April 19th) – complying to ITIL principles, a Primary IT Market Leader evidence Thank You

Download ppt "The Problem Solutions: Standards & Frameworks"

Similar presentations

STORAGE MANAGEMENT/ GETTING STARTED: Storage Management 101 Everything you always wanted to know about Storage Management (but were afraid to ask) Stephen.

STORAGE MANAGEMENT/ GETTING STARTED: Storage Management 101 Everything you always wanted to know about Storage Management (but were afraid to ask) Stephen.
Client Issues Client Issues

Client Issues Client Issues
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Control and Accounting Information Systems

Control and Accounting Information Systems
| www.sungardhe.com The IIT Transformation SunGard & NWTC 5 Year Anniversary The IIT Transformation Jim Blumreich - Sandy Ryczkowski Daniel Mincheff -

| The IIT Transformation SunGard & NWTC 5 Year Anniversary The IIT Transformation Jim Blumreich - Sandy Ryczkowski Daniel Mincheff -
CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.

CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Security Controls – What Works

Security Controls – What Works
Demystifying ITIL Greg Charles, Ph.D. Area Principal Consultant, CA

Demystifying ITIL Greg Charles, Ph.D. Area Principal Consultant, CA
Improving IT Governance Through Formal Change Management

Improving IT Governance Through Formal Change Management
Managing Information Technology Service Delivery

Managing Information Technology Service Delivery
IT Governance – Leveraging ITIL® v2/v3 for Governance Success

IT Governance – Leveraging ITIL® v2/v3 for Governance Success
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.
Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.

Information Security Governance and Risk Chapter 2 Part 1 Pages 21 to 69.
An Overview of IT Governance

An Overview of IT Governance
High-Level Assessment Month Year

High-Level Assessment Month Year

Similar presentations

Ads by Google