Presentation is loading. Please wait.

Presentation is loading. Please wait.

LECTURE 1  The Problem  Solutions: Standards & Frameworks.

Published byCharla Malone Modified over 9 years ago

Similar presentations

Presentation on theme: "LECTURE 1  The Problem  Solutions: Standards & Frameworks."— Presentation transcript:

1 LECTURE 1  The Problem  Solutions: Standards & Frameworks

2 The Problem … ? PROJECT & PRODUCE … … & then MANAGE ! Longer time (20+ years vs. 9 months) More & more complex relations (school/companions/b-g.friend/… vs. gynecologist) More expensive (… ask your father …) More risks (car/drugs/alcohol/depression/unemployment/… vs. abortion) … Less & weaker “instructions” !!!

3 Managing an ICT Factory … how much experience gained? The Heroic Years Becoming an Industry

4 ICT: exact science or still artistic handicraft ICT: exact science or still artistic handicraft? … in theory …… actually … An example: Capacity Planning … Trans. Rate DB W/R Ratio # Users RAM CPU Bandwidth Transactions? What kind? From where? When? How many? … Users? What channel through? What trend? What service? … DB access? How many records? How much big? What update frequency? … NOW … and tomorrow? … and next year? …

5 Ever-Increasing Complexity … … under a more and more easy skin, at everyone’s fingertips!

6 CMM (Capability Maturity Model): Maturity Levels 5. Optimizing. Continuous process improvement. 4. Managed. Detailed measures of the software process and product quality are collected. 3. Defined. Management and engineering activities are documented, standardized, institutionalized. 2. Repeatable. Basic project management tracks cost, schedule, and functionality. Successes can be repeated for similar projects. 1. Initial. Ad hoc. Success depends on individual effort and heroics.

7 The ICT Management Process Maturity Model (Gartner, 1999) … or “Trying to Run Before Walking” Reactive Proactive Analyze trends Set thresholds Predict problems Measure appli- cation availability Automate Mature problem, configuration, change, asset and performance mgt processes Fight fires Inventory Desktop SW distribution Initiate problem mgt process Alert and event mgt Measure component availability (up/down) IT as a service provider Define services, classes, pricing Understand costs Guarantee SLAs Measure & report service availability Integrate processes Capacity mgt Service Value IT as strategic business partner IT and business metric linkage IT/business collaboration improves business process Real-time infrastructure Business planning Level 2 Level 3 Level 4 Chaotic Ad hoc Undocumented Unpredictable Multiple help desks Minimal IT operations User call notification Level 1 Tool Leverage Manage IT as a Business Service Delivery Process Engineering Operational Process Engineering Service and Account Management Level 5

8 Approaches Currently In Use  Business As Usual - “Firefighting”  Legislation - “Forced”  Best Practice Focused

9 Confusing the 'Means' With the 'End' This Is Not the Goal! ITIL Six Sigma CMM-I Malcolm Baldrige "Certification" Etc. Certification Does Not Guarantee Good Outcomes! Beware of Process for Its Own Sake! Process Improvement Is About Better Outcomes and Experiences for Customers

10 Best Practices What is not defined cannot be controlledWhat is not defined cannot be controlled What is not controlled cannot be measuredWhat is not controlled cannot be measured What is not measured cannot be improvedWhat is not measured cannot be improved  Define -- Improve  Measure-- Control And Stabilize Quality & Control Models ISO 900x COBIT TQM EFQM Six Sigma COSO Deming etc.. Process Frameworks IT Infrastructure Library Application Service Library Gartner CSD IBM Processes EDS Digital Workflow Microsoft MOF Telecom Ops Map etc..

11 CobIT IT OPERATIONS Audit Models Quality Systems & Mgmt. Frameworks Service Mgmt. App. Dev. (SDLC) Project Mgmt. IT Planning IT Security Quality System IT Governance Model IT Governance Model COSO ISO 17799 PMI ISO Six Sigma TSO IS Strategy ASL CMMi Sarbanes- Oxley US Securities & Exchange Commission ITIL BS 15000 ISO 20000 CMMi ITIL BS 15000 ISO 20000

12 Look at the Regulatory Storm We All Face Missing: PCI FERPA Security breech reporting (CA SB 1386) CA SB 25 re SSN use Graham Leach Bliley DMCA CAN-SPAN Fed Privacy Act 1974 – RMP-8 Electronic Gov Act of 2002 OMP Circular A-130 NIST security standards – FIPS 200, 800-53A Cyber Security R&D Act

13 Relationship of Control Regimes OperationsApplicationsFinanceStrategy COCO COSO COBIT ITIL University control regimes are derived from frameworks originally developed for businesses and need tweaking to fit comfortably.

14 Committee of Sponsoring Organizations (COSO) – The Components Monitoring Assess control system performance over time Ongoing and separate evaluations Management and supervisory activities Control Activities Policies that ensure management directives are carried out Approval and authorizations, verifications, evaluations, safeguarding assets security and segregation of duties Control Environment Sets “tone at the top” Foundation for all other components of control Integrity, ethical values, competence, authority, responsibility Information and Communication Relevant information identified, captured and communicated timely Access to internal and externally generated information Information flow allows for management action Risk Assessment Identify and analyze relevant risks to achieving the entity’s objectives

15 COSO Enterprise Risk Management (ERM) Model

16 The COSO ERM Framework  Entity objectives can be viewed in the context of four categories  Strategic  Operations  Reporting  Compliance  ERM considers activities at all levels of the organization  Enterprise-level  Division or subsidiary  Business unit processes Source: COSO Enterprise Risk Management Framework; Draft Version, July 2003

17 CobIT: Control Objectives for IT  CobIT is an open standard control framework for IT Governance with a focus on IT Standards and Audit  Based on over 40 International standards and is supported by a network of 150 IT Governance Chapters operating in over 100 countries  CobIT describes standards, controls and maturity guidelines for four domains, and 34 control processes

18 The CobiT Cube 4 Domains 34 Processes 318 Control Objectives (Business Requirements)

19 Deliver & Support (DS Process Domain) Deliver & Support (DS Process Domain) Monitor (M Process Domain) Monitor (M Process Domain) Acquire & Implement (AI Process Domain) Acquire & Implement (AI Process Domain) Plan & Organize (PO Process Domain) Plan & Organize (PO Process Domain) CobiT Domains

20 CobiT Processes by Domain Delivery & Support Monitoring Planning & Organization Acquisition & Implementation

21 The 34 Defined CobiT Processes 1 2 3 4

22 The 7 CobiT Principles

23 Positioning the Frameworks Level of Abstraction HighLow IT Relevance Holistic Specific TCO ITIL CMMI CobiT Six Sigma ISO 9000 National Awards (e.g., Baldrige) People CMM Scorecards ISO 20000 CMM =capability maturity model CobiT =Control Objectives for Information and Related Technology ITIL =IT Infrastructure Library TCO =total cost of ownership IS0 20000 = IT service mgt standard ISO 9000 =quality mgt standard Point solutions are useful, but a broader, holistic approach to process and quality improvement is POWERFUL.

24 Process Framework - ITIL  ITIL is a best-practice process framework.  Service delivery  Service support  Others (application management, security management)  Initiated by the U.K.'s government Central Computing and Telecommunication Agency (CCTA). CCTA is merged into the Office of Government Commerce.  Shows the goals, general activities, inputs and outputs of the various processes.  Does not "cast in stone" every action you should do on a day-to-day basis.  ITIL Refresh or "Version 3" is in delivered.

25 Hype Surrounding ITIL  ITIL makes the business love the IT group!  ITIL is easy!  Buy our tool and have ITIL!  Everybody is doing it …  What's next …  ITIL cures cancer!  ITIL solves world hunger! Technology Trigger Peak of Inflated Expectations Trough of Disillusionment Slope of Enlightenment Plateau of Productivity time visibility ITIL 2005 ITIL 2012 ITIL 2006 ITIL 2008 ITIL 2010 IT Operations Management Hype Cycle

26 Source: Audience polling survey at 2006 Gartner Data Center conference in November 2006 (n=171) Polling Results – ITIL Adoption

27 Polling Results – Primary Driver for ITIL Source: Audience polling survey at 2006 Gartner Data Center conference in November 2006 (n=180)

28 Polling Results Biggest Hurdle Implementing ITIL Source: Audience polling survey at 2006 Gartner Data Center conference in November 2006 (n=164)

29 ITIL: The Good and the Bad  Service Delivery:  Service-level management  Financial management  Capacity management  IT service continuity  Availability management  Service Support:  Incident management  Problem management  Change management  Configuration management  Release management  Service Desk Core Benefits: Standard process language Standard process language Emphasis on process vs. technology Emphasis on process vs. technology Process integration Process integration Standardization enables cost and quality improvements Standardization enables cost and quality improvements Focus on customer Focus on customerLimitations:  Not a process improvement methodology  Specifies "what" but not "how"  Doesn't cover all processes  Doesn't cover organization issues  Hype driving unrealistic expectations

30 Assuming Tools Will Solve Your Problems  Be wary of vendor hype  Focus on process first  Tools can be enablers or inhibitors  Assess capabilities of your current tools  Review new tools where they would pay significant dividends  Buy what you need, as you need it "Man is a tool-using animal. Nowhere do you find him without tools; without tools he is nothing, with tools he is all." (Thomas Carlyle)

31 The next lectures  Lect. # 2 – ITIL insight / part 1  Lect. # 3 – ITIL insight / part 2  Lect. # 4 & # 5 – complying to ITIL principles, a Primary IT Market Leader evidence Thank You

Download ppt "LECTURE 1  The Problem  Solutions: Standards & Frameworks."

Similar presentations

STORAGE MANAGEMENT/ GETTING STARTED: Storage Management 101 Everything you always wanted to know about Storage Management (but were afraid to ask) Stephen.

STORAGE MANAGEMENT/ GETTING STARTED: Storage Management 101 Everything you always wanted to know about Storage Management (but were afraid to ask) Stephen.
Client Issues Client Issues

Client Issues Client Issues
Thought Leadership Portals: Drive for Transparency NAW Large Company Technology Networking Conference June 17, 2008 NAW Large Company Technology Networking.

Thought Leadership Portals: Drive for Transparency NAW Large Company Technology Networking Conference June 17, 2008 NAW Large Company Technology Networking.
Chapter 10 Accounting Information Systems and Internal Controls

Chapter 10 Accounting Information Systems and Internal Controls
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
Control and Accounting Information Systems

Control and Accounting Information Systems
| www.sungardhe.com The IIT Transformation SunGard & NWTC 5 Year Anniversary The IIT Transformation Jim Blumreich - Sandy Ryczkowski Daniel Mincheff -

| The IIT Transformation SunGard & NWTC 5 Year Anniversary The IIT Transformation Jim Blumreich - Sandy Ryczkowski Daniel Mincheff -
CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.

CPIS 357 Software Quality & Testing I.Rehab Bahaaddin Ashary Faculty of Computing and Information Technology Information Systems Department Fall 2010.
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
Www.isaca-malta.org Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.

Roger Southgate Past President of ISACA London Chapter Member of the BSI Committees for Service Management and IT Governance Leader.
The Islamic University of Gaza

The Islamic University of Gaza
Security Controls – What Works

Security Controls – What Works
Demystifying ITIL Greg Charles, Ph.D. Area Principal Consultant, CA

Demystifying ITIL Greg Charles, Ph.D. Area Principal Consultant, CA
Improving IT Governance Through Formal Change Management

Improving IT Governance Through Formal Change Management
Managing Information Technology Service Delivery

Managing Information Technology Service Delivery
IT Governance – Leveraging ITIL® v2/v3 for Governance Success

IT Governance – Leveraging ITIL® v2/v3 for Governance Success
By Collin Smith http://techinitiatives.blogspot.com COBIT Introduction By Collin Smith http://techinitiatives.blogspot.com.

By Collin Smith COBIT Introduction By Collin Smith
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
ITIL A Team GALIP Presentation A. Silverman, N. Elovitz, L. Johnson, M. Saxena, W. Zhao.

ITIL A Team GALIP Presentation A. Silverman, N. Elovitz, L. Johnson, M. Saxena, W. Zhao.
Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Internal Control. COSO’s Framework Committee of Sponsoring Organizations 1992 issued a white paper on internal control Since this time, this framework.

Similar presentations

Ads by Google