Microsoft PowerPoint - Marrying COBIT and ITIL for effective ...
Upcoming SlideShare
Loading in...5
×
 

Microsoft PowerPoint - Marrying COBIT and ITIL for effective ...

on

  • 6,143 views

 

Statistics

Views

Total Views
6,143
Views on SlideShare
6,134
Embed Views
9

Actions

Likes
2
Downloads
578
Comments
0

2 Embeds 9

http://www.slideshare.net 5
http://vototransparente.ec 4

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Microsoft PowerPoint - Marrying COBIT and ITIL for effective ... Microsoft PowerPoint - Marrying COBIT and ITIL for effective ... Presentation Transcript

  • 1
  • Marrying COBIT and ITIL for Effective Governance April 2008 Harpreet Virdee Partner, The Manta Group harpreet.virdee@mantagroup.com 2
  • Marrying COBIT and ITIL for Effective Governance Welcome! Objective: • Provide an appreciation of why and how Governance (COBIT 4.1) initiatives and ITSM (ITIL v2/v3, ISO20000) can make a happy marriage. 3
  • Agenda • Context: How do COBIT 4.1 and ITSM (ITIL v2 and ITIL v3) frameworks align? • Why: Why align Governance and ITSM initiatives? • How: A practical approach in using COBIT and ITIL together. 4
  • Context..How do the frameworks align? Governance: COBIT 4.1, Val IT Service Management: ITIL v2, ITIL v3, ISO20000 5
  • Evolution of Governance Practices IT Function COBIT 4.1 and Val IT Focus: IT as a partner: Enable Value and Compliance Value Governance Controls and Business & IT Processes Value Alignment COBIT 4.0 Focus: Governance Governance Governance Controls & Process Business Risk Oriented Goals COBIT 3.0 Focus: Control Environment Audit – Auditors tool: Controls Controls based Control Framework Risk Management Time 6
  • Val IT Approach: Enterprise Value, Governance of IT Investments Val IT = Investment Strategy & Value Strategic Investment Are we Are we Value Realization • Affordable Cost doing the getting • Accountability • Processes • Acceptable Risk right the • Returns Value • Track Record things? benefits? Enterprise Architecture Are we Are we Delivery Capabilities • Integration doing them getting • Processes • Performance • People • Change the right them done • Technology • Risk way? well? COBIT = Supports Execution 7
  • CobiT 4.1 Overview Planning & Organization Acquire & Implement • Are Business and IT strategy aligned? • Are projects likely to deliver solutions • Is business achieving optimum use of its IT that meet business needs? resources? • Are projects likely to deliver on time • Does everyone in business understand IT and within budget? objectives? • Will the new or revised systems work • Are IT risks understood and being properly when implemented? managed? • Will changes be made without • Are the quality of IT systems and services upsetting current business operations? appropriate for business needs? Delivery & Support Monitor • Are IT services being delivered in line with • Can IT performance be measured? business priorities? • Can problems be detected before it is • Are IT costs optimised? too late? • Is the work force able to use IT systems • Is independent assurance needed to productively? ensure critical areas are operating as • Are adequate performance requirements intended? such as security, integrity and availability in place? 8
  • CobiT 4.1 Overview Plan & Organize Acquire & Implement PO 4 AI 2 AI 3 PO 1 PO 2 AI 1 AI 4 PO 3 Define IT PO 5 Acquire and Acquire and Define Define Identify Enable Determine Processes, Manage IT Maintain Maintain Strategic Information Technological Automated Operation Organisation, Investment Application Technology IT Plan Architecture Solutions & Use Direction Relationships Software Infrastructure PO 9 AI 7 PO 6 PO 7 AI 5 PO 8 PO 10 AI 6 Install and Communicate Manage IT Assess & Procure Manage Manage Manage Accredit Aims and Human Manage IT IT Quality Projects Change Solutions & Direction Resource Risks Resources Changes Monitor & Evaluate Deliver & Support ME 2 DS 1 ME 1 DS 2 DS 3 DS 4 DS 5 DS 6 Monitor & Define and Monitor & Manage Manage Ensure Ensure Identify Evaluate Manage Evaluate IT Third-party Performance Continuous System and Allocate Internal Service Performance Services and Capacity Service Security Costs Control Levels ME 3 DS 7 DS 8 DS 12 ME 4 DS 9 DS 10 DS 11 DS 13 Ensure Educate Manage Manage Provide IT Manage Manage Manage Manage Regulatory and Service Desk Physical Governance Configuration Problems Data Operations Compliance Train Users & Incident Environment 9
  • IT Function Evolution of Service Management Service Practices Management ITIL V3 Focus: IT alignment & integration. Strategic Value Chain Complete lifecycle for solutions Partner Integrate with the business IT Service Service Management ITIL V2 Focus: Optimization Process Centric Partner Production Oriented Optimal Levels of Service at Justifiable Costs Basis for ISO20000 ITIL V1 Focus: Common Approach Technology IT Infrastructure Common Language and Approach Align disparate work practices Provider Management Define a standard approach Continuous Work in Progress (40+ Books) Time 10
  • ITIL V2 Overview IT Service Change Release Availability IT Financial Continuity Management Management Management Management Management Configuration Capacity Management Management ITIL Service Level Processes Security Management Management Incident Problem Application Infrastructure Service Desk Management Management Management Management 11
  • ITIL V3 Overview Service Strategy Service Design Service Transition Service Operations SO1 SD1 ST1 SS1 SD2 ST2 Event Service Transition & Strategy Service Level Change Management Catalogue Planning Generation Management Management Management Support SO2 SD5 ST3 ST4 Incident SS2 SD3 IT Service Service Asset Release & Management Financial Capacity Management Continuity & Configuration Deployment Management Management Management Management SO3 Request ST5 Fulfilment SS3 SD4 SD7 Service ST6 Demand Availability Supplier Validation & Evaluation Management Management Management Testing SO4 Problem Management SS4 SD6 ST7 Service Information Knowledge Portfolio Security SO5 Management Management Management Asset Management Continual Service Improvement CSI1 CSI2 CSI3 7-Step Service Measurement Service Reporting Improvement Process 12
  • COBIT 4.1 Governance: Governance – Big Picture Value, Risk & Compliance 13
  • All ITIL v2 Processes are addressed by CobiT 4.1 AI 7 DS 4 DS 6 AI 6 Install and PO 5 Ensure Identify Manage Accredit Manage IT Continuous and Allocate Change Solutions & Investment Service Costs Changes IT Service DS 9 Change Release Availability IT Financial Continuity Manage Management Management Management Management Configuration Management DS 3 Manage Configuration Capacity Performance Management Management and Capacity ITIL DS 1 DS 5 Define and Service Level Processes Security Management Ensure Manage Management System Service Security Levels Incident Problem Application Infrastructure Service Desk Management Management Management Management DS 8 AI 2 AI 3 Manage DS 10 Acquire and Acquire and Service Desk Manage Maintain Maintain & Incident Problems Application Technology Software Infrastructure 14
  • 75% of ITIL V3 processes map to CobiT 4.1 CobiT ITIL V3 – Service Operations DS 8 SO1 Manage Event Service Desk & Incident Management DS 10 Manage SO2 Problems Incident Management DS 7 Educate and Train Users SO3 Request Fulfilment DS 11 Manage Data SO4 DS 12 Problem Manage Management Physical Environment SO5 DS 13 Asset Manage Management Operations 15
  • ITIL & CobiT Inter-Operability Business – IT – Process Goals/Metrics Governance Processes Process & Metrics Oriented Process Controls Functions, Roles & RACI CobiT ITIL v2 ITIL v3 Process Oriented Service Oriented ITIL Process Metrics broader scope Process Work Flows High-level Work Flows Detail Role Role descriptions Descriptions Toolsets Detailed Procedures, Work Instructions, Templates 16
  • COBIT : Business Goals for IT Financial Perspective Internal Perspective 1. Expand Market Share 11. Compliance with Laws and Regulations 2. Increase Revenue 12. Compliance with Internal Policies 3. Increase Profit 13. Transparency for Better Decisions 4. Increase Return on Investment 14. Automate and Integrate the Enterprise 5. Optimize Asset Utilization value chain 6. Manage Business Risk 15. Optimize Costs 16. Improve and Maintain Business Customer Perspective Processes Functionalities 7. Improve Customer Orientation and 17. Improve and Maintain Workforce Service productivity 8. Offer Competitive Products and Services Learning and Growth Perspective 9. Assure Service Availability 18. Enable Innovations 10. Agility in Responding to Changing 19. Enable Expansion outsider of Core Business Environment Strategy 20. Acquire Talent to Support Innovation and Expansion 17
  • ITIL & CobiT Inter-Operability @ Process Level – Service Level Management SLM Service Level SLAs & Contracts Framework Agreements Reviews (DS1.1) (DS1.3) (DS1.6) Definition Operating Level Monitoring CobiT of Services Agreements and Reporting (DS1.2) (DS1.4) (DS1.5) (Process Controls) ITIL Identify Monitor Review (Process Create SC and SLAs Service Metrics service metrics SLAs, OLAs and UCs Workflow & Activities) 18
  • ITIL & CobiT Inter-Operability @ Metrics Level - Service Level Management % of Services not in the catalogue # of business stakeholders satisfied that service delivery meets agreed levels % of service levels reported % of service levels reported in automated way % of users satisfied that service delivery meets agreed levels. CobiT # of formal SLA annual review meetings with business (Metrics aligned % of service levels review meetings to IT & Business Goals % of services covered by SLAs Are review meetings held on time and correctly minuted? ITIL Process metrics % of SLAs with OLAs & underpinning contracts? Documentary evidence that issues raised at review are followed-up and resolved? # or % of Service targets met and # or % severity breaches? Are SLAs monitored and regular reports produced? Are SLA’s, OLAs and underpinning Contracts current? % that need review or update? Are service levels improving? 19
  • ITIL & CobiT Inter-Operability @ Roles & Responsibility Level Business Executive (CI) Head IT Admin (RCI) Business Process Owner (CI) Head Operations (RC) CFO (I) CIO (ACI) Head Development (RCI) Chief Architect (I) PMO (CI) Service Manager (RA) CobiT (Function, Compliance, Roles & Security, Audit (CI) RACI) ITIL Service Level Detail on Manager Role Descriptions 20
  • Why should we align? Why align Governance and ITSM initiatives? 21
  • Current State versus Desired State Desired State and Current State Benefits • IT has too many `standard • A common language terminologies` • Multiple initiatives with • Program (Governance and common goals are not aligned: ITSM) vision and goals are • Project silos aligned, use common • Inefficient use of resources approach, share knowledge. • Governance initiatives are `compliance` focused versus • Governance is about value & value oriented. compliance. ITSM supports • ITSM initiatives – lack of governance goals. governance and value focus 22
  • Ideal Future State About The Manta Group The Manta Group Service Architecture www.mantagroup.com pg.00 23
  • Why align Governance and Service Management? • We don’t know if our IT enabled investments are delivering value? • Perception 40% of all IT spending bought no return to the organization 2004 IBM research - 1000 CIOs (Gartner 2006 & ITGI research on 1600 projects). Service Management is a critical component of overall Governance Bridges the gap between business & IT goals (COBIT) and fulfilling these goals via effective service management (ITIL). The goals are the same: Business Alignment, Value, and Compliance. The frameworks are complementary. (ITIL – more process details, COBIT: Measurement, Goals and Controls). Why have separate efforts?.... 24
  • How can we use them together? A practical approach in using COBIT and ITIL together 25
  • RAPID Approach 26
  • 1. Need to have a common Governance Vision and Scope. Example: Governance Visioning Workshop 27
  • The Manta Group CobiT Governance Visioning Approach Adopt and Adapt CobiT Governance Framework for Customer Environments Demand Drivers Consequence Drivers Mitigation Drivers Analysis Analysis Analysis What Business needs, What will/can go wrong in What level of mitigation imperatives, priorities, goals the absence of a maturity is required to and strategies are dependent standardized IT governance establish a standardized IT on the IT governance framework? governance framework? framework? “Who Cares?” “So What?” “Now What?” Value Risk Control 1. Employ high insight to effort ratio. 2. Produce comprehensive & detailed assessment. 3. Results in meaningful priorities for Customer IT Governance Framework. 28
  • PO: Domain Summary example: Maturity versus Consequence Plan and Organize Maturity (Now What) 0 PO1 - IT Strategy 0.5 PO5 PO2 - Information Architecture 1 PO4 PO3 -Technology Direction 1.5 PO7 PO6 PO3 PO8 PO2 PO4 - Process & Organization 2 PO1 PO9 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 PO5 - Manage Investment 2.5 PO10 Consequences (So What) 3 PO6 - Communication Strategy 3.5 PO7 - Manage HR 4 PO8 - Manage Quality 4.5 PO9 - Manage Risk 5 PO10 - Manage Projects 7 29
  • PO 10 PO4 Define the IT Processes, Organization & Relationships PO4.1 IT Process Framework -1 Maturity of Controls PO4.2 IT Strategy Committee Monitor Under Controlled PO4.3 IT Steering Committee 0 PO4.4 Organizational Placement of the IT Function PO4.5 IT Organizational 1 4..2 Structure PO4.6 Roles and Responsibilities 4.1 4..7 PO4.7 Responsibility for IT 2 4..3 4..8 4.15 Quality Assurance -1 0 1 2 3 4 5 6 7 8 9 10 11 PO4.8 Responsibility for Risk, Security and Compliance Severity of Concern 4.4 3 4..13 4.5 4..6 PO4.9 Data and System 4.9 Ownership 4.12 PO4.10 Supervision 4.10 4 4.14 4.11 PO4.11 Segregation of Duties Over Controlled PO4.12 IT Staffing Monitor Closely 5 PO4.13 Key IT Personnel PO4.14 Contracted Staff Policies and Procedures 6 30
  • Example: Deliver & Support Gap Assessment DS 1 DS 2 DS 3 DS 4 DS 5 DS 6 Define and Manage Manage Manage Ensure Ensure Identify Third-party PerformanceContinuous System and Allocate High Risk Service Levels Services and Capacity Service Security Costs and DS 7 DS 8 DS 12 Educate Manage DS 9 Manage DS 10 Manage DS 11 Manage Manage DS 13 Manage Low and Service Desk Physical Configuration Problems Data Operations Train Users & Incident Environment Maturity DS 1 DS 2 DS 3 DS 4 DS 5 DS 6 Gap Areas of Focus: Define and Manage Manage Manage Ensure Ensure Identify Third-party PerformanceContinuous System and Allocate DS4 – Ensure Continuous Services Service DS5 – Ensure System Security Levels Services and Capacity Service Security Costs High DS 7 DS 8 DS 12 DS7 – Enable & Train Users Educate and Manage Service Desk DS 9 Manage DS 10 Manage DS 11 Manage Manage Physical DS 13 Manage Business Configuration Problems Data Operations DS10 – Manage Problems Train Users & Incident Environment Demand DS 1 DS 2 DS 3 DS 4 DS 5 DS 6 Define and Manage Manage Manage Ensure Ensure Identify Third-party PerformanceContinuous System and Allocate Gap in Service Levels Services and Capacity Service Security Costs Responsibility DS 7 DS 8 DS 12 Educate Manage DS 9 Manage DS 10 Manage DS 11 Manage Manage DS 13 Manage and and Service Desk Physical Configuration Problems Data Operations Train Users & Incident Environment Accountability DS 1 DS 2 DS 3 DS 4 DS 5 DS 6 Define and Manage Manage Ensure Ensure Identify Manage Third-party PerformanceContinuous System and Allocate Service Levels Services and Capacity Service Security Costs High DS 7 DS 8 DS 12 Educate and Manage Service Desk DS 9 Manage DS 10 Manage DS 11 Manage Manage Physical DS 13 Manage Relevance Configuration Problems Data Operations Train Users & Incident Environment 31
  • Step 2: Need to have a plan on what you will implement and how. Manage this as a Portfolio of Projects 32
  • Governance Planning Scope Deliverables: • Use COBIT to prioritize • Portfolio of prioritized what governance areas to governance projects focus on strategically. • Decide from scope which • Implementation plan are also under the ITIL framework. • Prioritize focus areas • Look to create portfolio of projects to cover each focus area – and look to adopt additional frameworks for further detail. • Embody – people, process and automation as factors. 33
  • Step 3: Implementation & Review Use COBIT and ITIL content together for process implementation 34
  • How to use COBIT & ITIL together Metrics Process Roles • Use COBIT for • Use ITIL to define • Use COBIT for performance process activities Functional Role dashboard and workflow and RACI role strategy mapping • Use COBIT to • Use COBIT to validate process • Use ITIL to align business to controls are in provide a role IT to process place description goals and metrics • Validate process metrics with ITIL process KPIs 35
  • Conclusion Top 10 Reasons 1. IT becomes the growth engine of the organization 2. Levels the playing field for IT to have a voice in the executive table 3. Moves IT from cost-centre mentality to value-centre mentality 4. Brings risk into the forefront enabling IT to convey concerns constructively 5. Enables for regulatory compliance 6. Provides business oriented measures to monitor IT performance 7. Promotes IT and Business joint responsibility and accountability 8. Aligns IT goals with business goals 9. Links IT processes to business process 10. Clarifies IT activities, output and contributions 36
  • Thank You Question & Answer April 2008 Harpreet Virdee Partner, The Manta Group harpreet.virdee@mantagroup.com 37