Establishing a framework for it governance by dave cunningham 2007Presentation Transcript
Establishing a Framework for IT Governance
Perspective of Law Firm Business Leaders
Background on Published Frameworks
Lessons Learned from Law Firm Technology Scorecards
Dave Cunningham, Managing Director Baker Robbins & Company
Basic Questions from Firm Management
What are other firms doing?
Are we prepared for disasters?
Are we spending the right amount of money for what we are getting?
Is my CIO doing a good job?
Should we outsource more?
Why are people complaining about….
Evolving Questions from Firm Management
What are the indicators of good performance?
What are the critical success factors?
What are the risks of not achieving our objectives?
How do we measure and compare to others?
What is the business case for this change?
How much would alternative service models and levels cost?
How can technology affect lawyer productivity? How do we define lawyer productivity?
How can IT use relevant information to deliver business intelligence?
Using a Published Framework
Provides a common language
Training available and consistent
Most frameworks advocate “adopt and adapt” not certification
Frameworks promote short cuts and combining best of other frameworks
Increases ability to benchmark
Software increasingly builds in ITIL processes and measures
Larger outsourcers use ITIL
Too complex for a law firm; too procedural; too much bureaucracy
Hinders creativity and agility
SLAs don’t work in a law firm
Personal experience is more relevant
Law firms deal with exceptions, not rules
Too many standards to choose from
I have good people so don’t need someone telling me processes
“ All models are wrong, but some are useful.”
George Box, co-founder of the Center for Quality and Productivity Improvement
Comparison of IT Frameworks Source: CobiT Mapping, Overview of International IT Guidance, 2nd Edition
Components of IT Governance (CObIT v4.1) Source: Control Objectives for Information and related Technology (CObIT) One of the responsibilities of management is to ensure that the IT department has adequate resources to evaluate and implement new technologies as well as determining when to abandon obsolete technologies. This requires educating IT personnel and keeping their skills current to ensure they have the capabilities to do so. Resource Management To ensure that the previous four objectives can be managed, the organization must have a methodology to evaluate and track progress of the firm's IT governance. This includes the use of tools such as ROI measurement, IT performance benchmarks and balanced scorecards. Performance Measurement The IT function must effectively identify threats and vulnerabilities to the organization's IT infrastructure and then take steps to effectively mitigate the impact of those items. Risk Management IT must be able to respond to strategic objectives of adding value to the organization’s processes while at the same time maintaining fiscal responsibility and adhering to implementation time frames including measuring and achieving the expected return on the IT investment. Value Proposition Information technology must be in alignment with the evolving strategic objectives of the organization. As organizations evaluate their future strategies and new opportunities present themselves, it is critical that the IT function’s ability to address and deliver these opportunities is considered. Strategic Alignment
IT Supporting Strategic Objectives Source: Board Briefing on IT Governance, IT Governance Institute
From: Aligning COBIT®, ITIL® and ISO 17799 for Business Benefit
Components of ITIL Service Management (v3) Source: OGC Focuses on the activities required to operate the services and maintain their functionality as defined in the Service Level Agreements with the customers. Key areas of this volume are Incident Management, Problem Management and Request Fulfillment. Service Operation Focuses on the ability to deliver continual improvement to the quality of the services that the IT organization delivers to the business. Key areas of this volume are Service Reporting, Service Measurement and Service Level Management. Continual Service Improvement Focuses on the implementation of the output of the service design activities and the creation of a production service or modification of an existing service. There is an area of overlap between Service Transition and Service Operation. Key areas of this volume are Change Management, Release Management, Configuration Management and Service Knowledge Management. Service Transition Focuses on the activities that take place in order to develop the strategy into a design document which addresses all aspects of the proposed service, as well as the processes intended to support it. Key areas of this volume are Availability Management, Capacity Management, Continuity Management and Security Management. Service Design Focuses on the identification of market opportunities for which services could be developed in order to meet a requirement on the part of internal or external customers. The output is a strategy for the design, implementation, maintenance and continual improvement of the service as an organizational capability and a strategic asset. Key areas of this volume are Service Portfolio Management and Financial Management. Service Strategy
Process Ratings on Spider Chart (example, 1 of 4)
CONFLICTS & ETHICS
Conflicts & Ethics and Securities Transaction Committees