COBIT® vs. ITIL®    Why can’t it be both?
Agenda <ul><li>COBIT & ITIL: An Overview </li></ul><ul><ul><li>What is C OBI T </li></ul></ul><ul><ul><li>Key Components o...
What is IT Governance?   <ul><li>IT Governance – Industry Definition* </li></ul><ul><ul><li>A  structure  of relationships...
Typical IT Governance Mission  <ul><li>“ To leverage industry best practices (i.e. ITIL)  to engineer the lifestyle change...
The IT Governance Lifecycle   TASK  ENVIRONMENT • Ethics & Culture • Laws and Regulations • Mission & Vision • Role Models...
How do the Frameworks Support & Guide the Business of IT C OBI T IT Wide CMMI ITIL Infrastructure / Operations Application...
The Governance Program Office enables ITG Strategy <ul><ul><ul><ul><ul><li>© 2007 IT Governance Institute. All rights rese...
What is C OBI T <ul><li>Developed in 1996 by the Information Systems Audit  </li></ul><ul><li>and Control Association and ...
<ul><li>Organizes IT into 4 primary domains </li></ul><ul><li>Divides these domains into 34 processes and provides a high ...
Key C OBI T Terminology Domains Processes Control Objectives CobiT Terms / Concepts Summary Description <ul><li>Planning &...
Key  C OBI T  Terminology Where most organizations start What most compliance regulations require <ul><ul><ul><ul><ul><li>...
C OBI T with other Frameworks <ul><ul><ul><ul><ul><li>© 2007 IT Governance Institute. All rights reserved.  www.itgi.org <...
What other organizations are saying <ul><li>&quot;C OBI T's real focus is on whether or not you have controls in place tha...
What other organizations are saying <ul><li>“ ITIL is absolutely the best framework available for IT operation. There are ...
IT Service Management & ITIL Defined <ul><li>ITIL is the “de-facto industry best practice” for IT Service Management </li>...
What is ITIL®? <ul><li>ITIL®,  I nformation  T echnology  I nfrastructure  L ibrary is the most widely accepted approach t...
What Is ITSM? <ul><li>ITSM is an acronym for IT Service Management  </li></ul>
Source: The Art of Service Quality Flexibility Cost Management How / What ? Why! ITIL Framework Service Management Objecti...
What are the Benefits of ITIL? <ul><li>Reduced Costs </li></ul><ul><li>Improved IT Services through the use of Proven Best...
Where Does ITIL Fit? Focuses on Process (Not Technology) <ul><li>You don't implement ITIL: </li></ul><ul><ul><li>You use i...
ITIL v3 – The Service Lifecycle Source: ITIL Refresh Project   Service Design Service ITIL Service Strategies Service Oper...
COBIT & ITIL: CSF’s Align! <ul><li>Sustained executive and management support </li></ul><ul><li>Transformation must be ins...
Key Success Indicators  <ul><li>Customer Satisfaction </li></ul><ul><li>Process Maturity & Adoption </li></ul><ul><li>Perf...
Maturity Level Definitions <ul><li>They provide a “short hand” method for describing key attributes of a control or a proc...
Process MM: Gartner View   Getronics Confidential Page  Source: Gartner (November 2005) <ul><li>IT Management Process Matu...
Lessons Learned: Other Companies <ul><li>COBIT </li></ul><ul><li>COBIT is a reference, a set of best practices, not an “ou...
C OBI T with other frameworks for SOX SOX Guidelines COBIT ITIL CMMi <ul><li>IT Control Environment </li></ul><ul><li>Defi...
C OBI T with other frameworks – Non SOX Objectives Other IT Process Areas COBIT ITIL CMMi <ul><li>Asset Management </li></...
C OBI T In Practice: An Example <ul><li>DS 5 – Ensure Systems Security </li></ul><ul><ul><li>DS5.1 Manage Security Measure...
DS 5.5 Management Review of User Accounts <ul><li>Control Objective </li></ul><ul><ul><li>Management should have a control...
ITIL Access Management: Guidance  <ul><li>Provides Guidance on IT Access Management Processes  </li></ul><ul><li>Found in ...
C OBI T In Practice: An Example #2 <ul><li>AI 6 – Manage Change </li></ul><ul><ul><li>AI6.1 Change Request Initiation and ...
AI 6.3 Control of Changes <ul><li>Control Objective </li></ul><ul><ul><li>Requests for changes, application maintenance an...
Change Management: Process Guidance <ul><li>ITIL Provides guidance on how to implement Change Mangement in your IT Organiz...
Making Changes on an Organizational Level  Workshop Exercise
Organizational Change – The Influence   <ul><li>Fact #1:   </li></ul><ul><ul><li>People will not align with ‘bad aims’ and...
Organizational Change – The Influence   <ul><li>Fact #2: </li></ul><ul><ul><li>People can't just drop everything and 'chan...
Organizational Change: The Influence   <ul><li>WHAT DO WE DO? </li></ul><ul><li>Consult with people! </li></ul><ul><ul><li...
Organizational Change: The Influence <ul><li>Fact #3:  </li></ul><ul><li>Organizations commonly say they don't have time t...
Organizational Change – the Influencers   <ul><li>What Do We Do? </li></ul><ul><li>Take Advantage of “Crisis” </li></ul><u...
Organizational Change – Summary   <ul><li>You cannot just “Tell” and “Command” Change within the organization  </li></ul><...
More Information <ul><li>www.isaca.org   </li></ul><ul><li>www.itsmf.com   </li></ul><ul><li>www.itgi.org </li></ul><ul><l...
Why is ITIL® training important? <ul><li>Your company will improve business with ITIL® processes that you learn in the tra...
Why is ITIL® training important? <ul><li>ITIL® certification will allow you to understand the common language of ITIL®, un...
Certification Scheme
Course Offerings  (Accredited Training Powered by Ahead-Technologies Courseware )   <ul><li>ITIL® Service Management (Foun...
Why is COBIT® training important? <ul><li>Your company will improve business and overall business to IT Alignment with IT ...
Upcoming SlideShare
Loading in...5
×

CobiT And ITIL Breakfast Seminar

6,849

Published on

Published in: Education, Business, Technology
0 Comments
9 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
6,849
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
632
Comments
0
Likes
9
Embeds 0
No embeds

No notes for slide
  • ITIL is relevant to anyone involved in the delivery of support of IT services. Whether you are managing day-to-day IT services, or establishing and refining existing processes, ITIL can help you apply internationally proven best practices for the IT services and support you provide.
  • The easiest and most concise way to describe the benefits of adopting Service Management and the ITIL Framework is by using the Objective Tree. Any organisation has it’s known and inferred corporate objectives. Objectives can be related to revenue, costs, profits, satisfaction, production, etc. These objectives determine the business processes that are required. That is, the corporate objectives will determine how the functional units of the business work together and their activities. As an outsider looking in, if somebody asks why these activities are determined (why), then you would go back to the corporate objectives. Each of the units of the business requires a set of services in order to achieve their function and to be part of the business processes. What services are required are determined by the interactions of the business units. Some business units will require specific IT Services (e.g.. Accounts payable need a system, Human resources need a system), however some services will be required by all units (e.g.. Electronic mail and word publishing capabilities). The types of services required are influenced by the way that the business processes are organized, which (as we know) is determined by the organizational objectives. Finally, all of these IT Services must run on infrastructure. Infrastructure includes hardware &amp; software and all elements in between. All of these components have to be managed and we call that Service Management (or IT Service Management). We must ensure that we managed all these components very well so that the services can be provided to the business processes that will help them achieve the organisation objectives. ITIL is a way of identifying and assisting to ensure that we do all the things we need to do when considering the management of infrastructure. So you can see that ITIL is not the starting point. Really the starting point is understanding the objectives and business processes. Next is really understanding what it is that they need in the way of IT Services. The people in the business units do not view services as technical terms like network access,
  • Competitive advantage through cost reduction and by enabling growth and agility by the flexibility and scalability inherent in standardized processes and service organization. Business efficiency through streamlining of IT processes and better alignment between vital business functions and IT services Improved internal customer and user satisfaction
  • ITIL is now based on a core of five titles: Service Strategy Service Design Service Transition Service Operation Continual Service Improvement The Service Strategy book offers a view of ITIL that aligns business and IT so that each brings out the best in the other. It ensures that every stage of the service lifecycle stays focused on the business case and relates to all the companion process elements that follow. Subsequent titles will link deliverables to meeting the business goals, requirements and service management principles described in this publication. Concepts and guidance in this publication include: Service Management strategy and value planning Linking business plans and directions to IT service strategy Planning and implementing service strategy
  • CobiT And ITIL Breakfast Seminar

    1. 1. COBIT® vs. ITIL® Why can’t it be both?
    2. 2. Agenda <ul><li>COBIT & ITIL: An Overview </li></ul><ul><ul><li>What is C OBI T </li></ul></ul><ul><ul><li>Key Components of C OBI T </li></ul></ul><ul><ul><li>Key C OBI T Terms </li></ul></ul><ul><ul><li>Other Organizations on C OBI T </li></ul></ul><ul><ul><li>C OBI T with other Frameworks </li></ul></ul><ul><ul><li>What is ITIL </li></ul></ul><ul><ul><li>Key Components of ITIL </li></ul></ul><ul><ul><li>Key ITIL Terms </li></ul></ul><ul><ul><li>Critical Success Factors: for ITIL & C OBI T </li></ul></ul><ul><ul><li>Key Success Indicators: for ITIL & C OBI T </li></ul></ul><ul><ul><li>Maturity Assessments </li></ul></ul><ul><ul><li>C OBI T and ITIL In Practice </li></ul></ul><ul><ul><li>Organizational Change </li></ul></ul><ul><ul><li>Additional Resources </li></ul></ul>
    3. 3. What is IT Governance? <ul><li>IT Governance – Industry Definition* </li></ul><ul><ul><li>A structure of relationships and processes </li></ul></ul><ul><ul><li>to direct and control the IT enterprise </li></ul></ul><ul><ul><li>in order to achieve the enterprise’s goals by adding value </li></ul></ul><ul><ul><li>while balancing risk versus return over IT and its processes </li></ul></ul><ul><li>Is a decision rights and accountability framework (structure) to ensure desirable behaviour in the </li></ul><ul><li>use of IT </li></ul><ul><li>Links IT processes, IT people, IT technology and information to enterprise strategies and objectives </li></ul>*Source: Control Objectives for Information and Related Technology (CobiT®) IT Governance Institute <ul><ul><ul><ul><ul><li>© 2007 IT Governance Institute. All rights reserved. www.itgi.org </li></ul></ul></ul></ul></ul>
    4. 4. Typical IT Governance Mission <ul><li>“ To leverage industry best practices (i.e. ITIL) to engineer the lifestyle change required to achieve the IT strategy and enable the overall Company corporate vision.” </li></ul>COBIT ITIL
    5. 5. The IT Governance Lifecycle TASK ENVIRONMENT • Ethics & Culture • Laws and Regulations • Mission & Vision • Role Models • Industry Practices • … MONITOR MONITOR WHY ? WHY ? CREATE CREATE PROTECT PROTECT EXECUTE EXECUTE KEY PERFORMANCE INDICATORS COBIT PROCES FRAMEWORK CSF, CO and CP KEY PERFORMANCE INDICATORS COBIT PROCES FRAMEWORK CSF, CO and CP ALIGNMENT VALUE DELIVERY PERFORMANCE MEASUREMENT RISK MANAGEMENT IT RESOURCE MANAGEMENT MATURITY MODELS CONTROL OBJECTIVES CONTROL PRACTICES CSF IT BSC COBIT BENCHMARK MATURIT MODEL Audit guidelines BUSINESS AND IT KEY GOAL INDICATORS WHAT ? WHAT ? TASK ENVIRONMENT • Ethics & Culture • Laws and Regulations • Mission & Vision • Role Models • Industry Practices • … MONITOR MONITOR WHY ? WHY ? CREATE CREATE PROTECT PROTECT EXECUTE EXECUTE KEY PERFORMANCE INDICATORS COBIT PROCES FRAMEWORK CSF, CO and CP KEY PERFORMANCE INDICATORS COBIT PROCES FRAMEWORK CSF, CO and CP ALIGNMENT VALUE DELIVERY PERFORMANCE MEASUREMENT RISK MANAGEMENT IT RESOURCE MANAGEMENT MATURITY MODELS CONTROL OBJECTIVES CONTROL PRACTICES CSF IT BSC COBIT BENCHMARK MATURITY MODEL Audit guidelines BUSINESS AND IT KEY GOAL INDICATORS WHAT ? WHAT ? <ul><ul><ul><ul><ul><li>© 2007 IT Governance Institute. All rights reserved. www.itgi.org </li></ul></ul></ul></ul></ul>
    6. 6. How do the Frameworks Support & Guide the Business of IT C OBI T IT Wide CMMI ITIL Infrastructure / Operations Application Development IT Finance IT People Technology Architecture Customer Relationship ISO 17799 / NIST 800 Security & BCP/DRP
    7. 7. The Governance Program Office enables ITG Strategy <ul><ul><ul><ul><ul><li>© 2007 IT Governance Institute. All rights reserved. www.itgi.org </li></ul></ul></ul></ul></ul>
    8. 8. What is C OBI T <ul><li>Developed in 1996 by the Information Systems Audit </li></ul><ul><li>and Control Association and IT Governance Institute as a standard for IT security and control practices. </li></ul><ul><li>Provides a reference framework for IT, security, auditing managers and users. </li></ul><ul><li>It helps companies deploy effective governance over systems </li></ul><ul><li>and networks. </li></ul><ul><li>C OBI T's Management Guidelines component consists of tools to measure a company's capabilities in 34 IT processes. </li></ul><ul><li>These include performance measurement elements, a list of critical success factors that provides best practices for each IT process, and maturity models to help in benchmarking. </li></ul><ul><ul><ul><ul><ul><li>© 2007 IT Governance Institute. All rights reserved. www.itgi.org </li></ul></ul></ul></ul></ul>
    9. 9. <ul><li>Organizes IT into 4 primary domains </li></ul><ul><li>Divides these domains into 34 processes and provides a high level control objective for each </li></ul><ul><li>Focuses on fiduciary, quality and security needs of enterprises, providing seven information criteria that can be used to generically define what the business requires from IT </li></ul><ul><li>Is supported by a set of 318 detailed control objectives and supporting control practices </li></ul><ul><li>Effectiveness </li></ul><ul><li>Efficiency </li></ul><ul><li>Availability </li></ul><ul><li>Integrity </li></ul><ul><li>Confidentiality </li></ul><ul><li>Reliability </li></ul><ul><li>Compliance </li></ul><ul><li>Planning & Organization </li></ul><ul><li>Acquisition & Implementation </li></ul><ul><li>Delivery & Support </li></ul><ul><li>Monitoring </li></ul>Key Aspects of the CobiT Framework <ul><ul><ul><ul><ul><li>© 2007 IT Governance Institute. All rights reserved. www.itgi.org </li></ul></ul></ul></ul></ul>
    10. 10. Key C OBI T Terminology Domains Processes Control Objectives CobiT Terms / Concepts Summary Description <ul><li>Planning & Organization (PO) – Management Oversight, Governance, Policy, Strategy, Metrics, Risk Management, Investment, Quality </li></ul><ul><li>Acquisition & Implementation (AI) – Acquire, Development, Implementation, Manage, SDLC, PMM, Change Management </li></ul><ul><li>Delivery & Support (DS) – Change Management, Operations, Security </li></ul><ul><li>Monitoring (MO) – Compliance, Management Monitoring, Auditing </li></ul><ul><li>Drill down of key processes within each domain </li></ul><ul><li>Key IT processes akin to key business processes within a business cycle </li></ul><ul><li>Key Control Objectives or Control Statements that assist management in meeting business objectives and the risks to business information </li></ul><ul><li>Suggested control activities are identified by objective </li></ul><ul><li>Potential high-level audit steps are identified for activities </li></ul><ul><li>This is also referred to as Activities or Tasks – IT activities or tasks that make up the processes </li></ul>
    11. 11. Key C OBI T Terminology Where most organizations start What most compliance regulations require <ul><ul><ul><ul><ul><li>© 2007 IT Governance Institute. All rights reserved. www.itgi.org </li></ul></ul></ul></ul></ul>CobiT Terms / Concepts Summary Description Business Requirements for Information <ul><li>Quality: Effectiveness, Efficiency </li></ul><ul><li>Fiduciary: Compliance, Reliability of Information </li></ul><ul><li>Security: Confidentiality, Integrity, Availability </li></ul>Critical Success Factors <ul><li>Define most import issues and actions for management </li></ul><ul><li>Get processes under control </li></ul>Key Goal Indicators <ul><li>Measures that define after the fact success in achieving business requirements </li></ul><ul><li>Monitor achievement of IT process goals </li></ul>Key Performance Indicators <ul><li>Indicators defined how well IT processes are performing </li></ul><ul><li>Monitor performance within IT processes </li></ul>Maturity Model <ul><li>Maturity of processes (controls) – 0-5 </li></ul><ul><li>0 = Non-existent </li></ul><ul><li>1 = Initial </li></ul><ul><li>2 = Repeatable </li></ul><ul><li>3 = Defined </li></ul><ul><li>4 = Managed </li></ul><ul><li>5 = Optimized </li></ul>
    12. 12. C OBI T with other Frameworks <ul><ul><ul><ul><ul><li>© 2007 IT Governance Institute. All rights reserved. www.itgi.org </li></ul></ul></ul></ul></ul>
    13. 13. What other organizations are saying <ul><li>&quot;C OBI T's real focus is on whether or not you have controls in place that ensure you are compliant with relevant regulatory authorities.&quot; </li></ul><ul><li>&quot;It helps organizations determine if they are doing what they said they would and if they are able to show evidence of this.&quot; </li></ul><ul><li>&quot;C OBI T has proven to be an excellent tool for measuring and assessing our IT controls.&quot; Lockheed Martin, which also uses CMMi and ISO 17799 to improve its processes and IT service levels. </li></ul>Source: NetworkWorldFusion “IT frameworks demystified”, 02/21/08
    14. 14. What other organizations are saying <ul><li>“ ITIL is absolutely the best framework available for IT operation. There are no competitors.” </li></ul><ul><li>- Ben Worthen, CIO Magazine </li></ul><ul><li>“ We now have the ability to assess how we are performing at any point in time. We’ve identified where we had bottlenecks, and now the total number of problems is going down. And we have evidence to show people that we are improving.” </li></ul><ul><li>-Suresh Kumar, CIO, Pershing </li></ul><ul><li>“ ITIL is common sense. It’s what many successful organizations already do…ITIL forges a bond between IT, management and external customers…” </li></ul><ul><li>-Bruce Boardman, 2005 </li></ul><ul><li>“ ITIL is like an elephant, you can eat the whole thing one bite at a time or in phases” </li></ul><ul><li>-Stephen Bajada, CIO, Magazine </li></ul>
    15. 15. IT Service Management & ITIL Defined <ul><li>ITIL is the “de-facto industry best practice” for IT Service Management </li></ul><ul><ul><li>Non-proprietary and based upon proven practitioner experiences </li></ul></ul><ul><ul><li>International user support (IT Service Management Forum - itSMF) </li></ul></ul><ul><li>ITIL was developed by the UK Office of Government Commerce (OGC) </li></ul><ul><ul><li>Developed in the late 1980s and continuously updated since </li></ul></ul><ul><ul><li>ISO 20000 – Formal, international standard for IT Service Management certification, based upon ITIL best practices (formerly BS 15000) </li></ul></ul>ITIL is a comprehensive and consistent set of industry “best practices” for IT Service Management organized in an integrated, process-based framework in order to add VALUE to customers
    16. 16. What is ITIL®? <ul><li>ITIL®, I nformation T echnology I nfrastructure L ibrary is the most widely accepted approach to IT service management in the world </li></ul><ul><li>ITIL® is also supported by a comprehensive qualifications scheme, accredited training organizations, and implementations and assessment tools </li></ul>
    17. 17. What Is ITSM? <ul><li>ITSM is an acronym for IT Service Management </li></ul>
    18. 18. Source: The Art of Service Quality Flexibility Cost Management How / What ? Why! ITIL Framework Service Management Objective Tree effective efficient organization effective efficient IT service provision
    19. 19. What are the Benefits of ITIL? <ul><li>Reduced Costs </li></ul><ul><li>Improved IT Services through the use of Proven Best Practices </li></ul><ul><li>Customer Service Satisfaction </li></ul><ul><li>IT Value through Business, IT Operational, and Goal Alignment </li></ul><ul><li>Improved Productivity, Skills, and Experience </li></ul><ul><li>Improved delivery of third party services through the specification of ITIL® </li></ul>Documented Common Sense
    20. 20. Where Does ITIL Fit? Focuses on Process (Not Technology) <ul><li>You don't implement ITIL: </li></ul><ul><ul><li>You use it to help create organizational change </li></ul></ul><ul><li>ITIL doesn't offer guidance on how to actually apply the best practices it catalogs </li></ul><ul><ul><li>each organization must design its own processes based on ITIL </li></ul></ul><ul><li>To run IT like a business, you need to understand the key services that go into it </li></ul><ul><ul><li>ITIL makes that work visible. It allows you to measure what is important, so you can emphasize the things that add value and take out the things that don't </li></ul></ul>
    21. 21. ITIL v3 – The Service Lifecycle Source: ITIL Refresh Project Service Design Service ITIL Service Strategies Service Operation Service Design Continual Service Improvement Service Transition Complimentary Guidance Quick Wins Governance Methods Case Studies Value-added Products Templates Qualifications Study Aids
    22. 22. COBIT & ITIL: CSF’s Align! <ul><li>Sustained executive and management support </li></ul><ul><li>Transformation must be institutionalized </li></ul><ul><li>Plan and drive organizational change </li></ul><ul><li>Don’t “boil the ocean” – utilize a prioritized and phased implementation approach </li></ul><ul><li>Listen, understand, communicate, communicate and communicate </li></ul>
    23. 23. Key Success Indicators <ul><li>Customer Satisfaction </li></ul><ul><li>Process Maturity & Adoption </li></ul><ul><li>Performance Benchmarks </li></ul><ul><li>Quality Certifications </li></ul><ul><li>Compliance with Regulatory & Audit Requirements </li></ul><ul><li>Employee Development & Competence </li></ul>
    24. 24. Maturity Level Definitions <ul><li>They provide a “short hand” method for describing key attributes of a control or a process </li></ul><ul><li>Maturity levels can be used to describe the attributes of our current controls or our current processes </li></ul><ul><li>They can also be used to describe the target level or attributes of our controls or processes </li></ul><ul><li>Controls maturity levels are different than an overall process maturity level definition </li></ul><ul><li>Controls maturity levels are different (but similar) than the current ITIL and CMMI maturity level definitions </li></ul>
    25. 25. Process MM: Gartner View Getronics Confidential Page Source: Gartner (November 2005) <ul><li>IT Management Process Maturity Model </li></ul><ul><li>Based on 0.00 – 4.00 Best Practice Maturity Scale </li></ul><ul><li>CMMI uses a 5 point scale: </li></ul><ul><li>1: Initial </li></ul><ul><li>2: Repeatable </li></ul><ul><li>3: Defined </li></ul><ul><li>4: Managed </li></ul><ul><li>5: Optimized </li></ul>
    26. 26. Lessons Learned: Other Companies <ul><li>COBIT </li></ul><ul><li>COBIT is a reference, a set of best practices, not an “out of the box” solution </li></ul><ul><li>Enterprises still to need to analyze its control requirements and customize based on: </li></ul><ul><ul><li>Value drivers </li></ul></ul><ul><ul><li>Risk profile </li></ul></ul><ul><ul><li>IT infrastructure, organization </li></ul></ul><ul><ul><li>and project portfolio </li></ul></ul><ul><li>Understand that Control Maturity (COBIT) and Process maturity (ITIL) is different. </li></ul><ul><li>Leverage other frameworks for security area (NIST, ISO 17799, etc) </li></ul><ul><li>ROI is still difficult to quantify </li></ul><ul><li>ITIL </li></ul><ul><li>ITIL is Guidance,not an “out of the box” solution </li></ul><ul><li>Enterprises still to need to analyze its process requirements and customize/make “fit for purpose” based on: </li></ul><ul><ul><li>Value drivers </li></ul></ul><ul><ul><li>IT infrastructure, organization </li></ul></ul><ul><ul><li>Risk and Project Portfolio </li></ul></ul><ul><li>Understand that process maturity (ITIL, CMMI, etc) and control maturity (COBIT) is different. </li></ul><ul><li>Leverage other frameworks for security area (NIST, ISO 17799, etc) </li></ul><ul><li>ROI is still difficult to quantify </li></ul>
    27. 27. C OBI T with other frameworks for SOX SOX Guidelines COBIT ITIL CMMi <ul><li>IT Control Environment </li></ul><ul><li>Define a strategic IT plan </li></ul><ul><li>Define the IT Organization and Relationships </li></ul><ul><li>Communicate Management Aims and Direction </li></ul><ul><li>Ensure Compliance with External Requirements </li></ul><ul><li>Assess Risks </li></ul><ul><li>Monitoring </li></ul>N/A N/A <ul><li>Program Changes (Change Management) </li></ul><ul><li>Manage Projects </li></ul><ul><li>Manage Changes </li></ul><ul><li>Manage Quality </li></ul><ul><li>Change Management </li></ul><ul><li>Release Management </li></ul><ul><li>Requirements Management </li></ul><ul><li>Requirements Development </li></ul><ul><li>Project Planning </li></ul><ul><li>Process & Product Quality Assurance </li></ul><ul><li>Verification & Validation </li></ul><ul><li>Program Development (SDLC) </li></ul><ul><li>Manage Projects </li></ul><ul><li>Manage Quality </li></ul><ul><li>Install and Accredit Systems </li></ul><ul><li>Change Management </li></ul><ul><li>Release Management </li></ul><ul><li>Requirements Management </li></ul><ul><li>Requirements Development </li></ul><ul><li>Project Planning </li></ul><ul><li>Process & Product Quality Assurance </li></ul><ul><li>Verification & Validation </li></ul><ul><li>Computer Operations </li></ul><ul><li>Manage Problems and Incidents </li></ul><ul><li>Manage Operations </li></ul><ul><li>Manage Data </li></ul><ul><li>Incident Management </li></ul><ul><li>Problem Management </li></ul>N/A <ul><li>Access to programs and data (Security) </li></ul><ul><li>Ensure Systems Security </li></ul><ul><li>Manage Data </li></ul><ul><li>Manage Facilities </li></ul><ul><li>Manage Configuration </li></ul><ul><li>Configuration Management </li></ul><ul><li>Configuration Management </li></ul>
    28. 28. C OBI T with other frameworks – Non SOX Objectives Other IT Process Areas COBIT ITIL CMMi <ul><li>Asset Management </li></ul><ul><li>Manage Configuration </li></ul><ul><li>Configuration Management </li></ul>N/A <ul><li>Quality Management </li></ul><ul><li>Manage Quality </li></ul><ul><li>Service Level Management </li></ul><ul><li>Process and Product Quality Assurance </li></ul><ul><li>DRP & BCP </li></ul><ul><li>Ensure Continuous Service </li></ul><ul><li>Continuity Management </li></ul><ul><li>Availability Management </li></ul>N/A <ul><li>Service Levels </li></ul><ul><li>Define and Manage Service Levels </li></ul><ul><li>Ensure Continuous Service </li></ul><ul><li>Service Level Management </li></ul><ul><li>Continuity Management </li></ul><ul><li>Availability Management </li></ul><ul><li>Capacity Management </li></ul>N/A <ul><li>Performance and Capacity Planning </li></ul><ul><li>Manage Performance and Capacity </li></ul><ul><li>Ensure Continuous Service </li></ul><ul><li>Service Level Management </li></ul><ul><li>Availability Management </li></ul><ul><li>Capacity Management </li></ul>N/A <ul><li>Help Desk and Customer Support </li></ul><ul><li>Educate and Train Users </li></ul><ul><li>Assist and Advise Customers </li></ul><ul><li>Service Desk </li></ul><ul><li>Organizational Training </li></ul><ul><li>Control IT Costs </li></ul><ul><li>Manage the Information Technology Investment </li></ul><ul><li>Manage Human Resources </li></ul><ul><li>Identify and Allocate Costs </li></ul><ul><li>IT Service Financial Management </li></ul><ul><li>Supplier Agreement Management </li></ul><ul><li>Others </li></ul><ul><li>Define the Information Architecture </li></ul><ul><li>Determine the Technological Direction </li></ul><ul><li>Identify Automated Solutions </li></ul><ul><li>Develop and Maintain Procedures </li></ul>N/A <ul><li>Technical Solution </li></ul><ul><li>Product Integration </li></ul>
    29. 29. C OBI T In Practice: An Example <ul><li>DS 5 – Ensure Systems Security </li></ul><ul><ul><li>DS5.1 Manage Security Measures </li></ul></ul><ul><ul><li>DS5.2 Identification, Authentication and Access </li></ul></ul><ul><ul><li>DS5.3 Security of Online Access to Data </li></ul></ul><ul><ul><li>DS5.4 User Account Management </li></ul></ul><ul><ul><li>DS5.5 Management Review of User Accounts </li></ul></ul><ul><ul><li>DS5.6 User Control of User Accounts </li></ul></ul><ul><ul><li>DS5.7 Security Surveillance </li></ul></ul><ul><ul><li>DS5.8 Data Classification </li></ul></ul><ul><ul><li>DS5.9 Central Identification and Access Rights Management </li></ul></ul><ul><ul><li>DS5.10 Violation and Security Activity Reports </li></ul></ul><ul><ul><li>DS5.11 Incident Handling </li></ul></ul>
    30. 30. DS 5.5 Management Review of User Accounts <ul><li>Control Objective </li></ul><ul><ul><li>Management should have a control process in place to review and confirm access rights periodically. </li></ul></ul><ul><li>Risk (why) </li></ul><ul><ul><li>Without periodic review of user account access a user could have access to systems or data that he or she no longer needs or should not have access to. </li></ul></ul><ul><li>Control Activities (who, what, when) </li></ul><ul><ul><li>On a quarterly basis data owners review the Top Security Transaction Code Reports to verify that only authorized users can create, read, update and/or delete the information that they own. </li></ul></ul><ul><li>Supporting Evidence </li></ul><ul><ul><li>Confirmations are stored within a Lotus Notes database. Exceptions result in a help desk ticket being created. </li></ul></ul>
    31. 31. ITIL Access Management: Guidance <ul><li>Provides Guidance on IT Access Management Processes </li></ul><ul><li>Found in the Service Operations Phase of the ITIL V3 Lifecycle </li></ul><ul><li>Additional source for process guidance, benefits, etc. </li></ul>
    32. 32. C OBI T In Practice: An Example #2 <ul><li>AI 6 – Manage Change </li></ul><ul><ul><li>AI6.1 Change Request Initiation and Control </li></ul></ul><ul><ul><li>AI6.2 Impact Assessment </li></ul></ul><ul><ul><li>AI6.3 Control of Changes </li></ul></ul><ul><ul><li>AI6.4 Emergency Changes </li></ul></ul><ul><ul><li>AI6.5 Documentation and Procedures </li></ul></ul><ul><ul><li>AI6.6 Authorized Maintenance </li></ul></ul><ul><ul><li>AI6.7 Software Release Policy </li></ul></ul><ul><ul><li>AI6.8 Distribution of Software </li></ul></ul>
    33. 33. AI 6.3 Control of Changes <ul><li>Control Objective </li></ul><ul><ul><li>Requests for changes, application maintenance and supplier maintenance are standardized and are subject to formal change / release management procedures. </li></ul></ul><ul><li>Risk (why) </li></ul><ul><ul><li>Without a change management methodology, application changes could be implemented without proper testing or approval and could result in unscheduled downtime which disrupts business processes. </li></ul></ul><ul><li>Control Activities (who, what, when) </li></ul><ul><ul><li>A change management system is utilized to track all change requests. Change requests are entered by the change manager and reviewed by the change control board twice a week. </li></ul></ul><ul><ul><li>Before promotion to production, each change is tested using an appropriate testing strategy given the size and nature of the change. Testing may include end user testing when appropriate and the test results must be reviewed and approved by an appropriate manager. </li></ul></ul><ul><ul><li>Once changes have been reviewed, tested and accepted, the production environment is updated to include the accepted changes. </li></ul></ul><ul><li>Supporting Evidence </li></ul><ul><ul><li>Documentation is maintained within the change management system XYZ. </li></ul></ul>
    34. 34. Change Management: Process Guidance <ul><li>ITIL Provides guidance on how to implement Change Mangement in your IT Organization </li></ul><ul><li>Provides guidance on how to assess impact and risk </li></ul><ul><li>Found in the Service Transition Phase of the Lifecycle </li></ul>
    35. 35. Making Changes on an Organizational Level Workshop Exercise
    36. 36. Organizational Change – The Influence <ul><li>Fact #1: </li></ul><ul><ul><li>People will not align with ‘bad aims’ and are less inclined if the organization does not align with their belief systems </li></ul></ul><ul><ul><li>Most staff will simply nod and smile demurely as if in servile acceptance </li></ul></ul><ul><ul><li>And then nothing happens </li></ul></ul><ul><ul><li>The people can't be bothered </li></ul></ul><ul><li>WHAT DO WE DO? </li></ul><ul><ul><li>Re-assess and re-align your organization's aims, beliefs, integrity - all of it - with your people's </li></ul></ul><ul><ul><li>Then they might begin to be interested in helping with new skills and change, etc. </li></ul></ul>
    37. 37. Organizational Change – The Influence <ul><li>Fact #2: </li></ul><ul><ul><li>People can't just drop everything and 'change', or learn new skills, just because you say so </li></ul></ul><ul><ul><li>Perception: Even if they want to change and learn new skills, they have a whole range of issues that keep them fully occupied </li></ul></ul><ul><li>What they might be thinking…: </li></ul><ul><li>&quot;So you want me to attend this training course, so you can earn more (etc, etc), and when I come back from two days away in some rotten hotel my personal pile of meaningless jobs will just have magically disappeared will it? And when I come to try to implement these new skills and make all these new things happen, everyone will be completely in step will they? Pull the other one.. Again, no can do..&quot; </li></ul>
    38. 38. Organizational Change: The Influence <ul><li>WHAT DO WE DO? </li></ul><ul><li>Consult with people! </li></ul><ul><ul><li>Save yourself from incorrect Assumptions </li></ul></ul><ul><ul><li>Consulting with people does not mean that you hand over the organization to them - they wouldn't want the corporation if you paid them anyway </li></ul></ul><ul><ul><li>No, consulting with people gives you and them a chance to understand the implications and feasibility of what you think needs doing </li></ul></ul><ul><ul><li>Consulting with people, and helping them to see things from both sides generally throws up some very good ideas for doing things better than you could have dreamt of by yourself! </li></ul></ul><ul><ul><li>It helps you to see from both sides too! </li></ul></ul>
    39. 39. Organizational Change: The Influence <ul><li>Fact #3: </li></ul><ul><li>Organizations commonly say they don't have time to re-assess and re-align their aims and values, etc., or don't have time to consult with people properly, because the organization is on the edge of a crisis </li></ul><ul><li>Organizations get into crisis because they ignore facts one and two </li></ul><ul><li>In general, ignoring these facts again will only deepen the “crisis” </li></ul>
    40. 40. Organizational Change – the Influencers <ul><li>What Do We Do? </li></ul><ul><li>Take Advantage of “Crisis” </li></ul><ul><ul><li>Crisis is the best reason to re-align your aims and consult with people </li></ul></ul><ul><ul><li>Crisis is wake-up and change the organization and its purpose - not change the people </li></ul></ul><ul><ul><li>When an organization is in crisis, the people are almost always okay - it'll be the organizational purpose and aims that are not </li></ul></ul>
    41. 41. Organizational Change – Summary <ul><li>You cannot just “Tell” and “Command” Change within the organization </li></ul><ul><li>Look at Organizational Goals and Objectives </li></ul><ul><ul><li>What does your organization actually seek to do? </li></ul></ul><ul><ul><li>Whom does your organization benefit? </li></ul></ul><ul><ul><li>And whom does it exploit? </li></ul></ul><ul><ul><li>Who are the winners, and who are the losers? </li></ul></ul><ul><ul><li>Does your organization have real integrity? </li></ul></ul><ul><li>COMMUNICATE COMMUNICATE COMMUNICATE </li></ul><ul><ul><li>Communicate does not equal Consensus – but it does foster trust and change! </li></ul></ul>
    42. 42. More Information <ul><li>www.isaca.org </li></ul><ul><li>www.itsmf.com </li></ul><ul><li>www.itgi.org </li></ul><ul><li>www.acend.com </li></ul>
    43. 43. Why is ITIL® training important? <ul><li>Your company will improve business with ITIL® processes that you learn in the training </li></ul><ul><ul><li>Working Together </li></ul></ul><ul><ul><li>Lowering Costs </li></ul></ul><ul><ul><li>Optimizing Performance </li></ul></ul><ul><ul><li>Ensuring Compliance </li></ul></ul><ul><ul><li>Improving IT Service Strategy, Design, Transition, Operation and Continual Service Improvement </li></ul></ul>
    44. 44. Why is ITIL® training important? <ul><li>ITIL® certification will allow you to understand the common language of ITIL®, understood by IT professionals worldwide, and will increase your standing within the IT community </li></ul><ul><li>ITIL® gives you an adaptive and flexible framework for managing IT services and encourages you to use common sense rather than follow a rigid set of rules </li></ul>
    45. 45. Certification Scheme
    46. 46. Course Offerings (Accredited Training Powered by Ahead-Technologies Courseware ) <ul><li>ITIL® Service Management (Foundations) – 2 Credits </li></ul><ul><ul><li>Prerequisite: None </li></ul></ul><ul><ul><li>Duration: 2.5 ILT days </li></ul></ul><ul><ul><li>Attendance: Anyone working in IT </li></ul></ul><ul><li>ITIL® Practitioner Series (5 courses available) – Total 12 Credits </li></ul><ul><ul><li>Prerequisite: Foundation Certification in IT Service Management </li></ul></ul><ul><ul><li>Duration: 3 ILT days for each course </li></ul></ul><ul><ul><li>Attendance: Middle Managers & Team Leaders </li></ul></ul><ul><li>Manager’s Certificate in IT Service Management – 17 Credits </li></ul><ul><ul><li>Prerequisite: Foundation Certification in IT Service Management & approved criteria </li></ul></ul><ul><ul><li>Duration: 12 ILT days </li></ul></ul><ul><ul><li>Attendance: Those that are managing, implementing, & advising on ITIL® processes, through project or day-to-day management, who have 5 years experience with IT Service Management. </li></ul></ul>
    47. 47. Why is COBIT® training important? <ul><li>Your company will improve business and overall business to IT Alignment with IT Governance Objectives that you learn in the training </li></ul><ul><ul><li>Working Together </li></ul></ul><ul><ul><li>Optimizing Performance </li></ul></ul><ul><ul><li>Ensuring appropriate controls and compliance </li></ul></ul><ul><ul><li>Benefit from completing the Internationally Recognized COBIT® Foundations Exam </li></ul></ul>
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×