One part ITIL, one part COBIT

4,027 views

Published on

Presentation slides from APMG webinar: "One part ITIL, one part COBIT: The ingredients for repeatable and controlled processes to support IT services".

Published in: Business, Technology
0 Comments
5 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
4,027
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
394
Comments
0
Likes
5
Embeds 0
No embeds

No notes for slide
  • Hello and a good afternoon, evening, or morning, depending on where you are sitting right now. And a special hello to Red Sox fans everywhere on the day after they won their 3rd world championship in the last 10 years!I would like to welcome you to our webinar, One Part ITIL, One Part COBIT
  • Let’s start this off talking about the “why”? Why do a webinar on the ITIL/COBIT connection?Many of you are no doubt IT professionals and very familiar with ITIL. But fewer people are as aware of COBIT, and its role in the IT Service Management spectrum. While COBIT is often thought of as a framework for auditors, it is also important to the IT professional. As Dave Nichols points out in the quotation above, COBIT provides the governance framework within which ITIL operates. ITIL becomes complete when it is combined with the COBIT framework.
  • We will cover this connection in more depth during this webinar. Following the webinar, we will have the opportunity to address any questions that you may have, and lastly will direct you to some sources for more information.
  • So let’s get started.I am delighted to be joined today by Mark Thomas of Escoute Consulting. Besides having experience both in IT operations as well as consulting, and having a deep knowledge of IT Service Management and IT Governance, Mark has a passion for this subject which is infectious. If you have been to Fusion conferences or COBIT conferences, including the most recent gathering in Boston, you will have come across Mark. I am confident you will derive a lot of value from the material Mark will share with us today. With that, let me turn it over to Mark.
  • The following trends are driving the need for governance frameworks that provide consistent approach to delivering services:
  • Governance, IT Governance, and GEIT may have different meanings to different enterprises depending on the context.
  • Effective IT Governance needs a control framework. The following are requirements for a control framework.
  • Although there are several methodologies and frameworks competing for the attention of IT leadership, the following are some of the most popular and applicable today.
  • The ITIL framework identifies all applicable processes, roles, and functions required to effectively deliver services to customers.
  • The ITIL framework identifies all applicable processes, roles, and functions required to effectively deliver services to customers.
  • DON’T FORGET FUNCTIONS
  • Earlier this year, ISACA completed the rollout from COBIT 4.1 to COBIT 5. COBIT 5 provides an end-to-end business view of the governance of enterprise IT that reflects the central role of both information and technology in creating value for enterprises.
  • COBIT is based on five key principles and seven enablers for governance and management of enterprise IT:
  • Each of the governance and management processes defined in the Process Reference Model includes detailed process-related content (found in the COBIT 5 Enabling Processes Guide).
  • The COBIT 5 Process Capability Model provides a consistent approach to assessing and defining process capability.
  • A continual approach provides a method to address the complexities and challenges normally encountered during GEIT implementations. The Seven Phases of the implementation lifecycle are illustrated below.
  • ITIL and COBIT are actually highly complimentary and can help organizations achieve the following key integration objectives.
  • Balance between conformance and performance
  • Organizations wanting to adopt ITIL need effective GEIT for a successful implementation. COBIT provides this broad based framework.
  • Not simply a question of which framework to start withAddress the strengths of each framework based on stakeholder needsItil sometimes gets too focused on it
  • Whether you go down the ITIL path, COBIT path, or both, there are some key success factors that should always be considered:
  • Whether you go down the ITIL path, COBIT path, or both, there are some key success factors that should always be considered:
  • One part ITIL, one part COBIT

    1. 1. www.apmginternational.com APMG-International Webinar One part ITIL, one part COBIT: The ingredients for repeatable and controlled processes to support IT services. Thursday 31 October 2013 / 14:00 EST (New York, US) Presented by Mark Thomas, Escoute Consulting www.APMG-International.com
    2. 2. The ITIL/COBIT connection “ITIL is clear that it does not stand alone, and in fact, you cannot "do ITIL" without some form of governance. But what does "governance" mean? ITIL requires a framework of policy, process, procedures and metrics that can give direction to IT operations . . . (COBIT) does just this. David Nichols, ITSM Solutions
    3. 3. Agenda • Welcome & introduction – Ronn Faigen, APMG-International • One part ITIL, one part COBIT: The ingredients for repeatable and controlled processes to support IT services. – Mark Thomas (Escoute Consulting) • Q&A • More Information • Close
    4. 4. Your presenter… Mark Thomas, Escoute Consulting Areas of expertise • Governance of Enterprise IT (CGEIT) • ITIL Expert • COBIT Experience • Enterprise Program Manager • IT Director • VP, IT Operations • Governance frameworks consulting
    5. 5. Challenges Governance Frameworks ITIL Essentials COBIT Essentials Putting the Two Together Questions
    6. 6. Synopsis Considering the many challenges faced by organizations today, leveraging frameworks to assist in creating repeatable approaches to managing and controlling IT services is a logical, yet difficult task. With so many best practices in the market today, how can one know which ones are applicable? Consider two basic tenets of every IT service provider: provide value in delivered services, and ensure proper governance and control of the processes that support them. This is where ITIL and COBIT play a valuable role. In this presentation we will explore 1) the essential elements of each framework, 2) their applicability in the growing role of IT in today’s organizations, and 3) how to leverage these together in a cohesive approach to delivering, managing and controlling effective IT processes. In this presentation, participants will gain not only an appreciation of the utility of these frameworks, but will walk away with the knowledge (and perhaps) a plan on how to implement these powerful tools at their companies.
    7. 7. Challenges Align IT with the Business Provide Value/Cost Manage Risks Meet Regulatory Requirements Ensure Security
    8. 8. Trends • Rising demand for best practices is driven by requirements to become more competitive while holding costs down • Drivers for framework adoption include pressures created by demand for conformance and performance • Historically, IT Service Providers were self-directed and considered cost centers – today, best practices help these providers focus on meeting enterprise objectives • As IT moves up the list of strategic goals contribution, justifying technology investments grows - therefore the need for best practices
    9. 9. Challenges and Needs Governance Frameworks ITIL Essentials COBIT Essentials Putting the Two Together Questions
    10. 10. Governance of Enterprise IT • IT value delivery to the business COBIT 5 definition of governance: • Mitigation of IT related risk Governance ensures that stakeholder • Powerful resource to help achieve important objectives: needs, conditions and options are – Benefit Realization evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and – Risk Optimization monitoring performance and – Resource optimization compliance against agreed-on direction and objectives. Source: COBIT5. © ITGI. All rights reserved.
    11. 11. Framework Characteristics • The need for sharper business focus driven by business needs • A common language with a standardized process model, objectives, and tools suitable for any type or size of organization • A reliable and useful source based on best practices which are generally accepted in the industry • Focus on creating and maintaining value
    12. 12. Framework Categories Governance of Enterprise IT COBIT Service Management ITIL Enterprise Architecture TOGAF Project & Portfolio Management PRINCE2 Development Lifecycles SDLC Process Quality & Improvement SIX SIGMA
    13. 13. Challenges and Needs Governance Frameworks ITIL Essentials COBIT Essentials Putting the Two Together Questions
    14. 14. IT Infrastructure Library (ITIL) • Widely adopted approach for IT Service Management • Framework for identifying, planning, delivering and supporting IT services to the business • Detailed within five core publications • Enables delivery of appropriate services that continually ensure benefits delivery and business goal achievement Copyright © AXELOS Limited 2013. All rights reserved. Material is reproduced under license from AXELOS
    15. 15. ITIL Core Elements Services Delivering value to customers by facilitating outcomes customers want to achieve without the ownership of costs and risks. Email Processes A coordinated set of activities that produce an outcome which creates value. Incident Management Roles Behaviors or actions that are performed by a person, team or group. Incident Manager Copyright © AXELOS Limited 2013. All rights reserved. Material is reproduced under license from AXELOS Functions Units of organization specialized to perform certain types of work and are responsible for certain outcomes. Service Desk
    16. 16. ITIL Lifecycle Phases and Processes SS Service Strategy Strategy Management Financial Management Service Portfolio Management Demand Management Business Relationship Management SD Service Design ST Service Transition SO Service Operations Design Coordination Change Management Event Management Service Level Management Service Asset and Configuration Management Incident Management Service Catalog Management Availability Management Capacity Management Information Security Management Service Continuity Management Supplier Management Release and Deployment Management Knowledge Management Transition Planning and Support Service Validation and Testing Change Evaluation Copyright © AXELOS Limited 2013. All rights reserved. Material is reproduced under license from AXELOS Request Fulfillment Problem Management Access Management CSI Continual Service Improvement 7-Step Improvement
    17. 17. Challenges and Needs Governance Frameworks ITIL Essentials COBIT Essentials Putting the Two Together Questions
    18. 18. COBIT5 • Latest edition of ISACA’s globally accepted GEIT framework • Provides an end-to-end business view of the governance and management of enterprise IT • Builds on previous versions of COBIT (including Val IT and Risk IT). • Integrates other major industry frameworks such as ITIL, TOGAF, PRINCE2, and related ISO standards • Some new changes include: – Increased focus on enablers – New process reference model – New and modified processes – Management practices (formerly control objectives) – New maturity model ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
    19. 19. COBIT5 Product Family COBIT 5 COBIT 5 ENABLER GUIDES COBIT 5 Enabling Processes COBIT 5 Enabling Information Other Enabler Guides COBIT 5 PROFESSIONAL GUIDES COBIT 5 Implementation COBIT 5 for Information Security COBIT 5 for Assurance COBIT 5 for Risk COBIT 5 ONLINE COLLABORATIVE ENVIRONMENT ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute Other Professional Guides
    20. 20. COBIT5 Principles and Enablers Principles 1. 2. 3. 4. 5. Meeting Stakeholder Needs Covering the Enterprise End-to-End Applying a Single Integrated Framework Enabling a Holistic Approach Separating Governance From Management Enablers 1. 2. 3. 4. 5. 6. 7. ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute Principles, Policies and Frameworks Processes Organizational Structures Culture, Ethics and Behavior Information Services, Infrastructure and Applications People, Skills and Competencies
    21. 21. COBIT5 Meeting Stakeholder Needs • Translates stakeholder needs into specific, practical and customized goals • Allows the definition of priorities for: – Implementation – Improvement – Assurance of enterprise governance of IT ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
    22. 22. COBIT5 Covering the Enterprise End to End ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
    23. 23. COBIT5 Separating Governance and Management Governance Management Ensure that stakeholder needs, conditions, and options are: Plans, builds, runs and monitors activities in alignment with direction set by the governance body to achieve the enterprise objectives (PBRM) Evaluated to determine balanced, agreed-on enterprise objectives to be achieved Setting direction through prioritization and decision making Monitoring performance, compliance and progress against agreed direction and objectives (EDM) ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
    24. 24. COBIT5 Domains and Processes Governance EVALUATE, DIRECT & MONITOR Management ALIGN, PLAN & ORGANIZE BUILD, ACQUIRE & IMPLEMENT DELIVER, SERVICE & SUPPORT DSS1 Manage Operations EDM1 Ensure Governance Framework Setting and Maintenance APO1 Manage the IT Framework BAI1 Manage Programs and Projects APO2 Manage Strategy BAI2 EDM2 Benefits Delivery APO3 Manage Enterprise Architecture Manage Requirements Definition EDM3 Ensure Risk Optimization BAI3 Manage Solutions Identification and Build BAI4 Manage Availability and Capacity BAI5 Manage Organizational Change Enablement BAI6 Manage Changes BAI7 Manage Change Acceptance and Transitioning APO10 Manage Suppliers BAI8 Manage Knowledge APO11 Manage Quality BAI9 Manage Assets APO12 Manage Risk BAI10 Manage Configuration EDM4 Ensure Resource Optimization APO4 Manage Innovation EDM5 Ensure Stakeholder Transparency APO6 Manage Budget & Costs APO5 Manage Portfolio APO7 Manage Human Resources APO8 Manage Relationships APO9 Manage Service Agreements APO13 Manage Security ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute DSS2 Manage Service Requests & Incidents DSS3 Manage Problems DSS4 Manage Continuity DSS5 Manage Security Services DSS6 Manage Business Process Controls MONITOR, EVALUATE & ASSESS MEA1 Monitor, Evaluate, and Assess Performance and Conformance MEA2 Monitor, Evaluate and Assess the System of Internal Control MEA3 Monitor, Evaluate and Assess Compliance with External Requirements
    25. 25. COBIT5 Process Reference Model Process Identification Process Description Process Purpose Statement Goals Cascade Information Process Goals & Metrics RACI Chart Detailed Practice Descriptions Related Guidance ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
    26. 26. COBIT5 Process Capability ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
    27. 27. COBIT5 Implementation ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
    28. 28. Challenges and Needs Governance Frameworks ITIL Essentials COBIT Essentials Putting the Two Together Questions
    29. 29. Integration Objectives • Implement and manage IT Service Management processes to achieve business goals while meeting governance requirements • Enable clear process goals which are driven by business goals coupled with a meaningful measurement scheme • Ensure IT governance and control by providing benefits realization, risk optimization, and resource optimization Because of its high level approach, broad coverage, and is based on many existing practices, COBIT can easily be used as the integrator that brings multiple practices under one framework and links those to business objectives.
    30. 30. Integration Objectives COBIT5 ITIL • Comprehensive framework assisting enterprises in achieving goals and delivering value • Helps enterprises maintain balance between realizing benefits, optimizing risks, and optimizing resources. • Provides a consistent and coherent framework of best practices for IT Service Management and related processes • Promotes a quality approach for achieving business effectiveness and efficiency with information systems.
    31. 31. Integrating Performance and Conformance
    32. 32. GEIT vs. ITSM COBIT – GEIT “What ” ITIL - ITSM “How” • Assists in goal alignment by cascading • Defines best practice processes for Service Management and includes process activities • Defines processes based on business requirements • Separates governance from management • Intended to support GEIT and is applicable to most organizations • Links ITIL practices to business requirements • Processes are more comprehensive and described with activities and flowcharts to assist in implementation • Processes can be easily mapped to the COBIT Framework to create effective guidance
    33. 33. Integration Approaches Service Management Challenges Governance, Risk, and Compliance Challenges Just starting, not sure • History of poor SLA achievement • Internal or external audit findings • Fragmented adoption of multiple frameworks • Customer feedback identifying low service satisfaction • Complex or new regulatory or compliance concerns • Little or no understanding of GEIT • Frequent or long periods of downtime • Program/project failures Primary: ITIL Secondary: COBIT Primary: COBIT Secondary: ITIL • Significant trigger or pain point driving adoption Primary: COBIT Secondary: ITIL
    34. 34. Critical Success Factors • Focus on value • Management commitment • Process ownership and accountability • Training and communication • Embrace processes and procedures into the culture • Continual improvement and measurements
    35. 35. COBIT5 Education Who might go to training? • IT Management/Practitioners/Consultants, Auditors, Information Security and Risk, Business Management • Why would you go to training? • Gain knowledge of the scope and structure of COBIT 5 or want to improve IT Governance in your organization • Better understand the COBIT5 Product Architecture (guides) and how they interrelate • How COBIT5 enables IT to be governed and managed in a holistic manner for the entire enterprise • How the COBIT5 processes and the Process reference Model (PRM) help guide the creation of the 5 Principles and the 7 Governance and Management Enablers
    36. 36. Challenges and Needs Governance Frameworks ITIL Essentials COBIT Essentials Putting the Two Together Questions
    37. 37. QUESTIONS & ANSWERS
    38. 38. More Information • APMG-International: – www.APMG-International.com • ITIL® – www.apmg-international.com/itil • COBIT® 5 – www.apmg-international.com/cobit5 • Thank you for attending! Escoute Consulting – www.escoute.com – Email Mark at mark@escoute.com http://www.linkedin.com/company/apmg-international @APMG_Inter

    ×