• Save
From Value Governance To Benefits Realization In A Controlled Environment
Upcoming SlideShare
Loading in...5
×
 

From Value Governance To Benefits Realization In A Controlled Environment

on

  • 718 views

 

Statistics

Views

Total Views
718
Views on SlideShare
711
Embed Views
7

Actions

Likes
0
Downloads
0
Comments
0

1 Embed 7

http://www.linkedin.com 7

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

From Value Governance To Benefits Realization In A Controlled Environment From Value Governance To Benefits Realization In A Controlled Environment Presentation Transcript

  • IT GOVERNANCE: From Value Governance to Benefits Realization in a Controlled Environment George Papoulias, CISA, CGEIT, CRISC Senior Project Manager National Bank of Greece
  • PRESENTATION OUTLINE •Essential Concepts •ISACA’S Frameworks Relationships AN OVERVIEW OF THE •COBIT5 Overview ENTERPRISE •COBIT Mappings GOVERNANCE OF IT •ITGI’s Val IT Framework •Key Terms •Goals & Objectives •Why Val IT? •Synergies between Val IT and Cobit 4.1 THE VAL IT FRAMEWORK •How Val IT Works •Key Terms and Principles •Val IT Domains & Processes •The Business Case •Projects, Programs, and Portfolios Defintions •IT Project Portfolio Categorization BENEFITS RELEASATION •PM Guide Process and Mapping to SDLC THROUGH IT •SDLC Guide GOVERNANCE •IT Governance Supporting Tools •A Structured Approach •The Challenge CONCLUSION •The Ingredients of Success George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 2
  • ENTERPRISE GOVERNANCE DRIVES IT GOVERNANCE • Enterprise governance is about:  Conformance • Adhering to legislation, internal Performance policies, audit requirements, etc. Conformance  Performance • Improving profitability, efficiency, effectiveness, growth, etc. Enterprise governance and IT governance require a balance between conformance and performance goals directed by the board. George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 3
  • WITHOUT EFFECTIVE GOVERNANCESituation Leads to.. Results in.. Budget overruns Reluctance to say no to projects Project delays Too many projects Business needs Lack of Strategic Focus not met Benefits not Can‟t kill projects received Quality of execution Projects are “sold” on suffers Increased emotional basis -- not selected Complexity Sub-optimal Underestimation of use of risks and costs No strong review process resources Finger pointingOveremphasis onFinancial ROI Projects not aligned to strategy Lack of No clear strategic confidence (in criteria for selection George Papoulias IT) 7 December 2011 Senior Project Manager 4 National Bank of Greece Source: Fujitsu
  • What is IT Governance? ITGI defines enterprise governance of IT as: The set of responsibilities—as well as the leadership and organizational structures and processes—exercised by the board of directors and executive management to ensure that IT creates value for the enterprise. An integral part of overall enterprise governance, enterprise governance of IT ensures that IT sustains and extends the enterprise’s evolving objectives and strategies. Source: IT Governance Institute, Board Briefing on IT Governance George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 5
  • Relationship Between IT Governance and IT ManagementThe scope if IT Governance involves setting objectives, providing direction end evaluating performanceThe scope of IT Management involves translating the direction already set in the strategy,implementing the strategy (translating the strategy into action) and measuring and reporting onperformance IT GOVENANCE Set objectives * IT is aligned with the business * IT enables the business and maximizes benefits VAL IT RISK IT * IT resources are used responsibly * It related risks are managed appropriately Evaluate Provide Performance Direction Measure and Translate into Report Strategy Performance COBIT Translate Strategy into Action * Increase automation(make the business effective) * Decrease cost (make the business efficient) Source: Courtesy of Erik * Manage Risks (Security, Reliability and Compliance) Guldentops, EG Consult, IT MANAGEMENT Belgium George Papoulias 7 December 2011 Senior Project Manager 6 National Bank of Greece
  • Enterprise Governance of IT Focus Areas According to the IT Governance Institute the Enterprise Governance of IT has been subdivided into five focus areas: IT GOVERNANCE RESOURCE MANAGEMENT Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 7
  • IT Governance Focus Areas Strategic alignment, focuses on ensuring the linkage of business and IT plan; on defining, maintaining and validating the IT value proposition; on aligning IT operations with the enterprise operations; and establishing collaborative solutions to • Add value and competitive positioning to the enterprise’s products and services • Contain costs while improving administrative efficiency and managerial effectiveness Va gic nt De lue te liv ra me t n er S ig y A l IT Governance ent Perf sureme Mea Mea erfo remen Domains agem Man isk orm rma u R ance t ce Resource t Management Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 8
  • IT Governance Focus Areas Value delivery is about executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimising expenses and proving the value of IT, and on controlling projects and operational processes with practices that increase the probability of success (quality, risk, time, budget, cost, etc) V gic De alue te ent liv ra er St ignm y Al IT Governance ent Perf sureme Mea Mea erfo remen Domains agem Man isk orm rma u R ance t ce Resource t Management Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 9
  • IT Governance Focus Areas Risk management requires risk awareness of senior corporate officers, a clear under- standing of the enterprise’s appetite for risk and transparency about the significant risks to the enterprise; it embeds risk management responsibilities in the operation of the enterprise and specifically addresses the safeguarding of IT assets, disaster recovery and continuity of operations Va gic nt De lue te liv tra nme S ig er y Al IT Governance ent Perf s rem Perf sureme Mea Mea Domains agem Man isk orm orm R ance t ance t Resource n n Management Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 10
  • IT Governance Focus Areas Resource management covers the optimal investment, use and allocation of IT resources and capabilities (people, applications, technology, facilities, data) in servicing the needs of the enterprise, maximising the efficiency of these assets and optimising their costs, and specifically focusses on optimising knowledge and the IT infrastructure and on where and how to outsource Va gic nt De lue te liv ra me t n er S ig y A l IT Governance ent Perf s rem Perf sureme Me Mea Domains agem Man isk orm orm R ance t ance t Resource n n Management Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 11
  • IT Governance Focus Areas Performance measurement, tracking project delivery and monitoring IT services, using balanced scorecards that translate strategy into action to achieve goals measurable beyond conventional accounting, measuring those relationships and knowledgebased assets necessary to compete in the information age: customer focus, process efficiency and the ability to learn and grow. Va gic nt De lue te liv tra nme S ig er y Al IT Governance ent Perf sure Perf sureme Me Mea Domains agem Man isk orm orm R ance t ance t Resource n n Management Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 12
  • Relationships amongst CobiT, Val IT and Risk ITITGI’s guidance, centered on theCOBIT, Val IT and Risk ITframeworks, enables enterprisedirectors and managers to betterunderstand how to direct andmanage the enterprise’s use of ITand the standard of good practiceto be expected from IT providers.COBIT, Val IT and Risk IT providethe tools to direct and oversee allIT-related activities. Source: The Risk IT Framework, Executive Summary, p.7, 2008, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 13
  • Comparing how COBIT and Val IT focus on governance, processes and portfolios further helps to understand the relationship between the two frameworks as shown in figure 15. Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.25, 2008, ITGI George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 14
  • Integration of CobiT 4.1,Val IT 2.0 and Risk IT into COBIT 5 George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 15
  • ISACA’s COBIT5 Framework • COBIT 5 is a governance and management framework for information and related technology that starts from stakeholder needs with regard to information and technology. • COBIT 5 is complete in enterprise coverage, providing a basis to integrate effectively other frameworks, standards and practices used. George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 16
  • COBIT 5 Process Reference ModelGovernance and Management ProcessesOne of the guiding principles in COBIT is the distinction made between governance and management. In line with this principle, every organisation would beexpected to implement a number of governance processes and a number of management processes in order to provide comprehensive governance andmanagement of enterprise IT.When considering processes for governance and management in the context of the enterprise, the difference between types of processes lies into theobjectives of the processes:• Governance processes—Governance processes will deal with the governance objectives—value delivery, risk management and resource balancing—and willinclude practices and activities aimed at evaluating strategic options,providing direction to IT and monitoring the outcome. (EDM—in line with the ISO/IEC38500 standard concepts)• Management processes—In line with the definition of management, practices and activities in management processes will cover the responsibility areas ofplan, build, run and monitor (PBRM) enterprise IT, and they will haveto provide end‐to‐end coverage of IT. Source: COBIT5, Process Reference Guide Exposure Draft, p.13, 2011, ISACA George Papoulias Senior Project Manager 7 December 2011 National Bank of Greece 17
  • Complete set of 36 Governance and Management Processes within COBIT5 Source: COBIT5, Process Reference Guide Exposure Draft, p.15, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 18
  • COBIT 5 Drivers A need to link together and reinforce all major ISACA frameworks (CobiT, Val IT, Risk IT) A need to connect to, and, where relevant ,align with, other major frameworks and standards in the marketplace, such as Information Technology Infrastructure Library (ITIL®), The Open Group Architecture Forum (TOGAF), Project Management Body of Knowledge (PMBOK), PRojects IN Controlled Environments 2 (PRINCE2®) and the International Organization of Standards (ISO) standards. This will help stakeholders understand how various frameworks, best practices and standards are positioned relative to each other and how they can be used together and could augment each other. A need to for the enterprise to achieve increased: - Value creation through enterprise IT - Business user satisfaction with IT engagement and services - Compliance with relevant laws, regulations and policies Source: COBIT5, Process Reference Guide Exposure Draft, p.16, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 19
  • COBIT5 Goals Cascade Overview Source: COBIT5, Process Reference Guide Exposure Draft, p.2, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 20
  • Enterprise Goals Mapped to Governance Objectives The following scale applies: - ‘P’ stands for primary, when there is an important relationship, i.e., the IT‐related goal is a primary support for the enterprise goal. - ‘S’ stands for secondary, when there is still a strong but less important relationship, i.e., the IT‐related goal is a secondary support for the enterprise goal. Source: COBIT5, Process Reference Guide Exposure Draft, p.4, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 21
  • Mapping COBIT 5 Enterprise Goals to IT‐related Goals Source: COBIT5, Process Reference Guide Exposure Draft, p.215, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 22
  • Mapping COBIT 5 IT–related Goals to COBIT5 Processes (1) Source: COBIT5, Process Reference Guide Exposure Draft, p.217, 2011, ISACA George Papoulias Senior Project Manager 7 December 2011 National Bank of Greece 23
  • Mapping COBIT 5 IT–related Goals to COBIT5 P Processes (2) Source: COBIT5, Process Reference Guide Exposure Draft, p.218, 2011, ISACA George Papoulias Senior Project Manager 7 December 2011 National Bank of Greece 24
  • COBIT 5 Organisational Structures Model Illustrative Organisational Structures in COBIT 5 Source: COBIT5, Process Reference Guide Exposure Draft, p.76, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 25
  • COBIT 5 Organisational Structures Model Illustrative Organisational Structures in COBIT 5 Source: COBIT5, Process Reference Guide Exposure Draft, p.77, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 26
  • Detailed process‐related information Source: COBIT5, Process Reference Guide Exposure Draft, p.106, 2011, ISACA George Papoulias Senior Project Manager 7 December 2011 National Bank of Greece 27
  • Source: COBIT5, Process Reference Guide Exposure Draft, p.106, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 28
  • Source: COBIT5, Process Reference Guide Exposure Draft, p.107, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 29
  • Source: COBIT5, Process Reference Guide Exposure Draft, p.108, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 30
  • George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 31
  • George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 32
  • MAPPING BETWEEN COBIT 5 AND LEGACY ISACA FRAMEWORKS COBIT 4.1 Control Objectives COBIT5 Governance Val IT 2.0 Key and Management Management Practices Practices Risk IT Management Practices Source: COBIT5, Process Reference Guide Exposure Draft, p.205, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 33
  • Source: COBIT5, Process Reference Guide Exposure Draft, p.206, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 34
  • Source: COBIT5, Process Reference Guide Exposure Draft, p.212, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 35
  • Source: COBIT5, Process Reference Guide Exposure Draft, p.212, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 36
  • COBIT and Other IT and Project Management FrameworksGovernanceLayer COSOGovernance VAL IT ISO 27001 COBITLayer PMBOKIT WHAT HOW ITILV3Management CMMILayerIT SCOPE OF COVERAGE George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 37
  • COMBINATION OF COBIT AND ITIL V3 OVERVIEW Figure 8 is an overview of ITIL V3 and COBIT and highlights the differences in guidance.(+) Significant match(o) Minor match(-) Unrelated or minor focus() No COBIT IT process exists. Source: COBIT® MAPPING: MAPPING OF ITIL® V3 WITH COBIT® 4.1, p.22, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 38
  • COMBINATION OF COBIT AND PMBOK OVERVIEW Figure 12 is an overview of PMBOK and COBIT highlights the differences in guidance. (+) Significant match (o) Minor match (-) Unrelated or minor focus () No COBIT IT process exists. Source: COBIT® Mapping: Mapping of CMMI® for Development, V1.2, Wit h COBIT® 4.1, p.28, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 39
  • COMBINATION OF COBIT AND CMMI-DEV OVERVIEW Figure 13 is an overview of CMMI-DEV and COBIT highlights the differences in guidance. (+) Significant match (o) Minor match (-) Unrelated or minor focus () No COBIT IT process exists. Source: COBIT® Mapping: Mapping of CMMI® for Development, V1.2, Wit h COBIT® 4.1, p.28, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 40
  • PRESENTATION OUTLINE •Essential Concepts •ISACA’S Frameworks Relationships AN OVERVIEW OF THE •COBIT5 Overview ENTERPRISE •COBIT Mappings GOVERNANCE OF IT •ITGI’s Val IT Framework •Key Terms •Goals & Objectives •Why Val IT? •Synergies between Val IT and Cobit 4.1 THE VAL IT FRAMEWORK •How Val IT Works •Key Terms and Principles •Val IT Domains & Processes •The Business Case •Projects, Programs, and Portfolios Defintions •IT Project Portfolio Categorization BENEFITS RELEASATION •PM Guide Process and Mapping to SDLC THROUGH IT •SDLC Guide GOVERNANCE •IT Governance Supporting Tools •A Structured Approach •The Challenge CONCLUSION •The Ingredients of Success George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 41
  • ITGI’s Val IT Framework • The Val IT framework is a comprehensive, credible and pragmatic organizing framework, with practical guidelines, principles, processes and supporting practices that help boards, executive management and other organizational leaders maximize the realization of value from IT investments. • Proven practices and techniques for evaluating and managing investment in business change and innovation • Val IT helps executives: – Increase the probability of picking winners – Increase the likelihood of IT investment success – Reduce surprises from IT cost and delivery date overruns – Reduce costs due to inefficient investments Source: The Business Case Guide: Using Val IT 2.0, p.22, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 42
  • Key Terms of Val IT Portfolio: A grouping of programme, projects, services or assets, selected, managed and monitored to optimize business return. (Note that the initial focus of Val IT is primarily interested in a portfolio of programmes. COBIT is interested in portfolios of projects, services or assets.) Programme: A structured group of interdependent projects that are both necessary and sufficient to achieve the business outcome and deliver value. These projects could include, but not be limited to, changes to the nature of the business, business processes, the work performed by people, as well as the competencies required to carry out the work, enabling technology and organizational structure. The investment programme is the primary unit of investment within Val IT. Project: A structured set of activities concerned with delivering a defined capability (that is necessary but NOT sufficient to achieve a required business outcome) to the enterprise based on an agreed schedule and budget. Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.11, 2008, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 43
  • Goals & ObjectivesThe goal of Val IT is to enable organizations to manage their investments in IT suchthat they deliver optimal value to the enterprise at an affordable cost and with anacceptable level of risk by:• Identifying and clearly defining strategically aligned investment opportunitieswith clearly defined business outcomes • Evaluating, prioritizing and selecting investments based upon their potential risk- adjusted value in the context of the organization’s strategic objectives • Managing the execution of investments through their full economic life cycle such that they deliver the optimal value Source: The Business Case Guide: Using Val IT 2.0, p.22, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 44
  • ™ Why Val IT ? An organization needs stronger governance over IT investments if: • IT investments are not supporting the business strategy or providing expected value • There are too many projects, resulting in inefficient use of resources • Projects often are delayed, run over budget, and/or do not provide the needed benefits • There is an inability to cancel projects when necessary • It needs to ensure compliance to industry or governmental regulations Source: The Business Case Guide: Using Val IT 2.0, p.22, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 45
  • Val IT and COBIT: A Synergistic RelationshipVal IT and COBIT provide business and IT decision makers with a comprehensive framework forthe creation of value from the delivery of high-quality IT-based services. Val IT both complementsCOBIT and is supported by it.Val IT takes the enterprise governance view. It helps executives focus on two of fourfundamental IT governance-related questions‘Are we doing the right things?’ (the strategic question)‘Are we getting the benefits?’ (the value question)COBIT, on the other hand, takes the IT view, helping executives focus on answeringthe questions.‘Are we doing them the right way?’ (the architecture question)‘Are we getting them done well?’ (the delivery question) Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.11, 2008, ISACA George Papoulias Senior Project Manager 7 December 2011 National Bank of Greece 46
  • Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.9, 2008, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 47
  • How Does Val IT Fit With/ Complement COBIT? While COBIT is a comprehensive framework for IT governance, its primary focus has traditionally been on the delivery of IT services through the effective and efficient management of IT assets. Val IT complements COBIT (see figure 2) by supporting the effective alignment, deployment and use of IT services such that they deliver optimal value to the enterprise. Source: The Business Case Guide: Using Val IT 2.0, p.22, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 48
  • Val IT is guided by a number of principles:•IT-enabled investments will be managed as a portfolio of investments.•IT-enabled investments will include the full scope of activities that are required toachieve business value.•IT-enabled investments will be managed through their full economic life cycle.•Value delivery practices will recognize that there are different categories ofinvestments that will be evaluated and managed differently.•Value delivery practices will define and monitor key metricsand will respond quickly to any changes or deviations.•Value delivery practices will engage all stakeholders and assign appropriateaccountability for the delivery of capabilities and the realization of business benefits.•Value delivery practices will engage all stakeholders and assign appropriateaccountability for the delivery of capabilities and the realization of businessbenefits. Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.11, 2008, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 49
  • The Val IT principles are applied in three management processes: Value Governance (VG) Portfolio management (PM) Investment Management (IM) Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.12, 2008, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 50
  • How Val IT™ Works Establish informed and Define and Define portfolio committed leadership. implement processes. characteristics. Value Governance Align and integrate value (VG) Continuously improve management with Establish effective value management enterprise financial governance monitoring. practices. planning. Establish strategic direction Determine the availability Manage the availability Portfolio and target investment and sources of funds. of human resources. mix. Management (PM) Monitor and report Evaluate and select Optimise investment on investment programmes to fund. portfolio performance. portfolio performance. Develop and evaluate the Understand the candidate Develop the programme Develop full life cycle costs initial programme concept programme and plan. and benefits. business case. implementation options.Source: The Business Develop the detailed Launch and manage Update operationalCase Guide: Using Val candidate Investment programme business case. the programme. IT portfolios.IT 2.0, p.14, 2011, ManagementISACA (IM) Monitor and report on Update the business case. Retire the programme. the programme. George Papoulias 7 December 2011 Senior Project Manager 51 National Bank of Greece
  • Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.16, 2008, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 52
  • Source: The Business Case Guide: Using Val IT 2.0, p.12, 2011, ISACA George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 53
  • The Business Case The Business Case is a detailed investment proposal that considers quantitative and qualitative evaluation factors that underlie selection of a business solution. A business case analysis is used to compare various business solution alternatives and to provide a basis for selecting the one that delivers the greatest value to the organization and the Stakeholders. Ultimately, use of a Business Case should help the organisation prioritize its technology investments by making smart decisions, and provide the basis for evaluation of business outcomes following project closure. Use of the Business Case should provide answers to the following questions: • Why do the project now? • What is the impact of not doing the project? • How does the project support the organization goals? • What business problem does the project solve? • What is the financial impact? • When will the project show results? George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 54
  • The Business Case The investment, category size, the impact if not successful, and position in the economic life cycle are factors that determine which components of the business case require greater attention and what level of detail is required. The following example illustrates an overall structure and content of a business case: Source: The Business Case Guide: Using Val IT 2.0, p.38, ISACA, 2010 George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 55
  • PRESENTATION OUTLINE •Essential Concepts •ISACA’S Frameworks Relationships AN OVERVIEW OF THE •COBIT5 Overview ENTERPRISE •COBIT Mappings GOVERNANCE OF IT •ITGI’s Val IT Framework •Key Terms •Goals & Objectives •Why Val IT? •Synergies between Val IT and Cobit 4.1 THE VAL IT FRAMEWORK •How Val IT Works •Key Terms and Principles •Val IT Domains & Processes •The Business Case •Projects, Programs, and Portfolios Definitions •IT Project Portfolio Categorization BENEFITS RELEASATION •PM Guide Process and Mapping to SDLC THROUGH IT •SDLC Guide GOVERNANCE •IT Governance Supporting Tools •A Structured Approach •The Challenge CONCLUSION •The Ingredients of Success George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 56
  • Projects, Programs, and Portfolios Portfolio – a suite of business programmes managed to optimise overall enterprise value Portfolio Management Programme – a structured grouping of projects designed to Programme produce clearly identified business Management value Project Management Project – a structured set of activities concerned with delivering a defined capability based on an agreed schedule and budget George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 57
  • IT Project Portfolio CategorizationTwo popular Project Portfolio Categorization paradigms: The META Group Categorization Run the Business Grow the Business Transform the Business •The spending necessary to •The spending necessary to, for •The introduction of new areas maintain existing operations at instance, provide additional of business, the expansion into the existing level automation to improve new markets or any other efficiency or the consolidation radical transformation project of data centers to reduce costs designed to lead to significantly and increase competitiveness enhanced revenues and profits Source: META Group, „Portfolio Management and the CIO, Part 3‟, March 2002The MIT Center for Information Systems Research (CISR) Transformational Legislative, Regulatory or Informational Investments Strategic Investments Infrastructure Investments Investments Mandatory Investments •Information Systems to •Information Systems for •Information Systems •Infrastructure Systems •Projects that need to be process the basic, managing and controlling enabling entry into new that may not generate any undertaken just to stay in repetitive transactions of the enterprise markets and adding value direct quantifiable business by implementing the business •Example: Financial by increasing competitive financial benefit the requirements of •Example: Mortgage control, decision making, advantage to the business themselves but they industry regulators, processing, account planning, communication •Example: Internet- benefit the business environmental agencies or management enabled Banking, Data applications that depend governmental bodies Center consolidation upon them •Example: The US •Example: Network Sarbanes-Oxley Act of Systems replacement or 2002 and, for financial major upgrade services companies, Basel II requirements. Source: Weill, Peter; Marianne, Broadbent; Leveraging the New Infrastructure, HBS Press 1998 George Papoulias Senior Project Manager 7 December 2011 National Bank of Greece 58
  • Application of Project Management Types of Work Initiatives categorized as ‘tasks’ or ‘operational’ are not required to follow the project management methodologies. Upcoming/potential work should be analyzed to determine which category is applicable: Task • Small piece of work • Independent of a project • Lasting not longer than a few person-hours • Involving only a few people • Meant to accomplish a simple and straightforward goal • May be a component of operational work • May require change management processes • Rated as such from the Project Complexity and Risk Assessment model Operational • Ongoing work to sustain or provide a service • Change management processes applicable for non project-related changes Project • Temporary endeavor (defined beginning and end) • Which uses progressive elaboration • To create products, services, or results George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 59
  • Project Classification Model Assigns a classification level to a project based on a combination of complexity and risk; this step also defines projects that require an additional level of management. The Project Classification Model includes the most predominant factors contributing to determining the Classification Level of a project. It includes also the Project Management Processes required to successfully implement a project. Information technology projects are managed through standardized project management practices. However, the specific processes engaged within each Project Management process group is based upon a project’s classification level. As new project ideas and requests are brought for consideration, they must first be classified through the Project Complexity and Risk Assessment model, which scores factors that define a project’s complexity and risk. The Classification Matrix uses this information to determine the Classification Level of a project. George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 60
  • Project Complexity and Risk Assessment Criteria George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 61
  • Classification MatrixThe Classification Matrix uses this information to determine the Classification Level of aproject. Complexity High risk Medium risk Low risk Complex Level 1 Level 1 Level 2 Medium Level 1 Level 2 Level 3 Small Level 2 Level 3 Level 3 George Papoulias Senior Project Manager 7 December 2011 National Bank of Greece 62
  • Classification LevelBased on the risks identified through the Project Classification process, a project‟s risk score is used to helpassess the Classification Level (Level 1, Level 2, Level 3) of the project and indicate the project managementprocesses required for the project.The classification level of a project will determine the project management methodologies (ProjectManagement Process Group Processes) required or recommended for each phase of the project lifecycleof the project. Classification level one (1) indicates that risk will play a very crucial role throughout the project development, planning, implementation, and closeout. A more detailed analysis and documentation of procedures are required to avoid, mitigate, and transfer risks associated with the project. Level two (2) denotes less complex projects with medium-to-low risk and risk is handled as a key project component that influences development, planning, implementing, and closeout. Level three (3) identifies risk as a consideration in development, planning, implementing and is particularly important in the closeout stage. George Papoulias Senior Project Manager 7 December 2011 National Bank of Greece 63
  • PROJECT CLASSIFICATION Requirements by Project Level Level 1 Level 2 Level 3 Project Initiation Project Initiation • Identify Project Sponsor • Identify Project Sponsor • Identify Initial Project Team • Identify Initial Project Team Project Initiation • Develop Project Charter • Develop Project Charter • Identify Initial Project Team • Conduct Project Kick-off Meeting • Conduct Project Kick-off Meeting • Develop Project Charter • Establish Project Repository • Establish Project Repository • Conduct Project Kick-off • Define Project Scope • Define Project Scope Meeting • Develop High-Level Schedule • Develop High-Level Schedule • Develop High-Level Schedule • Identify Quality Standards • Establish Project Budget • Establish Project Budget • Identify and Document Stakeholders‟ • Document Risks Involvement • Identify and Document Stakeholders‟ • Develop Communications Plan Involvement • Compile All Information to produce the • Develop Communications Plan Initial Project Plan Project Planning • Compile All Information to produce the Initial • Review/Refine Business Case • ……… Project Plan • ……… • Review/Refine Business Case • Gain Approval Signature from Project Sponsor Project Planning Project Planning • ……… • ……… • ……… • ……… George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 64
  • Program/Project Portfolio Management Process who Input Processing Output Market, Portfolio/ Industry Gate 1 Gate 2 Project Reviews Gate3 Program/ Trends, Project ProcessManagement Tools,Office (PMO) 7 Templates & Analyze Portfolio & Recommend Guides Project Priorities Yes Project Decision No Criteria, 6 Project 2 No Yes Yes 4 Gate2- Decision Guidelines, Gate 1- End/Suspend Authorize Board Strategic Approve or Replan Impleme Plans, project PP/BC ntation? Budgets, proposal? Mergers, Acquisitions 8 & Prioritize Project Portfolio Divestitures Project Idea, Project Guidelines, Project Status, Budgets, 9 12Business Financial 1 10 11 Implement CloseLeaders, Assumptions Create Project Review Realize & Manage ProjectSponsors , Risks, Proposal Project Benefits Project Resources, Results, Benchmark 5 Results, Develop Polices, Business Case Procedures, Standards Finance Budgeting 3 Process Incorporate into Budgeting Process George Papoulias 7 December 2011 Senior Project Manager 65 National Bank of Greece
  • Mapping the Project Management and System Development Lifecycles PROJECT MANAGEMENT LIFECYCLE PROJECT PROJECT PROJECT PROJECT EXECUTION & PROJECT CLOSE ORIGINATION INITIATION PLANNING CONTROL SYSTEM SYSTEM SYSTEM SYSTEM SYSTEM REQUIREMENTS SYSTEM DESIGN INITIATION CONSTRUCTION ACCEPTANCE IMPLEMETATION ANALYSIS SYSTEM DEVELOPMENT LIFECYCLE George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 66
  • PROJECT MANAGEMENT LIFE CYCLE WORK BRAKEDOWN STRUCTURE Project Execution Project Origination Project Initiation Project Planning Project Close and Control Conduct Project Prepare for the Conduct Project Develop Project Execution and Control Project Planning Kick-Off Proposal Kick-Off Conduct Post- Implementation Manage Cost Review Define Cost Schedule Refine Cost Schedule Schedule Scope Scope Quality Scope Quality Quality Develop Business Case Perform Risk Perform Risk Monitor and Control Identification Assessment Risks Evaluate Project Proposals Develop Initial Project Manage Project Refine Project Plan Plan Execution Perform Administrative Close Select Projects Confirm Approval to Confirm Approval to Gain Project Proceed to Next Proceed to Next Acceptance Phase Phase SYSTEM DEVELOPMENT LIFECYCLE George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 67
  • BUSINESS PROCESSES DIVISION & INFORMATION TECHNOLOGY DIVISION Project Management Life Cycle (PMLC) VOLUME 1 Introduction to the PMLC VOLUME 2 PMLC Phases VOLUME 3 Glossary and Acronyms VOLUME 4 Templates George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 68
  • Table of Contents VOLUME 1 2.2 Define Cost Schedule Scope Quality INTRODUCTION 2.2.1 Define Project Scope OVERVIEW 2.2.2 Develop High-Level Schedule ______________ 2.2.3 Identify Quality Standards VOLUME 2 2.2.4 Establish Project Budget PROJECT ORIGINATION 2.3 Perform Risk Identification 1.1 Develop Project Proposals 2.3.1 Identify Risks 1.1.1 Develop Business Case 2.3.2 Document Risks 1.1.2 Develop Proposed Solution 2.4 Develop Initial Project Plan 1.2 Evaluate Project Proposals 2.4.1 Identify and Document Stakeholders‟ 1.2.1 Present Project Proposals Involvement 1.2.2 Screen Project Proposals 2.4.2 Develop a Communications Plan 1.2.3 Rate Project Proposals 2.4.3 Compile All Information to Produce Initial 1.3 Select Projects Project Plan 1.3.1 Prioritize Project Proposals 2.5 Confirm Approval to Proceed to Next Phase 1.3.2 Choose Projects 2.5.1 Review/Refine Business Case 1.3.3 Notify Project Sponsors 2.5.2 Prepare for Formal Acceptance PROJECT INITIATION 2.5.3 Gain Approval Signature From Project 2.1 Prepare for the Project Sponsor 2.1.1 Identify Project Sponsor 2.1.2 Identify Initial Project Team 2.1.3 Review Historical Information 2.1.4 Develop Project Charter 2.1.5 Conduct Project Kick-off Meeting 2.1.6 Establish Project Repository George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 69
  • Table of Contents (continued) VOLUME 2 (Continued) 3.5 Confirm Approval to Proceed to Next PROJECT PLANNING Phase 3.1 Conduct Project Planning Kick-Off 3.5.1 Review/Refine Business Case 3.1.1 Identify New Project Team Members 3.5.2 Prepare Formal Acceptance Package 3.1.2 Review Outputs of Project Initiation and 3.5.3 Gain Approval Signature from Project Current Project Status Sponsor 3.1.3 Kick-Off Project Planning PROJECT EXECUTION AND CONTROL 3.2 Refine Cost Scope Schedule Quality 4.1 Conduct Project Execution and Control 3.2.1 Refine Project Scope Kick-Off 3.2.2 Refine Project Schedule 4.1.1 Orient New Project Team Members 3.2.3 Refine/Define Quality Standards and 4.1.2 Review Outputs of Project Planning and Quality Assurance Activities Current Project Status 3.2.4 Refine Project Budget 4.1.3 Kick Off Project Execution and Control 3.3 Perform Risk Assessment 4.2 Manage Cost Scope Schedule Quality 3.3.1 Identify New Risks, Update Existing Risks 4.2.1 Manage Project Scope 3.3.2 Quantify Risks 4.2.2 Manage Project Schedule 3.3.3 Develop Risk Management Plan 4.2.3 Implement Quality Control 3.4 Refine Project Plan 4.2.4 Manage Project Budget 3.4.1 Define Change Control Process 4.3 Monitor and Control Risks 3.4.2 Define Acceptance Management Process 4.3.1 Monitor Risks 3.4.3 Define Issue Management and 4.3.2 Control Risks Escalation Process 4.3.3 Monitor Impact on Cost Scope Schedule 3.4.4 Refine Communications Plan and Define Quality Communications Management Process 3.4.5 Define Organizational Change Management Plan 3.4.6 Establish Time and Cost Baseline 3.4.7 Develop Project Team 3.4.8 Develop Project Implementation and Transition Plan George Papoulias7 December 2011 Senior Project Manager 70 National Bank of Greece
  • Table of Contents (continued)VOLUME 2 (Continued)4.4 Manage Project Execution4.4.1 Manage Change Control Process4.4.2 Manage Acceptance of Deliverables4.4.3 Manage Issues4.4.4 Execute Communications Plans4.4.5 Manage Organizational Change4.4.6 Manage the Project Team4.4.7 Manage Project Implementation and Transition4.5 Gain Project Acceptance4.5.1 Conduct Final Status Meeting4.5.2 Gain Acceptance Signature from Project SponsorPROJECT CLOSE5.1 Conduct Post-Implementation Review5.1.1 Solicit Feedback5.1.2 Conduct Project Assessment5.1.3 Prepare Post-Implementation Report5.2 Perform Administrative Closeout5.2.1 Update Skills Inventory and Provide Performance Feedback5.2.2 Archive Project Information______________VOLUME 3GLOSSARY & ACRONYMS_______________VOLUME 4TEMPLATES George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 71
  • SYSTEM DEVELOPMENT LIFE CYCLE WORK BRAKEDOWN STRUCTURE System System System System System Requirements System Design Initiation Construction Acceptance Implementation Analysis Prepare Requirements Prepare System Prepare System Design Construction Prepare System Prepare System Analysis Environment Environment Acceptance Prepare System Initiation Environment Environment Implementation Environment Environment Determine Define Technical Refine System Business Architecture Standards Requirements Validate Data Develop, Test and Initialization and Define Business Define System Conversion Validate (Unit Process Model Standards Validate Level) Proposed Deploy System Solution Conduct Define Logical Create Physical Integration and Data Model Database Perform System Testing Acceptance Test Reconcile Business Prototype System Produce User and Requirements with Components Training Materials Models Transition to Support System Schedule Refine Supporting Operational Produce Material System Produce Technical Produce Technical Functional Specifications Documentation Specification PROJECT MANAGEMENT LIFECYCLE George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 72
  • BUSINESS PROCESSES DIVISION & INFORMATION TECHNOLOGY DIVISION System Development Life Cycle (SDLC) VOLUME 1 Introduction to the SDLC VOLUME 2 SDLC Phases VOLUME 3 Glossary and Acronyms VOLUME 4 Templates George Papoulias7 December 2011 Senior Project Manager 73 National Bank of Greece
  • Table of Contents VOLUME 1 4 SYSTEM CONSTRUCTION INTRODUCTION 4.1 Prepare for System Construction OVERVIEW 4.2 Refine System Standards ______________ 4.3 Develop, Test and Validate (Unit Level) VOLUME 2 4.4 Conduct Integration and 1 SYSTEM INITIATION System Testing 1.1 Prepare for System Initiation 4.5 Produce User and Training Materials 1.2 Validate Proposed Solution 4.6 Produce Technical Documentation 1.3 Develop System Schedule 5 SYSTEM ACCEPTANCE 2 SYSTEM REQUIREMENTS 5.1 Prepare for System Acceptance ANALYSIS 5.2 Validate Data Initialization and 2.1 Prepare for System Requirements Conversion Analysis 5.3 Test, Identify, Evaluate, React 2.2 Determine Business Requirements 5.4 Refine Supporting Materials 2.3 Define Process Model 6 SYSTEM IMPLEMENTATION 2.4 Define Logical Data Model 6.1 Prepare for System Implementation 2.5 Reconcile Business Requirements with 6.2 Deploy System Models 6.3 Transition to Support Operational 2.6 Produce Functional Specification System 3 SYSTEM DESIGN ______________ 3.1 Prepare for System Design VOLUME 3 3.2 Define Technical Architecture GLOSSARY & ACRONYMS 3.3 Define System Standards _______________ 3.4 Create Physical Database VOLUME 4 3.5 Prototype System Components TEMPLATES 3.6 Produce Technical Specifications George Papoulias7 December 2011 Senior Project Manager 74 National Bank of Greece
  • IT Governance Supporting Tools NBG BPO DIVISION Enterprise Business and IT Process Architecture George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 75
  • George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 76
  • George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 77
  • George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 78
  • George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 79
  • NBG IS DIVISION Project Management Portal George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 80
  • The Fundamental Question Are we maximizing the value of our IT enabled business investments such that: • we are getting optimal benefits; • at an affordable cost; and • with an acceptable level of risk? Over the full economic life-cycle of the investment George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 81
  • IT‐RELATED GOAL METRICS Having a Robust and well run Program/Project Management Methodology is not a Silver Bullet! What about the Metrics and the Realized Benefits? IT RELATED GOALS AND METRICS IT‐RELATED METRICS GOALS Percent of IT‐enabled Realized benefits from investments where Percent of IT services IT enabled benefit realization where expected Percent of IT‐enabled investments where claimed benefits met or exceeded investments and monitored through full benefits realised services portfolio economic lifecycle Delivery of Number of Percent of Number of programmes on time, Cost of application programmes / projects stakeholders satisfied programmes needing on budget, and maintenance vs. on time and within with programme / significant rework due meeting requirements overall IT cost budget project quality to quality defects and quality standards George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 82
  • PRESENTATION OUTLINE •Essential Concepts •ISACA’S Frameworks Relationships AN OVERVIEW OF THE •COBIT5 Overview ENTERPRISE •COBIT Mappings GOVERNANCE OF IT •ITGI’s Val IT Framework •Key Terms •Goals & Objectives •Why Val IT? •Synergies between Val IT and Cobit 4.1 THE VAL IT FRAMEWORK •How Val IT Works •Key Terms and Principles •Val IT Domains & Processes •The Business Case •Projects, Programs, and Portfolios Defintions •IT Project Portfolio Categorization BENEFITS RELEASATION •PM Guide Process and Mapping to SDLC THROUGH IT •SDLC Guide GOVERNANCE •IT Governance Supporting Tools •A Structured Approach •The Challenge CONCLUSION •The Ingredients of Success George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 83
  • A Structured Approach IT-enabled investments can bring huge rewards, but only with the right governance and management processes and full engagement from all management levels. Using a Comprehensive IT Governance Framework: The CobiT 4.1 Framework. A comprehensive, proven, structured framework that can provide boards and executive management teams with information about the delivery of IT services through the effective The Val and efficient management of IT IT 2.0 Framework. assets can be used. The Risk IT Framework. A comprehensive, proven, A comprehensive, structured practice-based structured framework that provides board governance framework that can and executive management teams provide boards and executive with practical guidance in making management teams with practical decisions to balance risk and guidance in making IT investment reward for all IT systems matters decisions and using IT to create can be used enterprise value can be used The COBIT5 Framework A governance and management framework for information and related technology that starts from stakeholder needs and create optimal value by maintaining a balance amongst realizing benefits, managing risk and balancing resources is about to be released George Papoulias7 December 2011 Senior Project Manager 84 National Bank of Greece
  • The Challenge Frameworks and best practices like CobiT don’t work as an off the self product. They must be adapted and customized to suit the organizations culture and operating style. Strong leadership, of course, is imperative, particularly from leaders in addition to the CIO, such as senior executives, all of whom must be visibly committed to championing the value that IT and IT governance can deliver to the enterprise. George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 85
  • The ingredients of Success The key to realizing the true potential of IT-enabled business investments is to recognize that the organization is implementing change—not technology. Val IT, together with COBIT, enables such an approach by ensuring that investments are aligned with the enterprise’s strategic objectives, that a complete and comprehensive business case is developed, that there is appropriate accountability and relevant metrics, and that the business case is managed through the full economic life cycle of the investment. The intelligent and disciplined implementation of the best practices contained within COBIT and Val IT will make a significant contribution to enterprises realizing value from their IT-enabled business investments. The IT governance process, to be successful, needs visibility, leadership and commitment from the top. George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 86
  • Questions? George Papoulias Senior Project Manager7 December 2011 National Bank of Greece 87