SlideShare a Scribd company logo

IT Governance Strategy High Ground

Pink Elephant EMEA
Pink Elephant EMEA

This document outlines how an IT services company used COBIT to help a client financial services firm prepare for an external compliance audit. It describes the 5 steps the company took: 1) mapping stakeholder needs to business goals, 2) mapping business goals to IT goals, 3) mapping IT goals to processes, 4) assessing process maturity gaps, and 5) implementing an improvement program to address gaps. By following COBIT's guidance to align IT with business goals and strategy, the financial firm was able to pass its compliance audit.

Leadership & Management
1 of 34
Download to read offline
IT Governance Vs. Compliance – Taking Back The Strategy High Ground Presented by: Peter Hubbard Pink Elephant EMEA Ltd Think Differently. Think Pink
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Introduction – Peter Hubbard  Principal ITSM Consultant  Worked in ITSM for over 20 years  Regular speaker at industry events  Worked in all sorts of organisations, large and small. City of London
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. IT Governance Governance is sometimes seen as ‘red tape’ Something to be worked about, or at best wished away. IT Governance does not have to be this (and never should be!) It helps focus the efforts of an IT department and provides much needed clarity. 3
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 4 What Is COBIT?  Framework of good practices for overall IT governance (management) and control (audit)  Recognized worldwide  Represents the consensus of experts  Integrator for IT good practices  Focus on control (what) and less on execution (how)  Flexible – Implement COBIT according to your organizational needs  Public domain – ITGI (free PDF download)  Evolves – COBIT edition 5 released 2012 According to the Institute of Internal Auditors (IIA) COBIT is one of the most common Internal Control Frameworks and is often used to comply with SOX requirements.
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. COBIT 5 Mapping Summary Figure 25 – COBIT 5 Coverage of Other Standards and Frameworks. © 2012 ISACA. All rights reserved. Evaluate, Direct and Monitor Align, Plan and Organize Build Acquire and Implement Deliver, Service and Support Monitor, Evaluate and Assess ISO/IEC 38500 ISO/IEC 27000 ISO/IEC 31000 PRINCE2/PMBOK CMMI ITIL V3 2011 & ISO/IEC 20000 TOGAF 5
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. COBIT 5 Process Reference Model Figure 31 - COBIT 5 Process Reference Model. © 2012 ISACA. All rights reserved. ProTip:Noonetriestodoallof them!
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. IT Governance ISO 9001:2000 ISO 27002 ISO 20000Best Practice Standards PERFORMANCE: Business Goals CONFORMANCE Basel II, Sarbanes- Oxley Act, etc. Drivers Enterprise Governance COSO Balanced Scorecard Where Does COBIT Fit? QA ProceduresProcesses and Procedures Security Principles ITIL COBIT © 2012 ISACA. All rights reserved. 7
Okay fine…COBIT is neat. Got you. But…my strategy remember?
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Figure 4 - COBIT 5 Goals Cascade Overview. © 2012 ISACA. All rights reserved. The COBIT 5 Goals Cascade Influences Stakeholder Drivers e.g. strategy changes, changing business and regulatory environment, new technologies Cascades to Stakeholder Needs Benefits Realization Risk Optimization Resource Optimization Enterprise Goals IT Related Goals Process Goals Cascades to Cascades to  Translates stakeholder needs into specific and actionable goals at every level, and in every area, of responsibility in the enterprise  Allows the definition of priorities for:  Implementation  Improvement  Assurance of governance of enterprise IT based on the strategic objectives of the enterprise and the related risk  Clearly identifies and communicates how (sometimes very operational) enablers are important to achieve enterprise goals 9
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Mapping Stakeholder Needs And Enterprise Goals Excerpt from Figure 24 - Mapping COBIT 5 Enterprise Goals to Governance and Management Questions. © 2012 ISACA. All rights reserved.
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. COBIT 5 Enterprise Goals Figure 5 - COBIT 5 Enterprise Goals. © 2012 ISACA. All rights reserved. 11
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. COBIT 5 IT-Related Goals Figure 6 - COBIT 5 IT-Related Goals. © 2012 ISACA. All rights reserved. 12
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Mapping Enterprise To IT-Related Goals Excerpt from Figure 24 - Mapping COBIT 5 Enterprise Goals to IT-related Goals. © 2012 ISACA. All rights reserved.
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Mapping IT-Related Goals To IT-Related Processes Excerpt from Figure 23 - Mapping COBIT 5 IT-related Goals to Processes. © 2012 ISACA. All rights reserved. 14 Primary Process: BAI06 Manage Change
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. BAI06: Description & Purpose © 2012 ISACA. All rights reserved.
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. BAI06 : Goals & Metrics © 2012 ISACA. All rights reserved. 16
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. BAI06: RACI © 2012 ISACA. All rights reserved. 17
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. BAI06: Process Practices, Inputs/Outputs & Activities Evaluate, Prioritise and authorise change requests (BAI06.01) © 2012 ISACA. All rights reserved. 18
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 19 An Example: Linkage Of Goals Business goal no. 04: Compliance with External Laws and Regs IT goal no. 02: IT compliance & support For business compliance with ext…. COBIT IT processes: EDM01 Ensure Governance Setting BAI06 Manage Changes KPIS: Number of business Disruptions due to IT Incidents.
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 20 The Continual Service Improvement Approach What is the Vision? Service & Process Improvement Measurable Targets Baseline Assessments Where do we want to be? How do we get there? Did we get there? Measurements & Metrics Business Vision, mission, goals and objectives Where are we now? How do we keep the momentum going? © Crown copyright 2007 Reproduced under license from OGC. Figure 3.2 Continual Service Improvement, page 30
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 21 An IT Service Management Initiative  Establish IT Governance to align with business strategy  Determine IT processes to improve that underpin business strategy  Assess IT processes for current state  Determine IT process future state  Build process improvements  Measure success  Measure process integration points  Build for improvements and maintenance What is the Vision? Where are we now?
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 22 An IT Service Management Initiative  Establish IT Governance to align with business strategy  Determine IT processes to improve that underpin business strategy  Assess IT processes for current state  Determine IT process future state  Build process improvements  Measure success  Measure process integration points  Build for improvements and maintenance Where do we want to be?
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 23 An IT Service Management Initiative  Establish IT Governance to align with business strategy  Determine IT processes to improve that underpin business strategy  Assess IT processes for current state  Determine IT process future state  Build process improvements  Measure success  Measure process integration points  Build for improvements and maintenance How do we get there?
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 24 An IT Service Management Initiative  Establish IT Governance to align with business strategy  Determine IT processes to improve that underpin business strategy  Assess IT processes for current state  Determine IT process future state  Build process improvements  Measure success  Measure process integration points  Build for improvements and maintenance Did we get there?
Let me see if I get this right…..
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. To recap  You can use COBIT 5 to work out what your stakeholders (Internal & External) are likely to want your organisation to want to do.  You can then map those needs to Business Goals.  Those Business Goals map to IT Goals  Those IT Goals map to IT Processes  Those processes contain activities, outputs, roles, and suggested KPIs.  You can VERY quickly create a straw man to begin you conversation with the business. NOTE: Using COBIT enhances strategy alignment. It does NOT replace it! 26
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. But does it work in the real world?  A mid size Financial Services Firm  Had de-merged from its parent company recently and was facing its first external compliance audit in the Autumn. (Approx. 7 months away)  Passing the audit was a major strategic objective for the board  IT had to demonstrate HOW they would prepare to meet the audit.  IT used COBIT 5 as an approach to prepare themselves and ensure successful assessment took place 27
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Step 1 – Stakeholder Needs to Business Goals Business Goal Number of times it supported a stakeholder need identified to be of primary importance Outcome Business Goal 4:- Compliance with External Laws and Regulations 4 In Scope Business Goal 7:- Business Service Continuity and availability 4 In Scope Business Goal 15:- Compliance with Internal policies 6 In Scope Business Goal 2: Portfolio of Competitive products and services 3 Out of scope Business Goal 9: Information based strategic decision making 3 Out of scope 28 Primary: Needed to meet the requirements of the audit Secondary: Of interest in structurally arranging the IT department after the audit Utilising this approach, and limiting themselves to only 3 possible goals to be taken forwards the following business goals were selected.
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Step 2 – Business Goals to IT Goals  Utilising these 3 business goals a mapping exercise was undertaken to establish the top 3 IT goals that would support the business goals  Primary = 3 points  Secondary = 1 point 29 IT Goal Number of Points Outcome IT Goal 2: IT compliance and support for business compliance with external laws and regulations 6 In Scope IT Goal 4:- Managing IT related business risk 5 In Scope IT Goal 10: Security of Information, processing infrastructure and applications 9 In Scope IT Goal 15: Compliance with internal policies 4 Out of scope
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Step 3- IT Goals to Processes 30 Elapsed Time: 2 day workshop
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Step 4 – Focussed Maturity Assessment 31 Elapsed Time: 2 week assessment spread over a month
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Consequence Of Capability Gaps Capability Level Where Gap Occurs Nature Of Consequence Seriousness Of Consequence 1 - Performed Process Missing Work Products Process Outcomes not achieved 2 - Managed Process Cost or time overruns Unpredictable quality 3 - Established Process Inconsistent process performance across organization 4 - Predictable Process Inability to quantify performance or detect problems early 5 - Optimizing Process Inability to achieve or evaluate process improvements Lowest Highest 32
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Step 5 – Improvement Program  Suppliers Engaged with. Requirements for maturity mapped out  Information Security Manager recruited and formal process designed and implemented  The focus of the IT department changed from relying on individual experts to embedding the required processes and skills within the organisation supported by good corporate governance.  The external audit was passed. Although weaknesses remained the auditors were happy that they were understood and proper actions were being deployed to mitigate risks. 33 Elapsed Time: 5 months to address the issues
IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Questions? p.hubbard@pinkelephant.co.uk info@pinkelephant.co.uk www.pinkelephant.co.uk 34 Follow us:

Recommended

Cracking Cultural Change
Cracking Cultural ChangeCracking Cultural Change
Cracking Cultural ChangePink Elephant EMEA
 
Implementing ITSM - The Aftermath
Implementing ITSM - The AftermathImplementing ITSM - The Aftermath
Implementing ITSM - The AftermathPink Elephant EMEA
 
How to implement ITSM as a program in the real world
How to implement ITSM as a program in the real worldHow to implement ITSM as a program in the real world
How to implement ITSM as a program in the real worldPink Elephant EMEA
 
The four P’s of ITSM: People, People, People and People - Peter Hubbard, Pink...
The four P’s of ITSM: People, People, People and People - Peter Hubbard, Pink...The four P’s of ITSM: People, People, People and People - Peter Hubbard, Pink...
The four P’s of ITSM: People, People, People and People - Peter Hubbard, Pink...SITS - The ITSM Show
 
How to ensure your itsm improvement programmes succeed
How to ensure your itsm improvement programmes succeedHow to ensure your itsm improvement programmes succeed
How to ensure your itsm improvement programmes succeedPink Elephant EMEA
 
How do you implement ITSM successfully?
How do you implement ITSM successfully?How do you implement ITSM successfully?
How do you implement ITSM successfully?Pink Elephant EMEA
 
Pink Think Tank 2015
Pink Think Tank 2015Pink Think Tank 2015
Pink Think Tank 2015Pink Elephant
 
Achieving Business IT Alignment with IT Best Practices
Achieving Business IT Alignment with IT Best PracticesAchieving Business IT Alignment with IT Best Practices
Achieving Business IT Alignment with IT Best PracticesPink Elephant
 

Recommended

Cracking Cultural Change
Cracking Cultural ChangeCracking Cultural Change
Cracking Cultural ChangePink Elephant EMEA
 
Implementing ITSM - The Aftermath
Implementing ITSM - The AftermathImplementing ITSM - The Aftermath
Implementing ITSM - The AftermathPink Elephant EMEA
 
How to implement ITSM as a program in the real world
How to implement ITSM as a program in the real worldHow to implement ITSM as a program in the real world
How to implement ITSM as a program in the real worldPink Elephant EMEA
 
The four P’s of ITSM: People, People, People and People - Peter Hubbard, Pink...
The four P’s of ITSM: People, People, People and People - Peter Hubbard, Pink...The four P’s of ITSM: People, People, People and People - Peter Hubbard, Pink...
The four P’s of ITSM: People, People, People and People - Peter Hubbard, Pink...SITS - The ITSM Show
 
How to ensure your itsm improvement programmes succeed
How to ensure your itsm improvement programmes succeedHow to ensure your itsm improvement programmes succeed
How to ensure your itsm improvement programmes succeedPink Elephant EMEA
 
How do you implement ITSM successfully?
How do you implement ITSM successfully?How do you implement ITSM successfully?
How do you implement ITSM successfully?Pink Elephant EMEA
 
Pink Think Tank 2015
Pink Think Tank 2015Pink Think Tank 2015
Pink Think Tank 2015Pink Elephant
 
Achieving Business IT Alignment with IT Best Practices
Achieving Business IT Alignment with IT Best PracticesAchieving Business IT Alignment with IT Best Practices
Achieving Business IT Alignment with IT Best PracticesPink Elephant
 
Rethinking business decisions and processes for digital transformation
Rethinking business decisions and processes for digital transformationRethinking business decisions and processes for digital transformation
Rethinking business decisions and processes for digital transformationJudy Breedlove
 
Adopt Adapt and Apply IT Best Practices - David Ratcliffe
Adopt Adapt and Apply IT Best Practices - David RatcliffeAdopt Adapt and Apply IT Best Practices - David Ratcliffe
Adopt Adapt and Apply IT Best Practices - David RatcliffePink Elephant
 
Steve Bell - Lean IT @ 7. Kongres itSMF Polska 2014
Steve Bell - Lean IT @ 7. Kongres itSMF Polska 2014Steve Bell - Lean IT @ 7. Kongres itSMF Polska 2014
Steve Bell - Lean IT @ 7. Kongres itSMF Polska 2014Fundacja Governica
 
Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4ITDavid Favelle
 
Intelligent Automation & RPA Change Management Checklist
Intelligent Automation & RPA Change Management ChecklistIntelligent Automation & RPA Change Management Checklist
Intelligent Automation & RPA Change Management ChecklistElizabeth Mixson
 
ITIL® 4 HVIT - High Velocity IT
ITIL® 4 HVIT - High Velocity ITITIL® 4 HVIT - High Velocity IT
ITIL® 4 HVIT - High Velocity ITITSM Academy, Inc.
 
What is IT4IT? - Suresh GP
What is IT4IT? - Suresh GPWhat is IT4IT? - Suresh GP
What is IT4IT? - Suresh GPPink Elephant
 
Guiding Digital Transformation
Guiding Digital TransformationGuiding Digital Transformation
Guiding Digital TransformationJim Wilt
 
Learning from the fast developing practice of Lean IT by Steve Bell
Learning from the fast developing practice of Lean IT by Steve BellLearning from the fast developing practice of Lean IT by Steve Bell
Learning from the fast developing practice of Lean IT by Steve BellInstitut Lean France
 
Four Steps to Lead Change Management for RPA
Four Steps to Lead Change Management for RPAFour Steps to Lead Change Management for RPA
Four Steps to Lead Change Management for RPAMindfields Global
 
Social IT & Multi-channel support
Social IT & Multi-channel supportSocial IT & Multi-channel support
Social IT & Multi-channel supportDavid Favelle
 
ITIL® 4 DSV - Drive Stakeholder Value
ITIL® 4 DSV - Drive Stakeholder ValueITIL® 4 DSV - Drive Stakeholder Value
ITIL® 4 DSV - Drive Stakeholder ValueITSM Academy, Inc.
 
Open Innovation - global trends and examples
Open Innovation - global trends and examplesOpen Innovation - global trends and examples
Open Innovation - global trends and examplesJose Claudio Terra
 
The Future Is Not What It Used To Be - Jan-Willem Middelburg
The Future Is Not What It Used To Be - Jan-Willem MiddelburgThe Future Is Not What It Used To Be - Jan-Willem Middelburg
The Future Is Not What It Used To Be - Jan-Willem MiddelburgPink Elephant
 
Future Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for DigitalFuture Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for DigitalDavid Favelle
 
Agile at The Open Group Conference
Agile at The Open Group ConferenceAgile at The Open Group Conference
Agile at The Open Group ConferenceCapgemini
 
Futureproof your ITSM
Futureproof your ITSMFutureproof your ITSM
Futureproof your ITSMClaire Agutter
 
Mapping Your Journey to ITIL Island
Mapping Your Journey to ITIL IslandMapping Your Journey to ITIL Island
Mapping Your Journey to ITIL IslandITSM Academy, Inc.
 
The Anatomy of XLA: eXperience Level Agreements
The Anatomy of XLA: eXperience Level AgreementsThe Anatomy of XLA: eXperience Level Agreements
The Anatomy of XLA: eXperience Level AgreementsITSM Academy, Inc.
 
Running the Business of IT on ServiceNow using IT4IT
Running the Business of IT on ServiceNow using IT4ITRunning the Business of IT on ServiceNow using IT4IT
Running the Business of IT on ServiceNow using IT4ITcccamericas
 
Homologación de proveedores
Homologación de proveedoresHomologación de proveedores
Homologación de proveedoresFredy Roger Morales Gutierrez
 
Asesoria en Homologación de Proveedores para SGS, Buro Veritas, Mega Certific...
Asesoria en Homologación de Proveedores para SGS, Buro Veritas, Mega Certific...Asesoria en Homologación de Proveedores para SGS, Buro Veritas, Mega Certific...
Asesoria en Homologación de Proveedores para SGS, Buro Veritas, Mega Certific...ELG ASESORES PERÚ.
 

More Related Content

What's hot

Rethinking business decisions and processes for digital transformation
Rethinking business decisions and processes for digital transformationRethinking business decisions and processes for digital transformation
Rethinking business decisions and processes for digital transformationJudy Breedlove
 
Adopt Adapt and Apply IT Best Practices - David Ratcliffe
Adopt Adapt and Apply IT Best Practices - David RatcliffeAdopt Adapt and Apply IT Best Practices - David Ratcliffe
Adopt Adapt and Apply IT Best Practices - David RatcliffePink Elephant
 
Steve Bell - Lean IT @ 7. Kongres itSMF Polska 2014
Steve Bell - Lean IT @ 7. Kongres itSMF Polska 2014Steve Bell - Lean IT @ 7. Kongres itSMF Polska 2014
Steve Bell - Lean IT @ 7. Kongres itSMF Polska 2014Fundacja Governica
 
Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4ITDavid Favelle
 
Intelligent Automation & RPA Change Management Checklist
Intelligent Automation & RPA Change Management ChecklistIntelligent Automation & RPA Change Management Checklist
Intelligent Automation & RPA Change Management ChecklistElizabeth Mixson
 
ITIL® 4 HVIT - High Velocity IT
ITIL® 4 HVIT - High Velocity ITITIL® 4 HVIT - High Velocity IT
ITIL® 4 HVIT - High Velocity ITITSM Academy, Inc.
 
What is IT4IT? - Suresh GP
What is IT4IT? - Suresh GPWhat is IT4IT? - Suresh GP
What is IT4IT? - Suresh GPPink Elephant
 
Guiding Digital Transformation
Guiding Digital TransformationGuiding Digital Transformation
Guiding Digital TransformationJim Wilt
 
Learning from the fast developing practice of Lean IT by Steve Bell
Learning from the fast developing practice of Lean IT by Steve BellLearning from the fast developing practice of Lean IT by Steve Bell
Learning from the fast developing practice of Lean IT by Steve BellInstitut Lean France
 
Four Steps to Lead Change Management for RPA
Four Steps to Lead Change Management for RPAFour Steps to Lead Change Management for RPA
Four Steps to Lead Change Management for RPAMindfields Global
 
Social IT & Multi-channel support
Social IT & Multi-channel supportSocial IT & Multi-channel support
Social IT & Multi-channel supportDavid Favelle
 
ITIL® 4 DSV - Drive Stakeholder Value
ITIL® 4 DSV - Drive Stakeholder ValueITIL® 4 DSV - Drive Stakeholder Value
ITIL® 4 DSV - Drive Stakeholder ValueITSM Academy, Inc.
 
Open Innovation - global trends and examples
Open Innovation - global trends and examplesOpen Innovation - global trends and examples
Open Innovation - global trends and examplesJose Claudio Terra
 
The Future Is Not What It Used To Be - Jan-Willem Middelburg
The Future Is Not What It Used To Be - Jan-Willem MiddelburgThe Future Is Not What It Used To Be - Jan-Willem Middelburg
The Future Is Not What It Used To Be - Jan-Willem MiddelburgPink Elephant
 
Future Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for DigitalFuture Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for DigitalDavid Favelle
 
Agile at The Open Group Conference
Agile at The Open Group ConferenceAgile at The Open Group Conference
Agile at The Open Group ConferenceCapgemini
 
Mapping Your Journey to ITIL Island
Mapping Your Journey to ITIL IslandMapping Your Journey to ITIL Island
Mapping Your Journey to ITIL IslandITSM Academy, Inc.
 
The Anatomy of XLA: eXperience Level Agreements
The Anatomy of XLA: eXperience Level AgreementsThe Anatomy of XLA: eXperience Level Agreements
The Anatomy of XLA: eXperience Level AgreementsITSM Academy, Inc.
 
Running the Business of IT on ServiceNow using IT4IT
Running the Business of IT on ServiceNow using IT4ITRunning the Business of IT on ServiceNow using IT4IT
Running the Business of IT on ServiceNow using IT4ITcccamericas
 

What's hot (20)

Rethinking business decisions and processes for digital transformation
Rethinking business decisions and processes for digital transformationRethinking business decisions and processes for digital transformation
Rethinking business decisions and processes for digital transformation
 
Adopt Adapt and Apply IT Best Practices - David Ratcliffe
Adopt Adapt and Apply IT Best Practices - David RatcliffeAdopt Adapt and Apply IT Best Practices - David Ratcliffe
Adopt Adapt and Apply IT Best Practices - David Ratcliffe
 
Steve Bell - Lean IT @ 7. Kongres itSMF Polska 2014
Steve Bell - Lean IT @ 7. Kongres itSMF Polska 2014Steve Bell - Lean IT @ 7. Kongres itSMF Polska 2014
Steve Bell - Lean IT @ 7. Kongres itSMF Polska 2014
 
Digital Operating Model & IT4IT
Digital Operating Model & IT4ITDigital Operating Model & IT4IT
Digital Operating Model & IT4IT
 
Intelligent Automation & RPA Change Management Checklist
Intelligent Automation & RPA Change Management ChecklistIntelligent Automation & RPA Change Management Checklist
Intelligent Automation & RPA Change Management Checklist
 
ITIL® 4 HVIT - High Velocity IT
ITIL® 4 HVIT - High Velocity ITITIL® 4 HVIT - High Velocity IT
ITIL® 4 HVIT - High Velocity IT
 
What is IT4IT? - Suresh GP
What is IT4IT? - Suresh GPWhat is IT4IT? - Suresh GP
What is IT4IT? - Suresh GP
 
Guiding Digital Transformation
Guiding Digital TransformationGuiding Digital Transformation
Guiding Digital Transformation
 
Learning from the fast developing practice of Lean IT by Steve Bell
Learning from the fast developing practice of Lean IT by Steve BellLearning from the fast developing practice of Lean IT by Steve Bell
Learning from the fast developing practice of Lean IT by Steve Bell
 
Four Steps to Lead Change Management for RPA
Four Steps to Lead Change Management for RPAFour Steps to Lead Change Management for RPA
Four Steps to Lead Change Management for RPA
 
Social IT & Multi-channel support
Social IT & Multi-channel supportSocial IT & Multi-channel support
Social IT & Multi-channel support
 
ITIL® 4 DSV - Drive Stakeholder Value
ITIL® 4 DSV - Drive Stakeholder ValueITIL® 4 DSV - Drive Stakeholder Value
ITIL® 4 DSV - Drive Stakeholder Value
 
Open Innovation - global trends and examples
Open Innovation - global trends and examplesOpen Innovation - global trends and examples
Open Innovation - global trends and examples
 
The Future Is Not What It Used To Be - Jan-Willem Middelburg
The Future Is Not What It Used To Be - Jan-Willem MiddelburgThe Future Is Not What It Used To Be - Jan-Willem Middelburg
The Future Is Not What It Used To Be - Jan-Willem Middelburg
 
Future Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for DigitalFuture Proofing Your IT Operating Model for Digital
Future Proofing Your IT Operating Model for Digital
 
Agile at The Open Group Conference
Agile at The Open Group ConferenceAgile at The Open Group Conference
Agile at The Open Group Conference
 
Futureproof your ITSM
Futureproof your ITSMFutureproof your ITSM
Futureproof your ITSM
 
Mapping Your Journey to ITIL Island
Mapping Your Journey to ITIL IslandMapping Your Journey to ITIL Island
Mapping Your Journey to ITIL Island
 
The Anatomy of XLA: eXperience Level Agreements
The Anatomy of XLA: eXperience Level AgreementsThe Anatomy of XLA: eXperience Level Agreements
The Anatomy of XLA: eXperience Level Agreements
 
Running the Business of IT on ServiceNow using IT4IT
Running the Business of IT on ServiceNow using IT4ITRunning the Business of IT on ServiceNow using IT4IT
Running the Business of IT on ServiceNow using IT4IT
 

Viewers also liked

Asesoria en Homologación de Proveedores para SGS, Buro Veritas, Mega Certific...
Asesoria en Homologación de Proveedores para SGS, Buro Veritas, Mega Certific...Asesoria en Homologación de Proveedores para SGS, Buro Veritas, Mega Certific...
Asesoria en Homologación de Proveedores para SGS, Buro Veritas, Mega Certific...ELG ASESORES PERÚ.
 
El factor humano en itsm spanish - pink elephant mexico city
El factor humano en itsm spanish - pink elephant mexico cityEl factor humano en itsm spanish - pink elephant mexico city
El factor humano en itsm spanish - pink elephant mexico cityAlejandro Debenedet
 
IT frameworks
IT frameworksIT frameworks
IT frameworkscyouss
 
INSTRUCTIVO PARA LA SELECCIÓN, EVALUACIÓN Y RE-EVALUACIÓN DE PROVEEDORES
INSTRUCTIVO PARA LA SELECCIÓN, EVALUACIÓN Y RE-EVALUACIÓN DE PROVEEDORES INSTRUCTIVO PARA LA SELECCIÓN, EVALUACIÓN Y RE-EVALUACIÓN DE PROVEEDORES
INSTRUCTIVO PARA LA SELECCIÓN, EVALUACIÓN Y RE-EVALUACIÓN DE PROVEEDORES Rafael Maya Sanabria
 
4. it governance a compass without a map v.2.6 pink elephant
4. it governance a compass without a map v.2.6 pink elephant4. it governance a compass without a map v.2.6 pink elephant
4. it governance a compass without a map v.2.6 pink elephantaventia
 

Viewers also liked (7)

Homologación de proveedores
Homologación de proveedoresHomologación de proveedores
Homologación de proveedores
 
Asesoria en Homologación de Proveedores para SGS, Buro Veritas, Mega Certific...
Asesoria en Homologación de Proveedores para SGS, Buro Veritas, Mega Certific...Asesoria en Homologación de Proveedores para SGS, Buro Veritas, Mega Certific...
Asesoria en Homologación de Proveedores para SGS, Buro Veritas, Mega Certific...
 
El factor humano en itsm spanish - pink elephant mexico city
El factor humano en itsm spanish - pink elephant mexico cityEl factor humano en itsm spanish - pink elephant mexico city
El factor humano en itsm spanish - pink elephant mexico city
 
IT frameworks
IT frameworksIT frameworks
IT frameworks
 
Cobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise ITCobit 5 Business Framework -Governance and Management of Enterprise IT
Cobit 5 Business Framework -Governance and Management of Enterprise IT
 
INSTRUCTIVO PARA LA SELECCIÓN, EVALUACIÓN Y RE-EVALUACIÓN DE PROVEEDORES
INSTRUCTIVO PARA LA SELECCIÓN, EVALUACIÓN Y RE-EVALUACIÓN DE PROVEEDORES INSTRUCTIVO PARA LA SELECCIÓN, EVALUACIÓN Y RE-EVALUACIÓN DE PROVEEDORES
INSTRUCTIVO PARA LA SELECCIÓN, EVALUACIÓN Y RE-EVALUACIÓN DE PROVEEDORES
 
4. it governance a compass without a map v.2.6 pink elephant
4. it governance a compass without a map v.2.6 pink elephant4. it governance a compass without a map v.2.6 pink elephant
4. it governance a compass without a map v.2.6 pink elephant
 

Similar to IT Governance Strategy High Ground

Initiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsInitiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsPECB
 
Pink Think Tank 2015
Pink Think Tank 2015Pink Think Tank 2015
Pink Think Tank 2015Pink Elephant
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementChristian F. Nissen
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introductionsuhaskokate
 
Cobi t 4.1-brochure
Cobi t 4.1-brochureCobi t 4.1-brochure
Cobi t 4.1-brochureDeloitte
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementChristian F. Nissen
 
Top 5 Essential Certifications for 2015 - Syzygal
Top 5 Essential Certifications for 2015 - SyzygalTop 5 Essential Certifications for 2015 - Syzygal
Top 5 Essential Certifications for 2015 - SyzygalSyzygal
 

Similar to IT Governance Strategy High Ground (20)

ITIL continual service improvement
ITIL continual service improvementITIL continual service improvement
ITIL continual service improvement
 
CobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast SeminarCobiT And ITIL Breakfast Seminar
CobiT And ITIL Breakfast Seminar
 
Cobit 5 introduction plgr
Cobit 5 introduction plgrCobit 5 introduction plgr
Cobit 5 introduction plgr
 
01 intro-cobit
01 intro-cobit01 intro-cobit
01 intro-cobit
 
Cobit overview
Cobit overviewCobit overview
Cobit overview
 
Initiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business NeedsInitiating IT Governance Strategy to Identify Business Needs
Initiating IT Governance Strategy to Identify Business Needs
 
Pink Think Tank 2015
Pink Think Tank 2015Pink Think Tank 2015
Pink Think Tank 2015
 
Introduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT managementIntroduction to COBIT 2019 and IT management
Introduction to COBIT 2019 and IT management
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
Cobi t 4.1-brochure
Cobi t 4.1-brochureCobi t 4.1-brochure
Cobi t 4.1-brochure
 
Introduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT managementIntroduction to COBIT 5 and IT management
Introduction to COBIT 5 and IT management
 
Top 5 Essential Certifications for 2015 - Syzygal
Top 5 Essential Certifications for 2015 - SyzygalTop 5 Essential Certifications for 2015 - Syzygal
Top 5 Essential Certifications for 2015 - Syzygal
 
CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
Dit yvol2iss7
Dit yvol2iss7Dit yvol2iss7
Dit yvol2iss7
 
COBIT5 Introduction
COBIT5 IntroductionCOBIT5 Introduction
COBIT5 Introduction
 
Dit yvol2iss18
Dit yvol2iss18Dit yvol2iss18
Dit yvol2iss18
 
Cobit5 introduction
Cobit5 introductionCobit5 introduction
Cobit5 introduction
 
Dit yvol4iss22
Dit yvol4iss22Dit yvol4iss22
Dit yvol4iss22
 
ITIL service strategy
ITIL service strategyITIL service strategy
ITIL service strategy
 
COBIT5-IntroductionS
COBIT5-IntroductionSCOBIT5-IntroductionS
COBIT5-IntroductionS
 

Recently uploaded

Reflecting, turning experience into insight
Reflecting, turning experience into insightReflecting, turning experience into insight
Reflecting, turning experience into insightWayne Abrahams
 
Unlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency MatrixUnlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency MatrixCIToolkit
 
Simplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes ThinkingSimplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes ThinkingCIToolkit
 
Shaping Organizational Culture Beyond Wishful Thinking
Shaping Organizational Culture Beyond Wishful ThinkingShaping Organizational Culture Beyond Wishful Thinking
Shaping Organizational Culture Beyond Wishful ThinkingGiuseppe De Simone
 
Digital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic Traits
Digital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic TraitsDigital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic Traits
Digital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic TraitsHannah Smith
 
From Goals to Actions: Uncovering the Key Components of Improvement Roadmaps
From Goals to Actions: Uncovering the Key Components of Improvement RoadmapsFrom Goals to Actions: Uncovering the Key Components of Improvement Roadmaps
From Goals to Actions: Uncovering the Key Components of Improvement RoadmapsCIToolkit
 
Measuring True Process Yield using Robust Yield Metrics
Measuring True Process Yield using Robust Yield MetricsMeasuring True Process Yield using Robust Yield Metrics
Measuring True Process Yield using Robust Yield MetricsCIToolkit
 
How-How Diagram: A Practical Approach to Problem Resolution
How-How Diagram: A Practical Approach to Problem ResolutionHow-How Diagram: A Practical Approach to Problem Resolution
How-How Diagram: A Practical Approach to Problem ResolutionCIToolkit
 
Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024
Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024
Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024Giuseppe De Simone
 
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证jdkhjh
 
From Red to Green: Enhancing Decision-Making with Traffic Light Assessment
From Red to Green: Enhancing Decision-Making with Traffic Light AssessmentFrom Red to Green: Enhancing Decision-Making with Traffic Light Assessment
From Red to Green: Enhancing Decision-Making with Traffic Light AssessmentCIToolkit
 
The Final Activity in Project Management
The Final Activity in Project ManagementThe Final Activity in Project Management
The Final Activity in Project ManagementCIToolkit
 
Beyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why Diagram
Beyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why DiagramBeyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why Diagram
Beyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why DiagramCIToolkit
 
Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...
Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...
Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...CIToolkit
 
Farmer Representative Organization in Lucknow | Rashtriya Kisan Manch
Farmer Representative Organization in Lucknow | Rashtriya Kisan ManchFarmer Representative Organization in Lucknow | Rashtriya Kisan Manch
Farmer Representative Organization in Lucknow | Rashtriya Kisan ManchRashtriya Kisan Manch
 
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)jennyeacort
 

Recently uploaded (16)

Reflecting, turning experience into insight
Reflecting, turning experience into insightReflecting, turning experience into insight
Reflecting, turning experience into insight
 
Unlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency MatrixUnlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency Matrix
 
Simplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes ThinkingSimplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes Thinking
 
Shaping Organizational Culture Beyond Wishful Thinking
Shaping Organizational Culture Beyond Wishful ThinkingShaping Organizational Culture Beyond Wishful Thinking
Shaping Organizational Culture Beyond Wishful Thinking
 
Digital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic Traits
Digital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic TraitsDigital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic Traits
Digital PR Summit - Leadership Lessons: Myths, Mistakes, & Toxic Traits
 
From Goals to Actions: Uncovering the Key Components of Improvement Roadmaps
From Goals to Actions: Uncovering the Key Components of Improvement RoadmapsFrom Goals to Actions: Uncovering the Key Components of Improvement Roadmaps
From Goals to Actions: Uncovering the Key Components of Improvement Roadmaps
 
Measuring True Process Yield using Robust Yield Metrics
Measuring True Process Yield using Robust Yield MetricsMeasuring True Process Yield using Robust Yield Metrics
Measuring True Process Yield using Robust Yield Metrics
 
How-How Diagram: A Practical Approach to Problem Resolution
How-How Diagram: A Practical Approach to Problem ResolutionHow-How Diagram: A Practical Approach to Problem Resolution
How-How Diagram: A Practical Approach to Problem Resolution
 
Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024
Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024
Effective learning in the Age of Hybrid Work - Agile Saturday Tallinn 2024
 
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
原版1:1复刻密西西比大学毕业证Mississippi毕业证留信学历认证
 
From Red to Green: Enhancing Decision-Making with Traffic Light Assessment
From Red to Green: Enhancing Decision-Making with Traffic Light AssessmentFrom Red to Green: Enhancing Decision-Making with Traffic Light Assessment
From Red to Green: Enhancing Decision-Making with Traffic Light Assessment
 
The Final Activity in Project Management
The Final Activity in Project ManagementThe Final Activity in Project Management
The Final Activity in Project Management
 
Beyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why Diagram
Beyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why DiagramBeyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why Diagram
Beyond the Five Whys: Exploring the Hierarchical Causes with the Why-Why Diagram
 
Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...
Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...
Paired Comparison Analysis: A Practical Tool for Evaluating Options and Prior...
 
Farmer Representative Organization in Lucknow | Rashtriya Kisan Manch
Farmer Representative Organization in Lucknow | Rashtriya Kisan ManchFarmer Representative Organization in Lucknow | Rashtriya Kisan Manch
Farmer Representative Organization in Lucknow | Rashtriya Kisan Manch
 
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
Call Us🔝⇛+91-97111🔝47426 Call In girls Munirka (DELHI)
 

IT Governance Strategy High Ground

  • 1. IT Governance Vs. Compliance – Taking Back The Strategy High Ground Presented by: Peter Hubbard Pink Elephant EMEA Ltd Think Differently. Think Pink
  • 2. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Introduction – Peter Hubbard  Principal ITSM Consultant  Worked in ITSM for over 20 years  Regular speaker at industry events  Worked in all sorts of organisations, large and small. City of London
  • 3. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. IT Governance Governance is sometimes seen as ‘red tape’ Something to be worked about, or at best wished away. IT Governance does not have to be this (and never should be!) It helps focus the efforts of an IT department and provides much needed clarity. 3
  • 4. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 4 What Is COBIT?  Framework of good practices for overall IT governance (management) and control (audit)  Recognized worldwide  Represents the consensus of experts  Integrator for IT good practices  Focus on control (what) and less on execution (how)  Flexible – Implement COBIT according to your organizational needs  Public domain – ITGI (free PDF download)  Evolves – COBIT edition 5 released 2012 According to the Institute of Internal Auditors (IIA) COBIT is one of the most common Internal Control Frameworks and is often used to comply with SOX requirements.
  • 5. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. COBIT 5 Mapping Summary Figure 25 – COBIT 5 Coverage of Other Standards and Frameworks. © 2012 ISACA. All rights reserved. Evaluate, Direct and Monitor Align, Plan and Organize Build Acquire and Implement Deliver, Service and Support Monitor, Evaluate and Assess ISO/IEC 38500 ISO/IEC 27000 ISO/IEC 31000 PRINCE2/PMBOK CMMI ITIL V3 2011 & ISO/IEC 20000 TOGAF 5
  • 6. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. COBIT 5 Process Reference Model Figure 31 - COBIT 5 Process Reference Model. © 2012 ISACA. All rights reserved. ProTip:Noonetriestodoallof them!
  • 7. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. IT Governance ISO 9001:2000 ISO 27002 ISO 20000Best Practice Standards PERFORMANCE: Business Goals CONFORMANCE Basel II, Sarbanes- Oxley Act, etc. Drivers Enterprise Governance COSO Balanced Scorecard Where Does COBIT Fit? QA ProceduresProcesses and Procedures Security Principles ITIL COBIT © 2012 ISACA. All rights reserved. 7
  • 8. Okay fine…COBIT is neat. Got you. But…my strategy remember?
  • 9. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Figure 4 - COBIT 5 Goals Cascade Overview. © 2012 ISACA. All rights reserved. The COBIT 5 Goals Cascade Influences Stakeholder Drivers e.g. strategy changes, changing business and regulatory environment, new technologies Cascades to Stakeholder Needs Benefits Realization Risk Optimization Resource Optimization Enterprise Goals IT Related Goals Process Goals Cascades to Cascades to  Translates stakeholder needs into specific and actionable goals at every level, and in every area, of responsibility in the enterprise  Allows the definition of priorities for:  Implementation  Improvement  Assurance of governance of enterprise IT based on the strategic objectives of the enterprise and the related risk  Clearly identifies and communicates how (sometimes very operational) enablers are important to achieve enterprise goals 9
  • 10. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Mapping Stakeholder Needs And Enterprise Goals Excerpt from Figure 24 - Mapping COBIT 5 Enterprise Goals to Governance and Management Questions. © 2012 ISACA. All rights reserved.
  • 11. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. COBIT 5 Enterprise Goals Figure 5 - COBIT 5 Enterprise Goals. © 2012 ISACA. All rights reserved. 11
  • 12. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. COBIT 5 IT-Related Goals Figure 6 - COBIT 5 IT-Related Goals. © 2012 ISACA. All rights reserved. 12
  • 13. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Mapping Enterprise To IT-Related Goals Excerpt from Figure 24 - Mapping COBIT 5 Enterprise Goals to IT-related Goals. © 2012 ISACA. All rights reserved.
  • 14. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Mapping IT-Related Goals To IT-Related Processes Excerpt from Figure 23 - Mapping COBIT 5 IT-related Goals to Processes. © 2012 ISACA. All rights reserved. 14 Primary Process: BAI06 Manage Change
  • 15. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. BAI06: Description & Purpose © 2012 ISACA. All rights reserved.
  • 16. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. BAI06 : Goals & Metrics © 2012 ISACA. All rights reserved. 16
  • 17. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. BAI06: RACI © 2012 ISACA. All rights reserved. 17
  • 18. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. BAI06: Process Practices, Inputs/Outputs & Activities Evaluate, Prioritise and authorise change requests (BAI06.01) © 2012 ISACA. All rights reserved. 18
  • 19. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 19 An Example: Linkage Of Goals Business goal no. 04: Compliance with External Laws and Regs IT goal no. 02: IT compliance & support For business compliance with ext…. COBIT IT processes: EDM01 Ensure Governance Setting BAI06 Manage Changes KPIS: Number of business Disruptions due to IT Incidents.
  • 20. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 20 The Continual Service Improvement Approach What is the Vision? Service & Process Improvement Measurable Targets Baseline Assessments Where do we want to be? How do we get there? Did we get there? Measurements & Metrics Business Vision, mission, goals and objectives Where are we now? How do we keep the momentum going? © Crown copyright 2007 Reproduced under license from OGC. Figure 3.2 Continual Service Improvement, page 30
  • 21. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 21 An IT Service Management Initiative  Establish IT Governance to align with business strategy  Determine IT processes to improve that underpin business strategy  Assess IT processes for current state  Determine IT process future state  Build process improvements  Measure success  Measure process integration points  Build for improvements and maintenance What is the Vision? Where are we now?
  • 22. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 22 An IT Service Management Initiative  Establish IT Governance to align with business strategy  Determine IT processes to improve that underpin business strategy  Assess IT processes for current state  Determine IT process future state  Build process improvements  Measure success  Measure process integration points  Build for improvements and maintenance Where do we want to be?
  • 23. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 23 An IT Service Management Initiative  Establish IT Governance to align with business strategy  Determine IT processes to improve that underpin business strategy  Assess IT processes for current state  Determine IT process future state  Build process improvements  Measure success  Measure process integration points  Build for improvements and maintenance How do we get there?
  • 24. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. 24 An IT Service Management Initiative  Establish IT Governance to align with business strategy  Determine IT processes to improve that underpin business strategy  Assess IT processes for current state  Determine IT process future state  Build process improvements  Measure success  Measure process integration points  Build for improvements and maintenance Did we get there?
  • 25. Let me see if I get this right…..
  • 26. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. To recap  You can use COBIT 5 to work out what your stakeholders (Internal & External) are likely to want your organisation to want to do.  You can then map those needs to Business Goals.  Those Business Goals map to IT Goals  Those IT Goals map to IT Processes  Those processes contain activities, outputs, roles, and suggested KPIs.  You can VERY quickly create a straw man to begin you conversation with the business. NOTE: Using COBIT enhances strategy alignment. It does NOT replace it! 26
  • 27. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. But does it work in the real world?  A mid size Financial Services Firm  Had de-merged from its parent company recently and was facing its first external compliance audit in the Autumn. (Approx. 7 months away)  Passing the audit was a major strategic objective for the board  IT had to demonstrate HOW they would prepare to meet the audit.  IT used COBIT 5 as an approach to prepare themselves and ensure successful assessment took place 27
  • 28. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Step 1 – Stakeholder Needs to Business Goals Business Goal Number of times it supported a stakeholder need identified to be of primary importance Outcome Business Goal 4:- Compliance with External Laws and Regulations 4 In Scope Business Goal 7:- Business Service Continuity and availability 4 In Scope Business Goal 15:- Compliance with Internal policies 6 In Scope Business Goal 2: Portfolio of Competitive products and services 3 Out of scope Business Goal 9: Information based strategic decision making 3 Out of scope 28 Primary: Needed to meet the requirements of the audit Secondary: Of interest in structurally arranging the IT department after the audit Utilising this approach, and limiting themselves to only 3 possible goals to be taken forwards the following business goals were selected.
  • 29. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Step 2 – Business Goals to IT Goals  Utilising these 3 business goals a mapping exercise was undertaken to establish the top 3 IT goals that would support the business goals  Primary = 3 points  Secondary = 1 point 29 IT Goal Number of Points Outcome IT Goal 2: IT compliance and support for business compliance with external laws and regulations 6 In Scope IT Goal 4:- Managing IT related business risk 5 In Scope IT Goal 10: Security of Information, processing infrastructure and applications 9 In Scope IT Goal 15: Compliance with internal policies 4 Out of scope
  • 30. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Step 3- IT Goals to Processes 30 Elapsed Time: 2 day workshop
  • 31. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Step 4 – Focussed Maturity Assessment 31 Elapsed Time: 2 week assessment spread over a month
  • 32. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Consequence Of Capability Gaps Capability Level Where Gap Occurs Nature Of Consequence Seriousness Of Consequence 1 - Performed Process Missing Work Products Process Outcomes not achieved 2 - Managed Process Cost or time overruns Unpredictable quality 3 - Established Process Inconsistent process performance across organization 4 - Predictable Process Inability to quantify performance or detect problems early 5 - Optimizing Process Inability to achieve or evaluate process improvements Lowest Highest 32
  • 33. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Step 5 – Improvement Program  Suppliers Engaged with. Requirements for maturity mapped out  Information Security Manager recruited and formal process designed and implemented  The focus of the IT department changed from relying on individual experts to embedding the required processes and skills within the organisation supported by good corporate governance.  The external audit was passed. Although weaknesses remained the auditors were happy that they were understood and proper actions were being deployed to mitigate risks. 33 Elapsed Time: 5 months to address the issues
  • 34. IT Governance Vs Compliance © Pink Elephant, 2016 All Rights Reserved. ITIL® is a Registered Trade Mark of Axelos Ltd. Questions? p.hubbard@pinkelephant.co.uk info@pinkelephant.co.uk www.pinkelephant.co.uk 34 Follow us: