n November 2018, ISACA launched COBIT 2019.
From its foundation in the IT audit community, COBIT has over the years become broader and more comprehensive.
COBIT is a framework for the governance and management of enterprise information and technology, providing guidance of what (strategic, transition, operational and monitoring) IT enablers to establish in order to achieve enterprise goals.
COBIT 2019 provides best practice guidance for 35 ICT Management Processes and 5 ICT Governance processes, including processes for:
• Managed Architecture (APO03)
• Managed Requirements Definition (BAI02)
• Managed IT Changes (BAI06)
• Managed Configuration (BAI10)
• Managed Security Services (DSS05)
This presentation provides a high level overview of:
• The COBIT 2019 Framework,
• DevOps in relation to the COBIT framework,
• Implementing and aligning frameworks and best practices.
Speaker Biography: Harold Petersen, north BDT
Harold Petersen is a management consultant for north BDT with over 25 years of experience, specialising in areas of Digital Strategy, DevOps, SIAM, ITSM, ICT Governance and Project, Programme, Portfolio Management.
He holds the ITIL Master certificate (one of only three in Australia) and is a DevOps, COBIT, MSP, P3O, PRINCE2 and PRINCE2 agile accredited trainer and implementer.
Harold has lived and worked in Asia Pacific, Australia, New Zealand, Europe and Africa.
#iibacanberrabranch #eventsincanberra #professionallyadventurous
DevOps, BA and COBIT don’t really align, or do they?
1. IIBA
Canberra
DevOps and COBIT don’t
really align, or do they?
March 2019
COMMUNITY EVENT
Harold Petersen
E: harold.petersen@northbdt.com.au
2. Digital businesses require agility in Business Systems & Service Delivery
• Digital Strategy is Business Strategy,
• IoT, AI, Big Data, Platform businesses are fueled by software,
• The market requires the same sort of rapid development and UX as what they are used to with ‘apps’,
• ‘Time to Value’ instead of ‘Time to Market’.
3 3
8. 10
Other(internal/external)
SD
EUC
Comms
Hosting
Comms
Service Strategy Management (CIO & DRs)
ICT Strategy, aligned with Business,
BRM, Demand, Service Portfolio
& Financial Management
ICT Service Design & Architecture
(ICT Policies, ICT Design standards, EA, SOA)
BRMs
(Service Modelling,
BRM, Service Level
Management,
Governance & CSI,
Communications)
New and Existing
ICT Service
Engagement
Business
Business Strategy
ICT Service
Demand
BAU
Delivery and
Support
Service Level
Achievement
Reporting &
Management
Design,
Build,
Test,
Deploy.
Supplier
Strategy
ICT Management
and governance processesBusiness
End User Comp
Hosting
App Mgt
SIAM
(Service Integration,
Supplier SLM,
Supplier process KPI
control, Supplier
Communications, COE)
Internal & External SPs
Service Operations
(Operational Bundle controls, Escalations,
Project & Process Assurance, ownership of
some processes, contribution to others), Process
KPI reporting
BA, PMO and Service Transition
(Schedule & Control of Plan/Build/Transition)
10
‘Enterprise ICT’
17. Change Owner
Reviewers
(Tech, Ops, QA,
PO)
CAB
Builders &
Implementers
Reviewers
(Tech, Ops, QA,
PO)
Submit RFC
Approve (Build
& Schedule)
Review & Sign
Off
Build & Test
Review & Sign
Off
Authorise
(Deploy)
Deploy
Request Close
Review &
Accept Close
RFCRFCRFCRFCRFCRFCRFCRFC
23
Excerpt of a Change Management workflow
(for non-standard, non-emergency changes)
18. Do we need to choose one or the other?
24
Less risk
Faster time to
value
19. Recommended DevOps reading
The Phoenix Project
• World famous ‘novel’ about IT Management and DevOps
experiences
The DevOps Handbook
• how to integrate Product Management, Development, QA, IT
Operations, and Information Security to elevate your company and
win in the marketplace
Continuous Delivery
• Principles, automation and technical practices that enable rapid,
incremental delivery of high quality, valuable new functionality to
users26 26
20. The three ways
The first way – Flow
• Understand and increase the flow of work (left to right)
The second way – Feedback
• Create short feedback loops that enable continuous improvement (right to left)
The third way – Continuous experimentation and learning
• Create a culture that fosters
• Experimentation (taking risks) and learning from failure
• Understanding that repetition and practice is the key to mastery
27 27
26. The third way : Continuous experimentation and
learning
• CSI time allocation
• Reward risk taking
• Specifically organise safe experimentation and innovation events (eg
hackathons)
• Deliberately introduce failure to improve resiliency and
antifragility (eg chaos monkey)
• Repetition and learning is the key to mastery
38 38
27. Change Models, enabled by people, automation, etc (non-
standard, non-emergency changes)
Change Owner
Reviewers
(Tech, Ops, QA,
PO)
CAB
Builders &
Implementers
Reviewers
(Tech, Ops, QA,
PO)
Submit RFC
Approve (Build
& Schedule)
Review & Sign
Off
Build & Test
Review & Sign
Off
Authorise
(Deploy)
Deploy
Request Close
Review &
Accept Close
RFC
39
29. 42
Other(internal/external)
SD
EUC
Comms
Hosting
Comms
Service Strategy Management (CIO & DRs)
ICT Strategy, aligned with Business,
BRM, Demand, Service Portfolio
& Financial Management
ICT Service Design & Architecture
(ICT Policies, ICT Design standards, EA, SOA)
BRMs
(Service Modelling,
BRM, Service Level
Management,
Governance & CSI,
Communications)
PMO and Service Transition
(Schedule & Control of Plan/Build/Transition)
New and Existing
ICT Service
Engagement
Business
Business Strategy
ICT Service
Demand
BAU
Delivery and
Support
Service Level
Achievement
Reporting &
Management
Design,
Build,
Test,
Deploy.
Supplier
Strategy
ICT Management
and governance processesBusiness
End User Comp
Hosting
App Mgt
SIAM
(Service Integration,
Supplier SLM,
Supplier process KPI
control, Supplier
Communications, COE)
Internal & External SPs
Service Operations (SIAM)
(Operational Bundle controls, Escalations,
Project & Process Assurance, ownership of
some processes, contribution to others), Process
KPI reporting
BA, PMO and Service Transition (SIAM)
(Schedule & Control of Plan/Build/Transition)
42
‘Enterprise ICT’
33. Have a vision for the long term, yet iteratively
move towards it
Interim
State 1
Interim
State 2
Interim
State 3
Business Value
46 46
Long
Term
Target
state
36. Apply agile principles to your DevOps/COBIT
implementation
OCM
1 M ~3 M ~ 3 M ~
Backlog
- Introduce, spread and embed DevOps culture
- Introduce automation and release policy
optimisation for applications
- Benefits realisation monitoring & reporting
~3 M
Sprints Sprints Sprints Sprints
Stage Stage Stage1 M
Stakeholder
Engagement
& Prep
Business
Value
Long
Term
Target
state
Current
State
51