Technology and Information are vital to the success of companies.
To leverage the successes in IT projects, companies have at their
disposal, references globally accepted as good practices (COBIT,
ITIL, PMBOK, ISO, TOGAF, etc.). In spite of this, it is still great
the magnitude of spending on IT projects poorly designed or
improperly implemented. This paper presents a brief description
of standards and good practices related to governance and
management of enterprise IT, defines the Lean Thinking, Lean IT, the Processes Management, the Portfolio, Program and Project
Management, and the Work System Theory, and highlights the
purpose of them, showing their characteristics and suggests a
Framework of Lean Governance and Management of Enterprise
IT, by demonstrating how the standards and good practices
presented can work together, because it advocates that the Lean
Thinking, the Process, Portfolio, Program, and Project
Management, and the Work System Theory complement the
standards and good practices of Governance and Management of
Enterprise IT with an approach not referenced in these standards
and good practic
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
The webinar covers:
• Overview of description and principles of COBIT 5.0
• How COBIT is adopted by ISO/IEC 38500
• Complementary values that ISO 38500 and COBIT 5.0 bring to each other
• How companies can use this approach for maximum benefits
Presenter:
This webinar was presented by PECB Trainer Orlando Olumide Odejide, Chief Trainer for Training Heights Limited and an experienced Enterprise Architect.
Link of the recorded session published on YouTube: https://www.youtube.com/watch?v=lnrji3A6C0I
IT Governance – The missing compass in a technology changing worldPECB
The webinar covers:
• Overview of IT Governance
• Benefits of IT Governance
• IT Governance implementation : Approach and Methodology
• Key critical success factors
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB partner.
Link of the recorded session published on YouTube: https://youtu.be/Ux_Yk4JLy0M
This presentation is intended to assist CIO's with setting up a formal IT Governance model for their college or university. There are two companion files also in Slideshare linked at the end of an IT Governance Committee Charter and an IT Project Governance Guideline.
Initiating IT Governance Strategy to Identify Business NeedsPECB
Implementation of IT Governance, or indeed any IT best practice, should be consistent with organization’s management style and the way organization deals with risk management and delivery of IT value. The biggest risk and concern to top management today is failing to align IT to real business needs, therefore implementing IT Governance based on best practices is needed.
Main points that have been covered are:
• Introducing IT Governance
• Business needs for Governance of IT
• Identifying the business performance and conformance needs
Presenter:
Rohit Banerjee has 14+ years overall, with 10+ years in IT hands-on progressive experience across programme, project & team management leading full SDLC life cycle for complex, cross-functional, multi-site initiatives. He is ISO/IEC 38500 Lead IT Governance Manager.
Link of the recorded session published on YouTube: https://youtu.be/rB_BP-9ns4A
PECB Webinar: Aligning COBIT 5.0 and ISO/IEC 38500PECB
The webinar covers:
• Overview of description and principles of COBIT 5.0
• How COBIT is adopted by ISO/IEC 38500
• Complementary values that ISO 38500 and COBIT 5.0 bring to each other
• How companies can use this approach for maximum benefits
Presenter:
This webinar was presented by PECB Trainer Orlando Olumide Odejide, Chief Trainer for Training Heights Limited and an experienced Enterprise Architect.
Link of the recorded session published on YouTube: https://www.youtube.com/watch?v=lnrji3A6C0I
IT Governance – The missing compass in a technology changing worldPECB
The webinar covers:
• Overview of IT Governance
• Benefits of IT Governance
• IT Governance implementation : Approach and Methodology
• Key critical success factors
Presenter:
This webinar was presented by Mr. Oladapo Ogundeji, from Digital Jewels and PECB partner.
Link of the recorded session published on YouTube: https://youtu.be/Ux_Yk4JLy0M
This presentation is intended to assist CIO's with setting up a formal IT Governance model for their college or university. There are two companion files also in Slideshare linked at the end of an IT Governance Committee Charter and an IT Project Governance Guideline.
Initiating IT Governance Strategy to Identify Business NeedsPECB
Implementation of IT Governance, or indeed any IT best practice, should be consistent with organization’s management style and the way organization deals with risk management and delivery of IT value. The biggest risk and concern to top management today is failing to align IT to real business needs, therefore implementing IT Governance based on best practices is needed.
Main points that have been covered are:
• Introducing IT Governance
• Business needs for Governance of IT
• Identifying the business performance and conformance needs
Presenter:
Rohit Banerjee has 14+ years overall, with 10+ years in IT hands-on progressive experience across programme, project & team management leading full SDLC life cycle for complex, cross-functional, multi-site initiatives. He is ISO/IEC 38500 Lead IT Governance Manager.
Link of the recorded session published on YouTube: https://youtu.be/rB_BP-9ns4A
One of the most challenging assignments within an organization is establishing of a maturity
model structure in order to optimize enterprise effectiveness. The contents of this paper
concern such an assignment. The objective of this mission entailed the establishment of an
application governance model and the corresponding documentation therein.
This is a summary of Control Objectives for Information and related Technology audit framework. Anyone can understand COBIT-19 framework within few slides. COBIT was published by ITGI, a nonprofit research entity created by ISACA
Copyright Notice:
This presentation is prepared by Author for Perbanas Institute as a part of Author Lecture Series. It is to be used for educational and non-commercial purposes only and is not to be changed, altered, or used for any commercial endeavor without the express written permission from Author and/or Perbanas Institute. Appropriate legal action may be taken against any person, organization, or entity attempting to misrepresent, charge, or profit from the educational materials contained here.
Authors are allowed to use their own articles without seeking permission from any person, organization, or entity.
Provide an index to know how well positioned businesses, communities and governments around the world are in relation to risks and opportunities of adopting artificial intelligence
The COBIT 5 framework describes seven categories of enablers
• Principles, policies and frameworks are the vehicle to translate the desired behaviour into practical guidance for
day-to-day management.
• Processes describe an organised set of practices and activities to achieve certain objectives and produce a set of
outputs in support of achieving overall IT-related goals.
• Organisational structures are the key decision-making entities in an enterprise.
• Culture, ethics and behaviour of individuals and of the enterprise are very often underestimated as a success factor
in governance and management activities.
• Information is pervasive throughout any organisation and includes all information produced and used by the
enterprise. Information is required for keeping the organisation running and well governed, but at the operational
level, information is very often the key product of the enterprise itself.
• Services, infrastructure and applications include the infrastructure, technology and applications that provide the
enterprise with information technology processing and services.
• People, skills and competencies are linked to people and are required for successful completion of all activities and
for making correct decisions and taking corrective actions.
Understanding COBIT 5.0 (IT Governance) by Mr. Avinash Totade
President of Information Systems Audit and Control Association (ISACA) UAE Chapter
OpenThinking Day 2012
Your Challenge
Business transformations are happening, but CIOs are often involved only when it comes time to implement change. This makes it difficult for the CIO to be perceived as an organizational leader.
CIOs find it difficult to juggle operational activities, strategic initiatives, and involvement in business transformation.
CIOs don’t always have the IT organization structured and mobilized in a manner that facilitates the identification of transformation opportunities, and the planning for and the implementation of organization-wide change.
Our Advice
Critical Insight
Don’t take an ad hoc approach to transformation.
You’re not in it alone.
Your legacy matters
Impact and Result
Elevate your stature as a business leader.
Empower the IT organization to act with a business mind first, and technology second.
Create a high-powered IT organization that is focused on driving lasting change, improving client experiences, and encouraging collaboration across the entire enterprise.
Generate opportunities for organizational growth, as manifested through revenue growth, profit growth, new market entry, new product development, etc.
The implementation of IT governance is important to lead and evolve the information system in agreement with stakeholders. This requirement is seriously amplified at the time of digital area considering all the new technologies that has been lunched recently (Big DATA, Artificial Intelligence, Machine Learning, Deep learning...). Thus, without a good rudder, every company risks getting lost in a sea endless and unreachable goals.
This paper aims to provide decision-making system that allow professionals to choose IT governance framework suitable to desired criteria and their importance based on a multi-criteria analysis method (WSM), we did implement a case study based on our analysis in a Moroccan company. Moreover, we present better understanding of IT Governance aspects such as standards and best practices.
Our article goes into a global objective that aims to build an integrated generated meta-model for better approach of IT Governance.
One of the most challenging assignments within an organization is establishing of a maturity
model structure in order to optimize enterprise effectiveness. The contents of this paper
concern such an assignment. The objective of this mission entailed the establishment of an
application governance model and the corresponding documentation therein.
This is a summary of Control Objectives for Information and related Technology audit framework. Anyone can understand COBIT-19 framework within few slides. COBIT was published by ITGI, a nonprofit research entity created by ISACA
Copyright Notice:
This presentation is prepared by Author for Perbanas Institute as a part of Author Lecture Series. It is to be used for educational and non-commercial purposes only and is not to be changed, altered, or used for any commercial endeavor without the express written permission from Author and/or Perbanas Institute. Appropriate legal action may be taken against any person, organization, or entity attempting to misrepresent, charge, or profit from the educational materials contained here.
Authors are allowed to use their own articles without seeking permission from any person, organization, or entity.
Provide an index to know how well positioned businesses, communities and governments around the world are in relation to risks and opportunities of adopting artificial intelligence
The COBIT 5 framework describes seven categories of enablers
• Principles, policies and frameworks are the vehicle to translate the desired behaviour into practical guidance for
day-to-day management.
• Processes describe an organised set of practices and activities to achieve certain objectives and produce a set of
outputs in support of achieving overall IT-related goals.
• Organisational structures are the key decision-making entities in an enterprise.
• Culture, ethics and behaviour of individuals and of the enterprise are very often underestimated as a success factor
in governance and management activities.
• Information is pervasive throughout any organisation and includes all information produced and used by the
enterprise. Information is required for keeping the organisation running and well governed, but at the operational
level, information is very often the key product of the enterprise itself.
• Services, infrastructure and applications include the infrastructure, technology and applications that provide the
enterprise with information technology processing and services.
• People, skills and competencies are linked to people and are required for successful completion of all activities and
for making correct decisions and taking corrective actions.
Understanding COBIT 5.0 (IT Governance) by Mr. Avinash Totade
President of Information Systems Audit and Control Association (ISACA) UAE Chapter
OpenThinking Day 2012
Your Challenge
Business transformations are happening, but CIOs are often involved only when it comes time to implement change. This makes it difficult for the CIO to be perceived as an organizational leader.
CIOs find it difficult to juggle operational activities, strategic initiatives, and involvement in business transformation.
CIOs don’t always have the IT organization structured and mobilized in a manner that facilitates the identification of transformation opportunities, and the planning for and the implementation of organization-wide change.
Our Advice
Critical Insight
Don’t take an ad hoc approach to transformation.
You’re not in it alone.
Your legacy matters
Impact and Result
Elevate your stature as a business leader.
Empower the IT organization to act with a business mind first, and technology second.
Create a high-powered IT organization that is focused on driving lasting change, improving client experiences, and encouraging collaboration across the entire enterprise.
Generate opportunities for organizational growth, as manifested through revenue growth, profit growth, new market entry, new product development, etc.
The implementation of IT governance is important to lead and evolve the information system in agreement with stakeholders. This requirement is seriously amplified at the time of digital area considering all the new technologies that has been lunched recently (Big DATA, Artificial Intelligence, Machine Learning, Deep learning...). Thus, without a good rudder, every company risks getting lost in a sea endless and unreachable goals.
This paper aims to provide decision-making system that allow professionals to choose IT governance framework suitable to desired criteria and their importance based on a multi-criteria analysis method (WSM), we did implement a case study based on our analysis in a Moroccan company. Moreover, we present better understanding of IT Governance aspects such as standards and best practices.
Our article goes into a global objective that aims to build an integrated generated meta-model for better approach of IT Governance.
Your take-away from the IT Service Management (ITSM) presentation are:
• A clear understanding of PM practices used in the implementation of ITSM
• Planning tips to successfully deliver an ITSM process improvement project
• Marketing ideas to socialize the message to the organization
• Testing techniques to achieve organic improvements along the way
• Ways to achieve buy-in from stakeholders
Presenting VALIT Frameworks and Comparing between Them and Other Enterprise A...Eswar Publications
It is necessary for each organization to move towards process-focused that it is supported and presided by information technology (IT). IT is considered as a part of processes field. In the information technology era, especially with the advent of network-based economy, organizations plans must be performed based on an architectural design deserving Information Society. Enterprise Architecture provides a framework to design organization based on Information Technology. Val IT framework is not related to enterprise architecture frameworks, but rather to IT governance. IT governance is indeed a paradigm in which it is attempted to make all activities and enterprise mechanisms for the planning, organizing, implementation and control of IT aligned and
consistent. This study first discusses the introduction of this framework; then, a comparison between this framework and COBIT as well as between enterprise architecture and Val IT will be done.
empirical study on the status of moroccan information systems and proposition...INFOGAIN PUBLICATION
Today, the function of the chief information officer (CIO) has become part of the flow charts of many Moroccan companies [1]. Based on this statement, we did an empirical study in the first part of this work on the state of information systems (IS) Moroccan to know their strengths and weaknesses. The aim of the second part is to propose an approach based on the IT (information technology) frameworks helping CIOs to form their own repository of good practices to be applied in order to have good IT governance.
The measurement of maturity level of information technology service based on ...TELKOMNIKA JOURNAL
Institutions are currently progressing on IT development and maximization in order to advance for good IT governance. Lack of comprehensive requirements analysis of IT utilization may lead to hindrances within IT development from achieving effective outcomes. This quantitative study employs control objective for information & related technology (COBIT 5) business framework to assess and identify the maturity level of IT service, primarily within the domain of delivery, service, and support (DSS). Data were obtained through questionnaire, observation, and documentation. The result reveals that the average maturity level of IT service is in level 3 (established); by which the study recommends for enhancements and upgrades in IT performance and service within the scope of compliance and IT service application and support.
Suggest an intelligent framework for building business process management [ p...ijseajournal
As companies enter into the digital world, information technology is playing a major role in bringing
process improvements to the forefront of business management. In the recent decades, many organizations
have struggled to redesign and improve their business processes to reduce their total cost. The main
contribution of this research study is to propose an intelligent framework that possesses the ability to
employ a database of best practices, business standards, and business activity history in order to permit the
manager to analyze and improve the design of the business processes.
In addition, the other objective of this research is to build a business process or workflow directly from its
process design logic in order to enable rapid process development and deployment. This procedure
requires some technical improvements of the business design, as it is mainly based on building the business
process using Microsoft Office Visio, which communicates the defined business process to the business
process management engine.
EXPLORING THE LINK BETWEEN LEADERSHIP AND DEVOPS PRACTICE AND PRINCIPLE ADOPTIONacijjournal
Our research focuses in software-intensive organizations and highlights the challenges that surface as a result of the transitioning process of highly-structured to DevOps practices and principles adoption. The approach collected data via a series of thirty (30) interviews, with practitioners from the EMEA
region (Czech Republic, Estonia, Italy, Georgia, Greece, The Netherlands, Saudi Arabia, South Africa, UAE, UK), working in nine (9) different industry domains and ten (10) different countries. A set of agile, lean and DevOps practices and principles were identified, which organizations select as
part of DevOps-oriented adoption. The most frequently adopted ITIL® service management practices, contributing to DevOps practice and principle adoption success, indicate that DevOps-oriented organizations benefit from the existence of change management, release and deployment management,
service level management, incident management and service catalog management. We also uncover that the DevOps adoption leadership role is required in a DevOps team setting and that it should, initially, be an individual role.
Similar to Proposal of a Framework of Lean Governance and Management of Enterprise IT (20)
A STEP-BY-STEP IMPLEMENTATION OF A CORPORATE SOCIAL NETWORK *Mehran Misaghi
Purpose: This paper demonstrate a step-by-step implementation of a corporate social network
involving employees, partners and customers considering cultural changes. It also demonstrates
the Corporate SNS evolution to a Daily Collaborative Work Platform incorporating Corporate
SNS and other tools as Enterprise Content Management (ECM), Business Process Management
(BPM), Enterprise Resource Planning (ERP), Mall (APP Store), Enterprise Service Bus (ESB),
Web Content Management (WCM), Identity Management (IDM), Analytics Tools, Portals like
Human Resources and Demand Management providing a single experience to their users.
Design / Methodology / Approach: This paper is a case study carried on in the biggest
developer of Enterprise Resource Planning (ERP) in Latin America.
Results: The use of a Corporate Social Network starts as a project but in order to continually
being productive and generating results it should be necessary for this tool to become a routine
activity in all company.
Originality / Value: Social Network Sites (SNS) revolutionized human relationship in personal,
academic and professional ways, extending the range of connections bringing new forms of
communication. New technologies bring new opportunities but also bring challenges. The first
companies to learn about SNS use will enjoy a great competitive advantage, improving how to do
business and coordinate internal and external relationships and activities. A corporate social
network implementation is a good start to obtain the advantages of this new technology but, for
the companies to conquer a collaborative form of work, a cultural base for the proper use of the
platform is crucial.
UMA ANÁLISE BIBLIOMÉTRICA SOBRE A APLICAÇÃO DO PENSAMENTO ENXUTO NA ENGENHARI...Mehran Misaghi
Objetivo: O Pensamento Enxuto vem influenciando e promovendo transformações no campo
da Engenharia de Software. O objetivo desta revisão sistemática é verificar o estado da arte dos
estudos no desenvolvimento de software propostos pelos pesquisadores nos últimos 5 anos e que
foram influenciados pela utilização do Pensamento Enxuto.
Design/Metodologia/Abordagem: Foram realizadas duas etapas: i) construção de um
portfólio bibliográfico, por meio da utilização do instrumento de pesquisa denominado
ProKnow-C; ii) análise bibliométrica.
Resultados: A análise bibliométrica permitiu analisar os artigos quanto aos autores, relevância
dos artigos e os periódicos que mais publicaram sobre o assunto em discussão.
Originalidade/valor: A importância desse trabalho se justifica em uma contribuição para a
temática e pelo estabelecimento de caminhos que possam ser seguidos por organizações que
necessitam compreender e utilizar adequadamente o seu conhecimento para inovar.
Direcionadores de adoção e implantação de frameworks de TI nas organizaçõesMehran Misaghi
Este trabalho tem como objetivo identificar os principais fatores, problemas e situações que motivam as
organizações de um modo geral, a adotarem frameworks, ou modelos de referência, de governança de TI,
possibilitando assim o exercício das melhores práticas de controle de seus processos internos. O procedimento
técnico utilizado na elaboração desse artigo científico foi a pesquisa bibliográfica, haja vista que o instrumento de
coleta de dados utilizado para a produção deste trabalho foi a coleta bibliográfica, tendo como fonte de informação
teses, dissertações, artigos, e livros que abordam essa temática. A governança de TI envolve uma grande variedade
de atividades, situações e problemas que por sua vez podem ser muito complexos, e acabam por levar as
organizações a adotarem frameworks que possibilitem um certo grau de organização, controle e confiança nas
atividades de TI. Nesse contexto, o COBIT e o ITIL são identificados como os frameworks que apresentam
importante papel para a obtenção de melhores resultados, embora não sejam as únicas alternativas existentes.
Conclui-se que existem inúmeros fatores que direcionam e motivam as organizações a adotarem frameworks de
governança de TI, sem os quais, fica quase que inviável exercer um total controle sobre os processos internos.
SEGURANÇA CIBERNÉTICA: DESAFIOS E OPORTUNIDADES NA ERA DE CIBERESPIONAGEMMehran Misaghi
Devido ao grande aumento do uso da Internet, a escassez da informação já não é mais uma preocupação, como em algumas décadas atrás. Atualmente, o excesso da informação tornou-se um dos problemas da maior rede mundial. A grande quantidade de informações permite coletar, classificar e separar essas informações em diversas formas, de acordo com o interesse de cada camada da sociedade, desde a mais bem intencionada até a mais maléfica, onde se encontram os cibercriminosos. Uma das formas de combater os cibercriminosos é por meio do monitoramento minucioso das atividades de qualquer cidadão que possa ser considerada como suspeito. Diversas agências de inteligência, em especial NSA, a Agência Nacional de Segurança dos Estados Unidos, têm feito coletas excessivas de dados para este fim. Este trabalho apresenta algumas formas de coleta, utilizadas pela NSA, bem como os desafios e oportunidades existentes.
Proposta de software integrado ao Facebook para auxílio na preparação para o ...Mehran Misaghi
A rede social Facebook faz parte da vida de mais de um bilhão de pessoas e seu uso tem sido explorado por pesquisadores da área de educação já que um alto grau de adesão ocorre, em especial, entre os estudantes universitários. No Brasil, esses estudantes são periodicamente submetidos ao Exame Nacional de Desempenho dos Estudantes – ENADE que, como resultado, apresenta indícios da qualidade de ensino existente em cada instituição de ensino superior. Assim, o objetivo principal deste trabalho é propor uma arquitetura para um sistema de revisão de estudos baseado na rede social Facebook. Para tanto, apresenta-se conceitos de redes sociais na internet seguido de uma relação de trabalhos que abordam o uso do Facebook na educação universitária e uma lista com ferramentas oferecidas pela rede social para a criação de aplicativos que venham a expandir suas funcionalidades. Percebe-se que duas ferramentas requerem mínimo conhecimento em programação, enquanto as demais exigem maior conhecimento mas também oferecem maior liberdade na construção do aplicativo e no acesso aos dados do Facebook. Um estudo de caso é realizado e é proposta uma arquitetura para um sistema de revisão de estudos integrado ao Facebook, uma vez que nenhuma ferramenta desta natureza tenha sido encontrada.
Proposta de software integrado ao Facebook para auxílio na preparação para o ...Mehran Misaghi
A rede social Facebook faz parte da vida de mais de um bilhão de pessoas e seu uso tem sido explorado por pesquisadores da área de educação já que um alto grau de adesão ocorre, em especial, entre os estudantes universitários. No Brasil, esses estudantes são periodicamente submetidos ao Exame Nacional de Desempenho dos Estudantes – ENADE que, como resultado, apresenta indícios da qualidade de ensino existente em cada instituição de ensino superior. Assim, o objetivo principal deste trabalho é propor uma arquitetura para um sistema de revisão de estudos baseado na rede social Facebook. Para tanto, apresenta-se conceitos de redes sociais na internet seguido de uma relação de trabalhos que abordam o uso do Facebook na educação universitária e uma lista com ferramentas oferecidas pela rede social para a criação de aplicativos que venham a expandir suas funcionalidades. Percebe-se que duas ferramentas requerem mínimo conhecimento em programação, enquanto as demais exigem maior conhecimento mas também oferecem maior liberdade na construção do aplicativo e no acesso aos dados do Facebook. Um estudo de caso é realizado e é proposta uma arquitetura para um sistema de revisão de estudos integrado ao Facebook, uma vez que nenhuma ferramenta desta natureza tenha sido encontrada.
Redes Sociais Corporativas: Uma Proposta de Análise de Competências Como Ferr...Mehran Misaghi
A dinâmica das redes sociais corporativas ajuda a entender o compartilhamento das habilidades empresariais entre os
profissionais da mesma empresa e também na relação organizacional com os clientes, quando estes possuem permissão
para interagir diretamente com o grupo através da rede social corporativa. A proposta deste artigo é analisar, através da
interação entre profissionais e clientes, as competências e habilidades que se encontram concentradas em poucos
participantes, carentes de capacitação. Como consequência demonstrar seu potencial como ferramenta de apoio as áreas
de Recursos Humanos e gestão para uma política de desenvolvimento profissional.
Redes Sociais Corporativas: Uma Proposta de Análise de Competências Como Ferr...Mehran Misaghi
A dinâmica das redes sociais corporativas ajuda a entender o compartilhamento das habilidades empresariais entre os profissionais da mesma empresa e também na relação organizacional com os clientes, quando estes possuem permissão para interagir diretamente com o grupo através da rede social corporativa. A proposta deste artigo é analisar, através da interação entre profissionais e clientes, as competências e habilidades que se encontram concentradas em poucos participantes, carentes de capacitação. Como consequência demonstrar seu potencial como ferramenta de apoio as áreas de Recursos Humanos e gestão para uma política de desenvolvimento profissional.
Aplicação de Um mecanismo infometrico num modelo de gestão de conhecimento co...Mehran Misaghi
A globalização do mercado impulsiona as organizações na busca pela excelência de seus produtos e serviços. Diante disso, o conhecimento é tratado como fator primordial para a qualidade da execução das tarefas produtivas. Para controlar esse avanço, diferentes estratégias de gestão foram criadas e diferentes tecnologias computacionais foram desenvolvidas. Além disso, o conhecimento se torna o ativo fundamental para esse processo, e as tecnologias da informação podem auxiliar a busca por maior competitividade no mercado. Nesse sentido, justifica-se o estudo das leis infométricas e os conceitos de gestão do conhecimento por meio de uma integração que facilite a busca por novos conhecimentos. Com este estudo descritivo, objetiva-se utilizar as leis infométricas para o processo de combinação do conhecimento baseado num modelo de gestão do conhecimento convergente. Diante da comprovação obtida pela ferramenta estatística t de Student, observou-se os benefícios imediatos trazidos, por este trabalho, à comunidade acadêmica da computação do IST.
Segurança cibernética: Desafios e oportunidades na era de ciberespionagemMehran Misaghi
Devido ao grande aumento do uso da Internet, a escassez da informação já não é mais uma preocupação, como em algumas décadas atrás. Atualmente, o excesso da informação tornou-se um dos problemas da maior rede mundial. A grande quantidade de informações permite coletar, classificar e separar essas informações em diversas formas, de acordo com o interesse de cada camada da sociedade, desde a mais bem intencionada até a mais maléfica, onde se encontram os cibercriminosos. Uma das formas de combater os cibercriminosos é por meio do monitoramento minucioso das atividades de qualquer cidadão que possa ser considerada como suspeito. Diversas agências de inteligência, em especial NSA, a Agência Nacional de Segurança dos Estados Unidos, têm feito coletas excessivas de dados para este fim. Este trabalho apresenta algumas formas de coleta, utilizadas pela NSA, bem como os desafios e oportunidades existentes.
Segurança cibernética: Desafios e oportunidades na era de ciberespionagemMehran Misaghi
Devido ao grande aumento do uso da Internet, a escassez da informação já não é mais uma preocupação, como em algumas décadas atrás. Atualmente, o excesso da informação tornou-se um dos problemas da maior rede mundial. A grande quantidade de informações permite coletar, classificar e separar essas informações em diversas formas, de acordo com o interesse de cada camada da sociedade, desde a mais bem intencionada até a mais maléfica, onde se encontram os cibercriminosos. Uma das formas de combater os cibercriminosos é por meio do monitoramento minucioso das atividades de qualquer cidadão que possa ser considerada como suspeito. Diversas agências de inteligência, em especial NSA, a Agência Nacional de Segurança dos Estados Unidos, têm feito coletas excessivas de dados para este fim. Este trabalho apresenta algumas formas de coleta, utilizadas pela NSA, bem como os desafios e oportunidades existentes.
LEAN SOFTWARE DEVELOPMENT: A CASE STUDY IN A MEDIUM-SIZED COMPANY IN BRAZILI...Mehran Misaghi
This article presents a literature review whose purpose is to identify the key characteristics of lean software development and its similarities and differences with agile methodologies. A case study conducted in a team of software developers is presented, where lean concepts were applied within the current process, previously based on agile methodologies. It was found at the end of this work that the indicator used by the team, percentage of the time spent on improvements and new features, had a significant increase, causing the team being able to add more value to the product, and to increase the level of quality.
Distributed Self-organized Trust Management for Mobile Ad Hoc NetworksMehran Misaghi
Trust is a concept from the Social Sciences and can be defined as how much a node is willing to take the risk of trusting another one. The correct evaluation of the trust is crucial for several security mechanisms for Mobile Ad Hoc Networks (MANETs). However, the implementation of an effective trust evaluation scheme is very difficult in such networks, due to their dynamic characteristics. This work presents a trust evaluation scheme for MANETs based on a self-organized virtual trust network. To estimate the trustworthiness of other nodes, nodes form trust chains based on behavior evidences maintained within the trust network. Nodes periodically exchange their trust networks with the neighbors, providing an efficient method to disseminate trust information across the network. The scheme is fully distributed and self-organized, not requiring any trusted third party. Simulation results show that the scheme is very efficient on gathering evidences to build the trust networks. It also shows that the scheme has a very small communication and memory overhead. Besides, it is the first trust evaluation scheme evaluated under bad mouthing and newcomers attacks and it maintains its effectiveness in such scenarios.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Essentials of Automations: Optimizing FME Workflows with Parameters
Proposal of a Framework of Lean Governance and Management of Enterprise IT
1. Proposal of a Framework of Lean Governance and
Management of Enterprise IT
Mauro Gonçalves Pinheiro
Newsoft Consultoria Empresarial
Rua dos Ipês, 242 - Boa Vista
89205-650 – Joinville – SC - Brazil
+55 47 9107-6300
mauro@newsoft.com.br
Mehran Misaghi
UNISOCIESC – Centro Universitário SOCIESC
Rua Albano Schmidt, 333 – Boa Vista
89206-001 – Joinville – SC – Brazil
+55 47 3461-0277
mehran@sociesc.org.br
ABSTRACT
Technology and Information are vital to the success of companies.
To leverage the successes in IT projects, companies have at their
disposal, references globally accepted as good practices (COBIT,
ITIL, PMBOK, ISO, TOGAF, etc.). In spite of this, it is still great
the magnitude of spending on IT projects poorly designed or
improperly implemented. This paper presents a brief description
of standards and good practices related to governance and
management of enterprise IT, defines the Lean Thinking, Lean IT,
the Processes Management, the Portfolio, Program and Project
Management, and the Work System Theory, and highlights the
purpose of them, showing their characteristics and suggests a
Framework of Lean Governance and Management of Enterprise
IT, by demonstrating how the standards and good practices
presented can work together, because it advocates that the Lean
Thinking, the Process, Portfolio, Program, and Project
Management, and the Work System Theory complement the
standards and good practices of Governance and Management of
Enterprise IT with an approach not referenced in these standards
and good practices.
Categories and Subject Descriptors
K.6.1 [Management of Computing and Information System]:
Project and People Management, Life cycle, Management
techniques, Staffing, Strategic information systems planning,
Systems analysis and design, Systems development, Training.
General Terms
Management, Measurement, Performance, Design, Economics,
Reliability, Security, Human Factors, Standardization, Legal
Aspects, and Verification.
Keywords
Enterprise IT Governance, Enterprise IT Management, Lean
Thinking, Lean IT, Work System, Processes Management,
Projects Management.
1. INTRODUCTION
Despite the growth in the use of standards and methodologies [1],
is still large number of projects for Information Technology (IT)
that result in high investments and results below the expected,
such as: unstable and inflexible systems, slowness in
operationalization of services, projects poorly managed, high
costs with people and resources, misalignment between IT and the
business, lack of visibility, among others.
In addition, the IT areas, in general, follow the same
organizational structure adopted by the company. As the majority
of companies have functional structures, the IT areas tend to be
organized in the same way. However, the references models
recognized by the market as good practices are organized by
processes, such as: ITIL [2], COBIT [3] and the PMBOK [4].
The Processes Management, BPM CBOK [5], and the Lean
Thinking [6] are knowledge being used in a growing number of
companies in order to become, or remain, competitive. The
Working System Theory [7] [8] presents a framework that shows
clearly the relationship between Customer, Products and Services,
Processes, Participants, Information, and Technologies.
This article presents the main concepts of Lean Thinking, Lean
IT, standards for Governance and Management of Enterprise IT,
Portfolio, Program and Project Management, Processes
Management, and Work Systems Theory.
This work supports the hypothesis that Lean Thinking, Process,
Portfolio, Program and Project Management, and the Work
System Theory, can complement the models and standards of
Governance and Management of Enterprise IT, with an approach
not existing in these models and standards of Enterprise IT, and
suggests a Framework of Lean Governance and Management of
Enterprise IT.
The Framework of Lean Governance and Management of
Enterprise IT shows how the presented disciplines are integrated
to support the companies to produce better products, services and
results, that add values to its stakeholders, through the effective
use of enterprise IT.
2. THEORETICAL REFERENCES
Each paragraph below defines one discipline, or good practice,
used as reference to the proposal Framework of Lean Governance
and Management of Enterprise IT.
The Lean Thinking [6] is a philosophy and a business strategy to
increase customer satisfaction through better use of resources.
Lean management seeks to provide a consistent, value to
customers with lower costs by identifying and supporting
Permission to make digital or hard copies of all or part of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that
copies bear this notice and the full citation on the first page. To copy
otherwise, or republish, to post on servers or to redistribute to lists,
requires prior specific permission and/or a fee.
iiWAS2014, 4-6 December, 2014, Hanoi, Vietnam.
Copyright 2014 ACM 978-1-4503-3001-5/14/12...$15.00.
2. improvements in primary and secondary flows (processes) value,
through the involvement and the initiative of qualified and
motivated people. Briefly, Lean thinking suggests five principles
to improve a productive environment: 1) Identify Value to
Customer, 2) Value Stream Mapping, 3) Create Flow, 4)
Customer Pull, and 5) Seek Perfection. Lean IT is the use of the
Lean Principles and Tools to improve IT quality in the creation
and delivering value to customers [1, 9].
COBIT (Control Objectives for Information and related
Technology) [3] is a guide to good practice presented as
framework, directed to the governance and management of
enterprise IT. Maintained by ISACA (Information Systems Audit
and Control Association), has a number of resources that can
serve as a reference model for IT management. Management
experts and independent institutes recommend using COBIT as a
means to optimize IT investments, improving return on
investment (ROI), providing metrics to assess outcomes: Key
Performance Indicators (KPI), Key Goal Indicators (KGI), and
Critical Success Factors (CSF). The COBIT has 37 processes
distributed in five groups of processes.
The ITIL [2] is the most recognized model of IT Service
Management (ITSM - Information Technology Service
Management) in the world. Began as an initiative from the UK
government in seeking a standard for hiring IT services that would
result in greater efficiency, then documented as the best and most
successful organizations approached the IT Management services.
The main guidance of ITIL consists of six publications: 1)
Introduction to the Practice of ITIL Service Management; 2)
Service Strategy (Service Strategy); 3) Project Services (Service
Design); 4) Transition Services (Service Transition); 5) Service
Operation (Service Operation); and 6) Continuous Improvement
Services (Continual Service Improvement).
In accordance to BPM CBOK [5], Business Process is an
aggregation of activities and behaviors performed by human
beings or machines to reach one or more outcomes. They are
repeated recursively within companies and their performance can,
and should, be measured and related to the achievement of their
overall objectives in terms of quality, delivery, cost among others.
Business Process Management (BPM) is a managerial discipline
that integrates strategy and the objectives of an organization with
customers’ needs and expectations, through the focus on end-to-
end processes. The business processes can be classified in three
kinds: Primary Processes, Management Processes, and Support
Processes.
According to PMBOK [4], Project is a group of temporary
activities conducted to produce a unique product, service or result.
According to the same source, Project Management is the
application of knowledge, skills and techniques to execute
projects effectively. The PMI (Project Management Institute) is a
nonprofit international institution of professionals of Project
Management, with over 2.9 million members around the world.
The PMBOK guide, maintained by PMI, is a set of knowledge in
Project Management. It is in the fifth edition. It contains the
fundamental practices that all project managers need to succeed in
their endeavors.
A Work System, Figure 1, is a system in which human
participants or machines perform work (processes and activities)
using information, technology and other resources to produce
products or services for internal or external customers [7], [8].
Environment includes the organizational, cultural, competitive,
technical and regulatory environments within which the work
system operates. The Infrastructure includes human,
informational, material and technical resources, which the system
needs to work. These resources must exist, and are managed out
of the work system and shared with other work systems. The
Strategy used by the company and the strategy used by the
working system must converge and help justify why the work
system operates the way it was defined.
Figure 1 - The Work System Framework [7, 8]
The ISO 38500:2008 [10] provide a governance framework to
assist those at the highest level of organizations to understand and
fulfill their legal, regulatory and ethical obligations regarding the
use of IT in their organizations.
The ISO 31000:2009 [11] standard provides principles and
generic guidelines for risk management. Any kind of organization
can use it. The standard can be applied throughout the life of an
organization and a wide range of activities, including strategies,
decisions, operations, processes, functions, projects, products,
assets and services, it can be applied to any type of risk, whatever
its nature, whether positive or negative consequences.
The TOGAF [12] is a model of architecture that provides the
methods and tools to assist in the acceptance, production, use and
maintenance of enterprise architecture. It is based on a model of
iterative process based on best practices and reuses of the set of
existing architecture. The ISO 42010:2011 [13] standard defines
architecture as "the fundamental organization of a system,
embodied in its components, relationships with others and with
the environment, and the principles governing its design and
evolution”.
PRINCE2 (PRojects IN Controlled Environments) [14] is a
universal method to manage projects, independent of the scale,
complexity, culture, geography or level of innovation of the
project. In July 2013, ownership of the rights to PRINCE2 was
transferred to AXELOS Ltd. It is integrated to other AXELOS
Global Best Practice methods (ITIL [2], P3O, P3M3, MSP [20],
MoR, etc.).
The family ISMS (Information Security Management Systems)
ISO 27000:2009 [15] has the intention of guiding organizations
of all types and sizes in the implementation and operation of a
System of Information Security Management Family. It provides
a model for establishing, implementing, operating, monitoring,
reviewing, maintaining and improving the protection of
information assets to achieve the business objectives based on a
risk assessment and acceptance of the risk levels of the
organization designed to effectively treat and manage the risks.
There are three CMMI (Capability Maturity Model Integration)
models [16]. Part of each model shares very similar practices with
the practices of the other two because these practices are
applicable to any businesses. But each model has unique practices
3. because they have different focuses. The CMMI for Acquisition is
designed for companies working with suppliers to build products
or provide services. The CMMI for Development is designed for
companies that focus on the development of products and
services. The CMMI for Services model is designed for
companies that focus on the creation, management and delivery of
services.
ISO 20000:2005 [17, 18] is the international standard for
managing IT services. It describes an integrated set of
management processes for the effective delivery of IT services to
businesses and customers. The standard consists of several parts.
Part 1 is the formal specification and details the requirements for a
service management system that allows the “service provider”
meets the requirements of the service and provides value for both
the customer and for the service provider. Part 2 provides
guidance on the implementation of the service management
system.
3. THE PROPOSED FRAMEWORK OF
LEAN GOVERNANCE AND
MANAGEMENT OF ENTERPRISE IT
The proposed Framework of Lean Governance and Management
of Enterprise IT, Figure 3, is based on Work System Theory [7,8],
and aligned to the Lean Thinking principles [6].
Figure 3 – The Proposed Framework of Lean Governance and
Management of Enterprise IT
Compared to the Work System Framework, some changes were
made, they are: Stakeholders in place of Customers; Values to
Stakeholders in place of Products & Services; Processes and P. P.
Projects in place of Processes & Activities and; Lean Thinking
with Strategies to be considered by all elements in the proposed
framework.
3.1 Stakeholders
This element of the proposed framework is aligned with the first
and the fourth principles of the Lean Thinking: 1) define value to
customer, and 4) customer pull, respectively. It is not possible to
define the value without identify the customer. It is the customer
that defines the values that are materialized through the products,
services and benefits. The clients of the Governance and
Management of Enterprise IT are more suitable to call them
Stakeholders.
The Governance of Enterprise IT has different stakeholders than
Management of Enterprise IT. The stakeholders of Governance of
Enterprise IT are the board of directors, business unit managers, in
special the IT manager. The stakeholders of Management of
Enterprise IT are the board of directors, business units’ managers,
the IT Manager, the users and clients of IT, the members of IT
team, the partners and suppliers of IT.
3.2 Values to Stakeholders
Values to stakeholders is aligned with the first principle of the
Lean Thinking: 1) define value to customer. Once the
stakeholders are known, it is necessary to define what is value to
them.
For the Governance of Enterprise IT, value is related to the
improvement of the processes for a good evaluation and direction
of IT, and assures its use to delivery benefits to the business,
balancing risks and resources with transparence to the
stakeholders.
For Management of Enterprise IT, value is related the
improvement of process to delivery IT services to the business
units, and to the final users, and to the clients of IT, in accordance
with their needs and their requirements, and aligned to the
corporate polices, strategies and standards defined in the
Governance of Enterprise IT level. To delivery IT services to the
business, it is important to pay attention to the IT team, and to the
partners, and to the suppliers of IT, because it is through them that
the IT services are delivered. A clear definition of requirements,
objectives and goals, a suitable environment, resources and
infrastructure, access to knowledge, capacitation, financial
recognition, and personal recognition, are some of values required
by who works on delivering services in the level of Management
of Enterprise IT.
Values must be measured in order to permit to know if the goals
established to them are been reached. Even at the level of
Governance of Enterprise IT, as at the level of “Management of
Enterprise IT” it is necessary to define indicators to monitor the
delivery of values to the business. With the suitable set of
Indicators it is possible to know how the values are been delivered
to the business, the quality and the performance of the IT services,
the level of satisfaction of the users, and clients, with IT services,
and with these information is possible to see tendency, improve
processes, and take correct decisions.
3.3 Work System
The Work System elements are aligned to second, third, fourth
and fifth principles of Lean Thinking, they are: 2) Value Stream
Mapping, 3) Create Flow, 4) Customer Pull, and 5) Seek
Perfection.
2) Value Stream Mapping – All IT processes, that delivery some
value to the stakeholders, must be reviewed in order to become
lean. This work is done through the analysis of each process step,
including new required steps, reducing or eliminating wasting
steps, and using good practices as references.
3) Create Flow – After the revision of the processes’ flows, they
need to be implemented, monitored, and constantly improved. The
value to the business is delivered through the implementation of
the lean flows. The IT processes’ flows must be integrated to the
value chain of the company.
4) Customer Pull – The IT works must be demanded and
prioritized by the stakeholders. IT has no end on itself. In the level
4. of the Governance of Enterprise IT is the board of directors, and
managers of the business units that define the priority of the
projects. The IT services and IT products are delivered to clients
and end users in response of their requisitions.
5) Seek Perfection – As important as implement a lean IT process,
without or with minimal waste, is to assure that the implemented
process remains lean, and more than that, the process is been
monitored, and is been compared to the new good practices in
order to be improved.
The Work System [7,8] has four elements: 1) Processes and
Activities, 2) Participants, 3) Information and, 4) Technologies.
For the purpose of the proposed Framework of Lean Governance
and Management of Enterprise IT, the “Processes and Activities”
were changed by “Processes and P. P. Projects”, the other three
elements remained the same.
3.4 Processes and P. P. Projects
The good practices for Governance and Management of
Enterprise IT are oriented to processes, as it can be seen in [3, 2,
12, 10]. It is through processes that the products and services are
delivered to the customers.
The Processes represent the “business as usual” [19], the
necessary works to “run the business”, to delivery products and
services to customers. In the case of the Governance and
Management of Enterprise IT the Processes represent the
necessary works to delivery Values to Stakeholders. A Process is
a permanent work system. Good practices, standards and tools to
be used to manage processes can be found in BPM CBOK [5].
The Lean Thinking has some tools that are useful to improve
processes like: VSM (Value Stream Mapping), A3, Kaizen and
5S.
But, to improve the Processes it is necessary to “Change the
Business” [19], and to do it, P. P. Project (Portfolio, Programs and
Projects) are recommended. Programs and Projects are temporary
work system. Good practices, standards and tools to be used to
manage Portfolio, Programs and Projects can be found in [4, 14,
19, 20]. The Lean Thinking has some tools that are useful to
improve the projects management like, Scrum, visual information,
and theory of constraints, value stream mapping, and others.
The proposed framework shows Good Practices into two blocks:
General and Specifics.
General Good Practices cover standards, methodologies and
practices that can be used for the entire company, including IT,
for example; Corporate Governance, Process Management,
Portfolio, Program, and Project Management, Work System, and
Lean Thinking.
Specific Good Practices cover standards, methodologies and
practices related to IT. Specific Good Practices were separated in
two categories, one for Governance of Enterprise IT, and other for
Management of Enterprise IT.
Some disciplines related to Governance of Enterprise IT are:
COBIT [3], ISO 38500:2008 [10] and ISO 31000:2009 [11].
Some disciplines related to Management of Enterprise IT are:
COBIT [3], ISO 31000:2009 [11], ITIL [2], ISO 20000-1:2011
[17], ISO 20000-2:2012 [18], ISO 27000:2009 [15], PMBOK
[16], PRINCE2 [4], TOGAF [12], and CMMI [16].
These good practices are used as reference to improve the
processes of Governance and Management of Enterprise IT, They
are not prescriptive, and there is the need to adjust them in order
to be implemented in each organization.
3.5 Participants
Participants in the work system are the people or machine that
perform the tasks of the processes, or the tasks of the projects. To
reach the excellence in the execution of processes and projects,
the participants must know what to do, how to do, and willing to
do. Without one of them the excellence in the execution of the
tasks of the processes, or projects, will not be reached. Special
attention is given to People in the Lean Thinking, because it is
through people that the processes and projects are performed.
People must be oriented, capacitated and treated with respect.
Capacity to lead people, negotiation, management of conflicts,
work in team, productive meeting and communication are some of
the good skills to be used by the participants in all levels.
3.6 Information
Information in the work system are the data or information
received to perform the processes, or projects, or the data or
information produced by the processes, or projects. The
information must have the appropriated format in order to
simplify the executions of the processes or projects. The
information can be texts, graphics, images, movies, and songs.
The information can be printed, showed in the video, panel, etc.
The information must be suitable to the media that will be used
like radio, television, Internet web sites, Social Media, e-mail,
using tablets, smartphones, computers, etc.
The information must be available in the right moment, and to the
right person, it must be necessary, confident, integral, reliable, and
in conformance to its application. Excess of information or lacks
of information are wastes. Information on the right quantity is
correct.
The indicators to monitor the delivered works, and the
performance of the processes and projects are critical to the
proposed framework, because they are used to improve the works.
Without the indicators, is not possible to manage the performance
of the processes, of the projects, neither its results achieved.
3.7 Technologies
Technologies in the work system are: software, hardware, and
communication used by participants to perform the processes, or
projects. Technologies must be used by participants when they
aggregate some value to the processes, or to the projects, for
example: it makes a process easer to be performed, it improves the
performance of a process, or it makes a process more secure, etc.
3.8 Environment
Environment includes the organizational, cultural, competitive,
technical, political, economical, and regulatory environments
within the work system operate. Environment represents the
external factors that can affect the work system. The world
outside of the organization is in constant changes. The work
system inside the organization must be flexible enough to adapt to
these changes in order to the organization remain competitive.
3.9 Strategy
The strategy used by the company, and the strategy used by the
working system must converge and help justify why the work
system operates the way it was defined. The Lean Thinking is
considered one of the strategies used in the implementation of the
Framework of Lean Governance and Management of Enterprise
5. IT. The adjective “Lean” is given to the proposed Framework due
to this strategy. Each organization has its own mission, vision,
values, objectives, goals, and politics, and this strategic
orientation must be shared with the entire organization. Thus, all
business units can work aligned to this strategy.
3.10 Infrastructure
The Infrastructure includes several kinds of resources required to
make the work system work, some examples are: human
resources, information, materials, services, and technical
resources. The Infrastructure is managed out of work system, and
is shared with other work systems. Depending on the scope of the
work system, a resource is part of the work system as a
participant, information or technology. Otherwise it is part of the
Infrastructure.
4. CONCLUSION
The Corporate Governance, among other things, aims to establish
the strategic alignment between all processes, from all business
units, at all levels.
The Governance of Enterprise IT is aligned to the Corporate
Governance and aims to give the IT strategic alignment and
directions to all business units, at all levels. This means, in
practice, that the politics, standards, compliance of governance of
enterprise IT, dictate the actions of IT, but also guide the actions
of others business units in an organization. On the other hand, the
IT business unit, and its processes and services, are also guided by
financial governance, by human resources governance, among
others.
This paper presented several disciplines, some of them are valid
for all organization and its were called general good practices.
Others disciplines were specifically to Governance and
Management of Enterprise IT, and these disciplines were called
specifics good practices.
The standards and methodologies of enterprise IT are mature, but
as mentioned by [1], many IT projects are still associated with
high values of investments and low results for the business. This
paper supports the idea that integrate the general good practices
with the specifics good practices is possible achieve better results.
The proposed Framework of Lean Governance and Management
of Enterprise IT reinforces the importance that should be given the
People, to behavioral aspects, and the principles of lean thinking
to support all processes. The Working System, Alter [7, 8],
emphasizes the Stakeholders at the top of the pyramid, which
demand products, services and results. The products, services and
results are delivered through Work Systems.
The expected benefits with the application of the proposed
framework are: a) A clear understanding of who are the
stakeholders of Governance and Management of Enterprise IT,
and what are their requirements, and their expected values; b) A
robust and holistic framework, integrated to the corporate
governance, to delivery values to the stakeholders; c) The
improvement of the processes and projects related to Governance
and Management of Enterprise IT using the good practices as
references, and Lean Thinking as strategy to empower people,
delivery values and reduce, or eliminate wastes; d) Assure a
continual improvement of the processes, and project of Lean
Governance and Management of Enterprise IT.
5. REFERENCES
[1] BELL, Steven C., ORZEN, Michael A., Lean IT: Enabling
and Sustaining Your Lean Transformation, 1st. Edition, New
York: Productivity Press, 2011. 349p.
[2] ITIL. The Official Introduction to the ITIL Service Lifecycle.
Published by TSO (The Stationery Office) with permission
of the OGC (Office of Government Commerce), 2007.
[3] COBIT 5. A Business Framework for the Governance and
Management of Enterprise IT, ISACA, 2012.
[4] PMBOK, A Guide to the Project Management Body of
Knowledge (PMBOK Guide) – Fifth Edition, 2013 PMI.
[5] BPM CBOK, Guide to Business Processes Management:
Common Body of Knowledge, Version 3.0 – 1st Edition,
2013 ABPMP: Association of Business Process Management
Professionals.
[6] WOMACK, James P., JONES, Daniel T., Lean Thinking –
Banish waste and create wealth in your corporation, 2003
Edition, Free Press, New York, NY, 2003.
[7] ALTER, S., Work System Theory: Overview of Core
Concepts, Extensions, and Challenges for the Future. Journal
of the Association for Information Systems Vol. 14, Issue 2,
pp. 72-121, February 2013.
[8] ALTER, S., Defining Information Systems as Work Systems:
Implications for the IS Field, Published in European Journal
of Information Systems, 17(5), Oct. 2008, pp. 448- 469.
[9] EXIN, Lean IT Foundation - Workbook, Edition February
2013, EXIN and DANSK IT, 2013, 128p.
[10] ISO 38500, Corporate governance of Information
Technology, First Edition, Switzerland, ISO, 2008.
[11] ISO 31000, Principles and Guidelines on Implementation of
Risk Management, First Edition, Switzerland, ISO, 2009.
[12] TOGAF, The Open Group Architecture Framework, Version
9, The Open Group, 2009.
[13] ISO 42010, Systems and Software Engineering –
Architecture Description, First Edition, Switzerland, ISO,
2011.
[14] PRINCE2, Project Management - Managing Successful
Projects with PRINCE2, 2009 edition, TSO, United
Kingdom, 2009.
[15] ISO 27000, Information technology — Security techniques
— Information security management systems — Overview
and vocabulary, First Edition, Switzerland, ISO, 2009.
[16] PHILLIPS, Mike, SHRUM Sandy, Which CMMI Model Is
for You?, Pittsbourgh, PA, Software Engineering Institute,
Carnegie Mellon University, 2011.
[17] ISO 20000-1, Information technology — Service
Management — Part1: Service management system
requirements, First Edition, Switzerland, ISO, 2011.
[18] ISO 20000-2, Information technology — Service
Management — Part1: Guidance on the application of
Service Management, First Edition, Switzerland, ISO, 2012.
[19] MoP, Management of Portfolios, 2011 edition, TSO, United
Kingdom, 2011.
[20] MSP, Programme Management – Managing Successful
Programmes, 2011 edition, TSO, United Kingdom, 2011.