Assessment of IT Operations Leveraging Industry … of IT Operations Leveraging Industry Standard...
-
Upload
nguyentruc -
Category
Documents
-
view
215 -
download
2
Transcript of Assessment of IT Operations Leveraging Industry … of IT Operations Leveraging Industry Standard...
Assessment of IT OperationsLeveraging Industry StandardLeveraging Industry Standard
Frameworks*An Overview
*COBIT 5, ITIL, CMM, otherCOBIT 5, ITIL, CMM, other
SSPEAKERPEAKER BBIOGRAPHYIOGRAPHYSSPEAKERPEAKER BBIOGRAPHYIOGRAPHY
Sameer Gupta is a director in KPMG's Management Consulting Practice andSameer Gupta is a director in KPMG s Management Consulting Practice and
has over 25 years of IT strategy, sourcing, transformation, reengineering, and
operations improvement experience. He has worked closely with CXOs of
lti l F t 1000 i t h l li th i i i timultiple Fortune 1000 companies to help align their sourcing, organization
and governance strategy with their corporate goals. He has worked on number
of initiatives to help lower the TCO while improving customer focus. His
experience includes assessment, definition, implementation, management
and optimization of these strategies.
AgendaAgenda• Overview – 45 minutes
– Defining IT EnterpriseDefining IT Enterprise– Defining Stakeholder Value– Exercise : Current Challenges– Aspects of Mature IT– Value of Mature IT– IT Maturity Assessment Model Frameworks– IT Maturity Assessment Model Frameworks– Steps in a Maturity Assessment– Maturity Levels– When to do a Maturity Assessment? – What do you need to conduct an assessment?
• Application Exercise 15 minutes• Application Exercise – 15 minutes– Identify top 4 challenges in your IT organization– Align Maturity Gaps with Challenges
• Exercise Discussion – 15 minutes– Sample Outputs
• Additional Considerations – 15 minutes– Capability Importance– Typical Next Steps– Wrap Up
Defining the IT EnterpriseDefining the IT EnterpriseInformation is a key resource for all enterprises.Information is created, used, retained, disclosed and destroyed.Technology plays a key role in these actions
Stakeholder Drivers(Environment, Technology Evolution…)
Technology plays a key role in these actions.Enterprises maintain quality information to drive business decisionsGenerate business value from IT‐enabled investmentsMaintain IT‐related risk at an acceptable levelOptimize the cost of IT services and technology
S COBIT 5 I d i
Stakeholder Needs: ValueBenefits
RealizationRisk
OptimizationResource
Optimization
Influences
Stakeholder Drivers and Enterprise GoalsSource: COBIT 5‐Introduction
Enterprise GoalsIT Enablement Services
Realization Optimization Optimization
ustomers IT Supper
vices
mpu
ting
espplications
eslications
es
IT-related Goals
Cascades to
IT Cu
pliers
Central IT Se
Person
al Com
Service
Back‐Office Ap
Service
Busine
ss App
Service
Enabler Goals
Cascades to
Source: COBIT® 5, © 2012 ISACA®
Delivering Stakeholder ValueDelivering Stakeholder ValueBusiness Direction, Structure and Corporate Governance
Owners and Stakeholders
iers
IT CManage Services
Govern ServicesAccountableDelegate
IT Sup
pli ustom
ersDevelop Services
Governing Body
MonitorSet Direction
Deliver Services
Management
/
COBIT 5 Principles1 Meeting Stakeholder Needs
Operations and Execution
ReportInstruct/ Align1. Meeting Stakeholder Needs2. Covering the Enterprise End to End3. Applying a Single Integrated Framework4. Enabling a Holistic Approach5. Separating Governance from Management
dSource: COBIT® 5, © 2012 ISACA®Source: COBIT 5‐Introduction
IT Organization ChallengesIT Organization Challenges
1 Customer 2 IT not cost3. Unfilled
4 Systems1. Customer not satisfied
2. IT not cost efficient
improvement opportunities
4. Systems not stable
6 Projects not 7 Technology5. Inadequate
controls
6. Projects not delivered on‐
time
7. Technology not up‐to‐
date
8. Lot of open positions
9. Redundant applications
10. Risk concerns from outsourcing
11. Lack in application functionality
12. Data centers not secure
13. Business not proactive
14. Projects quality is bad
Aspects of Mature ITWhat organization capabilities to consider?
��
��
5
4��
��
��
�
���������� � ������ �������� ����� ��� ���������
2. Processes3.Organizational
Structures
4. Culture, Ethics & Behavior
3
��
� �
��
�
������������ � �������
��������� ������� ��
1. Principles, Policies and Frameworks
2
1
�� �������
������� ��������
����������
Resources
5. Information6. Services –
Infrastructure & Applications
7. People, Skills & Competencies
Key aspects of capability for‘getting the job done’ ��
���� ��������
0� 100�
������� ��� �����
Source: COBIT® 5, © 2012 ISACA®
COBIT 5 Enablers
���� �������� �����
Lack of Maturity results l f lin loss of IT Value…
5 10%
10‐15%
10‐15%Loss in vendor governance
Poor demand
25‐45% potential
5‐10%
5‐10%
5‐10%
Poor demand management
potential value decline
Loss in executive focus
Loss in process dh
Poor capacity management
adherence
Illustrative
…IT Value can be gained by improving Maturity
By improving maturity, IT organizations may realizeorganizations may realize additional significant value gain, as they move up the value chain and focus beyond efficiency and deliver an effective service delivery organization.
10 15%
10‐15%
10‐15% Gain through faster access to i iGain through
30‐50% potential
5‐10%
10‐15%
5‐10%
innovation Gain through increased agility and faster time to market
potential value gain
Gain through strategic vendor relationshipsGain through
better change
Gain through business aligned
change initiatives
better change management
Illustrative
IT Assessment FrameworksITIL and CMMi
• ITIL – a framework for IT Service Management• ITIL – a framework for IT Service Management. It contains a set of guidelines that an IT Organization is recommended to follow based on industry best practice.on industry best practice.
• CMMi – a framework for managing process and integrating activities across an organization.
IT Assessment FrameworksITIL and CMMi
Strategy RequirementOptimize
CMMi
ITIL CMMiFocus on Service Management/ Operations
Focus on Software Development, Integration,
Evolve
Design & SelectEvolve
Design
B ildDeploy
OperateIT Life Cycle
g / p p , g ,Deployment & Maintenance
IT Operations and Services Application Development, Infrastructure Projects
Address IT Operation Primarily focused on Software & SelectBuild
ITIL
Address IT Operation processes like Security, Change Management, Capacity Planning and Service Desk
Primarily focused on Software Development Organizations
Framework for the operations Quality standard for softwareFramework for the operations and infrastructure taking a Services view
Quality standard for software development processes
COBIT 5: Enabling ProcessesCOBIT 5: Enabling Processes
APO03 Manage enterprise architecture
Added/ Updated from COBIT 4
architecture.APO04 Manage innovation.APO05 Manage portfolio.APO06 Manage budget and costs.APO08 Manage relationships.APO13 Manage security.BAI05 Manage organisational change enablement.BAI08 Manage knowledge.BAI09 Manage assets.DSS05 Manage security service.DSS06 M b iDSS06 Manage business process controls.
Source: COBIT® 5, © 2012 ISACA®
IT Maturity AssessmentUnderstand Business Expectations from IT
Back‐Office Applications Services
Business Applications Services
Personal Computing Services
Central IT Services
Before undertaking an assessment, gain understanding of the overall
Product Innovation
Business Intelligence
Business Agility
Cost Containment
Capacity Management
Quality Improvement
g gbusiness, objectives, strategies, plan, and business model and the role that technology has in supporting the business in order g y
Process Transformation
New Market Entry
Q y p
Process Efficiency
Stable Operations
pp gfor the assessment to be meaningful and useful.
IT Services
Select an Assessment FrameworkSelect an Assessment Framework
Business Direction, Structure and Corporate Governance
Information & Systems Strategy
Portfolio Management
Governance Management
Business/ IT Alignment
Enterprise Architecture
Benefits Management
tom
ers IT Su
IT Service Management
Information Security
Management
Resource Management
IT Performance Management
IT Financial Management
IT Management
Vendor MM
anag
emen
t
IT Man
T A
lignm
ent
IT C
ust uppliers
Program ManagementOpportunityDevelopment
SolutionsDevelopment
Service Delivery
Systems Development
Applications Management
Managem
entR
elat
ions
hip
M agement
Busi
ness
/ IT
ConfigurationChange
SystemAvailability
IT ServiceSupport
Service Delivery
InfrastructureManagement
Sample FrameworkSample Framework
Step One – Select a Process kdBreakdown
• The first step in the process involves deciding how to break the big problem into a smaller set of activities. This usually involves selecting an “IT process framework” as the starting point.
Business Direction, Structure and Corporate Governance
Information & S t St t
Portfolio M t
Governance M t
Business/ IT Alignment
Enterprise A hit t
Benefits M t
ers IT
IT Service Management
(APO09)
Information Security
Management
Resource Management
(APO07)
IT Performance Management
(AP011)
IT Financial Management
(APO06)
IT Management
Systems Strategy(APO01, AP002)
Management(APO05 )
Management(MEA01, MEA02, MEA03)
Architecture(APO03, )
Management(EDM002)
Relation(Eem
ent B
usineent
IT S
uppl
ie Custom
ersProgram Management(BAI01)
OpportunityDevelopment
(BAI02)
SolutionsDevelopment
(BAI03)
(APO09) g(APO13, DSS05)
(APO07) (AP011)(APO06)
Systems Development
Applications Management
(BAI06)
nship Managem
enE
DM
05, AP
O08)
Ven
dor
Man
age
(AP
O10
)
ess/ IT Alignm
entIT
Man
agem
( ) ( )
ConfigurationChange(BAI10)
SystemAvailability
(BAI04, DSS04)
IT ServiceSupport
(DSS02, DSS03)
Service Delivery
( )
InfrastructureManagement(DSS01, DSS02)
nt
Partial Mapping to COBIT 5
Step Two – Schedule Discussions with Key S k h ldStakeholders
• The next step is to select who to involve in the assessment data gathering, specifically to understand current performance levels in context of the standards for performance.
nt nt ent
nt nt ent
ms Strategy
prise Architecture
rnan
ce M
anagem
en
olio M
anagem
ent
its Re
alization
onship M
anagem
en
e & Cap
ability
cial M
anagem
ent
rman
ce M
anagem
e
e Man
agem
ent
ity Man
agem
ent
or M
anagem
ent
rtun
ity Develop
men
am M
anagem
ent
onsDevelop
men
t
cation
s Man
agem
en
tructure M
anagem
mAvailability
guration
Chan
ge
eSupp
ort
SAMPLE
Interviewees System
Enterp
Gover
Portfo
Bene
f
Relatio
Peop
le
Fina
nc
Perfor
Servic
Securi
Ven
do
Opp
or
Progra
Solutio
App
lic
Infrast
System
Config
Servic
IT LeadershipChief Information Officer (CIO)
x x x x x x x x x
Chief Technology Officer (CTO) x x x x x x x x xChief Technology Officer (CTO) x x x x x x x x x
Application Manager x x x x x x x x x x x x x x x
Operations Manager x x x x x x x x x
Business LeadershipBusiness LeadershipChief Executive (CEO)
x x x x x x x
Chief Financial Officer (CFO) x x x x x x x
Enterprise Risk Officer x x x x
Key Business Stakeholders x x x x x x x x x x x
Step Three – Compare Performance to d dStandards
• Once the right stakeholders are involved, a facilitated process occurs. This can be done by using surveys, interviews or facilitated workshops to compare current activities to standards for the IT process.
Understand IT RoleUnderstand IT Role
‐ External Forces
‐ Internal Business Considerations
‐ Current IT Strategy
Assess IT CapabilitiesAssess IT Capabilities
‐ IT controls
‐ IT process guidelines
Develop RecommendationsDevelop Recommendations
‐ Prioritize Improvement Current IT Strategy‐ Integrated approach
pAreas
‐ Recommendations
‐ Roadmap
Defining Maturity Levels –Typical Levels
COBIT 4.1 MM Levels
Capability Levels Based on ISO/IEC
Meaning of the Capability Levels Based on ISO/IEC 15504
ContextLevels Based on ISO/IEC
1550415504
5—Optimizing 5—Optimized Continuously improved to meet relevant current and projected enterprise goals
Enterprise view/corporate knowledgeknowledge4—Managed and
measurable4—Predictable Operates within defined limits to achieve its
process outcomes
3—Defined 3—Established Implemented using a defined process that is capable of achieving its process outcomes
N/A 2—Managed Implemented in a managed fashion (planned, monitored and adjusted) with appropriately established, controlled and maintained work products
Instance view/individual knowledge
N/A 1—Performed Achieves its process purpose
2—Repeatable1—Ad hoc0—Non‐existent
0—Incomplete Not implemented or little/no evidence of any systematic achievement of the process purpose
When to conduct a Maturity ?Assessment?
• New Leadership p
• Major Business/ IT Transformation
• Audit Recommendation
• Major Outsourcing Transformation
• Cost Optimization
• Risk Assessment
• Ongoing
What do you need to conduct an ?assessment?
Value of Portfolio Management Key Process Components/ KPIs
Questionnaire/ Evidence Maturity Framework
Identify top 4 challenges in your IT organization
1 Customer 2 IT not cost3. Unfilled
4 Systems1. Customer not satisfied
2. IT not cost efficient
improvement opportunities
4. Systems not stable
6 Projects not 7 Technology5. Inadequate
controls
6. Projects not delivered on‐
time
7. Technology not up‐to‐
date
8. Lot of open positions
9. Redundant applications
10. Risk concerns from outsourcing
11. Lack in application functionality
12. Data centers not secure
13. Business not proactive
14. Projects quality is bad
Review IT Maturity Modell h h llAlign with Challenges
Business Direction, Structure and Corporate Governance
Information & Portfolio Governance
Business/ IT Alignment
Enterprise Benefits
ers IT
IT Service Management
Information Security
Management
Resource Management
IT Performance Management
IT Financial Management
IT Management
Systems Strategy ManagementManagementp
Architecture Management
Vendoagem
ent
IT gnm
ent
IT C
usto
mT Suppliers
Program ManagementOpportunityDevelopment
SolutionsDevelopment
g Managementg gg
Systems Development
Applications Management
or Managem
entR
elat
ions
hip
Man
a Managem
entBu
sine
ss/ I
T Al
ig
ConfigurationChange
SystemAvailability
IT ServiceSupport
Service Delivery
InfrastructureManagement
R
Staying Pragmatic about the "Real "Pain Points"
• The best IT Governance diagnostics will consider the pragmatic realities of daily IT operations. Most management practices that appear unusual will have rational reasons for existing. The
Symptom Naïve Interpretation
Software license • Software Purchasing not
ost a age e t p act ces t at appea u usua a e at o a easo s o e st g etable below illustrates some real‐life examples.
Real Situation / Pain Point
• CIO under directive from CFO to cut costs; lapses maintenance agreements arelapsed
gfunctional
• Purchase upgrades; newmethods to monitor maintenance
; pintentional to fund critical projects
• Need to improve financial management and business alignment processes
d k d b k d diCompany paying unusually low price for infrastructure management
• IT supplier management is highly effective; no changes are necessary
• Vendor was asked to cut costs; backup and disaster recovery process was scoped out
• Need to improve supplier management and value management processes
• Outstanding demand business is dissatisfiedIT budget is significantly below industry benchmarks
• IT cost management is highly effective.
• “Is this really a problem?”
• Outstanding demand, business is dissatisfied• Immature portfolio management and business alignment
y p• “Is it really good?”
Sample OutputsSample OutputsThe final report is typically an executive summary and a detailed report on the current and target states, gaps and corresponding recommendations. A high level roadmap is usually included to prioritize next stepsusually included to prioritize next steps.
Example: Summary Maturity Level Graphic
Example: Summary Roadmap
Capability ImportanceCapability Importance
“Maturity” 5y
Degree of process and attitudinal effectiveness against the KPMG Maturity M d l
4
Capability too high to support the business
Model
“Importance”
Maturity
3
M
2Capability insufficient to support
the business
Degree to which influences in the business demand mean that the capability will
Importance1 2 3 4 5
1
that the capability will have an impact on IT’s ability to deliver
Typical Next StepsTypical Next Steps
Design
•Future State Model Design
• Implementation
Enable
•Service Delivery Framework
Manage
•Services Portfolio
Assess
• IT Maturity • Implementation Roadmap
•Service Management Framework
•Transition
•Services Portfolio Management
•Detailed Operating Procedures
•Process & Tool Definition
•Change Management
IT Maturity Assessment
•Gap Analysis
g g
COBIT 5 ImplementationCOBIT 5 Implementation
S COBIT® 5 © 2012 ISACA®Source: COBIT® 5, © 2012 ISACA®
Collaborate – Contribute – Connect
• www.isaca.org/knowledge-center • The Knowledge Center is a collection of
resources and online communities that connect ISACA members – globally, across industries and by professional focus - under one umbrella. Add or reply to a discussion, post a document or link, connect with other ISACA members, or create a wiki by participating in a community today!