Frameworks For Predictability

32
Frameworks For Predictability: COBIT, ITIL and PMBOK Terrance Knecht, MBA, PMP, CISSP, CGEIT, COBIT, ITIL [email protected]

description

Frameworks For Predictability, PMI, ITIL, COBIT

Transcript of Frameworks For Predictability

Page 1: Frameworks For Predictability

Frameworks For Predictability: COBIT, ITIL and PMBOK

Terrance Knecht, MBA, PMP, CISSP, CGEIT, COBIT, [email protected]

Page 2: Frameworks For Predictability

Terrance KnechtCurrently Consultant to ZS Associates

working on a project for Amgen (Phama)Previously head of Information Technology

for organizations 5 timesWorked in Information Technology in the

following industries: Government, Healthcare, Banking, Retail, Media, Telemarketing, Financial Services, Insurance, Education, Pharmaceuticals

Most successful in turnaround/troubled environments

Page 3: Frameworks For Predictability

Information Technology Organizations Are ReviewedScheduled AuditEvent/problem triggeredManagement questions IT ‘s directionMerger/Acquisition

Page 4: Frameworks For Predictability

Are You Organized?If someone comes in to review your

organization and actions are not tied to a process, each action is often reviewed

15 years ago if you had a system that tied individual actions to processes which themselves were tied to the high level summary, there was a general acceptance of your departmentCapitalized projects – outside auditProcesses - sale of organization

Page 5: Frameworks For Predictability

Next Level – International StandardsToday there are several internationally accepted

standards [FRAMEWORKS] for accomplishing functions within organizations. Use a standard framework:To eliminate the need to “invent” one’s own

standardsTo have predictability in resultsTo have acceptance of the framework by

outside entitiesTo have portability of a person’s skillsSenior Management is now responsible

Page 6: Frameworks For Predictability

FrameworksCOBIT (Control Objectives for Information

and Related TechnologyITIL (Information Technology Infrastructure

Library)PMBOK (Project Management Body of

Knowledge)COSO (Committee of Sponsoring

Organizations of the Treadway CommissionISO27001/ISO27002 (Security)CMMI (Capability Maturity Model

Integration)

Page 7: Frameworks For Predictability

COBIT (Control Objectives for Information and Related Technology)Key elements of enterprise governance:

Need for assurance about the value of IT (VALUE)

Management of IT risk (RISK)Increased requirements for control over

information (CONTROL)

Page 8: Frameworks For Predictability

COBIT Objectives

Page 9: Frameworks For Predictability

COBIT FrameworkCOBIT has information as the core value As a control and governance framework for

IT, COBIT focuses on two key areas:Providing the information required to

support business objectives and requirements

Treating information as the result of the combination of the application of IT-related resources that need to be managed by IT processes

Page 10: Frameworks For Predictability

Process OrientedCOBIT is Process Oriented – These processes

control IT resourcesApplicationsInformation – 9 Information CriteriaInfrastructurePeople

Page 11: Frameworks For Predictability

COBIT – Information: DimensionsEffectivenessEfficiencyConfidentialityIntegrityAvailabilityComplianceReliability

Page 12: Frameworks For Predictability

These Resources Are Controlled Within 4 Domains

MONITOR & EVALUATE

PLAN & ORGANIZE

ACQUIRE AND

IMPLEMENT

DELIVER AND

SUPPORT

Page 13: Frameworks For Predictability

Total of 34 Processes Supporting the 4 DomainsMonitor & Evaluate

Monitor & Evaluate IT performanceMonitor & evaluate internal controlsEnsue compliance with external requirementsProvide IT governance

Plan & OrganizeDefine a strategic IT PlanDefine the information architectureDetermine technological directionDefine the IT Processes, organization and relationshipsManage the IT investmentsCommunicate management aims and directionManage IT human resourcesManage qualityAssess and manage IT risksManage projectsAcquire & Implement

Identify automated solutionsAcquire & maintain application softwareAcquire & maintain technology infrastructureEnable operation and useProcure IT resourcesManage changesInstall & accredit solutions and changes

Deliver & SupportDefine & manage service levelsManage third party servicesManage performance and capacityEnsure continuous serviceEnsure systems securityIdentify & allocate costsEducate & train usersManage service desk and incidentsManage the configurationManage problemsManage dataManage the physical environmentManage operations

Page 14: Frameworks For Predictability

COBIT – Example – Strategic IT Plan Identify Primary, Secondary & Other for

InformationEffectiveness - PrimaryEfficiency - SecondaryConfidentialityIntegrityAvailabilityComplianceReliability

Page 15: Frameworks For Predictability

Primary

COBIT – Example – Strategic IT Plan Identify Primary, Secondary & Other for IT

Governance Focus Areas

Secondary

Secondary

Page 16: Frameworks For Predictability

COBIT – Example – Strategic IT Plan Identify Primary, Secondary & Other for IT

resourcesApplications - PrimaryInformation - PrimaryInfrastructure - PrimaryPeople - Primary

Page 17: Frameworks For Predictability

COBIT – Example – Strategic IT Plan ID InputsID OutputsCreate RACI Chart (Responsible,

Accountable, Consulted, Informed)Create Goals and Metrics

Page 18: Frameworks For Predictability

COBIT – Example – Strategic IT Plan Fill in the blanks:

Control over the IT Process of Define a Strategic Plan

That stratifies the business requirements of IT of _______

By focusing on ________Is achieved by ________And is measured by _______

Page 19: Frameworks For Predictability

Maturity ModelThe current status (in evolution) can be rated

on a maturity scale (CMMI)0 Non-existent1 Initial / Ad Hoc2 Repeatable but Intuitive3 Defined4 Managed and Measurable5 Optimized

Page 20: Frameworks For Predictability

COBIT: EvaluationCOBIT/ISACA has an online COBIT evaluation

system to determine at what level (maturity) an organization is regarding its implementation of COBIT

Page 21: Frameworks For Predictability

ITIL – Information Technology Infrastructure LibraryITIL is centered on Service Management

(ITSM) – this is the back office or operational concerns of IT to insure that the focus is on the relationship with the customer

A service is a means of delivery of value to customers by facilitating outcomes the customers want to achieve without their ownership of specific costs or risks

Service Management is a set of specialized organizational capabilities for providing value to customers in the form of a service

Page 22: Frameworks For Predictability

ITIL Life CycleService Strategy defines, maintains and

implements objectives & goalsService Design focuses on setting pragmatic

service blueprints which convert strategy into reality

Service Transition aims to bridge the gap between projects and operations

Service Operations ensures that there are strong end-to-end practices that insure stable services

Continuous Service Improvement enables improvement by supporting change

Page 23: Frameworks For Predictability

ITIL

Service

Design

Service Transitio

n

Service Operatio

n

SERVICESTRATEG

Y

CONTINUOUS SERVICE IMPROVEMENT

CONTINUOUS SERVICE IMPROVEMENT

Page 24: Frameworks For Predictability

COBIT & ITIL & PMBOKCOBIT is concerned with WHAT processes

are covered in its frameworkITIL provides the detailed best practices on

HOW processes should be designedPMBOK provides the framework HOW to

implement projects which result in change

Page 25: Frameworks For Predictability

ITIL – One of 5 Key Stages of Service – An Example Service Transition Is Composed of:

Change ManagementService Asset and Configuration

ManagementKnowledge ManagementRelease and Deployment Management

Specific (detailed) best practices are provided

Page 26: Frameworks For Predictability

PMBOK – Project ManagementProject Management is concerned with

creating “new” in a predictable mannerProjects are uniqueRepeatable is not project management – it is

maintenance

Page 27: Frameworks For Predictability

PM StepsInitiating

Get a sponsorCreate a project charterIdentify stakeholders

PlanningFinalize requirementsCreate Project Scope statementDetermine TeamCreate project planGain formal approval of plan

Page 28: Frameworks For Predictability

PM StepsExecuting

Execute according to planRequest ChangesPerform quality assuranceUse issues logs

Monitoring & ControllingMeasure performancePerform Risk AuditsReport on Project Performance

Page 29: Frameworks For Predictability

PM StepsClosing

Confirm work is done to requirementsUpdate lessons learnedHand off completed projectRelease resources

Page 30: Frameworks For Predictability

Project Management ProcessesUse issues logs (RAID)

RiskActionsIssuesDecisions

Page 31: Frameworks For Predictability

Mapping FrameworksCOBIT to ITILCOBIT to PMBOKITIL to Prince2 (PMBOK)

Page 32: Frameworks For Predictability

COBIT, ITIL & PMBOKMost processes/projects to not reach their

potential (fail)Most process implementations do not result

in pushing an individual forwardWorking with an international framework

allows one to skip explaining why and what the rules are and only deal with how well one is executing the process