ppt

http://www.microsoft.com/china/technet

从管理和运营的角度看从管理和运营的角度看 IT IT 6. MOF 6. MOF 风险管理原则风险管理原则

Yu YongYu [email protected]讲义下载：讲义下载： www.yuyong.net www.yuyong.net


从管理和运营的角度看从管理和运营的角度看 ITIT 系列讲座介系列讲座介绍绍 1. MOF1. MOF 简介简介 2. MOF2. MOF 理论基础理论基础 -- 上上 3. MOF3. MOF 理论基础理论基础 -- 下下 4. MOF 4. MOF 过程模型过程模型 5. MOF5. MOF 团队模型团队模型 6. MOF 6. MOF 风险管理原则风险管理原则


今日议程今日议程 Why MOF Embeds Risk ManagementWhy MOF Embeds Risk Management MOF Risk Management ProcessMOF Risk Management Process


概念定义概念定义 Risk – Possibility of suffering a lossRisk – Possibility of suffering a loss

May or may not happen: if guaranteed, it is not a riskMay or may not happen: if guaranteed, it is not a risk ““Loss” is relative: failure to maximize gain is a type of lossLoss” is relative: failure to maximize gain is a type of loss

Risk management – Actions to mitigate riskRisk management – Actions to mitigate risk Assess continuously what can go wrongAssess continuously what can go wrong Determine what risks are important to deal withDetermine what risks are important to deal with Implement strategies to deal with top risksImplement strategies to deal with top risks


Operations Needs Risk Management More Operations Needs Risk Management More TodayToday

Business transactions are increasingly dependent on ITBusiness transactions are increasingly dependent on IT IT performs tasks formerly done by people IT performs tasks formerly done by people New forms of business use IT New forms of business use IT

Greater risk of IT failure todayGreater risk of IT failure today The IT environment is increasingly complexThe IT environment is increasingly complex Traditional IT directly controls less of the infrastructureTraditional IT directly controls less of the infrastructure

Greater impact on business of IT failure Greater impact on business of IT failure Failures impact businesses more quicklyFailures impact businesses more quickly Failures are more visibleFailures are more visible

For every new way that IT has of enabling business,IT operations has a new way of disabling business!


ITIT 运营的风险来源运营的风险来源 Four main sources of risk in IT operations:

People Process Technology External factors


ITIT 风险的种类和对业务的影响风险的种类和对业务的影响 The MOF risk model has defined four main modes of

failure: Performance Security Agility Cost

The business needs IT services to perform well and to be delivered in a secure, agile, and cost-effective manner


传统风险管理方式不再适用传统风险管理方式不再适用

Typically, risk management has been primarily the Typically, risk management has been primarily the concern of change managers and security managersconcern of change managers and security managers Pro:Pro:

Addresses business needs in areas of performance and Addresses business needs in areas of performance and securitysecurity

Con:Con: Does not address business needs in areas of agility and Does not address business needs in areas of agility and

costcost

Traditionally, risk management was delegated to change management and security management

—this is no longer sufficient.


MOFMOF 的五个风险管理原则的五个风险管理原则 Assess risks continuouslyAssess risks continuously Integrate risk management into every role and Integrate risk management into every role and

every functionevery function Treat risk identification positivelyTreat risk identification positively Use risk-based schedulingUse risk-based scheduling Establish an acceptable level of formalityEstablish an acceptable level of formality


Why MOF Embeds Risk Management in All Why MOF Embeds Risk Management in All SMFs, Role Clusters, and ReviewsSMFs, Role Clusters, and Reviews

MOF embeds risk management in all SMFs, role MOF embeds risk management in all SMFs, role clusters, and reviews because:clusters, and reviews because: Failure can originate within any SMFFailure can originate within any SMF Failure can originate with any team role cluster if risk Failure can originate with any team role cluster if risk

management is not applied to an SMFmanagement is not applied to an SMF Reviews represent an opportunity to identify potential Reviews represent an opportunity to identify potential

failures originating within SMFs or with team role failures originating within SMFs or with team role clusters, and bring them to management’s attentionclusters, and bring them to management’s attention


How MOF Embeds Risk Management in All How MOF Embeds Risk Management in All SMFs, Role Clusters, and ReviewsSMFs, Role Clusters, and Reviews

MOF embeds risk management in the following ways:MOF embeds risk management in the following ways: In SMFs by building risk management practices into In SMFs by building risk management practices into

all SMF processes all SMF processes In role clusters by training team members in – and In role clusters by training team members in – and

making them accountable for – risk managementmaking them accountable for – risk management In reviews by formally incorporating risk In reviews by formally incorporating risk

management into each reviewmanagement into each review


Origin of the MOF Risk ModelOrigin of the MOF Risk Model

The MOF risk modelThe MOF risk model Is based on industry-standard risk management principlesIs based on industry-standard risk management principles Applies the traditional Microsoft Solutions Framework (MSF) Applies the traditional Microsoft Solutions Framework (MSF)

risk model to operationsrisk model to operations Incorporates additional input from industry best practice, Incorporates additional input from industry best practice,

including Information Technology Infrastructure Library (ITIL)including Information Technology Infrastructure Library (ITIL)


The 5-Step Risk Management ProcessThe 5-Step Risk Management Process


Risk ListsRisk Lists

Risk assessment documentRisk assessment document Serves as master repository for all active risksServes as master repository for all active risks Is constructed during the risk management process as Is constructed during the risk management process as

each step in the process adds information about a each step in the process adds information about a particular riskparticular risk

Top Top nn risk list risk list Helps team focus on most important risksHelps team focus on most important risks Is a subset of master list of risks in risk assessment Is a subset of master list of risks in risk assessment

documentdocument Retired risk listRetired risk list

Is used as knowledge management toolIs used as knowledge management tool


Step 1: Risk IdentificationStep 1: Risk Identification

Add to the risk assessment document:Add to the risk assessment document: Source of riskSource of risk Mode of failureMode of failure ConditionCondition Operational consequenceOperational consequence Business consequenceBusiness consequence

These five elements make up the risk statementThese five elements make up the risk statement


Developing a Risk StatementDeveloping a Risk StatementSituation:

A new phone system allows customers to contact support technicians A new phone system allows customers to contact support technicians directly, bypassing the official, approved help desk process. This would directly, bypassing the official, approved help desk process. This would be counterproductive because although the customer might get prompt be counterproductive because although the customer might get prompt support, the symptoms would not be logged and the root problem would support, the symptoms would not be logged and the root problem would not be tracked and resolved.not be tracked and resolved.


Step 2: Risk AnalysisStep 2: Risk Analysis

Add to the risk assessment document:Add to the risk assessment document: Probability of the condition occurringProbability of the condition occurring Impact of the consequencesImpact of the consequences Exposure = probability x impactExposure = probability x impact


Determining Risk Probability, Impact, and Determining Risk Probability, Impact, and ExposureExposure Situation:Situation:

Incident management estimates that 20% of each day’s contacts may bypass Incident management estimates that 20% of each day’s contacts may bypass the official process if end users are able to dial technicians directly. The impact the official process if end users are able to dial technicians directly. The impact of losing 20% of the incident reports is considered a “4” on a scale of 1 to 5.of losing 20% of the incident reports is considered a “4” on a scale of 1 to 5.


Step 3: Risk Action PlanningStep 3: Risk Action Planning

Add to the risk assessment document:Add to the risk assessment document: MitigationsMitigations TriggersTriggers ContingenciesContingencies


Determining Mitigations, Triggers, and Determining Mitigations, Triggers, and ContingenciesContingencies

Situation:Situation:Technicians can’t prevent customers from calling, but they (and IT Technicians can’t prevent customers from calling, but they (and IT management) can ask customers not to call directly. Technicians can management) can ask customers not to call directly. Technicians can identify direct-dial calls by noticing their phones’ LCD displays. When a identify direct-dial calls by noticing their phones’ LCD displays. When a direct-dial call is detected, the technician can explain the situation to the direct-dial call is detected, the technician can explain the situation to the customer and transfer the call to the official phone number. customer and transfer the call to the official phone number.


Step 4: Risk TrackingStep 4: Risk Tracking

Use the completed risk assessment document Use the completed risk assessment document to begin monitoring the current situation:to begin monitoring the current situation: Trigger valuesTrigger values Risk’s condition, consequence, probability, or Risk’s condition, consequence, probability, or

impactimpact Progress of a mitigation planProgress of a mitigation plan


Situation:Situation:A month after the phone system is implemented, 80% of all phone calls to A month after the phone system is implemented, 80% of all phone calls to support technicians are direct-dial; only 20% use the official process.support technicians are direct-dial; only 20% use the official process.

Has the condition changed? Has the condition changed? NoNo Have the consequences changed? Have the consequences changed? NoNo Has the probability changed?Has the probability changed? YesYes Has the impact changed?Has the impact changed? NoNo Is the mitigation plan still appropriate? Is the mitigation plan still appropriate? NoNo Is the trigger still appropriate?Is the trigger still appropriate? YesYes Is the contingency plan still appropriate?Is the contingency plan still appropriate? YesYes

Monitoring ChangesMonitoring Changes


Step 5: Risk ControlStep 5: Risk Control

React to the changes noticed in Step 4:React to the changes noticed in Step 4: Execute mitigation plans and assess their progressExecute mitigation plans and assess their progress Execute contingency plans if triggers are trueExecute contingency plans if triggers are true Update the “top risks” listUpdate the “top risks” list Retire risks that are no longer a concernRetire risks that are no longer a concern


Controlling by Acting on the ChangesControlling by Acting on the Changes

Situation:Situation: Management investigates why the mitigation plan isn’t working. End Management investigates why the mitigation plan isn’t working. End

users report that the new phone system’s automated routing feature users report that the new phone system’s automated routing feature is so complex that they hate using it, and instead dial technicians is so complex that they hate using it, and instead dial technicians directly.directly.

Management takes an action item to update the mitigation plan: Management takes an action item to update the mitigation plan: instead of simply asking customers not to call, they’ll simplify the instead of simply asking customers not to call, they’ll simplify the phone routing system and tell customers about these improvements.phone routing system and tell customers about these improvements.


MOF Process Model MOF Process Model


MOF Team Model Role Clusters MOF Team Model Role Clusters

Communication


The 5-step Risk Management ProcessThe 5-step Risk Management Process


ReferenceReference ITIL

Essentials Practitioner Service Manager

MOF Essentials (available) MOF Changing & Operating Quadrants Microsoft Official Curriculum (MOC) Link:

http://www.microsoft.com/technet/itsolutions/mof/moftool/default.asp http://www.microsoft.com/mof


ReferenceReference LinkLink

Microsoft 运行框架（ MOF ） Essentials 课程 http://www.microsoft.com/china/enterprise/solutions/msm/evaluation/

overview/mofessentials.asp Microsoft 操作框架 (MOF) 执行概述 ( 早期版本 ) http://www.microsoft.com/china/technet/MAINTAIN/mofovrv.asp 针对操作的 MOF 组队模型 http://www.microsoft.com/china/technet/itsolutions/techguide/mof/mof

tml.mspx Microsoft 运行框架（ MOF ） Changing Quadrant 课程 http://www.microsoft.com/china/enterprise/solutions/msm/evaluation/

overview/chgquadcourse.asp MOF 自我评估工具 http://www.microsoft.com/china/technet/itsolutions/techguide/mof/

moftool.mspx


ReferenceReferenceActive Directory Operations Guidehttp://www.microsoft.com/windows2000/techinfo/administration/activedirectory/adops.asp

Security Operations Guide for Exchange 2000 Server http://www.microsoft.com/technet/security/prodtech/mailexch/opsguide/default.asp

Security Operations Guide for Windows 2000 Server http://www.microsoft.com/technet/security/prodtech/windows/windows2000/staysecure/default.asp

Microsoft Operations Manager 2000 Operations Guidehttp://www.microsoft.com/technet/prodtechnol/mom/maintain/operate/opsguide/default.asp

Microsoft Systems Management Server 2.0 Product Operation Guidehttp://www.microsoft.com/technet/prodtechnol/sms/maintain/operate/smspog.asp

MOF Self-Assessment toolhttp://www.microsoft.com/technet/itsolutions/mof/moftool.asp

The Windows 2000 Operations Guide Serieshttp://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/opsguide/opsguide.asp

Patterns and practices books:http://shop.microsoft.com/practices/


TechNetTechNet 是什么是什么 ?? 只需轻轻点击，答案就在您的指尖只需轻轻点击，答案就在您的指尖

对于对于 IT IT 专业人员来说，专业人员来说， TechNet TechNet 是一个知识的宝库，你是一个知识的宝库，你可以找到关于如何规划，部署和管理微软产品的的技术资源可以找到关于如何规划，部署和管理微软产品的的技术资源

每月发放包含最新信息的每月发放包含最新信息的 DVDDVD 或者或者 CDCD 这是最权威的资源，可以帮助你评估、配置和维护微软产品。这是最权威的资源，可以帮助你评估、配置和维护微软产品。

订阅 TechNet

可以访问该站点可以访问该站点 www.microsoft.com/china/technet 在线资源和社区在线资源和社区订户订户 ---- 仅仅提供在线服务仅仅提供在线服务

TechNet 网站

两周发放一次的中文电子快报两周发放一次的中文电子快报安全更新安全更新 , , 新的资源等等新的资源等等

TechNet 中文电子快报

有关最新微软产品介绍和技术的简报有关最新微软产品介绍和技术的简报上机试验上机试验 , “, “ 如何操作”等信息如何操作”等信息

TechNet 活动和网站消息

用户群用户群可管理的新闻组可管理的新闻组

中文社区


我们从哪里可以了解到我们从哪里可以了解到 TechNet?TechNet?

访问访问 TechNetTechNet 的官方网站的官方网站www.microsoft.com/China/technetwww.microsoft.com/China/technet

注册注册 TechNetTechNet 快报快报 www.microsoft.com/china/technet/abouttn/subscriptions/flash.mspxwww.microsoft.com/china/technet/abouttn/subscriptions/flash.mspx

加入到中文在线论坛加入到中文在线论坛 http://www.microsoft.com/china/community/http://www.microsoft.com/china/community/

成为成为 TechNetTechNet 的订户的订户 www.microsoft.com/china/technetwww.microsoft.com/china/technet

参与到更多的参与到更多的 TechNetTechNet 活动中或者在线了解活动中或者在线了解www.microsoft.com/china/technetwww.microsoft.com/china/technet


您的潜力，我们的动力！您的潜力，我们的动力！

ppt

Documents

Transcript of ppt