www.apmg-international.com
APMG-International Webinar
One part ITIL, one part COBIT:The ingredients for repeatable and
controlled processes to support IT services.
Thursday 31 October 2013 / 14:00 EST (New York, US)
Presented by Mark Thomas, Escoute Consulting
www.APMG-International.com
The ITIL/COBIT connection
“ITIL is clear that it does not stand alone, and in fact, you cannot "do ITIL" without some form of governance. But what does "governance" mean? ITIL requires a framework of policy, process, procedures and metrics that can give direction to IT operations . . . (COBIT) does just this.
David Nichols, ITSM Solutions
Agenda
• Welcome & introduction
– Ronn Faigen, APMG-International
• One part ITIL, one part COBIT:The ingredients for repeatable and controlled processes to support IT services.
– Mark Thomas (Escoute Consulting)
• Q&A
• More Information
• Close
Your presenter…
Mark Thomas, Escoute Consulting
Areas of expertise• Governance of Enterprise IT (CGEIT)• ITIL Expert• COBIT
Experience• Enterprise Program Manager• IT Director• VP, IT Operations• Governance frameworks consulting
Challenges
Governance Frameworks
ITIL Essentials
COBIT Essentials
Putting the Two Together
Questions
Synopsis
Considering the many challenges faced by organizations today, leveraging frameworks to assist in creating repeatable approaches to managing and controlling IT services is a logical, yet difficult task. With so many best practices in the market today, how can one know which ones are applicable? Consider two basic tenets of every IT service provider: provide value in delivered services, and ensure proper governance and control of the processes that support them. This is where ITIL and COBIT play a valuable role. In this presentation we will explore 1) the essential elements of each framework, 2) their applicability in the growing role of IT in today’s organizations, and 3) how to leverage these together in a cohesive approach to delivering, managing and controlling effective IT processes. In this presentation, participants will gain not only an appreciation of the utility of these frameworks, but will walk away with the knowledge (and perhaps) a plan on how to implement these powerful tools at their companies.
Challenges
Align IT with the Business
Provide Value/Cost
Ensure Security
Meet Regulatory Requirements
Manage Risks
Trends
• Rising demand for best practices is driven by requirements to become more competitive while holding costs down
• Drivers for framework adoption include pressures created by demand for conformance and performance
• Historically, IT Service Providers were self-directed and considered cost centers – today, best practices help these providers focus on meeting enterprise objectives
• As IT moves up the list of strategic goals contribution, justifying technology investments grows - therefore the need for best practices
Challenges and Needs
Governance Frameworks
ITIL Essentials
COBIT Essentials
Putting the Two Together
Questions
Governance of Enterprise IT
• IT value delivery to the business
• Mitigation of IT related risk
• Powerful resource to help achieve important objectives:
–Benefit Realization
–Risk Optimization
–Resource optimization
Source: COBIT5. © ITGI. All rights reserved.
Governance ensures that stakeholder
needs, conditions and options are
evaluated to determine balanced,
agreed-on enterprise objectives to be
achieved; setting direction through
prioritization and decision making; and
monitoring performance and
compliance against agreed-on
direction and objectives.
COBIT 5 definition of governance:
Framework Characteristics
• The need for sharper business focus driven by business needs
• A common language with a standardized process model, objectives, and tools suitable for any type or size of organization
• A reliable and useful source based on best practices which are generally accepted in the industry
• Focus on creating and maintaining value
Framework Categories
Governance of Enterprise IT
Service Management
Enterprise Architecture
Project & Portfolio Management
Development Lifecycles
Process Quality & Improvement
COBIT
ITIL
TOGAF
PRINCE2
SDLC
SIX SIGMA
Challenges and Needs
Governance Frameworks
ITIL Essentials
COBIT Essentials
Putting the Two Together
Questions
IT Infrastructure Library (ITIL)
• Widely adopted approach for IT Service Management
• Framework for identifying, planning, delivering and supporting IT services to the business
• Detailed within five core publications
• Enables delivery of appropriate services that continually ensure benefits delivery and business goal achievement
Copyright © AXELOS Limited 2013. All rights reserved. Material is reproduced under license from AXELOS
ITIL Core Elements
Processes Roles FunctionsServices
Delivering value to customers by facilitating outcomes customers want to achieve without the ownership of costs and risks.
A coordinated set of activities that produce an outcome which creates value.
Behaviors or actions that are performed by a person, team or group.
Units of organization specialized to perform certain types of work and are responsible for certain outcomes.
EmailIncident
ManagementIncidentManager
ServiceDesk
Copyright © AXELOS Limited 2013. All rights reserved. Material is reproduced under license from AXELOS
ITIL Lifecycle Phases and Processes
SS ServiceStrategy SD Service
Design ST ServiceTransition SO Service
Operations CSIContinualServiceImprovement
Strategy Management
Financial Management
Service Portfolio Management
Demand Management
Business Relationship Management
Design Coordination
Service Level Management
Service Catalog Management
Availability Management
Capacity Management
Information Security Management
Service Continuity Management
Supplier Management
Change Management
Service Asset and Configuration Management
Release and Deployment Management
Knowledge Management
Transition Planning and Support
Service Validation and Testing
Change Evaluation
Event Management
Incident Management
Request Fulfillment
Problem Management
Access Management
7-Step Improvement
Copyright © AXELOS Limited 2013. All rights reserved. Material is reproduced under license from AXELOS
Challenges and Needs
Governance Frameworks
ITIL Essentials
COBIT Essentials
Putting the Two Together
Questions
COBIT5
• Latest edition of ISACA’s globally accepted GEIT framework• Provides an end-to-end business view of the governance and management of
enterprise IT• Builds on previous versions of COBIT (including Val IT and Risk IT).• Integrates other major industry frameworks such as ITIL, TOGAF, PRINCE2,
and related ISO standards• Some new changes include:
– Increased focus on enablers– New process reference model– New and modified processes– Management practices (formerly control objectives)– New maturity model
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
COBIT5 Product Family
COBIT 5
COBIT 5 ENABLER GUIDES
COBIT 5 PROFESSIONAL GUIDES
COBIT 5 ONLINE COLLABORATIVE ENVIRONMENT
COBIT 5Enabling Processes
COBIT 5Enabling Information Other Enabler Guides
COBIT 5Implementation
COBIT 5for Information
Security
COBIT 5for Assurance
COBIT 5for Risk
Other Professional
Guides
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
COBIT5 Principles and Enablers
Principles
1. Meeting Stakeholder Needs
2. Covering the Enterprise End-to-End
3. Applying a Single Integrated Framework
4. Enabling a Holistic Approach
5. Separating Governance From Management
Enablers
1. Principles, Policies and Frameworks
2. Processes
3. Organizational Structures
4. Culture, Ethics and Behavior
5. Information
6. Services, Infrastructure and Applications
7. People, Skills and Competencies
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
COBIT5 Meeting Stakeholder Needs
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
• Translates stakeholder needs into specific, practical and customized goals
• Allows the definition of priorities for:– Implementation
– Improvement
– Assurance of enterprise governance of IT
COBIT5 Covering the Enterprise End to End
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
COBIT5 Separating Governance and Management
Governance
Ensure that stakeholder needs, conditions, and options are:
Evaluated to determine balanced, agreed-on enterprise objectives to be achieved
Setting direction through prioritization and decision making
Monitoring performance, compliance and progress against agreed direction and objectives (EDM)
Management
Plans, builds, runs and monitors activities in alignment with direction set by the governance body to achieve the enterprise objectives (PBRM)
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
COBIT5 Domains and Processes
EVALUATE, DIRECT & MONITOR
ALIGN, PLAN & ORGANIZE
BUILD, ACQUIRE & IMPLEMENT
DELIVER, SERVICE & SUPPORT
MONITOR, EVALUATE &
ASSESSEDM1 Ensure Governance Framework Setting and Maintenance
EDM2 Benefits Delivery
EDM3 Ensure Risk Optimization
EDM4 Ensure Resource Optimization
EDM5 Ensure Stakeholder Transparency
BAI1 Manage Programs and Projects
BAI2 Manage Requirements Definition
BAI3 Manage Solutions Identification and Build
BAI4 Manage Availability and Capacity
BAI5 Manage Organizational Change Enablement
BAI6 Manage Changes
BAI7 Manage Change Acceptance and Transitioning
BAI8 Manage Knowledge
BAI9 Manage Assets
BAI10 Manage Configuration
DSS1 Manage Operations
DSS2 Manage Service Requests & Incidents
DSS3 Manage Problems
DSS4 Manage Continuity
DSS5 Manage Security Services
DSS6 Manage Business Process Controls
MEA1 Monitor, Evaluate, and Assess Performance and Conformance
MEA2 Monitor, Evaluate and Assess the System of Internal Control
MEA3 Monitor, Evaluate and Assess Compliance with External Requirements
APO1 Manage the IT Framework
APO2 Manage Strategy
APO3 Manage Enterprise Architecture
APO4 Manage Innovation
APO5 Manage Portfolio
APO6 Manage Budget & Costs
APO7 Manage Human Resources
APO8 Manage Relationships
APO9 Manage Service Agreements
APO10 Manage Suppliers
APO11 Manage Quality
APO12 Manage Risk
APO13 Manage Security
Governance Management
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
COBIT5 Process Reference Model
Process Identification
Process Description
Process Purpose Statement
Goals Cascade Information
Process Goals & Metrics
RACI ChartDetailed Practice
DescriptionsRelated
Guidance
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
COBIT5 Process Capability
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
COBIT5 Implementation
ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute
Challenges and Needs
Governance Frameworks
ITIL Essentials
COBIT Essentials
Putting the Two Together
Questions
Integration Objectives
• Implement and manage IT Service Management processes to achieve business goals while meeting governance requirements
• Enable clear process goals which are driven by business goals coupled with a meaningful measurement scheme
• Ensure IT governance and control by providing benefits realization, risk optimization, and resource optimization
Because of its high level approach, broad
coverage, and is based on many
existing practices, COBIT can easily be used as the integrator
that brings multiple practices under one framework and links
those to business objectives.
Integration Objectives
COBIT5• Comprehensive
framework assisting enterprises in achieving goals and delivering value
• Helps enterprises maintain balance between realizing benefits, optimizing risks, and optimizing resources.
ITIL• Provides a consistent
and coherent framework of best practices for IT Service Management and related processes
• Promotes a quality approach for achieving business effectiveness and efficiency with information systems.
Integrating Performance and Conformance
GEIT vs. ITSM
ITIL - ITSM “How”COBIT – GEIT “What ”
• Assists in goal alignment by cascading
• Defines processes based on business requirements
• Separates governance from management
• Intended to support GEIT and is applicable to most organizations
• Links ITIL practices to business requirements
• Defines best practice processes for Service Management and includes process activities
• Processes are more comprehensive and described with activities and flowcharts to assist in implementation
• Processes can be easily mapped to the COBIT Framework to create effective guidance
Integration Approaches
ServiceManagement
Challenges
Governance, Risk, and Compliance Challenges
Just starting, not sure
• History of poor SLA achievement
• Customer feedback identifying low service satisfaction
• Frequent or long periods of downtime
• Internal or external audit findings
• Complex or new regulatory or compliance concerns
• Program/project failures
• Fragmented adoption of multiple frameworks
• Little or no understanding of GEIT
• Significant trigger or pain point driving adoption
Primary: ITILSecondary: COBIT
Primary: COBITSecondary: ITIL
Primary: COBITSecondary: ITIL
Critical Success Factors
• Focus on value
• Management commitment
• Process ownership and accountability
• Training and communication
• Embrace processes and procedures into the culture
• Continual improvement and measurements
COBIT5 Education
Who might go to training?
• IT Management/Practitioners/Consultants, Auditors, Information Security and Risk, Business Management
• Why would you go to training?
• Gain knowledge of the scope and structure of COBIT 5 or want to improve IT Governance in your organization
• Better understand the COBIT5 Product Architecture (guides) and how they interrelate
• How COBIT5 enables IT to be governed and managed in a holistic manner for the entire enterprise
• How the COBIT5 processes and the Process reference Model (PRM) help guide the creation of the 5 Principles and the 7 Governance and Management Enablers
Challenges and Needs
Governance Frameworks
ITIL Essentials
COBIT Essentials
Putting the Two Together
Questions
QUESTIONS & ANSWERS
More Information
• APMG-International:– www.APMG-International.com
• ITIL®– www.apmg-international.com/itil
• COBIT® 5– www.apmg-international.com/cobit5
• Escoute Consulting– www.escoute.com – Email Mark at [email protected]
http://www.linkedin.com/company/apmg-international @APMG_Inter
Thank you for attending!
Top Related