The Problem

1
LECTURE 1

• The Problem
• Solutions Standards Frameworks

2
The Problem
PROJECT REALIZE
?
then MANAGE !

• Longer time (20 years vs. 9 months)
• More more complex relations (school/companions/
  b-g.friend/ vs. gynecologist)
• More expensive ( ask your father )
• More risks (car/drugs/alcohol/depression/unemploy
  ment/ vs. abortion)
• Less weaker instructions

!!!
3
Ever-Increasing Complexity
4
CMM (Capability Maturity Model) Maturity Levels
5. Optimizing. Continuous process improvement. 4.
Managed. Detailed measures of the software
process and product quality are collected. 3.
Defined. Management and engineering activities
are documented, standardized, institutionalized.
2. Repeatable. Basic project management tracks
cost, schedule, and functionality. Successes can
be repeated for similar projects. 1. Initial. Ad
hoc. Success depends on individual effort and
heroics.
5
Trying to Run Before Walking
6
Approaches Currently In Use

• Business As Usual - Firefighting
• Legislation - Forced
• Best Practice Focused

7
Confusing the 'Means' With the 'End'
8
Best Practices

• Process Frameworks
• IT Infrastructure Library
• Application Service Library
• Gartner CSD
• IBM Processes
• EDS Digital Workflow
• Microsoft MOF
• Telecom Ops Map
• etc..

• Quality Control Models
• ISO 900x
• COBIT
• TQM
• EFQM
• Six Sigma
• COSO
• Deming
• etc..

• What is not defined cannot be controlled
• What is not controlled cannot be measured
• What is not measured cannot be improved
• Define -- Improve
• Measure -- Control And Stabilize

9
Look at the Regulatory Storm We All Face
10
Relationship of Control Regimes
Operations
Applications
Finance
Strategy
COCO
COSO
COBIT
ITIL
University control regimes are derived from
frameworks originally developed for businesses
and need tweaking to fit comfortably.
11
IT Governance Model
Audit Models
Quality Systems Mgmt. Frameworks
IT OPERATIONS
12
Committee of Sponsoring Organizations (COSO)
The Components

• Control Activities
• Policies that ensure management directives are
  carried out
• Approval and authorizations, verifications,
  evaluations, safeguarding assets security and
  segregation of duties

• Monitoring
• Assess control system performance over time
• Ongoing and separate evaluations
• Management and supervisory activities

• Information and Communication
• Relevant information identified, captured and
  communicated timely
• Access to internal and externally generated
  information
• Information flow allows for management action

• Risk Assessment
• Identify and analyze relevant risks to achieving
  the entitys objectives

• Control Environment
• Sets tone at the top
• Foundation for all other components of control
• Integrity, ethical values, competence, authority,
  responsibility

13
COSO Enterprise Risk Management (ERM) Model
14
The COSO ERM Framework

• Entity objectives can be viewed in the context of
  four categories
• Strategic
• Operations
• Reporting
• Compliance
• ERM considers activities at all levels of the
  organization
• Enterprise-level
• Division or subsidiary
• Business unit processes

Source COSO Enterprise Risk Management
Framework Draft Version, July 2003
15
CobITControl Objectives for IT

• CobIT is an open standard control framework for
  IT Governance with a focus on IT Standards and
  Audit
• Based on over 40 International standards and is
  supported by a network of 150 IT Governance
  Chapters operating in over 100 countries
• CobIT describes standards, controls and maturity
  guidelines for four domains, and 34 control
  processes

16
The CobiT Cube
(Business Requirements)
4 Domains 34 Processes 318 Control Objectives

17
CobiT Domains
Acquire Implement (AI Process Domain)
Plan Organize (PO Process Domain)
Monitor (M Process Domain)
Deliver Support (DS Process Domain)
18
CobiT Processes by Domain
Monitoring
Planning Organization
Delivery Support
Acquisition Implementation
19
The 34 Defined CobiT Processes
1
3
2
4
20
The 7 CobiT Principles
21
Positioning the Frameworks
22
Process Framework - ITIL

• ITIL is a best-practice process framework.
• Service delivery
• Service support
• Others (application management, security
  management)
• Initiated by the U.K.'s government Central
  Computing and Telecommunication Agency (CCTA).
  CCTA is merged into the Office of Government
  Commerce.
• Shows the goals, general activities, inputs and
  outputs of the various processes.
• Does not "cast in stone" every action you should
  do on a day-to-day basis.
• ITIL Refresh or "Version 3" is in delivered.

23
Hype Surrounding ITIL

• ITIL makes the business love the IT group!
• ITIL is easy!
• Buy our tool and have ITIL!
• Everybody is doing it
• What's next
• ITIL cures cancer!
• ITIL solves world hunger!

24
Polling Results ITIL Adoption
Source Audience polling survey at 2006 Gartner
Data Center conference in November 2006 (n171)
25
ITIL The Good and the Bad

• Service Delivery
• Service-level management
• Financial management
• Capacity management
• IT service continuity
• Availability management
• Service Support
• Incident management
• Problem management
• Change management
• Configuration management
• Release management
• Service Desk

• Core Benefits
• Standard process language
• Emphasis on process vs. technology
• Process integration
• Standardization enables cost and quality
  improvements
• Focus on customer
• Limitations
• Not a process improvement methodology
• Specifies "what" but not "how"
• Doesn't cover all processes
• Doesn't cover organization issues
• Hype driving unrealistic expectations

26
Polling Results Primary Driver for ITIL
Source Audience polling survey at 2006 Gartner
Data Center conference in November 2006 (n180)
27
Polling Results Biggest Hurdle Implementing ITIL
Source Audience polling survey at 2006 Gartner
Data Center conference in November 2006 (n164)
28
Assuming Tools Will Solve Your Problems
"Man is a tool-using animal. Nowhere do you find
him without tools without tools he is nothing,
with tools he is all." (Thomas Carlyle)

• Be wary of vendor hype
• Focus on process first
• Tools can be enablers or inhibitors
• Assess capabilities of yourcurrent tools
• Review new tools where they would pay significant
  dividends
• Buy what you need, as you need it

29
The next lectures

• Lect. 2 (March 29th) ITIL insight / part 1
• Lect. 3 (April 5th) ITIL insight / part 2
• Lect. 4 (April 12th) ITIL in action, an
  example
• Lect. 5 (April 19th) complying to ITIL
  principles, a Primary IT Market Leader evidence
• Thank You