An Overview of

IT Governance

Mitigate risk:• Ensure security and

continuity of internal business operations, while minimizing exposure to external risk factor

Maximize return:• Improve business results;

grow revenue and earnings, cash flow, reducedcost-of-operation

Improve performance:

• Improve business operations performance end-to-end across the enterprise

• Increase customer and employee satisfaction

Increase agility:• Enable the business

organization and operations to adapt to changing business needs

… and CIO’s must balance among many competing priorities.

Needs, Issues & Challenges

Procedure, Audits, Metrics

Control

StrategicTactical

Operations

Demand

IT andBusiness

Resources

Supply

Capital, Capacity, Priorities

Planning

Alignment Flexibility

EfficiencyQuality

Lack of Business aligned strategyLack of Business aligned strategy

Reduce costs across business Reduce costs across business Ineffective project ManagementIneffective project Management

Deployment Complexity through lack of standard &

legacy

Deployment Complexity through lack of standard &

legacy

No Audit Trails No Audit Trails

Management of Service Changes

Management of Service Changes

Must reduce IT costs by 30%Must reduce IT costs by 30%

Lack of IT resource transparencyLack of IT resource transparency

Missed targets due to lack of steering control Missed targets due to lack of steering control

Deployment Complexity in number of project

Deployment Complexity in number of project

Cannot aggregate need and distribute ROI

Cannot aggregate need and distribute ROI

No means of governing outsourced contracts

No means of governing outsourced contracts

No means of capturing demands

No means of capturing demands

No means of prioritization of business need

No means of prioritization of business need

No means of reporting SLANo means of reporting SLA

Making new outsourcing decisions

Making new outsourcing decisions

What is IT Governance?(Ref.)HP working definition

IT governance is the formal process of defining the strategy of the IT organization and overseeing its execution to achieve the goals of the enterprise.

Aligned/synchronized with the enterprise strategy, including

other key asset strategies

Decision rights

framework & mechanisms

Vision,goals/priorities, measures; value

prop & service portfolio;resource approaches &

commitments;change management

plans

Translation intoaligned, tactical, operational

plans; closed-loop monitoring & control;accountability;

regulatory compliance

Who are the Decision Makers?

Business and IT Collaboration

IT DecisionBusiness Decision

De-centralised

Centralized

Federal

Business Exec.Business Exec.

Business Exec./Mgt.Business Exec./Mgt.

Business Mgt.Business Mgt.

IT Exec.IT Exec.

IT Exec./Mgt.IT Exec./Mgt.

IT ManagementIT Management

Business and IT Exec.Business and IT Exec.

Business and ITExec./Mgt.

Business and ITExec./Mgt.

Business and IT Mgt.Business and IT Mgt.

Non-CooperativeNon-Cooperative CooperativeCooperative

AnarchyAnarchy

Core Competencies for Effective IT Governance

Enterprise ArchitectureManage

ment

Relationship

Management

IT Strategy Managem

ent

Financial Managem

ent

Supply / Demand

Management

Portfolio Manageme

nt

IT Operating Model

•Align operational and strategic IT investments to business strategies & objectives.

•Establish policies, standards, models and processes for managing IT as an enterprise asset

•Lifecycle management of infrastructure, applications and services

•Understand the drivers of IT costs to allocate appropriate costs to the consumers of IT services.

•Establish effective, collaborative relationships with business stakeholders and suppliers.

•Balance the demand for IT services with available resources to meet immediate and strategic goals.

4/19/23 7

Optimized Business Value

Impact

Enterprise Cost Management

IT Cost TransferIT Cost Minimization

Expense Driven, Budget Focused

Balanced & Aligned Adaptive

Enterprise

Enterprise Demand Driven

Supply ConstrainedDeliver to Budget

Technology Centric

Technology-based Services

Service Centric Business Centric Customer Centric

IT Operating Model

Relationship Management

Management

Financial Management

IT Strategy Management

Ad Hoc or IT Centric

Technology Based

Supply Constrained Value Based Demand Driven

Silo IT Process-Based Business Process Based

Internal Service Provider Shared Services

Balanced & Aligned Multi-

Sourcing

ITG

o ver

nan c

eC

apab

ility

Do m

a in s

None

Technology Based

Supply Constrained Value Based Demand Driven

Silo IT Process-Based Business Process Based

Internal Service Provider Shared Services

Balanced & Aligned Multi-

Sourcing

ITG

o ver

nan c

eC

apab

ility

Do m

a in s

None UtilityUtility Dependent Agile

Portfolio Management

Level 1: Initial Level 2: Repeatable Level 4: ManagedLevel 3: Defined Level 5: Optimized

Role of IT

IT Governance Capability Levels

IT Governance Capability Model

Ad Hoc Review of Portfolio

Synergies

IT Cost Minimization

Emerging ROI Based Funding

Business Unit Aligned

Enterprise IT Portfolio

Management

Optimized Business Value

Impact

Enterprise Cost Management

IT Cost TransferIT Cost Minimization

Expense Driven, Budget Focused

Balanced & Aligned Adaptive

Enterprise

Enterprise Demand Driven

Supply ConstrainedDeliver to Budget

Technology Centric

Technology-BasedServices

Service Centric Business Centric Customer Centric

IT Operating Model

Business Relationship Management

Supply / Demand Management

Financial Management

Agile Enterprise Architecture

Architecture Driven Design

Business Strategy Linked

Program-based Architecture Management

Ad hoc Technical Architecture

Enterprise Architecture Management

Integrated Enterprise Architecture &

Business Planning

Architecture-Compliant

Design

Business Strategy Aligned

Architecture

Initial Enterprise Architecture

Program

Ad hoc / Ineffective Enterprise

Architecture

Enterprise Architecture Management

Agile Enterprise Architecture

Architecture Driven Design

Business Strategy Linked

Program-based Architecture Management

Ad hoc Technical Architecture

Enterprise Architecture Management

Integrated Enterprise Architecture &

Business Planning

Architecture-Compliant

Design

Business Strategy Aligned

Architecture

Initial Enterprise Architecture

Program

Ad hoc / Ineffective Enterprise Architecture

Enterprise Architecture Management

IT Strategy Management

Ad Hoc or IT Centric

Technology Based

Supply Constrained Value Based Demand Driven

Silo IT Process-Based Business Process Based

Internal Service Provider Shared Services

Balanced & Aligned Multi-

Sourcing

ITG

o ver

nan c

eC

apab

ility

Do m

a in s

None

Technology Based

Supply Constrained Value Based Demand Driven

Silo IT Process-Based Business Process Based

Internal Service Provider Shared Services

Balanced & Aligned Multi -

Sourcing

ITG

o ver

nan c

eC

apab

ility

Do m

a in s

None UtilityUtility Dependent Agile

Portfolio Management

1: Initial 2: Repeatable 4: Managed3: Defined 5: Optimized

Role of IT

IT Governance Capability Levels

IT Governance Capability Model

Ad Hoc Review of Portfolio Synergies

IT Cost Minimization

Emerging ROI Based Funding

Business Unit Aligned

Enterprise IT Portfolio

Management

The HP IT Governance Capability Model

April 19, 2023 9

IT Governance Models - the 5 Characteristics

Corporate Governance

IT Governance Framework

Val ITCobit

ITILISO

PPM Methods…

BTO portfolio

Business ChangeOrg. Alignment & Competencies

Processes

Technology

People

Value Benefits Assurance

There are many models.

But they share 5 characteristics:

• Underpinned by processes that must be implemented (e.g. Incident management)

• Supported by technology• Define business change

issues to be addressed• Define organisational

realignment to be achieved

• Include some way of measuring the value to be achieved (e.g. balanced scorecard)

April 19, 2023 10

How to Implement GovernanceExecute

IT GovernanceAssessment

ExecuteIT GovernanceAssessment

SetupIT Governance

Framework

SetupIT Governance

Framework

DesignIT Governance

Processes

DesignIT Governance

Processes

ImplementSupporting Tools

ImplementSupporting Tools

•Execute assessment to identify gaps•Define new role of IT in organization•Define evolution roadmap to address the gaps

•Define roles and responsibilities•Setup communication path to support IT-business alignment•Define management structures for decision making, reporting and escalation

•Define policies•Define processes•Define KPIs and reporting requirements

•Implement tool to support the execution of the solution•Implement tools for data collection and management reporting

Continuous Improvement Plan(Control Lifecycle)

Continuous Improvement Plan(Control Lifecycle)

•Identify indicators to monitor strategy execution•Define steering committee to manage relationships within IT and between business & IT•Review IT strategy periodically and evolve governance environment

Critical success factors for ITG

• Clarity of Purpose • Senior Management Commitment• Management of Business Change• Focus, execute and enforce• Measure achievable targets and expectations• Don’t over-engineer IT Governance• Evolution not revolution

• Clarity of Purpose • Senior Management Commitment• Management of Business Change• Focus, execute and enforce• Measure achievable targets and expectations• Don’t over-engineer IT Governance• Evolution not revolution

Practical Advice to Successfully Implementing ITIL Best Practices

Ed HolubResearch Vice President,

IT Operations Management

Hype Surrounding ITIL

ITIL makes the business love the IT group!

ITIL is easy! Buy our tool and have ITIL! Everybody is doing it …

What's next …– ITIL cures cancer!

– ITIL solves world hunger!

Technology Trigger

Peak ofInflated

Expectations

Trough of Disillusionment Slope of Enlightenment

Plateau of Productivit

y

time

visibility

ITIL 2005

ITIL 2012

ITIL 2006

ITIL 2008

ITIL 2010

IT Operations Management Hype Cycle

Key Issues

1.What is ITIL and how can it serve as a guide to transforming operations?

2.What pitfalls should be avoided whenimplementing ITIL?

3.What are the critical success factors and practical methods to maximize return on investment?

Key Issues

1.What is ITIL and how can it serve as a guide to transforming operations?

2.What pitfalls should be avoided whenimplementing ITIL?

3.What are the critical success factors and practical methods to maximize return on investment?

Positioning the Frameworks

Level of Abstraction HighLow

ITRelevance

Holistic

Specific

TCO

ITIL CMMI

CobiT

Six Sigma

ISO 9000

National Awards(e.g., Baldrige)

People CMM

Scorecards

ISO 20000

CMM =capability maturity model

CobiT =Control Objectives for Information and Related Technology

ITIL =IT Infrastructure Library

TCO =total cost of ownership

IS0 20000 = IT service mgt standard

ISO 9000 = quality mgt standard

Point solutions are useful, but a broader, holistic approach to process and quality

improvement is POWERFUL.

Process Framework — ITIL

ITIL is a best-practice process framework.– Service delivery

– Service support

– Others (application management, security management)

Shows the goals, general activities, inputs and outputs of the various processes.

ITIL: The Good and the Bad

Service Delivery:

– Service-level management

– Financial management

– Capacity management

– IT service continuity

– Availability management

Service Support:

– Incident management

– Problem management

– Change management

– Configuration management

– Release management

Service Desk

Core Benefits: Standard process language

Emphasis on process vs. technology

Process integration

Standardization enables cost and quality improvements

Focus on customer

Limitations:

– Not a process improvement methodology

– Specifies "what" but not "how"

– Doesn't cover all processes

– Doesn't cover organization issues

– Hype driving unrealistic expectations

Key Issues

1.What is ITIL and how can it serve as a guide to transforming operations?

2.What pitfalls should be avoided whenimplementing ITIL?

3.What are the critical success factors and practical methods to maximize return on investment?

More Process Refinement Initiatives Fail Due to Ineffective Governance than Due to Bad Designs

Stakeholders

IT operations and production engineering

Architecture and standards IT controller IT service desk Security and compliance Business applications

Steering Committee Responsibilities

Service management vision Project management

and process prioritization Funding and infrastructure

investment Technical architecture Standards, tools and

vendor criteria Measurement criteria Reporting to management

Trying to Run Before Walking

Reactive

Proactive Analyze trends Set thresholds Predict problems Measure appli-

cation availability Automate Mature problem,

configuration, change, asset and performance mgt processes

Fight fires Inventory Desktop SW

distribution Initiate

problem mgt process

Alert and event mgt

Measure component availability (up/down)

IT as a service provider

Define services, classes, pricing

Understand costs Guarantee SLAs Measure & report

service availability Integrate processes Capacity mgt

Service

Value IT as strategic

business partner IT and business

metric linkage IT/business

collaboration improves business process

Real-time infrastructure

Business planning

Level 1

Level 2

Level 3

Chaotic Ad hoc Undocumented Unpredictable Multiple help

desks Minimal IT

operations User call

notification

Level 0

Tool Leverage

Manage IT as a Business

Service Delivery Process Engineering

Operational Process Engineering

Service and Account Management

Level 4

Assuming Tools Will Solve Your Problems

Be wary of vendor hype Focus on process first Tools can be enablers or inhibitors Assess capabilities of your

current tools Review new tools where they would pay

significant dividends Buy what you need, as you need it

"Man is a tool-using animal. Nowhere do you find him without tools; without tools he is nothing, with tools he is all." – Thomas Carlyle

Confusing the 'Means' With the 'End'

This Is Not the Goal!

ITIL

Six Sigma

CMM-IMalcolm Baldrige

"Certification"

Etc.

Certification Does Not Guarantee Good Outcomes!

Beware of Process for Its Own Sake!

Process Improvement Is About Better Outcomes and Experiences for Customers

Key Issues

1.What is ITIL and how can it serve as a guide to transforming operations?

2.What pitfalls should be avoided whenimplementing ITIL?

3.What are the critical success factors and practical methods to maximize return on investment?

Keep Focus Narrow and Deliver Benefits

Determine Where to Start Not necessarily on the least mature processes 80 percent of clients start on core service support processes like change, incident

and problem management Configuration management is a steeper challenge Service-level management is often first of service delivery processes

Deliver Benefits Quickly to Address "Pain Points" Examples: Reduce percentage of changes causing incidents, improve MTTR Builds momentum

Take an Iterative Approach Design 80 percent solutions and plan to improve later Channel benefits to "self-fund" the next phase Periodically reassess priorities

Build Top-Down and Grass-Roots Support

Tailor messages for stakeholder groups Reward process victories vs. traditional hero behavior

Emphasize "WIIFM"

Treat as an Organizational Change Initiative

Communicate Frequently and Consistently

CIO or Head of Infrastructure and Operations must be visible champion

ITIL is much more about people than technology Change culture to embrace standardization vs. unique

solutions Don't ignore the aspects of people change and simply

concentrate on process and tools

Clearly articulate underlying goals and objectives Report on progress – macro and micro

Take a Structured and Holistic Approachto Process Refinement

Structure ProgramWhat is the Governance Structure?What pain points are addressed?

Measurement and GovernanceHow will you know when you achieve the desired maturity?

How will you market and communicate the program value and progress?

Task-Level Process Detail

InformationRequirements

AutomationDetail = Reference Material

= Detail Design

= Implementation

Adopt Process Taxonomy

Common and consistent language!Better alignment of expectations!

Adopt Process Reference Architecture

Define a conceptual, integrated target state!Clean-sheet design concept!

Develop Process Baseline(s)How do the current processes perform?Identify key gaps against best practice!

Develop Transition Approach and Plan

How should the target state be implemented?Knowledge transfer and training!

Build Technical IntegrationFramework

What standards and protocols should be used?How should new automation be assimilated?

Implement and ManageImplement the target state!

Operate and manage new processes!

Build Process Logical ArchitecturesDefine the target state detail for each process!

Leverage Process Integration Comprehensive monitoring Iteratively tune thresholds Filter out noise Train operations center staff Automate on call staff notification

Perform parallel investigation Designate senior technical leaders Utilize problem isolation tools Prioritize effort based on criticality

Dedicate staff to problem management Conduct quick review on all problems Perform in-depth postmortem on

significant problems Identify root cause risk areas Identify action items and track

to completion Maintain an Availability Hit List

AvailabilityManagement

Smell the smoke

ProblemManagement

Fireproofing

Incident Management

Firefighting

Take action to prevent future

problems

Discover anomalies as soon

as possible, preferably before customer impact

Resolve incidents as quickly as

possible

1

2

3

Use Metrics to Drive Behavior andMeasure Progress

People inherently want to do a good job What gets measured gets attention What doesn't get measured drops off the radar People will take action to move a metric in a

positive direction– People will do "dumb" things

– People will stop doing "smart" things

Focus on analysis and action vs. reporting– Select a few key metrics instead of many

– Measure what will help you improve, not what's easy to measure

– Create "tiers" of metrics tailored to different audiences

Effectively Staff Crucial Roles

Designate individuals as process owners

Assign (virtual) teams of subject matter experts

Utilize program or project managers Desirable characteristics for team

members

– Credibility

– Communication skills

– Process and customer focus

– Ability to deal with ambiguity

– Commitment to the cause

People will make or break your ITIL initiative

Comprehensive Approach to Improvement

Six σ

IT Operational Processes — ITIL

App. Development Processes — CMM, CMMI, ASL

Project Management Processes — PMI

1. Establish the Work

2. Align Roles With Work RACIRACI

3. Identify Appropriate Measures

4. Apply Governance

CobiT

Recommendations

Keep the scope narrow enough to deliver tangible benefits before losing momentum.

Demonstrate senior management commitment repeatedlyto inspire grass-roots support.

Remember that ITIL is an organizational change initiative.

Look for "best of fit" process modifications.

Tools are not a substitute for good process.

Set attainable process improvement measurement targets.

Maintain awareness that process improvement is ameans to an end.

Implementing ITSM at DTS

• Our approach

• Current efforts

Approach

• Why we are embracing ITSM– Serve our customers more efficiently and

effectively– Position DTS to take on new services– Prepare DTS to manage services across two

data centers

Approach

• Leverage experience/expertise of others

• Change to an IT service culture

• Internalize incremental changes

Approach

• Build an ITSM foundation core– Tendency to look at a single ITIL process– Keep in mind the linkages between processes

Approach

• Take actions to address specific organizational issues– Completed ITIL Foundations training– Began the “change the language” campaign– Established the Service Desk function – Developed first version of a service level

agreement – Conducted assessments

Current Efforts

• Defining Service Request Management process to replace our current SR system

• Procuring consulting services– To support refinement of implementation

roadmap– To raise the maturity of other processes

How is DTS Implementing ITSM?

• With multiple projects following project management practices

• With Executive sponsorship

• With stakeholder involvement

• With some communication and a lot more to come

• With feedback and course adjustments