IT GOVERNANCE FRAMEWORK TOOLKIT

IT BEST PRACTICES Why its significant?• A demand on better return from IT investments and a concern over the generally increasing amount of IT expenditures.

• The need to meet regulatory requirements for IT controls in areas such as financial reporting and healthcare.

• The selection of service providers and the management of service outsourcing and acquisition.

IT BEST PRACTICES • Having complex IT-related risks, such as network security

• IT governance help monitor and improve critical IT activities to increase business value and reduce business risk.

• The need for enterprises to assess how they are performing against accepted standards and against their peers.(benchmarking)

THE GUIDELINES FOR GOOD IT GOVERNANCE 1• Strategic Alignment: Alignment of IT goals align with the

enterprise goals. 2. IT Value: It delivers value to business, increase Org.

profits. 3. Performance Measurement: Its performance is

measured // no guessing here, 4. Resource Management: IT resources properly allocated, 5. Risk Management: How the risks being managed

GUIDELINES-CONT’DIT governance is a continuous life cycle that can be entered at any point. Usually one starts with the strategy and its alignment throughout the enterprise. Then implementation occurs, delivering the value the strategy promised and addressing the risks that need mitigation. Its recommended that strategy needs to be monitored continuously and the results need to be: a. measured, b. reported and c. acted upon.

Strategy must be re-evaluated and realigned annually, if needed. This life cycle operates in an environment that is influenced by: • Stakeholder values• The mission, vision and values of the enterprise

• The community and Co. ethics and culture

• laws, regulations and policies

• Industry practices

IT GOVERNANCE FRAMEWORK

ITIL

CMMI

COBITVal IT

COBIT, ITIL, VAL IT1. COBIT was designed as an IT governance model,

It tells you what you should be doing,

COBit is “Control Objectives for Information and Related Technology (COBIT) is a framework created by ISACA for (IT) and IT governance. It is a supporting toolset that allows:

managers to bridge the gap between control requirements, technical issues and business risks.”

COBIT, ITIL, VAL IT2. while ITIL tells you How it should be done

Put them together, and you will have a very powerful model.

3- Val IT: how to do the right things in the right way and doing them well and are we getting the value?Val IT talks about strategy (how well is it aligned) & its value.

COBITTo govern IT effectively, it is important to appreciate the activities and risks within IT that need to be managed. These can be summarized as follows.

COBIT Framework subdivides IT into four domains Plan and Organize, POAcquire and Implement, AIDeliver and Support, DSMonitor and Evaluate, ME

PLAN AND ORGANISE  (PO) Provides direction to solution delivery

Ask the questions: • Is IT and the business strategy aligned and is the

usage of ressources optimized?• Does everyone in the organisation understand the IT

objectives and the risks?• Are these properly managed?

CONT’D(AI) Acquire and Implement:  Provides the solutions and passes them to be turned into services

Ask the question:

Will the new projects deliver solutions

that meet business needs

in time and within the budget?   

DSDeliver and Support (DS)

Ask the questions:

• Are IT costs optimized and employees using IT efficiently and safely?

• Are Security measures such as confidentiality, integrity and availability in place?

MEMonitor and Evaluate (ME)

Ask the questions:

• Is IT performance being measured to detect problems before it is too late ?

• Are risks, control, compliance and performance being measured and reported?

COBIT USES TWO TYPES OF METRICS• Outcome measures, key goal indicators (KGIs)

What is measured here:• is the information needed available all the time to support the business needs?• Are integrity and confidentiality risks Absent?• Is the information & resources reliable?

PERFORMANCE INDICATORS,

Performance indicators, orkey performance indicators (KPIs), indicate whether goals are likely to be met.

How? for example: Sales TargetMeasure the number of wins over a specific time period and compare it to a future target and past performance to motivate your sales team.

Wins: The number of new customers over a certain time period.

Revenue: Income received through sales activities

INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY(ITIL) The Information Technology Infrastructure Library (ITIL) is a set of guidance developed by the United Kingdom’s Office Of Government Commerce (OGC) ITIL does not doc how to do things, But tells you what can and should be done.

It shares with us what other people found to be the best way to approach IT as a service provider.

ITIL CONSISTS OF 5 CORE STRATEGIES:

1. Service Strategy volume:Provide guidance in developing a strategy for IT service management.

This involves understanding ur market, ur customers, ur capabilities & resources & financial constraints under which services must be delivered and supported.

PROCESSES WITHIN SERVICE STRATEGY ARE:

1. Service StrategyService portfolio management: is the process of maximizing the ROI while managing risks.

Financial management:Evaluates investments in services to assist with strategic decision-making.

Demand management: works closely with the business to identify & understand patterns of business demand.

2. Service Design volume:

Service Design begins with a set of business requirements and ends with a solution designed to meet these business needs.

3. Service Transition:Looks at managing change, risk and quality assurance during the deployment of service into operation.

4. Service Operation volume: is concerned with daily activities, provide guidance on the effective & efficient operation of the service.

Its where the value of the service is realized & strategy of the organization is executed.

ITIL –CONT’D

•5. Continual Service Improvement volume (CSI) :Provide guidance to improve the overall process and how its executed.

This should be integrated into all the other lifecycle stages. This is a continual activity

Based on this report, org strive for improvements.

BENEFITS OF ITIL • Improve Resource Utilization • Be More Competitive • Decrease Rework • Eliminate Redundant Work • Improve upon project deliverables and

time • Improve availability, reliability and

security of critical IT services • Justify the cost of service quality

BENEFITS OF ITIL –CONT’D• Provide services that meet business,

customer and user demands • Integrate central processes • Document and communicate roles and

responsibilities in service provision • Learn from previous experience • Provide performance indicators

COBIT VS ITIL • ITIL was designed as a service management framework to help you understand how you support processes, & how you deliver services • COBIT was designed as an IT governance model, particularly and initially with audit in mind to give you control objectives and control practices on how that process should behave

COBIT VS ITIL CONT’D The difference between the two is, COBIT tells you what you should be doing, while ITIL tells you how you should be doing it • Put them together, and you have a very powerful model of what you need to be doing and how to do it.

None of these frameworks are in competition with each other, in fact, it is best if they are used together. – ISO 17799 outlines security controls, but does not focus on how to integrate them into business processes – ITIL focuses on IT processes/services, not on security – COBIT focuses on controls and metrics, not as much on security So, a combination of all three is usually the best approach.

HOW CAN THEY BE USED?COBIT can be used to determine if the company's needs (including security) are being properly supported by IT. ISO 17799 can be used to determine and improve upon the company's security posture. And ITIL can be used to improve IT processes & services to meet the company's goals (including security).

TOOLKITStart investigating possible tools for strategic planning and aligning IT with the organization’s strategic plan. For toolkit If you don’t know where to start, do a web search on SWOT analysis (strengths, weaknesses, opportunities and threats), metrics, analytics and the balanced scorecard. Describe what you find here and share as appropriate on the D2L discussion topic for IT Toolkits.

Answer these questions for each tool you want to include:

How is the tool accessed?How is the tool used?What is the value of the tool for the IT manager?General comments on the tool:

END