IT GOVERNANCE: From Value Governance to Benefits
Realization in a Controlled Environment
George Papoulias, CISA, CGEIT, CRISC
Senior Project Manager
National Bank of Greece
AN OVERVIEW OF THE ENTERPRISE
GOVERNANCE OF IT
•Essential Concepts
•ISACA’S Frameworks Relationships
•COBIT5 Overview
•COBIT Mappings
THE VAL IT FRAMEWORK
•ITGI’s Val IT Framework
•Key Terms
•Goals & Objectives
•Why Val IT?
•Synergies between Val IT and Cobit 4.1
•How Val IT Works
•Key Terms and Principles
•Val IT Domains & Processes
•The Business Case
BENEFITS RELEASATION THROUGH IT
GOVERNANCE
•Projects, Programs, and Portfolios Defintions
•IT Project Portfolio Categorization
•PM Guide Process and Mapping to SDLC
•SDLC Guide
•IT Governance Supporting Tools
CONCLUSION
•A Structured Approach
•The Challenge
•The Ingredients of Success
7 December 2011 2
George Papoulias
Senior Project Manager
National Bank of Greece
PRESENTATION OUTLINE
ENTERPRISE GOVERNANCE DRIVES IT GOVERNANCE
• Enterprise governance is about:
Conformance
• Adhering to legislation, internal policies, audit requirements, etc.
Performance
• Improving profitability, efficiency, effectiveness, growth, etc.
Performance
Conformance
Enterprise governance and IT governance require a balance between conformance and performance goals directed by the board.
7 December 2011 3
George Papoulias
Senior Project Manager
National Bank of Greece
Source: Fujitsu
Can‟t kill projects
Leads to..
Too many projects
Quality of execution
suffers
Underestimation of
risks and costs
Projects not aligned to
strategy
Budget overruns
Project delays
Business needs
not met
Lack of
confidence (in
IT)
Results in..
Benefits not
received
Increased
Complexity
Sub-optimal
use of
resources
Finger pointing
Situation
Reluctance to say no
to projects
Lack of Strategic Focus
Projects are “sold” on
emotional basis -- not
selected
No strong review process
Overemphasis on
Financial ROI
No clear strategic
criteria for
selection
WITHOUT EFFECTIVE GOVERNANCE
7 December 2011 4George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 5
ITGI defines enterprise governance of IT as:
The set of responsibilities—as well as the leadership and organizationalstructures and processes—exercised by the board of directors and executivemanagement to ensure that IT creates value for the enterprise. An integral partof overall enterprise governance, enterprise governance of IT ensures that ITsustains and extends the enterprise’s evolving objectives and strategies.
Source: IT Governance Institute, Board Briefing on IT Governance
What is IT Governance?
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 6
Relationship Between IT Governance and IT Management
The scope if IT Governance involves setting objectives, providing direction end evaluating performance
The scope of IT Management involves translating the direction already set in the strategy, implementing the strategy (translating the strategy into action) and measuring and reporting on performance
Set objectives
* IT is aligned with the business
* IT enables the business and maximizes benefits
* IT resources are used responsibly
* It related risks are managed appropriately
Provide Direction
Translate into Strategy
Translate Strategy into Action
* Increase automation(make the business effective)
* Decrease cost (make the business efficient)
* Manage Risks (Security, Reliability and Compliance)
Measure and Report
Performance
Evaluate Performance
IT GOVENANCE
IT MANAGEMENT
Source:
Courtesy of
Erik
Guldentops,
EG Consult,
Belgium
VAL IT RISK IT
COBIT
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 7
According to the IT Governance Institute the Enterprise Governance of IT has been subdivided into five focus areas:
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI
Enterprise Governance of IT Focus Areas
IT
GOVERNANCE
RESOURCE
MANAGEMENT
George Papoulias
Senior Project Manager
National Bank of Greece
Stra
tegic
Alignm
ent
Value Delivery
Ris
k M
anagem
ent
Resource Management
Perfo
rmance
Measu
rem
ent
IT IT GovernanceGovernance
DomainsDomains
Stra
tegic
Alignm
ent
Value Delivery
Ris
k M
anagem
ent
Resource Management
Perfo
rmance
Measu
rem
ent
IT IT GovernanceGovernance
DomainsDomains
Strategic alignment, focuses on ensuring the linkage of business and IT plan; on
defining, maintaining and validating the IT value proposition; on aligning IT operations
with the enterprise operations; and establishing collaborative solutions to
•Add value and competitive positioning to the enterprise’s products and services
•Contain costs while improving administrative efficiency and managerial effectiveness
IT Governance Focus Areas
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI
7 December 2011 8
George Papoulias
Senior Project Manager
National Bank of Greece
Stra
tegic
Alignm
ent
Value Delivery
Ris
k M
anagem
ent
Resource Management
Perfo
rmance
Measu
rem
ent
IT IT GovernanceGovernance
DomainsDomains
Stra
tegic
Alignm
ent
Value Delivery
Ris
k M
anagem
ent
Resource Management
Perfo
rmance
Measu
rem
ent
IT IT GovernanceGovernance
DomainsDomains
Value delivery is about executing the value proposition throughout the delivery cycle,
ensuring that IT delivers the promised benefits against the strategy, concentrating on
optimising expenses and proving the value of IT, and on controlling projects and
operational processes with practices that increase the probability of success (quality,
risk, time, budget, cost, etc)
IT Governance Focus Areas
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI
7 December 2011 9
George Papoulias
Senior Project Manager
National Bank of Greece
Stra
tegic
Alignm
ent
Value Delivery
Ris
k M
anagem
ent
Resource Management
Perfo
rmance
Measu
rem
ent
IT IT GovernanceGovernance
DomainsDomains
Stra
tegic
Alignm
ent
Value Delivery
Ris
k M
anagem
ent
Resource Management
Perfo
rmance
Measu
rem
ent
IT IT GovernanceGovernance
DomainsDomains
Risk management requires risk awareness of senior corporate officers, a clear under-
standing of the enterprise’s appetite for risk and transparency about the significant
risks to the enterprise; it embeds risk management responsibilities in the operation of
the enterprise and specifically addresses the safeguarding of IT assets, disaster
recovery and continuity of operations
IT Governance Focus Areas
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI
7 December 2011 10
George Papoulias
Senior Project Manager
National Bank of Greece
Stra
tegic
Alignm
ent
Value Delivery
Ris
k M
anagem
ent
Resource Management
Perfo
rmance
Measu
rem
ent
IT IT GovernanceGovernance
DomainsDomains
Stra
tegic
Alignm
ent
Value Delivery
Ris
k M
anagem
ent
Resource Management
Perfo
rmance
Measu
rem
ent
IT IT GovernanceGovernance
DomainsDomains
Resource management covers the optimal investment, use and allocation of IT
resources and capabilities (people, applications, technology, facilities, data) in servicing
the needs of the enterprise, maximising the efficiency of these assets and optimising
their costs, and specifically focusses on optimising knowledge and the IT infrastructure
and on where and how to outsource
IT Governance Focus Areas
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI
7 December 2011 11
George Papoulias
Senior Project Manager
National Bank of Greece
Stra
tegic
Alignm
ent
Value Delivery
Ris
k M
anagem
ent
Resource Management
Perfo
rmance
Measu
rem
ent
IT IT GovernanceGovernance
DomainsDomains
Stra
tegic
Alignm
ent
Value Delivery
Ris
k M
anagem
ent
Resource Management
Perfo
rmance
Measu
rem
ent
IT IT GovernanceGovernance
DomainsDomains
Performance measurement, tracking project delivery and monitoring IT services, using
balanced scorecards that translate strategy into action to achieve goals measurable
beyond conventional accounting, measuring those relationships and knowledgebased
assets necessary to compete in the information age: customer focus, process efficiency
and the ability to learn and grow.
IT Governance Focus Areas
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI
7 December 2011 12
George Papoulias
Senior Project Manager
National Bank of Greece
Relationships amongst CobiT, Val IT and Risk IT
7 December 2011 13
ITGI’s guidance, centered on theCOBIT, Val IT and Risk ITframeworks, enables enterprisedirectors and managers to betterunderstand how to direct andmanage the enterprise’s use of ITand the standard of good practiceto be expected from IT providers.
COBIT, Val IT and Risk IT providethe tools to direct and oversee allIT-related activities.
Source: The Risk IT Framework, Executive Summary, p.7, 2008, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 14
Comparing how COBIT and Val IT focus on governance,processes and portfolios further helps to understand therelationship between the two frameworks as shown in figure15.
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.25, 2008, ITGI
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 15
Integration of CobiT 4.1,Val IT 2.0 and Risk IT into COBIT 5
George Papoulias
Senior Project Manager
National Bank of Greece
ISACA’s COBIT5 Framework
• COBIT 5 is a governance and management framework for information and related technology that starts from stakeholder needs with regard to information and technology.
• COBIT 5 is complete in enterprise coverage, providing a basis to integrate effectively other frameworks, standards and practices used.
7 December 2011 16
George Papoulias
Senior Project Manager
National Bank of Greece
COBIT 5 Process Reference Model
Governance and Management ProcessesOne of the guiding principles in COBIT is the distinction made between governance and management. In line with this principle, every organisation would be expected to implement a number of governance processes and a number of management processes in order to provide comprehensive governance and management of enterprise IT.When considering processes for governance and management in the context of the enterprise, the difference between types of processes lies into the objectives of the processes:• Governance processes—Governance processes will deal with the governance objectives—value delivery, risk management and resource balancing—and will include practices and activities aimed at evaluating strategic options,providing direction to IT and monitoring the outcome. (EDM—in line with the ISO/IEC 38500 standard concepts)• Management processes—In line with the definition of management, practices and activities in management processes will cover the responsibility areas of plan, build, run and monitor (PBRM) enterprise IT, and they will haveto provide end‐to‐end coverage of IT.
7 December 2011 17
Source: COBIT5, Process Reference Guide Exposure Draft, p.13, 2011, ISACAGeorge Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 18
Complete set of 36 Governance and Management Processes within COBIT5
Source: COBIT5, Process Reference Guide Exposure Draft, p.15, 2011, ISACAGeorge Papoulias
Senior Project Manager
National Bank of Greece
COBIT 5 Drivers
A need to link together and reinforce all major ISACA frameworks (CobiT, Val IT, Risk IT)
A need to connect to, and, where relevant ,align with, other major frameworks andstandards in the marketplace, such as Information Technology Infrastructure Library(ITIL®), The Open Group Architecture Forum (TOGAF), Project Management Body ofKnowledge (PMBOK), PRojects IN Controlled Environments 2 (PRINCE2®) and theInternational Organization of Standards (ISO) standards. This will help stakeholdersunderstand how various frameworks, best practices and standards are positionedrelative to each other and how they can be used together and could augment eachother.
A need to for the enterprise to achieve increased:- Value creation through enterprise IT- Business user satisfaction with IT engagement and services- Compliance with relevant laws, regulations and policies
7 December 2011 19
Source: COBIT5, Process Reference Guide Exposure Draft, p.16, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 20
COBIT5 Goals Cascade Overview
Source: COBIT5, Process Reference Guide Exposure Draft, p.2, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 21
Source: COBIT5, Process Reference Guide Exposure Draft, p.4, 2011, ISACA
Enterprise Goals Mapped to Governance Objectives
The following scale applies:
- ‘P’ stands for primary, when there is an important relationship, i.e., the IT‐related goal is aprimary support for the enterprise goal.- ‘S’ stands for secondary, when there is still a strong but less important relationship, i.e., theIT‐related goal is a secondary support for the enterprise goal.
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 22
Source: COBIT5, Process Reference Guide Exposure Draft, p.215, 2011, ISACA
Mapping COBIT 5 Enterprise Goals to IT‐related Goals
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 23
Source: COBIT5, Process Reference Guide Exposure Draft, p.217, 2011, ISACA
Mapping COBIT 5 IT–related Goals to COBIT5 Processes (1)
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 24
Source: COBIT5, Process Reference Guide Exposure Draft, p.218, 2011, ISACA
Mapping COBIT 5 IT–related Goals to COBIT5 P Processes (2)
George Papoulias
Senior Project Manager
National Bank of Greece
COBIT 5 Organisational Structures Model
Illustrative Organisational Structures in COBIT 5
7 December 2011 25
Source: COBIT5, Process Reference Guide Exposure Draft, p.76, 2011, ISACAGeorge Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 26
COBIT 5 Organisational Structures Model
Illustrative Organisational Structures in COBIT 5
Source: COBIT5, Process Reference Guide Exposure Draft, p.77, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 27
Source: COBIT5, Process Reference Guide Exposure Draft, p.106, 2011, ISACA
Detailed process‐related information
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 28
Source: COBIT5, Process Reference Guide Exposure Draft, p.106, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 29
Source: COBIT5, Process Reference Guide Exposure Draft, p.107, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 30
Source: COBIT5, Process Reference Guide Exposure Draft, p.108, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 31
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 32
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 33
COBIT5 Governance and Management
Practices
COBIT 4.1 Control Objectives
Val IT 2.0 Key Management
Practices
Risk IT Management Practices
MAPPING BETWEEN COBIT 5 AND LEGACY ISACA FRAMEWORKS
Source: COBIT5, Process Reference Guide Exposure Draft, p.205, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 34
Source: COBIT5, Process Reference Guide Exposure Draft, p.206, 2011, ISACAGeorge Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 35
Source: COBIT5, Process Reference Guide Exposure Draft, p.212, 2011, ISACAGeorge Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 36
Source: COBIT5, Process Reference Guide Exposure Draft, p.212, 2011, ISACAGeorge Papoulias
Senior Project Manager
National Bank of Greece
COBIT
PMBOK
ISO 27001
ITILV3
COSO
WHAT HOW
COBIT and Other IT and Project Management Frameworks
SCOPE OF COVERAGE
VAL IT
CMMI
Go
vern
ance
Laye
rIT G
ove
rnan
ceLa
yer
IT Man
agem
ent
Laye
r
7 December 2011 37
George Papoulias
Senior Project Manager
National Bank of Greece
COMBINATION OF COBIT AND ITIL V3
OVERVIEW
Figure 8 is an overview of ITIL V3 and COBIT and highlights the differences in guidance.
(+) Significant match(o) Minor match(-) Unrelated or minor focus(\) No COBIT IT process exists.
7 December 2011 38
Source: COBIT® MAPPING: MAPPING OF ITIL® V3 WITH COBIT® 4.1, p.22, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
COMBINATION OF COBIT AND PMBOK
7 December 2011 39
OVERVIEW
Figure 12 is an overview of PMBOK and COBIT highlights the differences in guidance.
(+) Significant match(o) Minor match(-) Unrelated or minor focus(\) No COBIT IT process exists.
Source: COBIT® Mapping: Mapping of CMMI® for Development, V1.2, Wit h COBIT® 4.1, p.28, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
COMBINATION OF COBIT AND CMMI-DEV
7 December 2011 40
OVERVIEW
Figure 13 is an overview of CMMI-DEV and COBIT highlights the differences in guidance.
(+) Significant match(o) Minor match(-) Unrelated or minor focus(\) No COBIT IT process exists.
Source: COBIT® Mapping: Mapping of CMMI® for Development, V1.2, Wit h COBIT® 4.1, p.28, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
AN OVERVIEW OF THE ENTERPRISE
GOVERNANCE OF IT
•Essential Concepts
•ISACA’S Frameworks Relationships
•COBIT5 Overview
•COBIT Mappings
THE VAL IT FRAMEWORK
•ITGI’s Val IT Framework
•Key Terms
•Goals & Objectives
•Why Val IT?
•Synergies between Val IT and Cobit 4.1
•How Val IT Works
•Key Terms and Principles
•Val IT Domains & Processes
•The Business Case
BENEFITS RELEASATION THROUGH IT
GOVERNANCE
•Projects, Programs, and Portfolios Defintions
•IT Project Portfolio Categorization
•PM Guide Process and Mapping to SDLC
•SDLC Guide
•IT Governance Supporting Tools
CONCLUSION
•A Structured Approach
•The Challenge
•The Ingredients of Success
7 December 2011 41
PRESENTATION OUTLINE
George Papoulias
Senior Project Manager
National Bank of Greece
ITGI’s Val IT Framework
7 December 2011 42
• The Val IT framework is a comprehensive, credible and pragmatic organizing framework, with practical guidelines, principles, processes and supporting practices that help boards, executive management and other organizational leaders maximize the realization of value from IT investments.
• Proven practices and techniques for evaluating and managing investment in business change and innovation
• Val IT helps executives:
– Increase the probability of picking winners
– Increase the likelihood of IT investment success
– Reduce surprises from IT cost and delivery date overruns
– Reduce costs due to inefficient investments
Source: The Business Case Guide: Using Val IT 2.0, p.22, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
Key Terms of Val IT
Portfolio: A grouping of programme, projects, services or assets, selected,managed and monitored to optimize business return. (Note that the initial focusof Val IT is primarily interested in a portfolio of programmes. COBIT is interestedin portfolios of projects, services or assets.)
Programme: A structured group of interdependent projects that are bothnecessary and sufficient to achieve the business outcome and deliver value.These projects could include, but not be limited to, changes to the nature of thebusiness, business processes, the work performed by people, as well as thecompetencies required to carry out the work, enabling technology andorganizational structure. The investment programme is the primary unit ofinvestment within Val IT.
Project: A structured set of activities concerned with delivering a definedcapability (that is necessary but NOT sufficient to achieve a required businessoutcome) to the enterprise based on an agreed schedule and budget.
7 December 2011 43
Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.11, 2008, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
Goals & Objectives
The goal of Val IT is to enable organizations to manage their investments in IT suchthat they deliver optimal value to the enterprise at an affordable cost and with anacceptable level of risk by:
• Identifying and clearly defining strategically aligned investment opportunitieswith clearly defined business outcomes
• Evaluating, prioritizing and selecting investments based upon their potential risk-adjusted value in the context of the organization’s strategic objectives
• Managing the execution of investments through their full economic life cycle suchthat they deliver the optimal value
7 December 2011 44
Source: The Business Case Guide: Using Val IT 2.0, p.22, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
An organization needs stronger governance over IT investments if:
• IT investments are not supporting the business strategy or providing expected value
• There are too many projects, resulting in inefficient use of resources
• Projects often are delayed, run over budget, and/or do not provide the needed benefits
• There is an inability to cancel projects when necessary
• It needs to ensure compliance to industry or governmental regulations
Why Val IT™
?
7 December 2011 45
Source: The Business Case Guide: Using Val IT 2.0, p.22, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
Val IT and COBIT: A Synergistic Relationship
Val IT and COBIT provide business and IT decision makers with a comprehensive framework forthe creation of value from the delivery of high-quality IT-based services. Val IT both complementsCOBIT and is supported by it.
‘Are we doing the right things?’ (the strategic question)
‘Are we getting the benefits?’ (the value question)
‘Are we doing them the right way?’ (the architecture question)
‘Are we getting them done well?’ (the delivery question)
COBIT, on the other hand, takes the IT view, helping executives focus on answeringthe questions.
Val IT takes the enterprise governance view. It helps executives focus on two of four fundamental IT governance-related questions
7 December 2011 46
Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.11, 2008, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 47
Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.9, 2008, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
How Does Val IT Fit With/ Complement COBIT?
While COBIT is a comprehensive framework for IT governance, its primary focus has traditionally been on thedelivery of IT services through the effective and efficient management of IT assets. Val IT complements COBIT(see figure 2) by supporting the effective alignment, deployment and use of IT services such that they deliver optimal value to the enterprise.
7 December 2011 48
Source: The Business Case Guide: Using Val IT 2.0, p.22, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
Val IT is guided by a number of principles:
•IT-enabled investments will be managed as a portfolio of investments.
•IT-enabled investments will include the full scope of activities that are required to achieve business value.
•IT-enabled investments will be managed through their full economic life cycle.
•Value delivery practices will recognize that there are different categories of investments that will be evaluated and managed differently.
•Value delivery practices will define and monitor key metricsand will respond quickly to any changes or deviations.
•Value delivery practices will engage all stakeholders and assign appropriate accountability for the delivery of capabilities and the realization of business benefits.
•Value delivery practices will engage all stakeholders and assign appropriate accountability for the delivery of capabilities and the realization of business benefits.
7 December 2011 49
Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.11, 2008, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
The Val IT principles are applied in three management processes:
7 December 2011 50
Value Governance (VG)
Portfolio management (PM)
Investment Management (IM)
Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.12, 2008, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
Establish informed andcommitted leadership.
Align and integrate valuemanagement with enterprise financial
planning.
Define andimplement processes.
Establish effectivegovernance monitoring.
Define portfolio characteristics.
Continuously improve value management
practices.
Establish strategic direction
and target investment mix.
Evaluate and selectprogrammes to fund.
Determine the availability and sources of funds.
Monitor and reporton investment
portfolio performance.
Manage the availabilityof human resources.
Optimise investmentportfolio performance.
Understand the candidateprogramme and
implementation options.
Develop the detailed candidate
programme business case.
Develop the programmeplan.
Launch and managethe programme.
Develop full life cycle costsand benefits.
Update operationalIT portfolios.
Develop and evaluate the initial programme concept
business case.
Update the business case.Monitor and report on
the programme.Retire the programme.
Value Governance
(VG)
Portfolio Management
(PM)
Investment Management
(IM)
How Val IT™ Works
7 December 2011 51
Source: The Business Case Guide: Using Val IT 2.0, p.14, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 52
Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.16, 2008, ISACAGeorge Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 53
Source: The Business Case Guide: Using Val IT 2.0, p.12, 2011, ISACA
George Papoulias
Senior Project Manager
National Bank of Greece
The Business Case is a detailed investment proposal that considers quantitative and qualitative evaluation factors that underlie selection of a business solution.
Use of the Business Case should provide answers to the following questions:
• Why do the project now? • What is the impact of not doing the project? • How does the project support the organization goals? • What business problem does the project solve? • What is the financial impact? • When will the project show results?
The Business Case
A business case analysis is used to compare various business solution alternatives and to provide a basis for selecting the one that delivers the greatest value to the organization and the Stakeholders.
Ultimately, use of a Business Case should help the organisation prioritize its technology investments by making smart decisions, and provide the basis for evaluation of business outcomes following project closure.
7 December 2011 54
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 55
The Business CaseThe investment, category size, the impact if not successful, and position in the economic life cycle are factors thatdetermine which components of the business case require greater attention and what level of detail is required. Thefollowing example illustrates an overall structure and content of a business case:
Source: The Business Case Guide: Using Val IT 2.0, p.38, ISACA, 2010
George Papoulias
Senior Project Manager
National Bank of Greece
AN OVERVIEW OF THE ENTERPRISE
GOVERNANCE OF IT
•Essential Concepts
•ISACA’S Frameworks Relationships
•COBIT5 Overview
•COBIT Mappings
THE VAL IT FRAMEWORK
•ITGI’s Val IT Framework
•Key Terms
•Goals & Objectives
•Why Val IT?
•Synergies between Val IT and Cobit 4.1
•How Val IT Works
•Key Terms and Principles
•Val IT Domains & Processes
•The Business Case
BENEFITS RELEASATION THROUGH IT
GOVERNANCE
•Projects, Programs, and Portfolios Definitions
•IT Project Portfolio Categorization
•PM Guide Process and Mapping to SDLC
•SDLC Guide
•IT Governance Supporting Tools
CONCLUSION
•A Structured Approach
•The Challenge
•The Ingredients of Success
7 December 2011 56
PRESENTATION OUTLINE
George Papoulias
Senior Project Manager
National Bank of Greece
PortfolioManagement
ProgrammeManagement
Project Management
Programme – a structured grouping of projects designed to produce clearly identified business value
Project – a structured set of activities concerned with delivering a defined capability based on an agreed schedule and budget
Portfolio – a suite of business programmes managed to optimise overall enterprise value
Projects, Programs, and Portfolios
7 December 2011 57
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 58
IT Project Portfolio Categorization
Run the Business
•The spending necessary to maintain existing operations at the existing level
Grow the Business
•The spending necessary to, for instance, provide additional automation to improve efficiency or the consolidation of data centers to reduce costs and increase competitiveness
Transform the Business
•The introduction of new areas of business, the expansion into new markets or any other radical transformation project designed to lead to significantly enhanced revenues and profits
Transformational Investments
•Information Systems to process the basic, repetitive transactions of the business
•Example: Mortgage processing, account management
Informational Investments
•Information Systems for managing and controlling the enterprise
•Example: Financial control, decision making, planning, communication
Strategic Investments
•Information Systems enabling entry into new markets and adding value by increasing competitive advantage to the business
•Example: Internet-enabled Banking, Data Center consolidation
Infrastructure Investments
•Infrastructure Systems that may not generate any direct quantifiable financial benefit themselves but they benefit the business applications that depend upon them
•Example: Network Systems replacement or major upgrade
Legislative, Regulatory or Mandatory Investments
•Projects that need to be undertaken just to stay in business by implementing the requirements of industry regulators, environmental agencies or governmental bodies
•Example: The US Sarbanes-Oxley Act of 2002 and, for financial services companies, Basel II requirements.
The META Group Categorization
Two popular Project Portfolio Categorization paradigms:
The MIT Center for Information Systems Research (CISR)
Source: META Group, „Portfolio Management and the CIO, Part 3‟, March 2002
Source: Weill, Peter; Marianne, Broadbent; Leveraging the New Infrastructure, HBS Press 1998
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 59
Task
• Small piece of work
• Independent of a project
• Lasting not longer than a few person-hours
• Involving only a few people
• Meant to accomplish a simple and straightforward goal
• May be a component of operational work
• May require change management processes
• Rated as such from the Project Complexity and Risk Assessment model
Operational
• Ongoing work to sustain or provide a service
• Change management processes applicable for non project-related changes
Project
• Temporary endeavor (defined beginning and end)
• Which uses progressive elaboration
• To create products, services, or results
Application of Project Management
Types of WorkInitiatives categorized as ‘tasks’ or ‘operational’ are not required to follow theproject management methodologies. Upcoming/potential work should beanalyzed to determine which category is applicable:
George Papoulias
Senior Project Manager
National Bank of Greece
Project Classification Model
7 December 2011 60
Assigns a classification level to a project based on a combination of complexityand risk; this step also defines projects that require an additional level ofmanagement.
The Project Classification Model includes the most predominant factorscontributing to determining the Classification Level of a project. It includes alsothe Project Management Processes required to successfully implement a project.
Information technology projects are managed through standardized projectmanagement practices. However, the specific processes engaged within eachProject Management process group is based upon a project’s classification level.
As new project ideas and requests are brought for consideration, they must firstbe classified through the Project Complexity and Risk Assessment model, whichscores factors that define a project’s complexity and risk.
The Classification Matrix uses this information to determine the Classification Level of a project.
George Papoulias
Senior Project Manager
National Bank of Greece
Project Complexity and Risk Assessment Criteria
7 December 2011 61
George Papoulias
Senior Project Manager
National Bank of Greece
Classification Matrix
The Classification Matrix uses this information to determine the Classification Level of a project.
7 December 2011 62
Complexity High risk Medium risk Low risk
Complex Level 1 Level 1 Level 2
Medium Level 1 Level 2 Level 3
Small Level 2 Level 3 Level 3
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 63
Classification Level
Classification level one (1) indicates that risk will play a very crucialrole throughout the project development, planning,implementation, and closeout. A more detailed analysis anddocumentation of procedures are required to avoid, mitigate, andtransfer risks associated with the project.
Level two (2) denotes less complex projects with medium-to-low risk and risk is handled as a key project component that influences development, planning, implementing, and closeout.
Level three (3) identifies risk as a consideration in development,planning, implementing and is particularly important in thecloseout stage.
Based on the risks identified through the Project Classification process, a project‟s risk score is used to help assess the Classification Level (Level 1, Level 2, Level 3) of the project and indicate the project management processes required for the project.
The classification level of a project will determine the project management methodologies (ProjectManagement Process Group Processes) required or recommended for each phase of the project lifecycleof the project.
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 64
Level 1
Project Initiation
• Identify Project Sponsor
• Identify Initial Project Team
• Develop Project Charter
• Conduct Project Kick-off Meeting
• Establish Project Repository
• Define Project Scope
• Develop High-Level Schedule
• Identify Quality Standards
• Establish Project Budget
• Document Risks
• Identify and Document Stakeholders‟ Involvement
• Develop Communications Plan
• Compile All Information to produce the Initial Project Plan
• Review/Refine Business Case
• Gain Approval Signature from Project Sponsor
Project Planning
• ………
• ………
Level 2
Project Initiation
• Identify Project Sponsor
• Identify Initial Project Team
• Develop Project Charter
• Conduct Project Kick-off Meeting
• Establish Project Repository
• Define Project Scope
• Develop High-Level Schedule
• Establish Project Budget
• Identify and Document Stakeholders‟ Involvement
• Develop Communications Plan
• Compile All Information to produce the Initial Project Plan
• Review/Refine Business Case
Project Planning
• ………
• ………
Level 3
Project Initiation
• Identify Initial Project Team
• Develop Project Charter
• Conduct Project Kick-off Meeting
• Develop High-Level Schedule
Project Planning
• ………
• ………
PROJECT CLASSIFICATION
Requirements by Project Level
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 65
2 Gate 1-Approve project
proposal?
1Create Project
Proposal
5Develop
Business Case
10Review Project
9Implement & Manage
Project
11Realize Benefits
12Close
Project
Program/Project Portfolio Management Process
who Input Output
Gate 1 Gate 2 Project Reviews Gate3
4End/Suspend
or ReplanPP/BC
6 Gate2-
Authorize Implementation?
7Analyze Portfolio & Recommend
Project Priorities
8Prioritize Project Portfolio
Portfolio/
Program/
Project
Management
Office (PMO)
Decision
Board
Business
Leaders,
Sponsors
Finance
Processing
Budgeting
Process
Project Idea,
Project
Guidelines,
Project
Status,
Budgets,
Financial
Assumptions
, Risks,
Resources,
Results,
Benchmark
Results,
Polices,
Procedures,
Standards
Project
Decision
Criteria,
Project
Guidelines,
Strategic
Plans,
Budgets,
Mergers,
Acquisitions
&
Divestitures
Market,
Industry
Trends,
Process
Tools,
Templates &
Guides
Yes
Yes
No
No Yes
3Incorporate into Budgeting Process
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 66
PROJECT MANAGEMENT LIFECYCLE
SYSTEM DEVELOPMENT LIFECYCLE
Mapping the Project Management and System Development Lifecycles
PROJECT ORIGINATION
PROJECT INITIATION
PROJECT PLANNING
PROJECT EXECUTION &
CONTROLPROJECT CLOSE
SYSTEM INITIATION
SYSTEM REQUIREMENTS
ANALYSISSYSTEM DESIGN
SYSTEM CONSTRUCTION
SYSTEM ACCEPTANCE
SYSTEM IMPLEMETATION
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 67
Project Origination
Develop Project Proposal
Develop Business Case
Evaluate Project Proposals
Select Projects
Project Initiation
Prepare for the Project
Define Cost Schedule Scope Quality
Perform Risk Identification
Develop Initial Project Plan
Confirm Approval to Proceed to Next
Phase
Project Planning
Conduct Project Planning Kick-Off
Refine Cost Schedule Scope Quality
Perform Risk Assessment
Refine Project Plan
Confirm Approval to Proceed to Next
Phase
Project Execution and Control
Conduct Project Execution and Control
Kick-Off
Manage Cost Schedule Scope
Quality
Monitor and Control Risks
Manage Project Execution
Gain Project Acceptance
Project Close
Conduct Post-Implementation
Review
Perform Administrative Close
PROJECT MANAGEMENT LIFE CYCLEWORK BRAKEDOWN STRUCTURE
SYSTEM DEVELOPMENT LIFECYCLEGeorge Papoulias
Senior Project Manager
National Bank of Greece
BUSINESS PROCESSES
DIVISION
&
INFORMATION TECHNOLOGY
DIVISION
Project Management Life Cycle
(PMLC)
VOLUME 1
Introduction to the PMLC
VOLUME 2
PMLC Phases
VOLUME 3
Glossary and Acronyms
VOLUME 4
Templates
7 December 2011 68
George Papoulias
Senior Project Manager
National Bank of Greece
Table of Contents
VOLUME 1
INTRODUCTION
OVERVIEW
______________
VOLUME 2
PROJECT ORIGINATION
1.1 Develop Project Proposals
1.1.1 Develop Business Case
1.1.2 Develop Proposed Solution
1.2 Evaluate Project Proposals
1.2.1 Present Project Proposals
1.2.2 Screen Project Proposals
1.2.3 Rate Project Proposals
1.3 Select Projects
1.3.1 Prioritize Project Proposals
1.3.2 Choose Projects
1.3.3 Notify Project Sponsors
PROJECT INITIATION
2.1 Prepare for the Project
2.1.1 Identify Project Sponsor
2.1.2 Identify Initial Project Team
2.1.3 Review Historical Information
2.1.4 Develop Project Charter
2.1.5 Conduct Project Kick-off Meeting
2.1.6 Establish Project Repository
2.2 Define Cost Schedule Scope Quality
2.2.1 Define Project Scope
2.2.2 Develop High-Level Schedule
2.2.3 Identify Quality Standards
2.2.4 Establish Project Budget
2.3 Perform Risk Identification
2.3.1 Identify Risks
2.3.2 Document Risks
2.4 Develop Initial Project Plan
2.4.1 Identify and Document Stakeholders‟
Involvement
2.4.2 Develop a Communications Plan
2.4.3 Compile All Information to Produce Initial
Project Plan
2.5 Confirm Approval to Proceed to Next Phase
2.5.1 Review/Refine Business Case
2.5.2 Prepare for Formal Acceptance
2.5.3 Gain Approval Signature From Project
Sponsor
7 December 2011 69
George Papoulias
Senior Project Manager
National Bank of Greece
Table of Contents (continued)
VOLUME 2 (Continued)
PROJECT PLANNING
3.1 Conduct Project Planning Kick-Off
3.1.1 Identify New Project Team Members
3.1.2 Review Outputs of Project Initiation and
Current Project Status
3.1.3 Kick-Off Project Planning
3.2 Refine Cost Scope Schedule Quality
3.2.1 Refine Project Scope
3.2.2 Refine Project Schedule
3.2.3 Refine/Define Quality Standards and
Quality Assurance Activities
3.2.4 Refine Project Budget
3.3 Perform Risk Assessment
3.3.1 Identify New Risks, Update Existing Risks
3.3.2 Quantify Risks
3.3.3 Develop Risk Management Plan
3.4 Refine Project Plan
3.4.1 Define Change Control Process
3.4.2 Define Acceptance Management Process
3.4.3 Define Issue Management and
Escalation Process
3.4.4 Refine Communications Plan and Define
Communications Management Process
3.4.5 Define Organizational Change
Management Plan
3.4.6 Establish Time and Cost Baseline
3.4.7 Develop Project Team
3.4.8 Develop Project Implementation and
Transition Plan
3.5 Confirm Approval to Proceed to Next
Phase
3.5.1 Review/Refine Business Case
3.5.2 Prepare Formal Acceptance Package
3.5.3 Gain Approval Signature from Project
Sponsor
PROJECT EXECUTION AND CONTROL
4.1 Conduct Project Execution and Control
Kick-Off
4.1.1 Orient New Project Team Members
4.1.2 Review Outputs of Project Planning and
Current Project Status
4.1.3 Kick Off Project Execution and Control
4.2 Manage Cost Scope Schedule Quality
4.2.1 Manage Project Scope
4.2.2 Manage Project Schedule
4.2.3 Implement Quality Control
4.2.4 Manage Project Budget
4.3 Monitor and Control Risks
4.3.1 Monitor Risks
4.3.2 Control Risks
4.3.3 Monitor Impact on Cost Scope Schedule
Quality
7 December 2011 70
George Papoulias
Senior Project Manager
National Bank of Greece
Table of Contents (continued)
VOLUME 2 (Continued)
4.4 Manage Project Execution
4.4.1 Manage Change Control Process
4.4.2 Manage Acceptance of Deliverables
4.4.3 Manage Issues
4.4.4 Execute Communications Plans
4.4.5 Manage Organizational Change
4.4.6 Manage the Project Team
4.4.7 Manage Project Implementation and
Transition
4.5 Gain Project Acceptance
4.5.1 Conduct Final Status Meeting
4.5.2 Gain Acceptance Signature from Project
Sponsor
PROJECT CLOSE
5.1 Conduct Post-Implementation Review
5.1.1 Solicit Feedback
5.1.2 Conduct Project Assessment
5.1.3 Prepare Post-Implementation Report
5.2 Perform Administrative Closeout
5.2.1 Update Skills Inventory and Provide
Performance Feedback
5.2.2 Archive Project Information
______________
VOLUME 3
GLOSSARY & ACRONYMS
_______________
VOLUME 4
TEMPLATES
7 December 2011 71
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 72
System Initiation
Prepare System Initiation
Environment
Validate Proposed Solution
System Schedule
System Requirements
Analysis
Prepare Requirements
Analysis Environment
Determine Business
Requirements
Define Business Process Model
Define Logical Data Model
Reconcile Business
Requirements with Models
Produce Functional
Specification
System Design
Prepare System Design
Environment
Define Technical Architecture
Define System Standards
Create Physical Database
Prototype System Components
Produce Technical Specifications
System Construction
Prepare System Construction Environment
Refine System Standards
Develop, Test and Validate (Unit
Level)
Conduct Integration and System Testing
Produce User and Training Materials
Produce Technical Documentation
System Acceptance
Prepare System Acceptance Environment
Validate Data Initialization and
Conversion
Perform Acceptance Test
Refine Supporting Material
System Implementation
Prepare System Implementation
Environment
Deploy System
Transition to Support
Operational System
SYSTEM DEVELOPMENT LIFE CYCLE
WORK BRAKEDOWN STRUCTURE
PROJECT MANAGEMENT LIFECYCLEGeorge Papoulias
Senior Project Manager
National Bank of Greece
BUSINESS PROCESSES
DIVISION
&
INFORMATION TECHNOLOGY
DIVISION
System Development Life Cycle
(SDLC)
VOLUME 1
Introduction to the SDLC
VOLUME 2
SDLC Phases
VOLUME 3
Glossary and Acronyms
VOLUME 4
Templates
7 December 2011 73
George Papoulias
Senior Project Manager
National Bank of Greece
Table of Contents
VOLUME 1INTRODUCTION
OVERVIEW
______________
VOLUME 21 SYSTEM INITIATION
1.1 Prepare for System Initiation
1.2 Validate Proposed Solution
1.3 Develop System Schedule
2 SYSTEM REQUIREMENTS
ANALYSIS
2.1 Prepare for System Requirements
Analysis
2.2 Determine Business Requirements
2.3 Define Process Model
2.4 Define Logical Data Model
2.5 Reconcile Business Requirements with
Models
2.6 Produce Functional Specification
3 SYSTEM DESIGN
3.1 Prepare for System Design
3.2 Define Technical Architecture
3.3 Define System Standards
3.4 Create Physical Database
3.5 Prototype System Components
3.6 Produce Technical Specifications
4 SYSTEM CONSTRUCTION
4.1 Prepare for System Construction
4.2 Refine System Standards
4.3 Develop, Test and Validate (Unit Level)
4.4 Conduct Integration and
System Testing
4.5 Produce User and Training Materials
4.6 Produce Technical Documentation
5 SYSTEM ACCEPTANCE
5.1 Prepare for System Acceptance
5.2 Validate Data Initialization and
Conversion
5.3 Test, Identify, Evaluate, React
5.4 Refine Supporting Materials
6 SYSTEM IMPLEMENTATION
6.1 Prepare for System Implementation
6.2 Deploy System
6.3 Transition to Support Operational
System
______________
VOLUME 3GLOSSARY & ACRONYMS
_______________
VOLUME 4TEMPLATES
7 December 2011 74George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 75
NBG BPO DIVISION Enterprise Business and IT Process Architecture
IT Governance Supporting Tools
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 76
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 77
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 78
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 79
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 80
NBG IS DIVISION Project Management Portal
George Papoulias
Senior Project Manager
National Bank of Greece
Are we maximizing the value of our IT
enabled business investments such that:
• we are getting optimal benefits;
• at an affordable cost; and
• with an acceptable level of risk?
The Fundamental Question
Over the full economic life-cycle of the investment
7 December 2011 81
George Papoulias
Senior Project Manager
National Bank of Greece
IT‐RELATED GOAL METRICS
7 December 2011 82
Having a Robust and well run Program/Project Management Methodology is not a Silver Bullet!What about the Metrics and the Realized Benefits?
IT RELATED GOALS AND METRICS
IT‐RELATED GOALS
Realized benefits from IT enabled investments and services portfolio
Delivery of programmes on time, on budget, and meeting requirements and quality standards
METRICS
Percent of IT‐enabled investments where benefit realization monitored through full economic lifecycle
Percent of IT services where expected benefits realised
Percent of IT‐enabled investments where claimed benefits met or exceeded
Number of programmes / projects on time and within budget
Percent of stakeholders satisfied with programme / project quality
Number of programmes needing significant rework due to quality defects
Cost of application maintenance vs. overall IT cost
George Papoulias
Senior Project Manager
National Bank of Greece
AN OVERVIEW OF THE ENTERPRISE
GOVERNANCE OF IT
•Essential Concepts
•ISACA’S Frameworks Relationships
•COBIT5 Overview
•COBIT Mappings
THE VAL IT FRAMEWORK
•ITGI’s Val IT Framework
•Key Terms
•Goals & Objectives
•Why Val IT?
•Synergies between Val IT and Cobit 4.1
•How Val IT Works
•Key Terms and Principles
•Val IT Domains & Processes
•The Business Case
BENEFITS RELEASATION THROUGH IT
GOVERNANCE
•Projects, Programs, and Portfolios Defintions
•IT Project Portfolio Categorization
•PM Guide Process and Mapping to SDLC
•SDLC Guide
•IT Governance Supporting Tools
CONCLUSION
•A Structured Approach
•The Challenge
•The Ingredients of Success
7 December 2011 83
PRESENTATION OUTLINE
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 84
The COBIT5 Framework
A governance and management framework
for information and related technology that starts from
stakeholder needs and create optimal value by maintaining a balance
amongst realizing benefits, managing risk and
balancing resources is about to be released
The Val IT 2.0 Framework.
A comprehensive, proven, practice-based structured
governance framework that can provide boards and executive
management teams with practical guidance in making IT investment decisions and using IT to create
enterprise value can be used
The CobiT 4.1 Framework.
A comprehensive, proven, structured framework that can provide boards and executive
management teams with information about the delivery of IT services through the effective and efficient management of IT
assets can be used. The Risk IT Framework.
A comprehensive, structured framework that provides board
and executive management teams with practical guidance in making
decisions to balance risk and reward for all IT systems matters
can be used
A Structured ApproachIT-enabled investments can bring huge rewards, but only with the right governance and management processes and full engagement from all management levels.
Using a Comprehensive IT Governance Framework:
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 85
The Challenge
Frameworks and best practices like CobiT don’t work as an off the self product. They must be adapted and customized to suit the organizations culture and operating style.
Strong leadership, of course, is imperative, particularly from leaders in addition to the CIO, such as senior executives, all of whom must be visibly committed to championing the value that IT and IT governance can deliver to the enterprise.
George Papoulias
Senior Project Manager
National Bank of Greece
The ingredients of Success
The key to realizing the true potential of IT-enabled business investments is torecognize that the organization is implementing change—not technology.
The intelligent and disciplined implementation of the best practices containedwithin COBIT and Val IT will make a significant contribution to enterprisesrealizing value from their IT-enabled business investments.
Val IT, together with COBIT, enables such an approach by ensuring thatinvestments are aligned with the enterprise’s strategic objectives, that acomplete and comprehensive business case is developed, that there isappropriate accountability and relevant metrics, and that the business case ismanaged through the full economic life cycle of the investment.
7 December 2011 86
The IT governance process, to be successful, needs visibility, leadership and commitment from the top.
George Papoulias
Senior Project Manager
National Bank of Greece
7 December 2011 87
Questions?
George Papoulias
Senior Project Manager
National Bank of Greece