Page 1Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Achieving IT Governance with COBIT, ITIL, ISO20000, CMM, ISO17799, etc.
Abstract:The need for regulatory compliance has become a cornerstone for most public and private corporations. Internal and external auditors are establishing this as a mandatory requirement in order to do business. The enforcement of IT controls and the implementation of accepted standards such as ITIL, ISO 20000 and COBIT are becoming new realities for IT organizations that face continuous legislative and IT governance pressures. We will discuss how these various frameworks fit together to help you implement a solid IT governance framework within your organization and successfully achieve compliance goals.
Page 2Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
What is IT Governance
Page 3Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Fact
“IT is the businessand
the business is IT”
Introduction
Page 4Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Definition: Information Technology“The study, design, development, implementation, support or management of computer-based information systems, particularly software applications and computer hardware." In short, IT deals with the use of electronic computers and computer software to convert, store, protect, process, transmit and retrieve information, securely. www.itaa.orgIncludes all matters concerned with the furtherance of computer science and technology and with the design, development, installation, and implementation of information systems and applications [San Diego State University]. An information technology architecture is an integrated framework for acquiring and evolving IT to achieve strategic goals. It has both logical and technical components. ...www.ichnet.org/glossary.htmAny equipment or interconnected system or subsystem of equipment, that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. The term information technology includes computers, ancillary equipment, software, firmware and similar procedures, services (including support services), and related resources. ...www.grc.nasa.gov/WWW/Purchase/Section_508_def.htma term that encompasses all forms of technology used to create, store, exchange and utilize information in its various forms including business data, conversations, still images, motion pictures and multimedia presentations.www.sciencecoalition.org/glossary/glossary_main.htmFiat is present in IT fields and in communications with ICT - Information & Communication Technology, Espin, Global Value, TeleClient, Atlanet.www.nationmaster.com/encyclopedia/FiatInformation technology provides the "engine" used to drive useful information systems. This includes computers, software, Internet/Intranet and telecommunications technology.www.southbend.tech.purdue.edu/academics/degrees/CPTHtml/cpt_terminology.htmlComputer and communications hardware and software used to automate and augment clerical, administrative, and management tasks in organizations.www.christlinks.com/glossary2.html(IT) The application of computer, communications and software technology to the management, processing and dissemination of information.www.mcca.mb.ca/4.training.3.htmThe term "IT" encompasses the methods and techniques used in information handling and retrieval by automatic means. The means include computers, telecommunications and office systems or any combination of these elements.www.nao.org.uk/intosai/edp/directory/misc/glossary.htmlEquipment, telecommunications, video telecommunications, proprietary software, and purchased services. It resources may also include personal services when OFM approvals are obtained and all reporting/approval requirements of OFM are followed.www.dis.wa.gov/portfolio/Definitions.htmIncludes both hardware and software. Use this term when the use of information technology is the underlying driver of the "interesting" feature or of the organization's profitability or productivity. This term can include computer modeling, simulation, innovative uses of AI, automated knowledge discovery, data mining, data warehousing. (Technology)ccs.mit.edu/21c/iokey.htmlThe hardware and software operated by an organization to accomplish a Federal function, regardless of the technology involved, whether computers, telecommunications, or other.www.gao.gov/policy/itguide/glossary.htmThe entire array of mechanical and electronic devices which aid in the storage, retrieval, communication, and management of information--from typewriters to computers to copying machines. Integrity of numberswww.sir.arizona.edu/resources/glossary.htmlthe hardware and software operated by a Federal agency or by a contractor of a Federal agency or other organization that processes information on behalf of the Federal Government to accomplish a Federal function (OMB Circular A-130).www.gils.net/gilsappb.htmlInformation Technology applies modern technologies to the creation, management and use of information. IT includes video recorders, CD-ROM, telephones, calculators, and electronic cash tills as well as computers.www.warwick.ac.uk/EAP/correcting_your_work/glossary.htmComputer Science Information Technology Programmingwww.qtac.edu.au/Statistical_Reports/Definitions_Used.htmhardware, software, telecommunications, database management, and other information processing technologies used in computer-based information systems; computer-based tools used to work with information and support the information needs of an organizationwww.321site.com/greg/courses/mis1/glossary.htmThe technology of computers, telecommunications, and other devices that integrate data, equipment, personnel, and problem-solving methods in planning and controlling business activities. Information technology provides the means for collecting, storing, encoding, processing, analyzing, transmitting, receiving, and printing text, audio, or video information. Hardware: In the context of information technology, the computer and its peripherals constitute the hardware. ...scrc.ncsu.edu/public/DEFINITIONS/G%20-%20I.htmlTelecommunications Lawyerswww.computerlaw.com.au/privacy.htmlApplied computer systems including: hardware-a computer and the associated physical equipment directly involved in the performance of data-processing or communications functions software-the programs, routines, and symbolic languages that control the functioning of the hardware and direct its operation and often including: network (also called a net)-a system of computers interconnected by telephone wires or other means (such as infra-red beam or fibre optic cable) in order to share ...education.qld.gov.au/curriculum/learning/literate-futures/glossary.htmlThe department that builds and maintains computer systems.it.csumb.edu/departments/data/glossary.htmlSometimes called Information Systems (IS) or Data Processing. Generic name for department or function that analyzes, creates, maintains and supports applications and databases used by an organization.www.bptrends.com/resources_glossary.cfmSubjects taught at all levels from school to university concerned with all aspects of programming and operating computers or using data and systems generated by the use of computers for business or technical developments.www.ceresconsult.demon.co.uk/html/glossary_of_terms.htmlTechnologies based on the use of computers and other integrated circuits to process data and produce information.www.globalfamilydoctor.com/aboutWonca/working_groups/write/itpolicy/ITPoli13.htmthe application of computer, audio, visual, and telecommunications technology to the acquisition, storage, manipulation, analysis, and display of information. Page 259www.ucs.mun.ca/~rsexty/business1000/glossary/I.htmThe use of computers and other electronic devices to acquire, store. process and distribute information.www.indiainfoline.com/bisc/acci.htmlthe branch of engineering that deals with the use of computers and telecommunications to retrieve and store and transmit information wordnet.princeton.edu/perl/webwnInformation technology (IT) or information and communication technology (ICT) is the technology required for information processing. In particular the use of electronic computers and computer software to convert, store, protect, process, transmit, and retrieve information from anywhere, anytime. en.wikipedia.org/wiki/Information_technology
Page 5Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Technology Management Strategies: TBStrategies and guidance for managing investments and activities
for information technology, information management, and service delivery:Accessibility Domain ArchitectureThe purpose of the Accessibility Domain Architecture is to facilitate the creation of a human-empowering infrastructure that recognizes that human beings are diverse and provides the opportunity for each of us to bring out our best.
Business Transformation Enablement Program (BTEP)The purpose of BTEP is to provide a business transformation toolkit enabling rigorous strategic planning and integrated strategic design across governments supporting interoperability and integration.
The Enhanced Management Framework (EMF)The Enhanced Management Framework (EMF) for Information Management and Information Technology (IM/IT) is an integrated management model comprised of principles, best practices, methodologies, tools and templates, designed to improve the Canadian Governments capability to manage its IM/IT investments, successfully deliver IM/IT projects, and minimize risks.
Federated Architecture ProgramThe purpose of the GOC FAP is to provide leadership, co-ordination, and broad direction in the planning, development, maintenance and use of a government-wide architecture for IM/IT infrastructure; comprised of the subset of the departmental infrastructure domains that are common or shared across government; in support of the government's renewal objectives and its service delivery agenda.
Information and Technology StandardsThis section encompasses all information and technology standards and applies to federal participation in all national and international information technology standards activities.
Information Technology SecurityThis section is intended to provide insight into the Chief Information Officer Branch's work on information technology security projects and issues. It is also intended to serve as a "one-stop-shop" for Treasury Board Secretariat -approved ITS standards. Here you will find information on the standards development process, on current and proposed standards, and links to other useful resources.
Open Source Software (OSS)Licensed software including OSS and methods are part of the corporate standards-based, IT infrastructure of the Government of Canada (GoC). Acquisition and usage decisions must align with the GOC Federated Architecture, while respecting federal legislation, agreements, guidelines and maximizing the GOC IT investments and opportunities.
http://www.tbs-sct.gc.ca/cio-dpi/techno_e.asp
Page 6Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Governance in Transportation
Page 7Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Financial and Accounting Governance
Financial Statement – Assets = Liabilities + S.E.Income StatementDebitCreditGeneral LedgerGAAPSOXSAS 70Accounting Standards Board "AcSB" www.acsbcanada.org
Page 8Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Definition of Governance - TB
Accountability is the obligation to demonstrate and take responsibility for performance in light of commitments and expected outcomes. An Authority – An Authority is the legislation, document or other venue that defines responsibilities within defined circumstance and empowers an individual or organization to deliver on them. Authority - Authority is delegated power to command and make final decisions within a particular domain with the expectation of being obeyed and held accountable for results. Governance – Governance is exercising authority to provide direction and to undertake, coordinate, and regulate activities in support of achieving this direction and desired outcomes. An Outcome is an event, occurrence or condition that occurs as adirect result of programs and activities. A Result is the impact or effect of a program or service.A Responsibility is something that one is required to do as part of a job, role or legal obligation.
Page 9Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Other IT Governance Definitions
“IT Governance specifies the decision-making authority and accountability to encourage desirable behaviors in the use of IT. IT Governance provides a framework in which the decisions made about IT issues are aligned with the overall business strategy and culture of the enterprise.”
“The Need for IT Governance: Now more than Ever”, Gartner Research note AV-21-4823, 2004
“A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus return over IT and its processes.”
COBIT, ISACA
“Governance encompasses the roles, responsibilities and accountabilities of the Legislative Assembly representing the public, and the organizations and management of government. Governance is the structure and processes that support the realization of overall objectives and the strategies to achieve them. It is concerned with the development, communication and implementation of government policy, and in monitoring performance with respect to standards. Governance includes ongoing risk assessment and management in the general course of delivering programs andservices.”
Ministry of Finance, Government of B.C.
“Information Technology Governance, IT Governance or ICT Governance, is a subset discipline of Corporate Governance focused on information technology systems and their performance and risk management. The rising interest in IT governance is partly due to compliance initiatives (e.g. Sarbanes-Oxley (USA) and Basel II (Europe)), as well as the acknowledgement that IT projects can easily get out of control and profoundly affect the performance of an organization.”
Wikipedia
“IT Governance is the responsibility of the board of directors and executive management. It is an integral part of enterprise governance and consists of leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategies and objectives.”
ITGI, Board briefing in IT governance
Page 10Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
The Reality of Information Technology
IT has moved from largely back-office support to becoming the prime enabler for business.
The confidentiality and integrity of financial management is in the control of IT systems.
Page 11Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Current Regulatory Compliance is Complex
Page 12Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Treasury Board Foundation Framework
Explains the purpose of Treasury Board policies and other instruments, such as directives and guidelines, and how they are structured;Summarizes general requirements common to all Treasury Board policy instruments; andBuilds on the Guidance for Deputy Ministers and Accountable Government: A Guide for Ministers (Privy Council Office) by explaining the general responsibilities, accountabilities and expectations of ministers and deputy heads in applying Treasury Board policy instruments.
Click for details
http://www.tbs-sct.gc.ca/prp-pep/ff-cp/ff-cp_e.asp
Page 13Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
TB: Enhanced Management Framework (EMF)
An integrated management model that includes processes and key practices for executives, as well as for business and project managers. The framework is supported by a set of principles, best practices, methodologies, tools, templates, handbooks, guides, and standards.The conceptual model shows the components of the EMF, and the way in which they are related.EMF is based on four guiding principles:
– alignment of IM/IT investments with business strategies; – establishment of clear accountabilities for managing IM/IT investments; – development of corporate project management disciplines; – identification and management of risks on a continuous basis.
EMF addresses two broad areas: – portfolio management and – project management.
Click for details
http://www.tbs-sct.gc.ca/emf-cag/index_e.asp
Page 14Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
FRAMEWORK FOR THE MANAGEMENT OF INFORMATION IN THE GOVERNMENT OF CANADA
information, results
Ensure Delivery Results
information,services
Prime Minister, Cabinet & Parliament
fundingplans & priorities
info
rmat
ion,
res
ults
Citizens & Business input,
feedback
Institutions
Central Agencies
legislation, priorities
23
1
information, results
Ensure Delivery Results
information,services
Prime Minister, Cabinet & Parliament
fundingplans & priorities
info
rmat
ion,
res
ults
Citizens & Business input,
feedback
Institutions
Central Agencies
legislation, priorities
2233
11
Common Service Institutions
Central Agencies
Provide Effective Management
information, results
Inter-institution
Committeesguidelines input, information
2direction, solutions
policies, standards, guidelines
1 common interests
3Institutions
Common Service Institutions
Central Agencies
Provide Effective Management
information, results
Inter-institution
Committeesguidelines input, information
22direction, solutions
policies, standards, guidelines
11 common interests
33Institutions
Institutions
Citizens & Business
Assure Information Rights
Independent Offices
complaintsresponses
appeals
1
2Federal Court
resolutions
recommendations
Institutions
Citizens & Business
Assure Information Rights
Independent Offices
complaintsresponses
appeals
11
22Federal Court
resolutions
recommendationsrecommendations
Information Governance and Accountability Overview Information Management DivisionTreasury Board of Canada Secretariat
Page 15Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview Control OBjectives for
Information and related Technology
an IT governance, control framework and maturity model
ensure IT resources are aligned with an enterprise's business objectives
ensure that services and information, when delivered, meet quality and security needs
originally an auditor's tool developed by the Information
Systems Audit and Control Association (www.isaca.org)
COBIT 4.1
Planning and OrganizationPO1 Define a Strategic IT Plan and directionPO2 Define the Information ArchitecturePO3 Determine Technological DirectionPO4 Define the IT Processes, Organization and RelationshipsPO5 Manage the IT InvestmentPO6 Communicate Management Aims and DirectionPO7 Manage IT Human ResourcesPO8 Manage QualityPO9 Access and Manage IT RisksPO10 Manage Projects
Acquisition and ImplementationAI1 Identify Automated SolutionsAI2 Acquire and Maintain Application SoftwareAI3 Acquire and Maintain Technology InfrastructureAI4 Enable Operation and UseAI5 Procure IT ResourcesAI6 Manage ChangesAI7 Install and Accredit Solutions and Changes
Delivery and SupportDS1 Define and Manage Service LevelsDS2 Manage Third-party ServicesDS3 Manage Performance and CapacityDS4 Ensure Continuous ServiceDS5 Ensure Systems SecurityDS6 Identify and Allocate CostsDS7 Educate and Train UsersDS8 Manage Service Desk and IncidentsDS9 Manage the ConfigurationDS10 Manage ProblemsDS11 Manage DataDS12 Manage the Physical EnvironmentDS13 Manage Operations
MonitoringME1 Monitor and Evaluate IT ProcessesME2 Monitor and Evaluate Internal ControlME3 Ensure Regulatory ComplianceME4 Provide IT Governance
Page 16Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
ISO 17799ISO17799, is a detailed security standard. It is organized into
ten major sections. Their objectives are:1. Business Continuity Planning
To counteract interruptions to business activities and to critical business processes from the effects of major failures or disasters.2. System Access Control
1) To control access to information 2) To prevent unauthorised access to information systems 3) To ensure the protection of networked services 4) To prevent unauthorized computer access 5) To detect unauthorised activities. 6) To ensure information security when using mobilecomputing and tele-networking facilities
3. System Development and Maintenance1) To ensure security is built into operational systems; 2) To prevent loss, modification or misuse of user data in application systems; 3) To protect the confidentiality, authenticity and integrity of information; 4) To ensure IT projects and support activities are conducted in a secure manner; 5) To maintain the security of application system software and data.
4. Physical and Environmental SecurityTo prevent unauthorised access, damage and interference to business premises and information; to prevent loss, damage or compromise of assets and interruption to business activities; to prevent compromise or theft of information and information processing facilities.
5. Compliance1) To avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements 2) To ensure compliance of systems with organizational security policies and standards 3) To maximize the effectiveness of and to minimize interference to/from the system audit process.
6. Personnel SecurityTo reduce risks of human error, theft, fraud or misuse of facilities; to ensure that users are aware of information security threats and concerns, and are equipped to support the corporate security policy in the course of their normal work; to minimise the damage from security incidents and malfunctions and learn from such incidents.
7. Security Organisation1) To manage information security within the Company; 2) To maintain the security of organizational information processing facilities and information assets accessed by third parties. 3) To maintain the security of information when the responsibility for information processing has been outsourced to another organization.
8. Computer & Network Management1) To ensure the correct and secure operation of information processing facilities; 2) To minimise the risk of systems failures; 3) To protect the integrity of software and information; 4) To maintain the integrity and availability of information processing and communication; 5) To ensure the safeguarding of information in networks and the protection of the supporting infrastructure; 6) To prevent damage to assets and interruptions to business activities; 7) To prevent loss, modification or misuse of information exchanged between organizations.
9. Asset Classification and ControlTo maintain appropriate protection of corporate assets and to ensure that information assets receive an appropriate level of protection.
10. Security PolicyTo provide management direction and support for information security.
Within each section are the detailed statements that comprise the standard.
Page 17Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
BS 15000 (www.bsiglobal.com ) was the first standard for service management by the British Standards Institute
Established as ISO/IEC 20000 in 2005
Its eight sections form the basis for the assessment of a managed IT service and are based heavily upon the ITIL (IT Infrastructure Library) framework
Spec.BS15000-2
Code of Practice (PD0005)
ITIL
Proprietary ProcessesAnd procedures
Self-AssessmentWorkbookPD0015
Self-AssessmentWorkbookPD0015
ISO 20000 and BS 15000
Page 18Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
PRINCE2PRojects IN Controlled Environments version 2Creates a management environment to achieve the stated aim of the projectBased on a project life cycle
PMBoKProject Management Body Of KnowledgeProject Management Institute (PMI) controls "The PMBOK™Guide" Identifies the subset of the PMBoK which is applicable to projectsNot all practices are applied uniformly on all projectsThe project team is always responsible for determining what is appropriate for any given project
PMBoK and PRINCE2
Page 19Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
International Standards Organization (www.iso.org)
The ISO 9000 quality standard seeks to:Achieve and sustain product or service quality to continually meet the purchaser's needs Provide confidence to management that the intended quality is being achieved or sustained Provide confidence to purchasers that the intended quality is being, or will be, achieved
Comprising a set of five documents - ISO 9000-9004 - ISO 9000 is a set of guidelines for total quality management programs. ISO 9000 itself sets guidelines for determining whether enterprises should implement ISO 9001, ISO 9002 or ISO 9003 and provides a QA process for implementing the chosen standard.9001: the most comprehensive standard, defines all the quality elements required to demonstrate the supplier's ability to design
and deliver a quality product (see Figure 31). 9002: covers the QA activities associated with the supplier's ability to control the design and development activities only.9003: the least stringent standard, demonstrates the supplier's ability to detect and control product nonconformity during
inspection and testing. 9004: details the specific quality elements required by ISO 9001, ISO 9002 and ISO 9003, and it provides an unplanned but
effective checklist for QA.
International Standards Organization (www.iso.org)
The ISO 9000 quality standard seeks to:Achieve and sustain product or service quality to continually meet the purchaser's needs Provide confidence to management that the intended quality is being achieved or sustained Provide confidence to purchasers that the intended quality is being, or will be, achieved
Comprising a set of five documents - ISO 9000-9004 - ISO 9000 is a set of guidelines for total quality management programs. ISO 9000 itself sets guidelines for determining whether enterprises should implement ISO 9001, ISO 9002 or ISO 9003 and provides a QA process for implementing the chosen standard.9001: the most comprehensive standard, defines all the quality elements required to demonstrate the supplier's ability to design
and deliver a quality product (see Figure 31). 9002: covers the QA activities associated with the supplier's ability to control the design and development activities only.9003: the least stringent standard, demonstrates the supplier's ability to detect and control product nonconformity during
inspection and testing. 9004: details the specific quality elements required by ISO 9001, ISO 9002 and ISO 9003, and it provides an unplanned but
effective checklist for QA.
Design Production Inspection Installation Service
ISO 9001
ISO 9002
ISO 9003
ISO 9000
Page 20Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
GMP
Good Manufacturing Practice Regulations initiated by the US Food and Drug Administration (FDA)Take proactive steps to ensure that their products are safe, pure, and effectiveApply a quality approach to minimize or eliminate instances of contamination, mixups, and errors. Protects the consumer from purchasing a product which is not effective or even dangerous. Failure of firms to comply can result in very serious consequences including recall, seizure, fines, and jail time.Addresses recordkeeping, sanitation, cleanliness, equipment verification, process validation, and complaint handlingMost GMP requirements are very general and open-ended Very flexibility, but requires that the manufacturer interpret the requirements which makes sense for each business.cGMP ensures that technologies are up-to-date to comply with regulations. The best systems and equipment 20 years ago, may be sub-par by today's standards.
Source: GMP Institute a division of the ISPE
Page 21Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
GMP - The Ten Principles
Paying attention to the Ten Principles of GMP will help you to stay focused on the important issues of operating your business in a state-of-control.
1. Write detailed step-by-step procedures that provide a roadmap for controlled and consistent performance.
2. Carefully follow written procedures to prevent contamination, mix-ups and errors.
3. Promptly and accurately document work for compliance and traceability.4. Prove that systems do what they are designed to do by validating work.5. Integrate productivity, product quality, and employee safety into the
design and construction of facilities and equipment.6. Properly maintain facilities and equipment.7. Clearly define, develop and demonstrate job competence.8. Protect products against contamination by making cleanliness habit.9. Build quality into products by systematically controlling components and
product related processes such as manufacturing, packaging and labeling, testing, distribution, and marketing.
10. Conduct planned and periodic audits for compliance and performance.
Source: GMP Institute a division of the ISPE
Page 22Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
GAMP
Good Automated Manufacturing Practice (www.ispe.org/gamp), founded in 1991 by pharmaceutical experts in the UKGoal was to meet evolving FDA expectations for GMP compliance of regulationsIn 1994, GAMP partnered with ISPE (www.ispe.org) to publish the first GAMP guidelinesValidation of Laboratory Computerized Systems in the life cycle from initiation to retirement
DomaProcess2 1 Infrastructure Elements Platform
2 2 Processes
2 3 Personnel
3 1 Quality Management System Quality Manual
3 2 Roles and Responsibilities
3 3 Rocord Management
3 4 Document Management
3 5 Testing
3 6 Standard Operating Procedures
3 7 Training
3 8 Periodic Review and Evaluation
3 9 Audit by QA
4 1 Applying Risk Management Identification and Assessment of Components
4 2 Implementation of Controls
4 3 Assessment of Changes to Qualitfied Components
4 4 Periodic Review and Evaluation
5 1 Qualification of Platforms Overview of Process
5 2 IT Infrastructure Life Cycle Model
5 3 Planning
5 4 Specification and Design Phase
5 5 Risk Assessment and Qualification Test Planning
5 6 Procurement, Installation and IQ
5 7 OQ and Acceptance
5 8 Reporting and Handover
6 1 Maintaining the Qualified State DuChange Management
6 2 Configuration Management
6 3 Security Management
6 4 Server Management
6 5 Client Management
6 6 Network Mangement
6 7 Problem Management
6 8 Help Desk
6 9 Backup, Restore and Archiving
6 10 Disaster Recovery
6 11 Performance Management
6 12 Supplier Management
6 13 Periodic Review
7 1 Retirement of Platforms
Page 23Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
FCAPS
Fault ManagementConfiguration ManagementAccounting ManagementPerformance ManagementSecurity Management
Page 24Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
What is ITIL?ITIL Version 2 Publication Framework
The TechnologyThe
Bus
ines
s
Planning to Implement Service Management
Application Management
TheBusiness
Perspective
ICTInfrastructureManagementService
Delivery
ServiceSupport
ITIL Publications
Cer
tific
atio
n
Service Management
SecurityManagement
http://www.ogc.gov.uk/
Page 25Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
ITIL Version 3 Publication Framework
The Official Introduction to ITIL Service ManagementService StrategyService DesignService TransitionService OperationContinual Service Improvement
Page 26Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Information Services Procurement Library (ISPL)
A best practice library for the management of Information Technology related acquisition processesHelps both the customer and supplier organization to achieve thedesired quality using the corresponded amount of time and money by providing methods and best practices for risk management, contract management, and planning. Focuses on the relationship between the customer and supplier organizationFocuses purely on the procurement of information services. The target audience for ISPL is:– procurement managers, – acquisition managers, – program managers, – contract managers, – facilities managers, – service level managers, – and project managers in the IT area.
Page 27Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Release Release Approved Approved
ReviewReview
SLASLAReviewReview
OperationsOperationsReviewReview
Changing
OperatingSupporting
Optimizing
Release Release Readiness Readiness
ReviewReview
OptimisingService Level ManagementCapacity ManagementAvailability ManagementFinancial ManagementWorkforce ManagementService Continuity
Management
ChangingChange ManagementConfiguration ManagementRelease Management
OperatingSecurity AdministrationSystem AdministrationNetwork AdministrationService Monitoring and ControlDirectory Services
AdministrationStorage ManagementJob SchedulingPrint and Output Management
Operations Framework (MOF)
SupportingService DeskIncident ManagementProblem Management
http://www.microsoft.com/mof
Page 28Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Demand
Supply
CIO/IT Balanced Scorecard
Corporate PerspectiveObjectives Measures
Internal Perspective
Objectives Measures
User PerspectiveObjectives Measures
Learning and Growth Perspective
Objectives Measures
How do we look to management ?
How do we look to users ?
How effective, efficient, economic and equitable are we?
How are we positioned to meet future challenges ?
Page 29Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Six SigmaDefine
Measure
Analyze
Improve
Control
µ
Developed at Motorola, circa 1983
Sigma, or standard deviation, identifies the variability within a population
6σ = 3.4 defects per million
or 99.99966% free of defects
Developed at Motorola, circa 1983
Sigma, or standard deviation, identifies the variability within a population
6σ = 3.4 defects per million
or 99.99966% free of defects
UCLLCL
Page 30Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Sponsored by U.S. Department of Defense in the late 1980sInitially aimed at helping DoD identify qualified application development contractorsControlled by the Software Engineering Institute at Carnegie Melon University (www.sei.cmu.edu/cmm)It’s a process improvement approach
1. Initial2. Repeatable3. Defined4. Managed5. Optimizing
Capability Maturity Model (CMM)
Page 31Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Row 1 – Contextual: ScopeExternal Requirements and DriversBusiness Function Modeling
Row 2 – Conceptual: Enterprise ModelBusiness Process Models
Row 3 – Logical: System ModelLogical ModelsRequirements Definition
Row 4 – Physical: Technology ModelPhysical ModelsSolution Definition and Development
Row 5 – As Built: Deployment ModelAs BuiltDeployment
Row 6 – Functioning: Evaluation ModelFunctioning EnterpriseEvaluation
123456
Contextual
Conceptual
Logical
Physical
As Built
Functioning
Contextual
Conceptual
Logical
Physical
As Built
Functioning
Why
Why
Who
Who
When
When
Where
Where
What
What
How
How
Zachman Framework - Enterprise Architecture
Source: Zachman Enterprise Architecture Framework
Page 32Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
When are Processes under Control?
n
xx
n
ii∑
== 1
( )
11
2
2
−
−=∑=
n
xxs
n
ii
x
2xx ss +=
Introduction
1 2 3 4
Mean ( µ )
Standard Deviation (σ = 68%, 2σ = 95%)
NormalDistribution
How do we know if the process is
improving?
How do we know if the process is
improving?
Page 33Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Summary of OGC Guidance (January 2003)
Best Practice Products – High-level Guides for top management in Departments Published Why IT Projects Fail Published – April 2001 Managing Partnering Relationships Published – July 2001 How Major Service Contracts Can Go Wrong Published – September 2001 Gateway to Success Published – December 2001 Value for Money Evaluation in Major Service Procurements
Published – March 2002
Risk Allocation in Long-term Contracts Published – December 2002 Forming Partnering relationships with the private sector in an uncertain world
Published – December 2002
Work in hand 2002/03 Work Programme Ensuring grant-aided bodies deliver value for money on procurements involving public money
Plan to publish January 2003
Why Construction Projects Fail Plan to publish before April 2003 Improving the efficiency and effectiveness of procurement to achieve faster delivery
Plan to publish before April 2003
Construction and Use of Public Sector Comparators
Plan to publish before April 2003
Guidance – Generic operational guidance for heads of procurement and their teams Published PG 10 Achieving Excellence through Health and Safety
Published – October 2001
Supplier Finance Appraisal – (replacing the financial aspects of CUP 60)
Published – October 2001
Dispute Resolution – (replacing CUP 50) Published – March 2002 Green Public Private Partnerships Published – July 2002 Smaller Supplier….Better Value Published – 2002 Revised General Guidance on Standardisation of PFI Contracts
Published – July 2002
OGC Guidance note – on calculation of the Authority’s share of a refinancing gain
Published – July 2002
OGC Guidance on certain financing issues in PFI contracts
Published – July 2002
OGC – PFI Contracts – Insurance costs Published – October 2002 Contract Management guidelines (replacing CUP 61) Published – November 2002 Business Case Published – 2002 Risk Management Published – 2002 Work in hand Supplier Debriefing (replacing CUP 56) Plan to publish January 2003
Ethics in Procurement (replacing CUP 55) Plan to publish before April 2003 Possibilities for 2003/04 Work Programme Specification Writing (replacing CUP 30) Plan to publish after March 2003 Quality Costs (replacing CUP 29) Plan to publish after March 2003 Quality Assurance (replacing CUP 46) Plan to publish after March 2003 Frameworks/Approved Supplier List (replacing CUP 27)
Plan to publish after March 2003
Effective Partnering (possible replacement for CUP 57)
Plan to publish after March 2003
Supplier Appraisal (replacing the non-financial aspects of CUP 60)
Plan to publish by end of March 2003
EC Guidance (updating CUP 1, 19 & 51) Plan to publish in 2003/04 Documentation (replacing CUP 59 a to d) Plan to publish in 2003/04 Procurement Training (replacing CUP 53) Plan to publish in 2003/04 Key Issues SRO Breifing Senior Responsible Owner briefing (links to SRIE briefing) Delivery Pocketbook Successful Delivery Pocketbook Faster procurement Taskforce executive report on faster procurement Current Gateway Issues The Gateway Process a Managers Checklist Workbooks Strategy Management Gateways Business Case Risk Management Programme Management Procurement Project Management Contract Management Performance Management Benefits Management Programme and Contract Management Managing Successful Projects with PRINCE2 Managing Successful Programmes Tailoring PRINCE People Issues and PRINCE PRINCE2 Pocketbook Passing the PRINCE2 exam Business Benefits through Project Management
Management of Risk Management of Risk: Guidance for Practitioners IT-enabled business change – Published Guidelines on Business Continuity Management Risk Guidelines Delivery Lifecycle Setting Direction Implementing plans Strategic Management Managing Services (See also guidance published commercially by OGC’s partners e.g ITIL below) ITIL Service Delivery Service Support Planning to Implement Service Management Security Management The Business Perspective ICT Infrastructure Management Application Management Related Ppublications itSMF Pocket Guide itSMF Dictionary of Terms, Abbreviations and and Acronyms Better value from software development Procurement Open Source Software Value for Money in Procurement – The Role of Auditors HM Treasury Procurement Guidance EC Procurement Thresholds EC Public Procurement State of Play Efficiency in Government Procurement Environmental Issues in Purchasing Framework Agreements Liability in Government Contracts Minimum number of Suppliers to Bid Ownership of IPR Scope for Flexibility Under the EC Rules Technical Specifications Supporting the Supplier Community Tendering for Government Contracts SMEs – Doing business with the Government (under development) PFI/PPP Guidance – Published unless otherwise stated
Generic guidance Partnerships for Prosperity (P4P) A Step-by-Step Guide to the PFI Procurement Process Public Private Partnerships: the Government's Approach Policy Statements, Technical Notes and other material PFI and Public Expenditure Allocations Public Sector Comparators and Value for Money PFI and Public Expenditure Allocations for NDPBs PFI Projects: Disclosure of Information and Consultation with Staff and Other Interested Parties Provision of Information to Parliament Technical Notes How to account for PFI Transactions How to follow EC Procurement Procedure and Advertise in the OJEC How to Appoint and Manage Advisers to PFI Projects How to Appoint and Work with a Preferred Bidder How to Construct a Public Sector Comparator How to Manage the Delivery of Long Term PFI Contracts Draft Competence Framework for Creating Effective PFI Project Teams – Draft Other Staff Transfers from Central Government – A Fair Deal for Staff Guidance on Standardisation of PFI Contracts including General Guidance, Information Technology and Local Authorities Case Studies Medium Support Helicopter Aircrew Training Facility – PFI Case Study Employment Service – IT Partnership Private Finance and IS/IT: case study TAFMIS and After Colfox School, Dorset – A Case Study on the First – DBFO School Project OSIRIS Private Finance and IS/IT Case Study for the Welsh Office Report on the Procurement of Custodial Services in DCMF prisons – 2 case studies DBFO – Value in Roads A Case study on the first Eight DBFO Roads The IND Caseworking Program Scottish Health Service Management Executive: Ferryfield House, Edinburgh Lewisham Extension to Docklands Light Railway Lowdham Grange Prison Services Other Guidance – None OGC Appraisal and Evaluation in Central Government (the HMT Green Book) Examining the Value for Money of deals under the Private Finance Initiative (NAO) Construction Guidance: The Achieving Excellence suite of briefings will replace the Construction Procurement Guidance series (Replaces the PG guides and CUP guides detailed in the right column below) Achieving Excellence – Constructing the Best Government Client
Achieving Sustainability in Construction Procurement
Achieving Excellence Action Plan Achieving Excellence Briefings (Target Procurement Guidance 1-10
Achieving Excellence Briefings (Target Date January 2003)
Procurement Guidance 1-10
Core Documents Essential requirements for construction procurement (PG No 1)
1. Achieving Excellence: Initiative into Action
Value for money in construction procurements (PG No 2)
2. Project organisation: roles and responsibilities
Appointment of consultants and contractors (PG No 3)
3. Project procurement lifecycle Teamworking, partnering and incentives (PG No 4) Procurement strategies (PG No 5) Financial aspects of projects (PG No 6) Whole life costs (PG No 7) Project evaluation and feedback (PG No 8) Benchmarking (PG No 9) Achieving Excellence Through Health and Safety (PG No 10) CUP Guides No 12 Contracts and Contract Management for Construction Works March 1989 No 48 Bonds and guarantees August 1994 No 52 Programming and progress monitoring for works projects September 1995
No 54 Value management January 1996 4. Risk and value management 5. The integrated team: teamworking, partnering and incentives 6. Procurement and contract strategies 7. Cost management: whole life costs and financial control 8. Improving performance: benchmarking and performance management 9. Quality in design 10. Health and safety: respect for people
Disposal of Property To be published by March 2003 Fraud Observance Guidance To be published by March 2003 Existing ex-PACE & PPD Guidance Guide to the Appointment of Consultants and Contractors (GACC) (1/99) Estates Services Guide (ESG) (2/00) Premises Management Guide (PMG) (9/99) Business Continuity Planning Guide (BCPG) (11/98) Fire Safety Guide (FSG) (7/00) Guide and Schedule to Requirements for Office Buildings (ROB) (3/98) Crown Fire Standards (CFS) (10/99) Deeds and Sealing Guide (8/00)
Code of Good Practice – for customers and suppliers The Government Procurement Code of Good Practice CUP Guidances: Current No 1 Post Tender Negotiation May 1986 No 12 Contracts and Contract Management for Construction Works
March 1989
No 19 PTN Update July 1989 No 27 Approved Suppliers (Vendors and Contractors) Lists
January 1991
No 29 Quality Costs June 1991 No 30 Specification Writing June 1991 No 35 Life Cycle Costing April 1992 No 46 Quality Assurance June 1994 No 48 Bonds & Guarantees August 1994 No 51 Introduction to the EC procurement rules
July 1995
No 52 Programming and progress monitoring for works projects
September 1995
No 53 Procurement Training January 1996 No 54 Value management January 1996 No 55 Ethics in Procurement April 1997 No 56 Debriefing April 1997 No 57 Strategic partnering in government
May 1997
No 59 a Model Appraisal Questionnaire May 1997 No 59 b Pre-Qualification May 1997 No 59 c Model Invitation to Tender May 1997 No 59 d Model Conditions of Contract July 1997
No 60 Supplier appraisal (non-financial) May 1997 CUP Guidances: Overtaken – no revision or replacement required – guidances arearchived. (Superseded guides are not shown) No 3 Supply and Service Agreements with the Agencies – January 1987 No 14 Measuring Performance in Purchasing – March 1989 No 17 Quality Assurance in Building and Construction – April 1989 No 20 The P&S Function and Works Projects – October 1989 No 22 Stock Management – May 1990 No 23 Model Forms of Contract – September 1990 No 24 a b c d e Vehicles: Contract Hire Schemes – November 1990 No 27 Approved Suppliers (Vendors and Contractors) Lists – January 1991 No 28 Contracts with a Private Sector Purchasing Agent – January 1991 No 31 Use of Travel Agents – October 1991 No 32 Catering Services – January 1992 No 35 Life Cycle Costing – April 1992 No 37 Managing Car Fleets – January 1993
eProcurement Guidance Government Overview eProcurement Market The Business Opportunity Planning Your Approach Implementation Appendix A: Tools and Techniques Appendix B: Standards and Security Appendix C: Risk Mitigation Appendix D: ePilots Project Overview and Case Studies A-Z of Terms Delivery Lifecycle Strategic Mangement Strategic Management Governance Quality management Policies and standards Property/workspace management Exploiting technology Information Management Risk management Benefits management Human Resources management Organisational learning Continuous Improvement Cost management Skills and competencies Managing performance Security & Privacy IS/IT management Joined-up Working Benchmarking/capability Setting Direction Overview Identifying direction Business requirements Business & supporting strategies Positioning for the future Customer focus Planning & estimating Enterprise architecture Implementing Plans Overview Managing change Business case Programme management Project management Procurement Requirements definition
source www.ogc.gov.uk/sdtoolkit/reference/ogc_library/guidesumm.html
Best Practices
Page 34Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
$8,000
$6,000
$4,000
$2,000
$0
Complexity Factors:Application Type
Enterprise criticalWorkgroup critical
Personal productivity
TechnologyPlatform diversity
Platform complexityRefresh rateRedundancy
Mobile computingClient/server
SupportEnd-user dispersionService availability
Service levels
Job function Poorly defined roles
Misunderstood responsibilitiesLack of process
Unclear proceduresDisparate tools
CostPer
DesktopDevice
Complexity3 4 5 6 7 8 9 10 11 12 13
Source: Gartner Measurement
Longer resolution timeLonger deploymentLonger development
Poor servicePoor availability
Gartner Study: Cost of Increasing Complexity
Page 35Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Elements of IT Governance
IT Governance is subset of Corporate GovernanceControlProcessesStrategic Business alignment Deliver ValueOrganization Structure and ManagementAccountability ResponsibilityRisk ManagementPerformance Monitoring
Page 36Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
IT Governance, People, Process, Products
People
Process Products
ITGovernance
Board
Org structure, Job security, cost cutting, outsourcing
procedures, instructions,
best practices, audit, CMM, Six
Sigma, ITIL, IEEE
Cisco, IBM, Nortel, Mitel,
HP, Dell
Battles over MOF, HP ITSM
Ref Model, IBM ITPM, Deloitte
CIO Framework
Common procedures horizontal –
product is not a priority
Banyan Vines, Novell Netware,
Microsoft Windows
Page 37Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
What exactly are Processes
DRIVINGDo not exceed the speed limitLook before changing lanes e.g. blind spotCome to a complete stop at a stop signLook in your rear view mirror often2 second rule
ITILTest before and after you implement the ChangeEstablish the Risk/Impact to establish a Change modelCommunicate Changes to key stakeholders e.g. Service DeskPerform Problem Management to eradicate incidentsEstablish OLAs and Support Contracts based on signed SLAs
They are not:
DRIVING:Step by step instructions on how to get from Ottawa to
MontrealProcedures for how to service the Ford Yaris radio
ITILStep by step instructions on how to install the Redhat
Linux on a INTEL T2050 processor with 2GB of RAMProcedures for how to upgrade from XP Professional to
Vista Business.
THESE ARE OUTPUTS OF THE PROCESSES!
Page 38Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
A Chain is only as Strong as its Weakest Link
Page 39Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Chaos vs Control
Too much Chaos? Too much Control?
Page 40Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Where are we?
Page 41Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Top 10 Business Priorities Top 10 Technology Priorities1 Business process improvement Business Intelligence applications2 Controlling enterprise operating costs Security technologies3 Attracting and growing customer
relationshipsMobile workforce enablement
4 Improving competitive advantage Collaboration technologies5 Improving competitiveness Customer sales and service6 Using intelligence in products and
servicesService Oriented Architectures (SOA)
7 Security breaches and disruptions Workflow management8 Revenue growth Networking, voice and data
communications9 Faster innovation Virtualization
10 Faster innovation and cycle times Legacy application modernizationSource: Gartner EXP (January 2006) survey of 1400 CIOs around the world.
CIO’s Business and Technology Priorities
Page 42Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
More Security911
More functionality
Faster
Reduce Costs
Better
E-business, 24*7
Merger/Acquisition/Takeover
More Competition
Cheaper
B2B, B2C, SCM, CRM, ERP
IT ServiceProvider
More customers
Increasing Business Demands for IT Services
Page 43Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
MIS(IM/IT)
Central ControlControlled processesControlled standards
Leveraged skills Goal congruence“Ivory Towers”
Too much control
HR Finance MarketingSales
ProductDevelopment
OtherDepartments
IT Governance in the Old Days
Page 44Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
IM/IT
ITIT ITITIT
MIS
HR Finance MarketingSales
ProductDevelopment
OtherDepartments
Costs distributedDifferent ProcessesMultiple standards
Lack of goal congruenceMany skills needed
Lack of control
SAPFI
PeopleSoft
Siebel:CRM
Siebel:CRM
NetworksBanyan, AppleTalk,
TCP/IP, DECnet, Netware IPX, Apollo
TR. IBM TR
IBMMF
OSMVS, VM, OS/2,
Linux, AIXSolaris, HPUX
MicrosoftMOF
IBMITPM Deloitte
CIO Framework
HPITSM v3
RationalUML
IT Governance Today
Page 45Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Where do we want to go?
Page 46Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
PeopleSkill rating
Attrition rateTraining
PerformanceCost
PeopleSkill rating
Attrition rateTraining
PerformanceCost
ProcessIncidents per daySLA exceptionsPortfolio costs
Production failureCost
ProcessIncidents per daySLA exceptionsPortfolio costs
Production failureCost
TechnologyServer utilization
Router MTBFTransactions / hour
AvailabilityCost
TechnologyServer utilization
Router MTBFTransactions / hour
AvailabilityCost
Aggregation and Correlation of KPIsAggregation and Correlation of KPIs
DashboardsMgmt InformationDecision Support
IT BalancedScorecard
IT BalancedScorecard
Corporate PerspectiveObjectives Measures
Objectives Measures
User PerspectiveObjectives Measures
Learning and Growth Perspective
Objectives Measures
Business Value
Assessment
Evaluation to identify:
1.efficiencies2.cost savings
3.revenue generation
opportunities…
Business Value
Assessment
Evaluation to identify:
1.efficiencies2.cost savings
3.revenue generation
opportunities…
Right-size and Optimize – Create Business ValueIT service management, server consolidation, telecom, …
Right-size and Optimize – Create Business ValueIT service management, server consolidation, telecom, …
CorporateBalancedScorecard
CorporateBalancedScorecard
Corporate PerspectiveObjectives Measures
Objectives Measures
User PerspectiveObjectives Measures
Learning and Growth Perspective
Objectives Measures
MarketingCustomer SupplierCxO PlantManager
DirectorManager Staff
Where do you wantTo be?
Page 47Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
How can we get there?
IT GovernanceProcessPeople
Technology
Page 48Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
IT DriversBusiness Vision, Mission, Objectives
Balanced Scorecard
Business StrategyMarketing/Sales, R&D, Finance
RegulationsSOX, GAAP, GAMP, HIPAA
Governance FrameworkCOBIT, ITIL, BS17799
StandardsPeople
MCSE, MBA, MD, ITIL, CCNA, CA, CGA, …
ProductsCisco, IBM, Ford, IEEE 802.3, SUN NFS, VOIP,
IP, Banyan Vines
InternalInterestsSuppliersVendorsExperts
PoliticsSocial
EconomicsGlobal-
Warming
Page 49Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Region 1 - IT
Region X -IT
HRIT
ServicesIT
FinanceIT
Prod Dev IT
IM/IT
Operations Help Desk
App Dev
Arch.Eng.
NT
Uni
x
MF
DB
Bac
kup
People
Process
Products
Typical Large Corporation
Governance
StrategyAA BB CC A
+C
A+C
XX YY
ZZ
KK LL MM
CHCH CH
CHCHCH
CHCHCHCH
CHCHCHCH
CHCHCH
CH
INFOMANINFOMAN
RemedyRemedyPaper Forms
Paper Forms
E-mailE-mailMarvalMarvalVisioVisio
Typically in a Large Organization
Page 50Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Region 1 - IT
Region X -IT
HRIT
ServicesIT
FinanceIT
Prod Dev IT
IM/IT
Operations Help Desk
App Dev
Arch.Eng.
NT
Uni
x
MF
DB
Bac
kup
People
Process
Products
Typical Large Corporation
Governance
StrategyAA BB CC A
+C
A+C
XX YY
ZZ
KK LL MM
INFOMANINFOMAN
RemedyRemedyViaTILViaTIL
HP Service
Desk
HP Service
Desk
Service Center
Service CenterMarvalMarval
AssystAssyst HeatHeatMagicMagic
AllFusionAllFusion
Next Stage of IT Governance Maturity
Page 51Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Region 1 - IT
Region X -IT
HRIT
ServicesIT
FinanceIT
Prod Dev IT
IM/IT
Operations Help Desk
App Dev
Arch.Eng.
NT
Uni
x
MF
DB
Bac
kup
Process
Products
Typical Large Corporation
Governance
Strategy
CH MgrCH Mgr
COE
CF MgrCF Mgr
SL MgrSL Mgr
Integrated Set of Service Management ToolsIntegrated Set of Service Management Tools
People
AA BB CC A+C
A+C
XX YY
ZZ
KK LL MMIT Governance Board, IT Strategy CommitteeIT Governance Board, IT Strategy Committee
IT Governance Vision
Page 52Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Document Processes
Page 53Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Deming: Plan, Do, Check, Act
Build a Foundation with measurable processes, consolidated documentation, simplified procedures, repeatable and reusable processes. (e.g. GMP, TQM, ISO 9000)
Continuous Service Improvement Program:A formal recurring project undertaken within an organization to identify and introduce measurable improvements within a specified work area or process
Mat
urity
Lev
el
Time
A P
C D
“In God we trust. All
others bring data”
“In God we trust. All
others bring data”
www.deming.org Businessto IT
Alignment
Page 54Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Communicate, Collaborate, Cooperate
Page 55Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
Mountainview Training
ITIL ITSM Certification– Foundation - $995 private / $1295 public – Green badge– Practitioner – IPSR, IPRC, IPAD – Blue Badge– Service Manager – Red Badge
ISO/IEC 20000 Service Quality Management FoundationITIL / ISO / ITSM Workshops - including AwarenessAdvance Process Design and ImplementationCOBIT Foundationsand much more
Presented by:Jerry Kopan, CMC, ITSM, PrISM, B.Sc.
[email protected](613)596-5170
Questions?
Page 56Copyright 2007, www.mountainview.ca – Presented by Jerry Kopan for DPI May 2007
IT G
over
nanc
emountainviewmountainview
The End