Transcription
One Part ITIL, One Part COBITThe ingredients for repeatable and controlledprocesses to support IT servicesMark Thomas, COBIT SIG PresidentJune 15, 2012Pittsburgh LocalLIGInterestGroupName goeshere
Welcome and IntroductionGovernance FrameworksITIL EssentialsCOBIT EssentialsPutting the Two TogetherRoundtable DiscussionPittsburghAustin LocalLocal InterestInterest GroupGroup
Welcome and IntroductionAbstractConsidering the many challenges faced by organizations today, leveraging frameworks toassist in creating repeatable approaches to managing and controlling IT services is alogical, yet difficult task. With so many best practices in the market today, how can oneknow which ones are applicable? Consider two basic tenets of every IT service provider:provide value in delivered services, and ensure proper governance and control of theprocesses that support them. This is where the IT Infrastructure Library (ITIL) and ControlObjectives for Information and Related Technology (COBIT) play a valuable role. In thispresentation we will explore 1) the essential elements of each framework, 2) theirapplicability in the growing role of IT in today’s organizations, and 3) how to leverage thesetogether in a cohesive approach to delivering, managing and controlling effective ITprocesses. In this presentation and follow on discussion, participants will gain not only anappreciation of the utility of these frameworks, but will walk away with the knowledge (andperhaps) a plan on how to implement these powerful tools at their companies.3PittsburghAustin LocalLocal InterestInterest GroupGroup
Welcome and IntroductionWhat you will know when you leave here todayThe purpose of today’s presentation is to provide an overview of theITIL and COBIT frameworks and how they can work together. When weleave here today, you should understand:The fundamentals of GEIT (Governance ofEnterprise IT).Current frameworks that are growing in applicabilityand popularity in the market (ITIL, COBIT).Examples of how these frameworks can worktogether to satisfy two basic tenets of every ITservice provider: provide value in deliveredservices, and ensure proper governance and controlof the processes that support them.4PittsburghAustin LocalLocal InterestInterest GroupGroup
Welcome and IntroductionApplicable TrendsThe following trends are driving the need for governance frameworksthat provide consistent approach to delivering services:Rising demand for best practices is driven by requirements to become morecompetitive while holding costs down.Drivers for framework adoption include pressures created by demand forconformance and performance.Historically, IT Service Providers were self-directed and considered costcenters – today, best practices help these providers focus on meetingenterprise objectives.As IT moves up the list of strategic goals contribution, justifying technologyinvestments grows - therefore the need for best practices.5PittsburghAustin LocalLocal InterestInterest GroupGroup
Welcome and IntroductionGovernance & FrameworksITIL EssentialsCOBIT EssentialsPutting the Two TogetherRoundtable DiscussionPittsburghAustin LocalLocal InterestInterest GroupGroup
GovernanceGovernance ofEnterprise IT7PittsburghAustin LocalLocal InterestInterest GroupGroup
GovernanceGEIT Background and DefinitionGovernance, IT Governance, and GEIT may have different meanings todifferent enterprises depending on the context.Fundamental concern is with IT valuedelivery to the business and the mitigation ofIT related risk.Powerful resource to help achieve importantobjectives.Objectives include:–––Benefit RealizationRisk OptimizationResource optimizationCOBIT 5 definesgovernance as:Governance ensures thatstakeholder needs, conditionsand options are evaluated todetermine balanced, agreed-onenterprise objectives to beachieved; setting directionthrough prioritization anddecision making; and monitoringperformance and complianceagainst agreed-on direction andobjectives.Source: COBIT 5 Implementation. ITGI. All rights reserved.8PittsburghAustin LocalLocal InterestInterest GroupGroup
GovernanceFactorsGovernance of Enterprise IT (GEIT) is driven by many conditions andcircumstances determined by numerous factors in the internal andexternal environments.Ethics and cultureThe enterprise:Industry practices–Competitive environment–Mission, vision, goals, valuesGovernance policies and practicesCulture and management styleModels for roles and responsibilitiesBusiness plans and strategic intentions–Operating model and level of maturityLaws, regulations, policiesInternational standards–––Source: COBIT 5 Implementation. ITGI. All rights reserved.9PittsburghAustin LocalLocal InterestInterest GroupGroup
FrameworksThe Need for FrameworksEffective IT Governance needs a control framework. The following arerequirements for a control framework.The need for sharper business focus driven by businessneeds.A common language with a standardized process model,objectives, and tools suitable for any type or size oforganization.A sound framework for ensuring IT compliance withapplicable regulatory and security requirements.A reliable and useful source based on best practiceswhich are generally accepted in the industry.Source: COBIT 4.1. ITGI. All rights reserved.10PittsburghAustin LocalLocal InterestInterest GroupGroup
FrameworksSample ListAlthough there are several methodologies and frameworks competingfor the attention of IT leadership, the following are some of the mostpopular and applicable today.Service Management: ITIL, MOF, USMBOKIT Governance: COBITEnterprise Architecture: TOGAFProject/Portfolio Management: PMBOK, PRINCE2, P3O, BABOKInternational Standards: ISO38500, ISO20000, ISO27000Application/Software Development: SWEBOK, SDLC, AgileProcess & Quality Management: BPM-CBOK, Six Sigma, CMMI11PittsburghAustin LocalLocal InterestInterest GroupGroup
Welcome and IntroductionGovernance & FrameworksITIL EssentialsCOBIT EssentialsPutting the Two TogetherRoundtable DiscussionPittsburghAustin LocalLocal InterestInterest GroupGroup
ITIL EssentialsBackgroundITIL is the most widely accepted approach to IT service management inthe world which provides a cohesive set of best practice guidancedrawn from public and private sectors.Originally developed by the UK’s Office ofGovernment Commerce (OGC) and has become aworld-wide de facto standard in ServiceManagement.The Guidance, documented in a set of five books,describes an integrated, process based, bestpractice framework for managing IT services.Currently these books are the only comprehensive,non-proprietary, publicly available guidance for ITService Management.Based on Cabinet Office ITIL material.13PittsburghAustin LocalLocal InterestInterest GroupGroup
ITIL EssentialsKey ComponentsThe ITIL framework identifies all applicable processes, roles, andfunctions required to effectively deliver services to customers.ServicesA means ofdelivering value tocustomers byfacilitatingoutcomescustomers want toachieve without theownership of costsand risks.EmailProcessesA coordinated set ofactivities combiningand implementingresources andcapabilities in orderto produce anoutcome whichcreates value.IncidentManagementRolesA set ofconnectedbehaviors oractions that areperformed by aperson, team orgroup for aspecific outcome.IncidentManagerFunctionsUnits oforganizationspecialized toperform certaintypes of work andare responsible forcertain outcomes.ServiceDeskBased on Cabinet Office ITIL material.14PittsburghAustin LocalLocal InterestInterest GroupGroup
ITIL EssentialsPhases, Processes, ice OServiceOperationsDesign CoordinationChange ManagementEvent ManagementService LevelManagementService Asset e agementInformation SecurityManagementService ContinuityManagementRelease andDeploymentManagementKnowledgeManagement7-Step ImprovementProblemManagementAccess ManagementService DeskTransition Planningand SupportService Validationand TestingChange rovementRequest ed on Cabinet Office ITIL material.15PittsburghAustin LocalLocal InterestInterest GroupGroup
Welcome and IntroductionGovernance & FrameworksITIL EssentialsCOBIT EssentialsPutting the Two TogetherRoundtable DiscussionPittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsBackgroundEarlier this year, ISACA completed the rollout from COBIT 4.1 to COBIT5. COBIT 5 provides an end-to-end business view of the governance ofenterprise IT that reflects the central role of both information andtechnology in creating value for enterprises.Enterprises alreadyengaged inimplementationactivities cantransition to COBIT5 and incorporatethis into futureiterations of theirimprovement cyclesCOBIT 5 builds on previous versions of COBIT(including Val IT and Risk IT).Some new changes include:–––––Increased focus on enablersNew process reference modelNew and modified processesManagement practices (formerly control objectives)New maturity modelISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute17PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsProduct FamilyCOBIT 5COBIT 5 ENABLER GUIDESCOBIT 5Enabling ProcessesCOBIT 5Enabling InformationOther Enabler GuidesCOBIT 5 PROFESSIONAL GUIDESCOBIT 5ImplementationCOBIT 5for InformationSecurityCOBIT 5for AssuranceCOBIT 5for RiskOtherProfessionalGuidesCOBIT 5 ONLINE COLLABORATIVE ENVIRONMENTSource: COBIT 5. ITGI. All rights reserved.18PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsKey PrinciplesCOBIT 5 is based on five key principles for governance andmanagement of enterprise IT:Meeting Stakeholder NeedsCovering the Enterprise End-to-EndApplying a Single Integrated FrameworkEnabling a Holistic ApproachSeparating Governance FromManagementSource: COBIT 5. ITGI. All rights reserved.19PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsMeeting Stakeholder NeedsMeetingStakeholder NeedsCovering theEnterprise End-toEndApplying a SingleIntegratedFrameworkEnabling a HolisticApproachSeparatingGovernance FromManagementEnterprises exist to create value for theirstakeholders. The COBIT 5 Goals Cascade is amechanism to translate stakeholder needs intospecific, practical and customized goals.Step 1Stakeholder Drivers Influence Stakeholder NeedsStep 2Stakeholder Needs Cascade to Enterprise GoalsStep 3Enterprise Goals Cascade to IT Related GoalsStep 4IT-related Goals Cascade to Enabler GoalsSource: COBIT 5. ITGI. All rights reserved.20PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsCovering the Enterprise End-to-EndMeetingStakeholder NeedsCovering theEnterprise End-toEndCOBIT 5 addresses the governance andmanagement of information and relatedtechnology from an enterprise wide, end-to-endperspective:Applying a SingleIntegratedFrameworkEnabling a HolisticApproachSeparatingGovernance FromManagementSource: COBIT 5. ITGI. All rights reserved.21PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsApplying a Single Integrated FrameworkMeetingStakeholder NeedsCOBIT 5 is a single integrated frameworkbecause it:Covering theEnterprise End-toEndaligns with other latest relevant standards andframeworks.Applying a SingleIntegratedFrameworkis a single overarching framework that can serveas a consistent and integrated source ofguidance.Enabling a HolisticApproachis presented in non-technical, technologyagnostic common language.SeparatingGovernance FromManagementcan act as the overarching governance andmanagement framework integrator.Source: COBIT 5. ITGI. All rights reserved.22PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsEnabling a Holistic ApproachMeetingStakeholder NeedsEnablers are driven by the goals cascade. TheCOBIT 5 framework describes seven categoriesof enablers:Covering theEnterprise End-toEndApplying a SingleIntegratedFrameworkEnabling a HolisticApproachSeparatingGovernance FromManagementSource: COBIT 5. ITGI. All rights reserved.23PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsSeparating Governance From ManagementMeetingStakeholder NeedsCovering theEnterprise End-toEndApplying a SingleIntegratedFrameworkEnabling a HolisticApproachSeparatingGovernance FromManagementGovernance and Management encompassdifferent types of activities, require differentorganizational structures and serve differentpurposes.GovernanceManagementEnsures that stakeholder needs,conditions and options areevaluated to determine balanced,agreed-on enterprise objectives tobe achieved; setting directionthrough prioritization and decisionmaking; and monitoringperformance and complianceagainst agreed-on direction andobjectives.Plans, builds, runs andmonitors activities inalignment with the directionset by the governance bodyto achieve the enterpriseobjectives.Source: COBIT 5. ITGI. All rights reserved.24PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsProcess Reference ModelMeetingStakeholder NeedsThe COBIT 5 Process Reference Modeldescribes in detail a number of governanceand management processes.Covering theEnterprise End-toEndApplying a SingleIntegratedFrameworkEnabling a HolisticApproachSeparatingGovernance FromManagementSource: COBIT 5. ITGI. All rights reserved.25PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsProcess Reference ModelSource: COBIT 5. ITGI. All rights reserved.26PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsProcess Reference ModelProcesses forGovernance ofEnterprise ITEVALUATE, DIRECT& MONITOREDM1 Ensure GovernanceFramework Setting andMaintenanceEDM2 Benefits DeliveryEDM3 Ensure Risk OptimizationEDM4 Ensure ResourceOptimizationEDM5 Ensure StakeholderTransparencyProcesses forManagement of Enterprise ITALIGN, PLAN &ORGANIZEBUILD, ACQUIRE &IMPLEMENTDELIVER, SERVICE &SUPPORTAPO1 Manage the ITFrameworkBAI1Manage Programs andProjectsDSS1 Manage OperationsAPO2 Manage StrategyBAI2Manage RequirementsDefinitionAPO3 Manage EnterpriseArchitectureBAI3Manage SolutionsIdentification and BuildBAI4Manage Availability andCapacityBAI5Manage OrganizationalChange EnablementBAI6Manage ChangesBAI7Manage ChangeAcceptance andTransitioningAPO10 Manage SuppliersBAI8Manage KnowledgeAPO11 Manage QualityBAI9Manage AssetsAPO12 Manage RiskBAI10 Manage ConfigurationAPO4 Manage InnovationAPO5 Manage PortfolioAPO6 Manage Budget & CostsAPO7 Manage HumanResourcesAPO8 Manage RelationshipsAPO9 Manage ServiceAgreementsDSS2 Manage ServiceRequests & IncidentsDSS3 Manage ProblemsDSS4 Manage ContinuityDSS5 Manage SecurityServicesDSS6 Manage BusinessProcess ControlsMONITOR, EVALUATE& ASSESSMEA1 Monitor, Evaluate, andAssess Performance andConformanceMEA2 Monitor, Evaluate andAssess the System ofInternal ControlMEA3 Monitor, Evaluate andAssess Compliance withExternal RequirementsAPO13 Manage SecuritySource: COBIT 5. ITGI. All rights reserved.27PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsEnabling ProcessesEach of the governance and management processes defined in theProcess Reference Model includes detailed process-related content(found in the COBIT 5 Enabling Processes ess label (domainprefix) and processnumberOverview of the processDomain and ProcessnameHow the processaccomplishes itspurposeArea of the process(governance ormanagement)Process PurposeStatementDescription of theoverall purpose of theprocessGoals CascadeInformationReference anddescription of the ITrelated goals that areprimarily supported bythe processMetrics to measure theachievement of the ITrelated goalsSource: COBIT 5 Enabling Processes. ITGI. All rights reserved.28PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsEnabling ProcessesProcess Reference Guide information continued Process Goals &MetricsSet of process goalsLimited number ofexample metricsRACI ChartSuggested assignmentof levels ofresponsibilitiesResponsible,Accountable, Consulted,InformedDetailed PracticeDescriptionsFor each processpractice, includes: titleand description, inputsand outputs, processactivitiesRelatedGuidanceReferences to otherstandardsSource: COBIT 5 Enabling Processes. ITGI. All rights reserved.29PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsProcess Capability ModelThe COBIT 5ProcessCapabilityModel providesa consistentapproach toassessing anddefiningprocesscapability.Source: COBIT 5. ITGI. All rights reserved.30PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 EssentialsContinual Lifecycle ApproachA continual approach provides a method to address the complexitiesand challenges normally encountered during GEIT implementations.The Seven Phases of the implementation lifecycle are illustrated below.What are the drivers?Where are we now?Where do we want to be?What needs to be done?How do we get there?Did we get there?How do we keep the momentumgoing?Source: COBIT 5 Implementation. ITGI. All rights reserved.31PittsburghAustin LocalLocal InterestInterest GroupGroup
Welcome and IntroductionGovernance & FrameworksITIL EssentialsCOBIT EssentialsPutting the Two TogetherRoundtable DiscussionPittsburghAustin LocalLocal InterestInterest GroupGroup
Putting the Two TogetherIntegration ObjectivesITIL and COBIT are actually highly complimentary and can helporganizations achieve the following key integration objectives.Implement and manage IT Service Managementprocesses to achieve business goals while meetinggovernance requirements.Because of its highlevel approach, broadcoverage, and is basedon many existingEnable clear process goals which are driven bybusiness goals coupled with a meaningfulmeasurement scheme.Ensure IT governance and control by providingbenefits realization, risk optimization, and resourceoptimization.33practices, COBIT caneasily be used as theintegrator that bringsmultiple practicesunder one frameworkand links those tobusiness objectives.PittsburghAustin LocalLocal InterestInterest GroupGroup
Putting the Two TogetherGeneral ComparisonOrganizations wanting to adopt ITIL need effective GEIT for asuccessful implementation. COBIT provides this broad basedframework.COBIT - “What to do”Assists in goal alignment by cascading.Defines processes based on businessrequirements.Separates governance frommanagement.Intended to support GEIT and isapplicable to most organizations.34ITIL - “How to do it”Defines best practice processes forService Management and includesprocess activities.Processes are more comprehensive anddescribed with activities and flowcharts toassist in implementation.Processes can be easily mapped to theCOBIT Framework to create effectiveguidance.PittsburghAustin LocalLocal InterestInterest GroupGroup
Putting the Two TogetherIntegrationGovernance Objective: Value s – IT Goal AlignmentGovernance EnablersProcess Reference ModelProcess Capability ModelMetricsITILService Management FocusWork InstructionProcess ExecutionTactical35ResourceOptimizationCOBITGEIT and Process FocusService Lifecycle PhasesService Portfolio and CatalogService Management Processes and ActivitiesService Management FunctionsService Management RolesProcess ControlsStrategic35StrategicPittsburghAustin LocalLocal InterestInterest GroupGroup
Putting the Two TogetherConsideration AreasCombining COBIT and ITIL in governance implementations is not atrivial endeavor. It requires organizations to address the followingcomplex areas:Define IT goals and objectives that arealigned with the business.Create and deliver services that providesvalue to the customer.Provide security, compliance, and riskmanagement for information.Ensure continuous improvement.36PittsburghAustin LocalLocal InterestInterest GroupGroup
Putting the Two TogetherRepresentative Case StudyThe following case study represents a sample approach to using theITIL and COBIT frameworks in an improvement scenario.DescriptionIssuesSolution37This datacenter provides outsourced IT managed services for the smallto mid-sized market nationally. The datacenter was a multi-tenetenvironment which provided outsourced email, applications, and servicedesk functions.The datacenter had been experiencing decreasing customer servicescores and was continually challenged with migration frustrations.Following an independent assessment of their Service Managementprocesses, they decided to focus on ITIL and CobiT frameworks toimprove their effectiveness and efficiency in Service Management.Use ITIL and COBIT 4.1 fundamentals to increase the originalassessment score. Conduct a phased one year approach to control thechange tempo in order to keep customer disruption to a minimum.PittsburghAustin LocalLocal InterestInterest GroupGroup
Putting the Two TogetherRepresentative Case StudyBased on the maturity assessment, the datacenter committed to thefollowing improvement targets.012CurrentAssessmentGoal Assessmentin six months345FutureAssessment in oneyearNote – these scores represent the aggregated maturity level for multiple processes. For the assessment, they mapped their current ITILprocesses to Cobit 4.1 processes, and used the Cobit 4.1 maturity model (with some slight internal modifications).38PittsburghAustin LocalLocal InterestInterest GroupGroup
Putting the Two TogetherRepresentative Case StudyThe following methodology was used to guide this improvementeffort. ITIL and COBIT were the primary frameworks used.UnderstandGovernanceRequirementsAlign With theBusinessDefineServicesDetermine allgovernance andcompliancerequirements frominternal and externalsources.Use COBIT todocument businessgoals and objectivesand developcorresponding ITgoals and objectives.Use ITIL to defineand agree on aportfolio of servicesthat meet thebusinessrequirements.Develop Enterprise,Corporate, and ITGovernance modelsthat leverage theCOBIT and ITILFrameworks.Ensure allgovernance andcompliancerequirements areconsidered.Services should beconsidered from acustomerperspective, andfurther documentedin an actionableservice catalog withSLAs.39Define ProcessesUse COBIT todetermine theprocesses requiredwith RACI andmetrics.Use ITIL to designthe processes toeffectively deliver,support, andcontinuously improveservices.Map processes toappropriate COBITcomponents.Measure andControlUse COBIT toExecute, monitor andmeasure processesto ensure theydeliver the servicesdefined that supportthe customer.Administer anassurance programthat ensuresappropriategovernance.PittsburghAustin LocalLocal InterestInterest GroupGroup
Putting the Two TogetherSuccess FactorsWhether you go down the ITIL path, COBIT path, or both, there aresome key success factors that should always be considered:Management commitment.Process ownership and accountability.Training and communication.Embrace processes and proceduresinto the culture.Continual improvement andmeasurements.40PittsburghAustin LocalLocal InterestInterest GroupGroup
Welcome and IntroductionGovernance & FrameworksITIL EssentialsCOBIT EssentialsPutting the Two TogetherRoundtable DiscussionPittsburghAustin LocalLocal InterestInterest GroupGroup
Roundtable DiscussionTopicsHow have you used ITIL, COBIT, or both effectively in your organization?Have you encountered any challenges in your implementation efforts? Doyou have suggestions on how to handle those challenges?Are there any tricks to ensuring accountability in an organization?Besides ITIL and COBIT, what other frameworks or standards have youfound to be helpful?Management commitment is a critical success factor to the success ofGEIT:––42What does management commitment really mean?What are some ways to achieve this?PittsburghAustin LocalLocal InterestInterest GroupGroup
COBIT 5 Essentials Background 17 Earlier this year, ISACA completed the rollout from COBIT 4.1 to COBIT 5. COBIT 5 provides an end-to-end business view of the governance of enterprise IT that reflects the central role of both information and technology in creating value for enterprises. Ent
