Risk Management Model In ITIL PDF Free Download

2y ago

61 Views

1 Downloads

2.19 MB

88 Pages

Report/dmca

Download PDF

Transcription

sRisk Management Model In ITILSarah Vila-Real VilarinhoDissertation for the Degree of Master ofInformation Systems and Computer EngineeringJuryPresident:Supervisor:Member:Prof. Dr. Joaquim Armando Pires JorgeProf. Dr, Miguel Leitão Bignolas Mira da SilvaProf. Dr. Maria do Rosário Gomes Osório Bernardo Ponces deCarvalhoProf. Dr André Ferreira Ferrão Couto e VasconcelosJune 2012i

AcknowledgmentIn the first place I would like to thank to Instituto Superior Técnico for the opportunity to producethis thesis and to enlarge my scientific background. In particular, I would like to thank professorsMiguel Mira da Silva and Maria do Rosário Carvalho, whose patience, help, advice and supervisionwere invaluable.I would like to thank all the experts who dispended their time evaluating and inspiring some partsof my work.I would also like to thank to my friends, my uncles (Cláudia and Marcos) and all my workcolleagues for their support and understanding, especially to my friend Pedro Jacinto for his hugesupport, reviewing and criticizing during my work. Without his support probably I would not finish thisthesis.iii

AbstractITIL is considered a framework of best practice guidance for IT Service Management and it is widelyused in the business world. In spite of this, ITIL has some gaps in Risk Management specification. In fact,there is only a coordination of exercises instead of a clear and owned process, which can limit the efficiencyof ITIL’s implementation in organizations. The present thesis approaches this problem and compares IT riskmanagement in ITIL to other IT Governance and service management frameworks. Despite ITIL stating thatrisk should be identified, measured and mitigated, it is not clear on how to proceed (since no actual process isdefined on how to deal with risk). To solve this, we propose to map the M o R risk management frameworkin ITIL, mapping every M o R process, and adopting a strong risk management, which is based on specificguidelines without changing the framework. Besides this, we propose the introduction of new elements in therisk management ITIL process, such as KRIs and a new process responsible for defining risk managementthat can help guide risk in other processes. With this model we present its theoretical application in Disney’sITIL implementation and some experts’ evaluation of the model. Finally, we suggest a proposal for futurework.Keywords: Risk Management, ITIL, M o R, KRI, riskv

ResumoITIL é considerado a framework de melhores práticas em gestão de serviços IT e éamplamente usado no mundo dos negócios. Apesar disso, o ITIL tem algumas lacunas na definição da gestãodo riscos.Em vez de um processo claro e com responsabilidades claras, há apenas um conjunto de exercícioscoordenados, o que pode limitar a eficiência da implementação ITIL nas organizações. Esta tese aborda esteproblema e compara o gerenciamento de risco em ITIL com outras frameworks de governance e gestão deserviços de TI. Apesar doo ITIL afirmar que os riscos devem ser identificados, medidos e mitigados, não estáclaro como proceder (nenhum processo concreto é definido sobre como lidar com o risco). Para resolverisso, nós propomos o mapeamento da estrutura de gerenciamento de risco M o R no ITIL, mapeando todosos processos M o R em ITIL e, portanto, adotando uma gestão de risco robusta, baseada em diretrizesespecíficas, sem alterar a framework. Além disso, propomos a introdução de novos elementos no processo degestão de risco, tais como KRIs e ainda um novo processo responsável por definir gestão de risco e que temcomo objetivo guiar a gestão do risco nos outros processos. Com este modelo apresentamos também umaaplicação teórica a implementação do ITIL na Disney e avaliação do modelo por peritos. No final,mostraremos sugestões e planeamento para o trabalho futuro em cima do modelo.Palavras chave: Gestão do Risco, ITIL, M o R, KRI, riscovi

Table of Contents1.2.INTRODUCTION.11.1.RISK MANAGEMENT .11.2.ITIL FRAMEWORK.21.3.RESEARCH PROBLEM .21.4.RESEARCH METHODOLOGY .31.5.DOCUMENT STRUCTURE .6RELATED WORK .72.1.IT RISK .72.1.1.2.2.M O R .102.2.1.2.3.Risk Management Conceptual Map .11ITIL.112.3.1.ISO20000.132.3.2.ITIL Conceptual Map.142.3.3.Risk Management and Corporate Governance .142.4.3.ISO31000.8SUMMARY .16MODEL PROPOSAL .183.1.PROPOSAL CORE .183.2.SERVICE STRATEGY .243.2.1.Strategy Management for IT Services.243.2.2.Service Portfolio Management .253.2.3.Demand Management .263.2.4.Financial Management for IT Services.263.2.5.Business Relationship Management .273.2.6.Risk Management .283.3.SERVICE DESIGN.283.3.1.Design Coordination .293.3.2.Service Catalogue Management .293.3.3.Service Level Management .303.3.4.Capacity Management .333.3.5.Availability Management .353.3.6.IT Service Continuity Management .373.3.7.Supplier Management .393.3.8.Risk Management .40vii

RISK MANAGER - PROCESS OWNER: .453.4.3.4.1.Evaluation .473.4.2.Service Asset and Configuration Management .483.4.3.Release and Deployment Management .493.4.4.Service Validation and Testing .523.4.5.Knowledge Management .543.5.Event Management .543.5.2.Incident Management .553.5.3.Request Fulfillment .563.5.4.Problem Management.573.5.5.Access Management .587 Steps Improvement Service .593.6.2.Service Reporting .603.6.3.Service Measurement .61DEMONSTRATION .62CASE STUDY.62EVALUATION .655.1.EVALUATION PROCESS .655.2.EVALUATION RESULTS .665.2.1.Feedback from Centeris about Risk Management Model in ITIL article(41) .665.2.2.Feedback from Social Networks .665.2.3.Feedback from face-to-face interviews with experts .675.3.6.CONTINUAL SERVICE IMPROVEMENT .593.6.1.4.1.5.SERVICE OPERATION .543.5.1.3.6.4.SERVICE TRANSITION .47DISCUSSION.685.3.1.New Risk Management Process .685.3.2.M o R steps amid ITIL Process .685.3.3.Introduction of KRI’s.685.3.4.Advantages of the new model.695.3.5.Disadvantages of the new model .69CONCLUSION .70REFERENCES .72A.PUBLICATIONS . Aviii

List of FiguresFig. 1. Risk Management. Source: (2). .1Fig. 2. Problem context. .3Fig. 3. Design Research Cycle. Source: (14). .5Fig. 4. Framework for Managing Risk per ISO31000 source:(3). .9Fig. 5. M o R Framework. Source: M o R Official Site (19). .10Fig. 6. Risk Management Conceptual Map. .11Fig. 7. ITIL v3 2007 lifecycle. Source: http://www.processcatalyst.com/images/itil v3.gif . .12Fig. 8. Relationship between ISO 20000, ITIL and procedures. .14Fig. 9. ITIL Conceptual Map. .14Fig. 10. Model Conceptual Map .18Fig. 11. First Part of Risk Management Pprocess on Service Strategy .19Fig. 12. Second Part of Risk Management Process on Service Design.20Fig. 13. ITIL Process Map According Risk Elements Plus New Process .21Fig. 14. Work breakdown structure of KRIs .

risk management ITIL process, such as KRIs and a new process responsible for defining risk management that can help guide risk in other processes. With this model we present its theoretical application in Disney’s ITIL implementation and some experts’ evaluation of the model. Finally, we suggest a proposal for future work. Keywords: Risk Management, ITIL, M_o_R, KRI, risk . vi Resumo ITIL .