integrating itil and cobit - cms.binus.ac.idcms.binus.ac.id/backend2/contentconew/m1022/add...•...
TRANSCRIPT
“Measurement is the first step that leads to control and eventually to improvement. If you can’t measure something, you can’t understand it. If you can’t understand it, you can’t control it. If you can’t control it, you can’t improve it.” ― H. James Harrington
Bina Nusantara
IT Governance
IT Governance
Domains
Value Delivery
Risk Management
Resource Management
Performance Measurement
Strategic Alignment
Bina Nusantara
Source : ISACA
IT Governance and Business Alignment
Bina Nusantara
Business Strategy • Business Scope • Competencies • Business governance
IT Strategy • Technology scope • System competencies • IT Governance
Organizational Infrastructure • Administrative infrastructure • Processes • Capabilities
IT Infrastructure • Architecture • Processes • Capabilities
Business Domain IT Domain
Strategic Fit
Functional Integration
Source: Henderson, J.; N. Venkatraman: “Strategic Alignment: Leveraging Information Technology for Transforming Organizations”, IBM Journal, Vol. 32, No. 1, 1993
Although there are several methodologies and frameworks competing for the attention of IT leadership, the following are some of the most popular and applicable today. • Service Management: ITIL, MOF, USMBOK • IT Governance: COBIT • Enterprise Architecture: TOGAF • Project/Portfolio Management: PMBOK, PRINCE2, P3O, BABOK • International Standards: ISO38500, ISO20000, ISO27000 • Application/Software Development: SWEBOK, SDLC, Agile • Process & Quality Management: BPM-CBOK, Six Sigma, CMMI
Bina Nusantara
Control Objectives for Information and Related Technology (COBIT)
• COBIT helps enterprises : – Maintain high-quality information to support business decisions – Achieve strategic goals and realize business benefits through
the effective and innovative use of IT – Achieve operational excellence through reliable, efficient
application of technology – Maintain IT-related risk at an acceptable level – Optimize the cost of IT services and technology – Support compliance with relevant laws, regulations, contractual
agreements and policies
Bina Nusantara
COBIT Ensures: • ︎IT & Business Alignment • ︎IT Enabled Business Processes ︎ IT Resource
Optimization • ︎IT Management of Risks
Bina Nusantara
• COBIT’s framework accomplishes this by focusing on the business’ requirement for information, and the structured (process) utilization of IT resources.
• Each process has a high-level control objective (the desired outcome) and one or more detailed control objectives that address the requirements of the actual activities that it performs.
• The framework utilizes a structured approach in describing each; it details the process, what business requirement it is intended to fulfill, its focus area, how it is to be achieved, and how it will be measured.
• It also details how to assess each process’ maturity (capability, control & coverage).
Bina Nusantara
• In effect, COBIT’s framework establishes what needs to be done to provide the information the enterprise needs to achieve its goals.
• It does this by the establishing control objectives that link the business goals in a cascading set of IT goals and metrics.
• These extend from the strategic alignment of business’ IT capability requirements all the way down to the tactical management of those processes involved in achieving those goals.
Bina Nusantara
The COBIT 5 processes are split into governance and management “areas”. These 2 areas contain a total of 5 domains and 37 processes: • Governance of Enterprise IT
– Evaluate, Direct and Monitor (EDM) – 5 processes
• Management of Enterprise IT – Align, Plan and Organise (APO) – 13 processes – Build, Acquire and Implement (BAI) – 10 processes – Deliver, Service and Support (DSS) – 6 processes – Monitor, Evaluate and Assess (MEA) - 3 processes
Bina Nusantara
COBIT 4.1 Process – as Comparison • 34 Information Technology control objectives:
– 11 planning and organization – 6 acquisition and implementation – 13 delivery and support – 4 monitoring
• 318 detailed control objectives & audit guidelines: – 3-30 detailed control objectives per process
• Each IT process is supported by: – 8-10 Critical Success Factors – 5-7 Key Goal Indicators – 6-8 Key Performance Indicators
Bina Nusantara
ISACA completed the rollout from COBIT 4.1 to COBIT 5. COBIT 5 provides an end-to-end business view of the governance of enterprise IT that reflects the central role of both information and technology in creating value for enterprises.
Bina Nusantara
Enterprises already engaged in implementation activities can transition to COBIT 5 and incorporate this into future iterations of their improvement cycles
• COBIT 5 builds on previous versions of COBIT (including Val IT and Risk IT).
• Some new changes include: • Increased focus on enablers • New process reference model • New and modified processes
Management practices (formerly control objectives) – New maturity model
• COBIT 5 has clarified management level processes and integrated COBIT 4.1, Val IT and Risk IT content into one process reference model
Bina Nusantara
Maturity Level Condition Level 5 Optimized Processes refined to level of best practice
Automation integrates workflow Level 4 Managed Process compliance monitored & measured
Constant improvement, some automation Level 3 Defined Standard, documented procedures based on
existing practice with no process assurance Level 2 Repeatable Similar procedures followed by people
performing the same task, but no training Level 1 Initial Ad hoc processes developed case by case
Recognition of issues to be addressed Level 0 Non-existent Complete lack of recognizable processes No
recognition of issues to be addressed
Control Maturity People Process Technology Maturity Model
Level 1 – Non Reliable No Responsibility
No Policy No Procedures Missing Control Design
Non Existent
Level 2 - Informal Informal Responsibility New Personnel Non-Routine
Informal/Ineffective Policy Informal/Ineffective Procedures Informal/Ineffective Control Design Informal/Ineffective Control Activity
Manual Initial / Ad-Hoc
Level 3 - Standardized
Formal Responsibility Adequate Personnel Routine
Formal/Effective Policy Formal/Effective Procedures Formal/Effective Control Design Formal/Effective Control Activity
Manual Repeatable But Intuitive
Level 4 – Monitored
Limited Automation Periodic Compliance Testing Periodic Reporting
Limited Automation Periodic Compliance Testing Periodic Reporting Periodic Update/Change Improvement
Automated Defined Processes
Level 5 - Optimized
Automation Real-Time Monitoring Daily Reporting
Automation Real-Time Monitoring Daily Reporting As Required Update/Change Improvement
Automated Managed And Measureable
Bina Nusantara
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.
Level 2: Repeatable • Solve problems based on experience • Heroic efforts
Level 3: Definable • Focus on defined processes • Problems viewed as unforeseen
circumstances Level 4: Manageable • Metrics and monitoring • Integrity of processes is audited
Level 5: Optimal • Processes are self-tuning • Training replacements is critical
Level 1: Ad Hoc • Problems come from
outside • Change is the enemy
Capability Maturity Model
What is ITIL and ITSM? • ITIL=Information Technology Infrastructure Library • Systematic approach to high quality IT service delivery • Documented best practice for IT Service Management • Provides common language with well-defined terms • Developed in 1980s by what is now The Office of Government
Commerce • IT Service Management (ITSM): The implementation and management
of IT Services processes aligned to meet the needs of the business with an appropriate mix of people, processes and technology
• itSMF also involved in maintaining best practice documentation in ITIL – itSMF is global, independent, not-for-profit
*Infrastructure: People, Process, Technology
Why ITIL? • Mature, best practice framework • A "de facto standard " (almost) • Integrated, holistic set of processes • Well-established training programs • Corporate certification (BS15000) • Support infrastructure in itSMF and consulting
ITIL • ITIL is a well established, easily accessible, affordable process model for
IT service management that is built around a set of best practices. A well-established service and consulting industry has been built around ITIL, especially in Europe. ITIL is better known for its back-office operational process definitions than for its application management processes.
• ITIL is based on defining best-practice processes for IT service delivery and support, rather than defining a broad-based control framework. ITIL is more-prescriptive about the tasks involved in those processes and, as such, its primary target audience is IT and service management. ITIL's structure enables incremental adoption, which facilitates continuous improvement.
• ITIL has a much narrower scope than CobiT (Control Objectives for Information and Related Technology), but CobiT and ITIL are not mutually exclusive and can be combined to provide a powerful IT governance, control and best-practice framework in IT service management.
Source: Gartner Research
ITIL® V3 – The Service Lifecycle • Business and IT integration • Measuring IT in business value
outcomes • Global sourcing • Changing architectures - SOA,
service virtualisation • Convergence of strategy,
governance and management • Compliance and control • Complexity of services and systems • Balancing stability v.
responsiveness • Predictive as well as proactive
ITIL® Service Management (Old Version)
IT Service Support
IT Service Delivery
Capacity
IT Continuity IT Finance
Availability Service Level
Management
Change
Incident
Release
Problem Service Desk
Configuration
Use
rs
Cus
tom
ers
What about v3? • ITIL started in 80s.
– 40 publications! • v2 came along in 2000-2002
– Still Large and complex – 8 Books – Talks about what you should do
• v3 in 2007 and 2011 – Much simplified and rationalised to 5 books – Much clearer guidance on how to provide service – Easier, more modular accreditation paths – Keeps tactical and operational guidance – Gives more prominence to strategic ITIL guidance relevant to senior
staff – Aligned with ISO20000 standard for service management
Combining COBIT and ITIL for Powerful IT Governance
• Control Objectives for Information and Related Technology (COBIT) was originally an IS audit tool oriented to risk mitigation.
• CobiT establishes what formal IS processes, practices and controls should be in place, and the minimum results they should predictably deliver.
• ITIL and COBIT can combine well together. ITIL maps reasonably neatly into the COBIT high-level governance and audit framework, but although they are trying to achieve different things, they are not contradictory and have few interface problems.
• COBIT is a complementary framework to ITIL. • CobiT's processes and control objectives are segmented into four domains
– Planning and Organization – Acquisition and Implementation – Delivery and Support – Monitoring.
• COBIT is based on established frameworks, such as the Software Engineering Institute's Capability Maturity Model, ISO 9000 and the Information Technology Infrastructure Library (ITIL).
• Unlike ITIL, COBIT does not include process steps and tasks because it is a control framework rather than a process framework. COBIT focuses on what an enterprise needs to do, not how it needs to do it.
• ITIL is based on defining best-practice processes for IT service delivery and support, rather than defining a broad-based control framework. ITIL is more-prescriptive about the tasks involved in those processes and, as such, its primary target audience is IT and service management.
• Many of the COBIT processes — particularly those in the delivery and support domain — map well onto one or more ITIL processes, such as service level, configuration, problem, incident, or financial management.
• The development processes of the two frameworks are not linked and both would benefit from closer collaboration. However, they are unlikely to contradict each other in any substantive way.
Combining COBIT and ITIL for Powerful IT Governance
Combining COBIT and ITIL for Powerful IT Governance
ITIL and COBIT are actually highly complimentary and can help organizations achieve the following key integration objectives. • Implement and manage IT Service Management
processes to achieve business goals while meeting governance requirements.
• Enable clear process goals which are driven by business goals coupled with a meaningful measurement scheme.
• Ensure IT governance and control by providing benefits realization, risk optimization, and resource optimization.
Bina Nusantara
Because of its high level approach, broad coverage, and is based on many existing practices, COBIT can easily be used as the integrator that brings multiple practices under one framework and links those to business objectives
Organizations wanting to adopt ITIL need effective GEIT for a successful implementation. COBIT provides this broad based framework.
Bina Nusantara
COBIT - “What to do” • Assists in goal alignment by
cascading. • Defines processes based on
business requirements. • Separates governance from
management. • Intended to support GEIT and is
applicable to most organizations.
ITIL - “How to do it” • Defines best practice processes
for Service Management and includes process activities.
• Processes are more comprehensive and described with activities and flowcharts to assist in implementation.
• Processes can be easily mapped to the COBIT Framework to create effective guidance.
IT Service Management Tools • Manage Engine – ServiceDesk
Plus • http://www.manageengine.com/
products/service-desk/
Bina Nusantara
Recommendations ü IT service management will be a prerequisite for demonstrating
business value. Success requires commitment and perseverance. ü IT service management requires fundamental cultural and
behavioral change. Pay careful attention to organizational change management issues.
ü Success in IT service management is based on repeatable processes. Use ITIL as the basis for IT operational processes and then focus on continually improving them.
ü Seek opportunities to learn from and copy best-practice processes. ü Measure ICT costs and relate results to process analysis to find
saving and improvement opportunities for optimization.