itm governance & management controls
DESCRIPTION
ITM Governance & Management Controls. CANHEIT Overview Presentation - June 2012 Clark Ferguson, CIO, University of Lethbridge. Agenda. Program Overview. Governance & Management Controls Overview Session. Program. Alberta … Post secondary sector … Information & Technology Management … - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/1.jpg)
ITM Governance & Management Controls
CANHEIT Overview Presentation - June 2012
Clark Ferguson, CIO, University of Lethbridge
![Page 2: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/2.jpg)
Agenda
2
Program Overview
Implementation Overview
Section 1 – Foundation Elements
Section 2 – Strategic Alignment
Section 3 – Risk Management
Section 4 – Value Delivery: IT Financial Management
Section 5 – Value Delivery: IT Human Resources Management
Section 6 – Value Delivery: IT Service Management
Wrap Up
![Page 3: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/3.jpg)
Program OverviewGovernance & Management Controls Overview Session
3
![Page 4: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/4.jpg)
Alberta … Post secondary sector … Information & Technology Management … Control Framework Program
Program
4
![Page 5: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/5.jpg)
Provincial Office of the Auditor General increasing attention to governance & management controls across public sector
Alberta Advanced Education & Technology (AET) initiated program and enlisted support of post secondary leaders
Recognition that all post secondary institutions would need to comply
Quality of institutional systems would vary based on size of institution and capacity to allocate scarce resources
Province-wide program with contributions by AET & institutions
Leveraged program management and specialized consultants to harvest industry and institutional best practices
Introduction
5
![Page 6: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/6.jpg)
26 post secondary institutions (all but 1 or 2) engaged 2 years of projects have been successfully completed with 1
project rescheduled due to quality problems Significant involvement of business leaders and IT experts in
projects Team approach, high quality project deliverables, and strong
communications & training have led to rapid adoption
Achievements
6
![Page 7: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/7.jpg)
Dedicated program management and expert project consultants freed participating institutions to focus on contribution
Governance and approval of project and program materials tricky but with minor rework, successful process achieved
Procurement process to contract project experts and careful oversight of their work extremely important
Joint approach has yielded very high quality deliverables and commitment amongst institutions share best practices
Lessons Learned
7
![Page 8: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/8.jpg)
Rising expectations regarding organizational governance Concern over generally increasing level of IT expenditure &
demand for better return on IT investments Need to meet regulatory requirements Significance of selection of service provider & management
of outsourcing Increasingly complex risk associated with information
management & related technology Need to optimize costs by following standards and best
practices Growing maturity and acceptance of frameworks and
standards Need for assessment against standards and peer
organizations
Business Drivers
8
![Page 9: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/9.jpg)
1. Proper Governance2. Strategic Alignment3. Value Realization4. Risk Management5. Resource Optimization
There are 5 Points Really!
9
![Page 10: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/10.jpg)
Collaboratively develop a system-wide control framework for managing information and related technology that will assist with the implementation of strategic priorities, policies and principles through:◦ Common best practice controls that are modifiable,
scalable and implementable◦ A shared content management system that will foster
ongoing collaboration and effectively manage the control life cycle
Initiated a Program to…
10
![Page 11: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/11.jpg)
Standards
11
Legislation
COBIT
ISO 2700xPMBOK
ITIL
ITM Control Framework
WHAT HOW
SCOPE OF COVERAGE
![Page 12: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/12.jpg)
Translating Theory into Reality!
![Page 13: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/13.jpg)
Program DesignControl
Framework & Policies
Project (June 2010)
Privacy Project
(November 2010)
Change Managemen
t Project(October 2010)
Governance Project
(April 2011)
Content Mgmt. System Project
(April 2012)
13Post-Secondary System ITM Control Framework
Year 1(2010)
Information & Technical
Management (December
2011)
Enterprise Architecture(Resched. to Yr
3)
Identity Managemen
t & Information
Security(December
2011)
Year 2(2011)
Information Management
(February 2013)
Technology Managemen
t(February
2013)
Enterprise Architecture
(February 2013)
Year 3(2012)
Information Management
... Continued (August 2013)
Wrap-up Project
(December 2013)
Complete
In progress
Year 4(2013)
![Page 14: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/14.jpg)
Volunteers from the Institutions Program designed to provide opportunity to
volunteer:◦ Working Group = 6-12 hours/month◦ Key Stakeholders = 2-4 hours/month◦ Project Steering Committee = 2 hours/month
Composition impacts legitimacy of deliverables Committed participants who see the bigger
picture
Participation
14
![Page 15: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/15.jpg)
Collaboration Benefits PSS expert body of knowledge Relationships Synergy Sharing and capture of knowledge Bleeding edge Ongoing support Common foundation for future opportunities
15
![Page 16: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/16.jpg)
Look at the framework as a whole Determine what pieces you need and how ‘deep’ you want
to go in each area Know your capabilities, capacity, current maturity, resource
availability Be realistic in your planning Assign dedicated people to manage, communicate, train
and assist with organizational change Don’t underestimate the commitment that's required Don’t forget to collaborate Keep your eye on the end game
Moving Forward (aka implementation)
16
![Page 17: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/17.jpg)
U of L Status
17
Program Two business and 3 IT participants in the program work
Section 1 – Foundation Elements
ITM Control Framework leader assigned;ITM policy approved by the Board in May 2012
Section 2 –Strategic Alignment
Developing Fiscal 2014 budget in conjunction with University Strategic alignment
Section 3 – Risk Management
Initiated PCI improvement program;Planning external review of IT Security
Section 4 –Financial Management
Strengthening portfolio management;Developing a consolidated view of full IT spend
Section 5 –HR Management
Conducting key skills review and gap analysis
Section 6 – IT Services Management
Documenting service portfolio;Establishing business relationship management processes
![Page 18: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/18.jpg)
Implementation Overview
Governance & Management Controls Overview Session
18
![Page 19: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/19.jpg)
Alignment Map
19
![Page 20: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/20.jpg)
ITM Governance
& Management
Controls(64)
Foundation Pieces
(17)
Strategic Alignment
(4)
Risk Manageme
nt(8)
Financial Manageme
nt(6)
Service Manageme
nt(26)
Human Resources Manageme
nt(3)
Controls Summary
20
![Page 21: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/21.jpg)
Cobit 4.1◦ Risk IT◦ Val IT
ITIL◦ Service Strategy◦ Service Design◦ Continual Service Improvement
ISO/IEC 20000, ISO 31000 Web research
Development of Controls
21
Controls derived through ~3,000 hours of synthesis, discussion and adaptation to the post-secondary
environment
![Page 22: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/22.jpg)
Identify DriversAssess Current StateDefine Desired Future StateDevelop PlanExecute PlanMeasure ResultsSustain Momentum
ITM Control Framework – Implementation Lifecycle
22
Use of maturity models
(next slide)
![Page 23: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/23.jpg)
1 Initial/Ad Hoc
2 Repeatable but Intuitive
3 Defined Process
4 Managed and Measurable
5 Optimized
Cobit Maturity Scale
23
Program Objective:To increase the maturity level of all participating Institutions to a COBIT Maturity Level 3 by June 2014 in the areas where the
controls have been implemented within the Institution.
![Page 24: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/24.jpg)
Section 1 – Foundation Elements
Governance & Management Controls Overview Session
24
![Page 25: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/25.jpg)
An ITM control framework is a critical part of every institution’s internal control program to mitigate risks and ensure:◦ Management understands ITM’s role and relevance in the
organization ◦ Alignment of investment with the institution mandate and
strategic direction◦ Value delivery◦ Compliance with external requirements◦ Continuous improvement re: ITM processes
It is the responsibility of the Board of Governors & executive management to communicate ITM investment objectives and expectations re: control environment and to provide training
Planning and adequate resourcing are essential
Key Concepts
25
Foundation Pieces
(17)
![Page 26: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/26.jpg)
26
ITM Governance Questions
Are we doing the right things?
Are we doing them the right
way?
Are we getting them done well?
Are we getting the benefits?
The delivery question
The architecture question
The strategic question
The value question
Foundation Pieces
(17)
![Page 27: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/27.jpg)
Organization Role ResponsibilityBoard of Governors • Oversight regarding strategic alignment, risk
management and value delivery of ITM
Executive Committee • Approval of enterprise-level investment decisions, including adequate funding for development, implementation, communication and training re: ITM controls
ITM Steering Committee • Approval of ITM Control Framework• Ensures control environment aligns with
institution’s management philosophy and operating style
• Regular assessment of the maturity of the institution’s control processes
CIO • Overall development and implementation of the control environment
• Reporting on progress/resultsBusiness Managers • Input to development of the control
environment• Responsibility for operation of many controls
Roles & Responsibilities
27
Foundation Pieces
(17)
![Page 28: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/28.jpg)
Institution needs to appoint a ‘custodian’ or manager of the framework and maintain a log of all compliance requirements
Comprehensive procedure required for:◦ Identifying externally generated requirements in a timely
manner◦ Identifying internally generated requirements◦ Escalating and resolving issues identified through
implementation/operation of the ITM Control Framework Framework needs to be regularly reviewed
◦ Internal audit◦ Periodic 3rd party reviews
Provide for approved and documented exceptions to compliance with controls
Lifecycle Management of Controls
28
Foundation Pieces
(17)
![Page 29: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/29.jpg)
Section 2 – Strategic Alignment
Governance & Management Controls Overview Session
29
![Page 30: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/30.jpg)
Strategic ITM Plan is an integral element of the comprehensive institution plan….not an afterthought!
Performance is measured using an ITM Balanced Scorecard ITM investments should be managed across the institution
in portfolios Outcomes
◦ Alignment of business, ITM and risk management objectives◦ Organization, services, application portfolios, technologies,
competencies, processes & methodologies are in place to maximize ITM contribution
◦ Bi-directional education & involvement in ITM and business planning
◦ Regular assessment re: ITM contribution to business objectives◦ Roadmap for addressing future needs
Key Concepts
30
Strategic Alignment
(4)
![Page 31: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/31.jpg)
Clearly articulated institutional vision and priorities Planning is considered important and closely linked to
institutional budget ITM plan is published
◦ Formal communication strategy specific to ITM stakeholders developed with communication strategy for comprehensive institution plan
ITM governance practices are seen to be effective◦ Close relationships between ITM and non-ITM organizations and
staff◦ Informal and formal◦ Communication with and involvement of key constituents,
especially faculty and deans
Critical Success Factors
31
Strategic Alignment
(4)
![Page 32: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/32.jpg)
32
Comprehensive Institution Plan
Strategic Priorities
Goals & Expected Outcomes
Performance Measures
Financial Plan
ITM Plan
Capital Plan
Institutional Access Plan
Institutional Research
Plan
Plan to Plan• Purpose• Process• Scope
Assess Current ITM capability &
performance
Describe Desired ITM Future
Conduct Gap Analysis
Articulate Goals, Objectives, Strategies &
Measures
Develop Business Cases
for Individual Initiatives
Categorize by Portfolio and
Prioritize
Adjust Plan as Required
Strategic Alignment
(4)
![Page 33: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/33.jpg)
ITM Planning in Context
33
Strategic Alignment
(4)
Comprehensive Institution Plan
Business Goals for IT IT Goals Enterprise
ArchitectureBalancedScorecard
Governance Requirements
Business Requirements
Information Services
Information Criteria*
Information
ApplicationsIT Processes
deliver
run
needInfrastructure
& People
require influence
imply
* effectiveness, efficiency, confidentiality, integrity, availability, compliance, reliability
![Page 34: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/34.jpg)
Section 3 – Risk ManagementGovernance & Management Controls Overview Session
34
![Page 35: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/35.jpg)
ITM risk is business risk ITM risk always exists, whether it is detected or recognized Management of ITM-related risk is an essential and
strategic component of responsible administration and should be integrated into overall enterprise risk management
Who should be involved?◦ Board members and senior executives who need to set direction
& monitor risk at the enterprise level◦ Managers of ITM and business departments who define risk
management processes◦ Risk management professionals◦ External stakeholders
Key Concepts
35
Risk Mgmt.
(8)
![Page 36: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/36.jpg)
ITM benefit risk◦ Missed opportunities to use technology to improve efficiency of
effectiveness of business processes or as an enabler for new business initiatives
IT program and project delivery risk◦ Failure to realize the expected contribution of ITM to new or
improved business solutions IT operations and service delivery risk
◦ Where performance of IT systems and services does not meet service level expectations
ITM Risk Categories
36
Risk Mgmt.
(8)
![Page 37: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/37.jpg)
ITM risk management always connects to business objectives◦ Focus is on the business outcome
ITM risk governance aligns the management of ITM-related risk with overall ERM
ITM governance should balance the costs and benefits of managing ITM risk
There should be open communication regarding ITM risk Establishment of well-defined risk tolerance levels by the
Board and executive management should be coupled with definition and enforcement of personal accountability for operating within tolerance levels
ITM risk management is continuously improved
Risk Mgmt. Principles
37
Risk Mgmt.
(8)
![Page 38: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/38.jpg)
Risk EvaluationEnsure ITM-related risks and opportunities are identified, analyzed and presented in business terms.
Collect Data
Risk ResponseEnsure ITM-related risk issues, opportunities and events are addressed in a cost-effective manner, in line with business priorities.
Articulate Risk
Risk GovernanceEnsure ITM risk management practices are embedded in the enterprise, enabling it to secure optimal risk-adjusted return
Manage Risk
React to Events
Establish & Maintain
a Common Risk View
Make Risk-Aware
Business Decisions
Integrate with ERM
Analyze Risk
Maintain Risk
Profile
BusinessObjectives
Communication
ITM Risk Management Framework
38
Risk Mgmt.
(8)
![Page 39: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/39.jpg)
Risk appetite◦ Amount of risk the institution is willing to accept in pursuit of its
mission “What level of risk are we comfortable living with?”
◦ Provides context for analysis and response to individual risks by management
◦ Defined/approved by the Board of Governors in terms of frequency and impact No absolute norm or standard of what constitutes acceptable
risk◦ Should be clearly communicated to stakeholders and staff
through policies and standards Consider objective capacity to absorb loss & management
culture
Risk Appetite
39
Risk Mgmt.
(8)
![Page 40: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/40.jpg)
Scoping ITM Risk Management Activities
40
Very High
High
Medium
Low
• Detailed scenario development and frequent maintenance of the risk register
• Independent review of risk analysis results• Quarterly detailed reporting on risk profile• ...
• Detailed scenario development and frequent maintenance of the risk register
• Independent review of risk analysis results• Semi-annual detailed reporting on risk profile• ...
• Detailed scenario development for analysis• Self-assessment and review• Yearly update and quarterly summary reporting• ...
• Self-assessment and review• Generic scenarios• Less frequent reporting• ...
ITM Risk Management Scoping Based on Risk Assessment Results
Risk Mgmt.
(8)
![Page 41: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/41.jpg)
Section 4 – Value Delivery: ITM Financial Management
Governance & Management Controls Overview Session
41
![Page 42: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/42.jpg)
Institution must establish a financial management framework for information and related technology◦ Approved by the ITM Steering Committee◦ CIO accountable to the ITM Steering Committee for
implementing and monitoring the effectiveness of the framework and ensuring integration with enterprise policies, standards etc.
◦ Should be formally evaluated based on schedule determined by ITM Steering Committee
Focused on ensuring accountability and transparency re: value contribution and total cost of ownership of information and related technology
3 main elements: ◦ ITM budget management, portfolio mgmt. and cost/benefit
management
Key Concepts
42
Financial Manageme
nt(6)
![Page 43: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/43.jpg)
Comprehensive Institution Plan
Enterprise Architecture
Information Security Plan
Strategic ITM Plan ITM Tactical Plans
Budget Actual
Expenditures vs. Budget Reports
Updated portfolios Accountability &
Transparency re: Value Contribution & TCO through Cost/Benefit Reports
ITM Financial Mgmt. as Process
43
Inputs
Financial Management Framework
Outputs
Financial Manageme
nt(6)
![Page 44: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/44.jpg)
44
Portfolio Management
ITM Financial Mgmt. Framework
ITM Governance
Business Case Development & Use
ITM Budget Management
Cost/Benefit Management
Application Assets
Infra-structure Assets
Information Assets
People Assets + + +
Process
Assets+
Investment Prioritization within Portfolios
Finan
cial M
anag
emen
t Fra
mew
ork
Financial Manageme
nt(6)
Service
Assets+
![Page 45: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/45.jpg)
Budget Management
1. Define strategic business objectives and determine high-level budget envelopes
2. Develop ITM budget
3. Monitor and report on actual results
4. Develop ITM budget recommendations
High-Level Process Elements
45
Financial Manageme
nt(6)
![Page 46: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/46.jpg)
Portfolio Management1. Define portfolios and sub-categories2. Determine the investment ‘weight’ of each portfolio or
sub-category3. Develop and use ITM business cases for ITM investment4. Prioritize investments within portfolios5. Identify HR needs across portfolios6. Review and report on project, program and portfolio
performance
High-Level Process Elements
46
Financial Manageme
nt(6)
![Page 47: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/47.jpg)
Section 5 – Value Delivery: Human Resources
ManagementGovernance & Management Controls Overview Session
47
![Page 48: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/48.jpg)
Processes for the management of IT human resources are an essential part of an ITM Control Framework
CIO (not HR) is responsible for ensuring the institution has an ITM workforce with the skills necessary to achieve organizational and ITM goals
Main tasks:◦ Define, monitor and supervise execution of ITM roles &
responsibilities◦ Provide appropriate and sufficient training (technical, internal
control and security)◦ Minimize dependency on key staff◦ Ensure compliance with organizational policies◦ Report to the ITM Steering Committee on key issues
Key Concepts
48
Human Resources
Management
(3)
![Page 49: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/49.jpg)
Labour costs 30% - 60% of the ITM budget Quality of ITM personnel has enormous impact on
effectiveness of the service provider organization, end-user satisfaction, optimizing value and proactive use of technology
Market for highly proficient IT resources is competitive and will get more so – hiring and retaining the best resources will continue to be a critical success factor for the CIO
Unique aspects to management of IT professionals (pool characteristics, diverse career expectations, training requirements) exacerbates need for involvement of ITM managers
Turnover costs are enormous (e.g., 1 – 2 times annual salary)
Why ITM HR Mgmt. is Important
49
Human Resources
Management
(3)
![Page 50: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/50.jpg)
Integrated Governance Structure
ITM Organization Chart
ITM Strategic & Tactical Plans
ITM Budget Business
Requirements
IT HR policy and procedures
IT skills matrix Job descriptions Staff skills and
competencies, including individual training logs
Training plans
HR Management as Process
50
Inputs
IT Human Resource
Management
Outputs
Human Resources
Management
(3)
![Page 51: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/51.jpg)
IT Human Resources Life Cycle
51
Human Resources
Management
(3)
Determine Personnel Needs
• Develop organization chart• Perform swap analysis &
identify personnel gaps• Determine staffing strategy
– contract, permanent, contract-to-hire
• Create final hiring plan
Sourcing• Permanent & contract
candidate sourcing• Additional screening for
permanent hires• Recruiting funnel• Working with agencies
& technical recruiters
Interviewing• Interviewing techniques• Interview team• Best practices for
conducting interviews• High-volume interviewing• Interviewing contractors
Hiring• Finalizing an offer
decision• Checking references• Ramping up new
hires quickly
Managing• 10% attrition model• IT staff career development• Key drivers of staff retention• Compensation• Handling layoffs• Management coaching• Creating performance plans
Start
![Page 52: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/52.jpg)
Section 6– Value Delivery: IT Service Management
Governance & Management Controls Overview Session
52
![Page 53: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/53.jpg)
Key Concept
53
Service Manageme
nt(26)
“The idea of strategic assets is important in the context of good practice in service management. It encourages IT organizations to think of investments in service management in the same way businesses think of investing in production systems, distribution networks R&D laboratories.
Strategic assets provide the basis for core competence, distinctive performance, durable advantage and qualifications to participate in business opportunities. IT organizations can transform their service management capabilities into strategic assets.”
- ITIL Service Strategy, OGC, 2011
![Page 54: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/54.jpg)
Service Lifecycle
54
Continual Service
Improvement
Service Strategy
Service Design
Service Transition
Service Operation
Envisioning & conceptualizing the set of services required to achieve business objectives
Designing the services to meet utility & warranty objectives
Moving services into live production
Managing services to ensure utility &
warranty objectives are achieved
Evaluating services & identifying ways to
improve their utility & warranty in support of
business objectives
![Page 55: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/55.jpg)
ITSM FrameworkService Strategy
Strategy Management Service Portfolio Management
Financial Mgmt. for IT Services
Service Demand Management
Business Relationship Mgmt.
Service Design
Identify BusinessRequirements & Drivers
Define Services & Develop Service Catalogue Educate & Train Users
Service Level Management
Develop SLA Framework, SLAs & OLAs
Monitor Service Performance & Produce
Service Reports
Review Service,Instigate Improvements & Update
SLAs/OLAs
Supplier Management
Develop & Align Procurement Controls& Select Suppliers
Develop/Manage Contracts & Relationships & Protect Enterprise Interests
Monitor Supplier Performance
Service Continuity
Develop Service Continuity Framework
Develop & Maintain Continuity Plans
Test Continuity Plans
Provide Training on
ITM Continuity PlansReview Plan
Effectiveness
![Page 56: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/56.jpg)
ITSM Framework Element
Description
IT Service Strategy • Defining a strategy to deliver services to meet the institution’s business outcomes
IT Service Design • Procedures for determining, documenting and agreeing upon requirements for new services and documenting in a service catalogue
Service Level Mgmt. • Defining SLAs based on customer requirements and IT capabilities, service metrics, roles & responsibilities
Supplier Mgmt. • Aligning procurement controls with those of the institution, identification & categorization of supplier relationships, developing and managing contracts, protecting IP & monitoring performance
Service Continuity • Developing a service continuity framework consistent with institution business continuity
ITSM Standard Elements
56
Service Manageme
nt(26)
![Page 57: ITM Governance & Management Controls](https://reader035.vdocuments.us/reader035/viewer/2022081515/5681685a550346895dde90a9/html5/thumbnails/57.jpg)
Wrap UpQuestions?
57