2. Terrance Knecht
Currently Consultant to ZS Associates working on a
project for Amgen (Phama)
Previously head of Information Technology for
organizations 5 times
Worked in Information Technology in the following
industries:
Government, Healthcare, Banking, Retail, Media, Tele
marketing, Financial
Services, Insurance, Education, Pharmaceuticals
Most successful in turnaround/troubled environments
4. Are You Organized?
If someone comes in to review your organization and
actions are not tied to a process, each action is often
reviewed
15 years ago if you had a system that tied individual
actions to processes which themselves were tied to the
high level summary, there was a general acceptance of
your department
Capitalized projects – outside audit
Processes - sale of organization
5. Next Level – International
Standards
Today there are several internationally accepted standards
[FRAMEWORKS] for accomplishing functions within
organizations. Use a standard framework:
To eliminate the need to “invent” one’s own standards
To have predictability in results
To have acceptance of the framework by outside entities
To have portability of a person’s skills
Senior Management is now responsible
6. Frameworks
COBIT (Control Objectives for Information and
Related Technology
ITIL (Information Technology Infrastructure Library)
PMBOK (Project Management Body of Knowledge)
COSO (Committee of Sponsoring Organizations of the
Treadway Commission
ISO27001/ISO27002 (Security)
CMMI (Capability Maturity Model Integration)
7. COBIT (Control Objectives for
Information and Related Technology)
Key elements of enterprise governance:
Need for assurance about the value of IT (VALUE)
Management of IT risk (RISK)
Increased requirements for control over information
(CONTROL)
9. COBIT Framework
COBIT has information as the core value
As a control and governance framework for IT, COBIT
focuses on two key areas:
Providing the information required to support
business objectives and requirements
Treating information as the result of the
combination of the application of IT-related
resources that need to be managed by IT
processes
10. Process Oriented
COBIT is Process Oriented – These processes control
IT resources
Applications
Information – 9 Information Criteria
Infrastructure
People
12. These Resources Are Controlled
Within 4 Domains
PLAN & ORGANIZE
ACQUIRE DELIVER
AND AND
IMPLEMENT SUPPORT
MONITOR & EVALUATE
13. Total of 34 Processes Supporting the 4 Domains
Plan & Organize
Monitor & Evaluate Define a strategic IT Plan
Monitor & Evaluate IT performance Define the information architecture
Monitor & evaluate internal controls Determine technological direction
Ensue compliance with external Define the IT Processes, organization and
requirements relationships
Provide IT governance Manage the IT investments
Communicate management aims and
direction
Deliver & Support
Manage IT human resources
Define & manage service levels
Manage quality
Manage third party services
Assess and manage IT risks
Manage performance and capacity
Manage projects
Ensure continuous service
Ensure systems security Acquire & Implement
Identify & allocate costs Identify automated solutions
Educate & train users Acquire & maintain application software
Manage service desk and incidents Acquire & maintain technology
Manage the configuration infrastructure
Manage problems Enable operation and use
Manage data Procure IT resources
Manage the physical environment Manage changes
Manage operations Install & accredit solutions and changes
14. COBIT – Example – Strategic IT Plan
Identify Primary, Secondary & Other for Information
Effectiveness - Primary
Efficiency - Secondary
Confidentiality
Integrity
Availability
Compliance
Reliability
15. COBIT – Example – Strategic IT Plan
Identify Primary, Secondary & Other for IT
Governance Focus Areas
Primary
Secondary
Secondary
16. COBIT – Example – Strategic IT Plan
Identify Primary, Secondary & Other for IT resources
Applications - Primary
Information - Primary
Infrastructure - Primary
People - Primary
17. COBIT – Example – Strategic IT Plan
ID Inputs
ID Outputs
Create RACI Chart
(Responsible, Accountable, Consulted, Informed)
Create Goals and Metrics
18. COBIT – Example – Strategic IT Plan
Fill in the blanks:
Control over the IT Process of Define a Strategic
Plan
That stratifies the business requirements of IT of
_______
By focusing on ________
Is achieved by ________
And is measured by _______
19. Maturity Model
The current status (in evolution) can be rated on a
maturity scale (CMMI)
0 Non-existent
1 Initial / Ad Hoc
2 Repeatable but Intuitive
3 Defined
4 Managed and Measurable
5 Optimized
20. COBIT: Evaluation
COBIT/ISACA has an online COBIT evaluation system
to determine at what level (maturity) an organization
is regarding its implementation of COBIT
21. ITIL – Information Technology
Infrastructure Library
ITIL is centered on Service Management (ITSM) – this
is the back office or operational concerns of IT to
insure that the focus is on the relationship with the
customer
A service is a means of delivery of value to customers
by facilitating outcomes the customers want to achieve
without their ownership of specific costs or risks
Service Management is a set of specialized
organizational capabilities for providing value to
customers in the form of a service
22. ITIL Life Cycle
Service Strategy defines, maintains and implements
objectives & goals
Service Design focuses on setting pragmatic service
blueprints which convert strategy into reality
Service Transition aims to bridge the gap between
projects and operations
Service Operations ensures that there are strong
end-to-end practices that insure stable services
Continuous Service Improvement enables
improvement by supporting change
23. ITIL
CONTINUOUS SERVICE IMPROVEMENT
Service
Transition
SERVICE
STRATEGY
Service Service
Design Operation
CONTINUOUS SERVICE IMPROVEMENT
24. COBIT & ITIL & PMBOK
COBIT is concerned with WHAT processes are
covered in its framework
ITIL provides the detailed best practices on HOW
processes should be designed
PMBOK provides the framework HOW to implement
projects which result in change
25. ITIL – One of 5 Key Stages of
Service – An Example
Service Transition Is Composed of:
Change Management
Service Asset and Configuration Management
Knowledge Management
Release and Deployment Management
Specific (detailed) best practices are provided
26. PMBOK – Project Management
Project Management is concerned with creating “new”
in a predictable manner
Projects are unique
Repeatable is not project management – it is
maintenance
27. PM Steps
Initiating
Get a sponsor
Create a project charter
Identify stakeholders
Planning
Finalize requirements
Create Project Scope statement
Determine Team
Create project plan
Gain formal approval of plan
28. PM Steps
Executing
Execute according to plan
Request Changes
Perform quality assurance
Use issues logs
Monitoring & Controlling
Measure performance
Perform Risk Audits
Report on Project Performance
29. PM Steps
Closing
Confirm work is done to requirements
Update lessons learned
Hand off completed project
Release resources
32. COBIT, ITIL & PMBOK
Most processes/projects to not reach their potential
(fail)
Most process implementations do not result in
pushing an individual forward
Working with an international framework allows one
to skip explaining why and what the rules are and only
deal with how well one is executing the process
