SlideShare a Scribd company logo

SUIT Showdown 2010

P
pranalilad

Business case solution presentation for the SUIT showdown national competition.

1 of 34
Mobile Music Proposing a comprehensive framework to ensure that MM’s IT aligns and extends corporate strategy, creates value and mitigates risks Trinity Ankita Vij Team 7 Himanshu Sharma April 9th, 2010 Pranali Lad
________________________________________________________________________________ 2
________________________________________________________________________________ Ageing Infrastructure Compliance Ageing Unaligned IT with Infrastructure Business IT Governance Security ssues Security Issues Security Overstressed Network Compliance ________________________________________________________________________________ 3 Source: Team Analysis
________________________________________________________________________________ 0 1 2 3 4 5 Vision Mission C I Goals MM Current state MM Leadership Industry average (BOD + Executive) IT Plan Implement Mismanaged Risks and Returns Incident-based Business Metrics System Analysis Prioritization Performance Critical success IT Portfolio Indicators factors Management ________________________________________________________________________________ Source: Team analysis 4
________________________________________________________________________________ 0 1 2 3 4 5 Vision Mission C I F Goals MM Current state Industry average BOD + IT Strategy Committee MM Future state Executive Management + IT Steering Committee Monitor and Evaluate (ME) IT Governance Plan and organize (PO) Acquire and Implement (AI) Deliver and Support (DS) Managed Risks and Returns Metrics Control Objectives Service Management Performance Indicators RACI Matrix Business Continuity Balanced Scorecard Maturity Model Best Current Practice ________________________________________________________________________________ Source: Team Analysis 5
________________________________________________________________________________ MM Goals Requirements Information IT Goals IT Processes Control Control Key Activities Outcome Tests Objectives Derived from Performed by Responsibility and Performance Outcome Maturity Control Based on Control Accountability Chart Indicators Measures Models Design Test Practices ________________________________________________________________________________ Source: ISACA presentation 6
________________________________________________________________________________ What do Business Requirements stakeholders expect from IT? What resources are made How IT is organized available to and built up by to respond to the IT Processes IT? requirements? ________________________________________________________________________________ Source: Adopted from COBIT v4.1 7
DEMO ________________________________________________________________________________ 8
________________________________________________________________________________ Financial Perspective Manage IT- Related Risks Internal Business Customer Perspective Perspective Goals Learning & Growth Perspective ________________________________________________________________________________ Source: Adapted from COBIT v4.1 9
________________________________________________________________________________ Business • Manage IT-related risk Goal • Ensure that critical and confidential information is IT Goal withheld from those who should not have access to it • Ensure systems security Process ________________________________________________________________________________ Source: Team Analysis, Adapted from COBIT v4.1 10
________________________________________________________________________________ P = Primary enabler S = Secondary enabler ________________________________________________________________________________ Source: Adopted from COBIT v4.1 11
________________________________________________________________________________ Control Objectives for DS5 DS5.1 Management of IT Security DS5.2 IT Security Plan ITIL Mapping DS5.3 Identity Management SD 4.6 Information DS5.4 User Account Management security management DS5.5 Security Testing, Surveillance and Monitoring SO 5.13 Information DS5.6 Security Incident Definition security management and service operation DS5.7 Protection of Security Technology DS5.8 Cryptographic Key Management DS5.9 Malicious Software Prevention, Detection and Correction DS5.10 Network Security DS5.11 Exchange of Sensitive Data ________________________________________________________________________________ Source: Team Analysis, Adapted from ‘Aligning COBIT and ITIL’ by IT governance institute and Office of Governance Commerce 12
* ________________________________________________________________________________ Head Development Head IT Administration Functions Head Operations Business Executive Chief Architect Compliance, Audit, Business Process Risk and Security PMO Activities CEO Owner CFO CIO Define and maintain an IT security plan I C C A C C C C I I R Define, establish and operate an identity (account) management I A C R R I C process Monitor potential and actual security incidents A I R C C R Periodically review and validate user access rights and privileges I A C R Establish and maintain procedures for maintaining and safeguarding cryptographic keys A R C Implement and maintain technical and procedural controls to protect information flows across networks A C C R R C Conduct regular vulnerability assessments I A I C C C R *A RACI chart identifies who is Responsible, Accountable, Consulted and/or Informed ________________________________________________________________________________ Source: Adapted from COBIT v4.1 13
________________________________________________________________________________ ________________________________________________________________________________ Source: Adopted from COBIT v4.1 14
________________________________________________________________________________ Optimized Benefits Managed and Measurable Value Defined Process Costs Repeatable but Intuitive Audit Initial/Ad-hoc Driven Controls Timeline T1 T2 T3 Starting Point Current Point Future Point ________________________________________________________________________________ Source: Adapted from Ernst & Young – COBIT presentation 15
End of DEMO ________________________________________________________________________________ 16
________________________________________________________________________________ Identify Needs Phase Raise awareness and obtain Define resources Define scope Define risks Plan program 1 management commitment and deliverables Envision Solution Phase 2 Assess actual Define target for Analyze gaps and performance improvement Identify Improvements Phase Plan Solution 3 Define projects Develop improvement plan Phase Implement Solution Monitor 4 Implement the implementation Review program improvements effectiveness performance Phase Operationalize Solution 5 Build Indentify new governance sustainability requirements ________________________________________________________________________________ Source: Team Analysis, Samsung COBIT Implementation roadmap 17
________________________________________________________________________________ Plan and Organize Acquire and Implement • PO1 Define a strategic IT plan • AI1 Identify automated solutions • PO2 Define the information architecture • AI2 Acquire and maintain application software • PO3 Determine technological direction • AI3 Acquire and maintain technology infrastructure • PO4 Define IT processes, organization and relationships • AI4 Enable operation and use • PO5 Manage IT investment • A15 Procure IT resources • PO6 Communicate management aims and direction • AI6 Manage changes • PO7 Manage IT humans resources • AI7 Install and accredit solutions and changes • PO8 Manage quality • PO9 Assess and manage IT risks • PO10 Manage projects Deliver and Support Monitor and Evaluate • DS1 Define and manage service levels • ME1 Monitor and evaluate IT performance • DS2 Manage third-party services • ME2 Monitor and evaluate internal control • DS3 Manage performance and capacity • ME3 Ensure compliance with external requirements • DS4 Ensure continuous service • ME4 Provide IT governance • DS5 Ensure systems security • DS6 Identify and allocate costs • DS7 Educate and train users • DS8 Manage service desk and incidents • DS9 Manage the configuration • DS10 Manage problems • DS11 Manage data • DS12 Manage the physical environment • DS13 Manage operations ________________________________________________________________________________ Source: Team Analysis, Adapted from COBIT v4.1 18
________________________________________________________________________________ Make leadership understand role of IT as a crucial ‘Business Driver’ Need to have leadership commitment Propose the suggested solution/ framework in the upcoming meeting •Assess the current CMM* state of IT •Make necessary organization structural changes •Start with the implementation of the IT governance framework towards future state Fix fundamental IT issues before venturing into new businesses ________________________________________________________________________________ *CMM – Capability Maturity Model Source: Team Analysis 19
Thank You Questions? ________________________________________________________________________________ 20
________________________________________________________________________________ Capability Maturity Model Linkages of goals & processes Capability Maturity Attribute Table Business Goals to IT Goals IT Goals to IT processes Organization Change IT strategy and IT Steering Committee ITIL Functions and Processes Balanced Scorecard Overview Balanced Scorecard Template Accountability Structure Business Continuity Plan Roles and Responsibilities for Business Continuity Planning Executive Management Risks faced Questionnaires Risk Mapping Executive Management Board of Directors ________________________________________________________________________________ 21
________________________________________________________________________________ Awareness and Policies, Plans and Tools and Automation Skills and Expertise Responsibility and Goal Setting and Communication Procedures Accountability Measurement 1 Recognition for the There are ad hoc Some tools may exist; Skills required for the There is no definition of Goals are not clear and need for the process is approaches to usage is based on process are not accountability and no measurement takes emerging. processes and standard desktop tools. identified. responsibility. place. practices. 2 There is awareness of Similar and common Common approaches to Minimum skill An individual assumes Some goal setting the need to act. processes emerge, but use of tools exist but requirements are his/her responsibility occurs; some financial are largely intuitive are based on solutions identified for critical and is usually held measures are because of individual developed by key areas. accountable, even if established but are expertise. individuals. this is not formally known only by senior agreed. management. 3 There is Usage of good practices A plan has been defined Skill requirements are Process responsibility Some effectiveness understanding of the emerges. for use and defined and and accountability are goals and measures are need to act. standardization of tools documented for all defined and process set, but are not to automate the areas. owners have been communicated, and process. identified. there is a clear link to business goals. 4 There is The process is sound Tools are implemented Skill requirements are Process responsibility Efficiency and understanding of the and complete; internal according to routinely updated for all and accountability are effectiveness are full requirements. best practices are standardized plan, and areas, proficiency is accepted and working measured and applied. some have been ensured for all critical in a way that enables a communicated and integrated with other areas, and certification process owner to fully linked to business goals related tools. is encouraged. discharge his/her and the IT strategic responsibilities. plan. 5 There is advanced, External best practices Standardized tool sets The organization Process owners are There is an integrated forward-looking and standards are are used across the formally encourages empowered to make performance understanding of applied. enterprise. continuous measurement system requirements. improvement of skills, linking IT performance based on clearly to business goals by defined personal and global application of organizational goals. the IT balanced ________________________________________________________________________________ scorecard. Source: Adapted from COBIT 4.1 Home 22
________________________________________________________________________________ IT Strategy Committee IT Steering Committee Level • Board Level • Executive Level • Provides insight and advice to the board on topics such as: Decides the overall level of IT spending and how costs will be — The relevance of developments in IT from a business allocated perspective • Aligns and approves the enterprise IT architecture — The alignment of IT with the business direction • Approves project plans and budgets, setting priorities and — The achievement of strategic IT objectives milestones — The availability of suitable IT resources, skills and • Acquires and assigns appropriate resources infrastructure to meet the strategic objectives • Ensures projects continuously meet business requirements, — Optimization of IT costs, including the role and value delivery including reevaluation of the business case Responsibility of external IT sourcing • Monitors project plans for delivery of expected value and — Risk, return and competitive aspects of IT investments desired outcomes, on time and within budget — Progress on major IT projects • Monitors resource and priority conflict between enterprise — The contribution of IT to the business (i.e., delivering the divisions and the IT function, and between projects promised business value) • Makes recommendations and requests for changes to — Exposure to IT risks, including compliance risks strategic plans (priorities, funding, technology approaches, — Containment of IT risks resources, etc.) • Provides direction to management relative to IT strategy • Communicates strategic goals to project teams • Is driver and catalyst for the board’s IT governance practices • Is a major contributor to management’s IT governance Responsibilities • Advises the board and management on IT strategy • Assists the executive in the delivery of the IT strategy Authority • Is delegated by the board to provide input to the strategy and • Oversees day-to-day management of IT service delivery and prepare its approval IT projects • Focuses on current and future strategic IT issues • Focuses on implementation • Sponsoring executive Membership • Board members and (specialist) non board members • Business executive (key users) • CIO • Key advisors as required (IT, audit, legal, finance) ________________________________________________________________________________ Source: Adopted from Board Briefing of IT Governance 2nd Edition Home 23
________________________________________________________________________________ ________________________________________________________________________________ Source: Adapted from ISACA – Using COBIT and Balanced scorecard Home 24
________________________________________________________________________________ ________________________________________________________________________________ Source: Adopted from Shorpshire County Council white paper on BCP Home 25
________________________________________________________________________________ Governance Issues Technology issues for Management Enterprise Architecture Resource Management Selective Outsourcing Application Controls Strategic Alignment Application Security System Integration IT Service Delivery Cost Optimization Risk Management Themes mapped to Risk Prioritizing and Value Delivery Measurement Performance Factors Planning Security Low levels of user satisfaction - X - - X - - - - - - - - - Regular audit findings about poor performance - X - - X X X X X X X X X X Evaluating IT investments, investment decision making - X - - - - - - - - - X - - Improving quality of service - X - - - - X - - - - - - - Inadequate IT capability to support IT operations - - X - - - X - - - - X - - Inadequate IT capability to support new developments - - X - - - - - - - X - - - Inadequate IT capability to take advantage of new technologies - - X - - - - X - X - - - - High reliance on IT specialists X - X - - - - X - X - - - - Infrequent negotiation of supplier contracts - X X - - - - X - - - - - - Vendor support problems - - X - - - - X - - - - - - High costs of ownership - - X - - - X - - - - - - - High cost of network support and maintenance - - X - - - X - - - - - - - High network supply costs - - X - - - X X - - - - - - Configuration control problems - - X - - - - - - - - - - - Software license and version control - - X - - - - - - - - - - - ________________________________________________________________________________ Home 26 Source: Adopted from ISACA – Samsung’s presentation
________________________________________________________________________________ ________________________________________________________________________________ Source: Adopted COBIT 4.1 Home 27
________________________________________________________________________________ ________________________________________________________________________________ Source: Adopted from COBIT 4.1 Home 28
________________________________________________________________________________ Service Strategy Service Design Service Operation Service Transition Continual service improvement Financial Service Catalog Event Management Transition planning Management Management and support The 7-step Incident improvement Service Portfolio Service Level Management Change process Management Management Management Request Fulfillment Service Reporting Demand Capacity Service asset and Management Management Problem configuration Service Management Management Measurement Availability Management Access Release and Return on Management Deployment Investment on CSI IT service continuity Management Management Operational Business Questions Activities in other Service Validation for CSI Information Security lifecycle phases Testing Management Service desk Evaluation Supplier Management Technical Knowledge Requirements Management Management Engineering Data & Information IT operations Management management Application Management ________________________________________________________________________________ Source: Adopted from ITIL v3 Home 29
________________________________________________________________________________ ________________________________________________________________________________ Source: Adopted from ITIL v3 Home 30
________________________________________________________________________________ Strategic Alignment Value Delivery IT Resource Management Risk Management Performance Management CEO • Align and integrate IT • Direct the optimization of IT • Ensure the organization is in the • Adopt a risk, control • Obtain assurance of the strategy with business goals costs best position to capitalize on its and governance performance, control and risks • Align IT operations with • Establish co- responsibility information and knowledge framework of IT and independent comfort business operations between • Establish business priorities and • Embed about major IT decisions • Cascade strategy and goals the business and IT for IT allocate resources to enable responsibilities for risk • Work with the CIO on down into the organization investments effective IT performance management in the developing an IT balanced • Mediate between • Ensure the IT budget and • Set up organizational structures organization scorecard ensuring it is properly imperatives of the business investment plan is realistic and and responsibilities that facilitate • Monitor IT risk and linked to business goals and of the technology integrate into the overall IT strategy implementation accept residual IT risks financial • Define and support the CIO’s plan role, ensuring the CIO is a key • Ensure that financial business player and part of reporting has accurate executive decision-making accounting of IT Business • Understand the enterprise’s • Approve and control service • Allocate business resources • Provide business • Sign off on the IT balanced Executive IT organization, levels required to ensure effective IT impact assessments scorecard infrastructure and • Act as customer for available governance over projects and to the enterprise risk • Monitor service levels capabilities IT services operations management • Provide priorities for • Drive the definition of • Identify and acquire new IT process addressing IT performance business requirements and services problems and corrective own them • Assess and publish actions • Act as sponsor for major IT operational benefits of owned projects IT investments CIO • Drive IT strategy • Clarify and demonstrate the • Provide IT infrastructures that • Assess risks, mitigate • Ensure the day-to-day development and value facilitate creation and sharing of efficiently and make management and verification execute against it, ensuring of IT business information at optimal risks transparent to the of IT processes and controls measurable value is delivered • Proactively seek ways to cost stakeholders • Implement an IT balanced on time and budget, currently increase IT value contribution • Ensure the availability of suitable • Implement an IT scorecard and in the future • Link IT budgets to strategic IT resources, skills and control framework with few but precise • Implement IT standards aims and objectives infrastructure to meet the • Ensure that roles performance measures directly and policies • Manage business and strategic objectives critical for managing IT and demonstrably • Educate executives on executive expectations relative • Ensure that roles critical for risks are appropriately linked to the strategy dependence on IT, IT-related to IT driving maximum value from IT are defined and staffed costs, technology issues and • Establish strong IT project appropriately defined and staffed insights, and IT capabilities management disciplines • Standardize architectures and technology ________________________________________________________________________________ Source: Adopted from Board Briefing of IT Governance 2nd Edition Home 31
________________________________________________________________________________ Questions V A M R P How critical is IT to sustaining the enterprise? How critical is IT to rowing the enterprise? What strategic initiatives has executive management taken to manage IT’s criticality relative to maintenance and growth of the enterprise, and are they appropriate? What is the organization doing about leveraging its knowledge to increase stakeholder value? What IT assets are there and how are they managed? Are suitable IT resources, infrastructures and skills available to meet the required enterprise strategic objectives? Is the enterprise clear on its position relative to technology: pioneer, early adopter, follower or laggard? Is IT participating in overall corporate change-setting and strategic direction? Do IT practices and IT culture support and encourage change within the enterprise? Does the enterprise research technology, process and business prospects to set direction for future growth? Are enterprise and IT objectives linked and synchronized? Is the enterprise clear on its position relative to risks: risk-avoiding or risk-taking? Is there an up-to-date inventory of risks relevant to the enterprise? What has been done to address these risks? How far should the enterprise go in risk mitigation and is the cost justified by the benefit? What is management doing to address risks? Is the board regularly briefed on risks to which the enterprise is exposed? Based on these questions, can the enterprise be said to be taking “reasonable” precautions relative to technology risks? What are other similar organizations doing, and how is the enterprise placed in relation to them, relative to value, risk and resource management? What is industry best practice and how does the enterprise compare, relative to value, risk and resource management? ________________________________________________________________________________ V = IT Value Delivery; A = IT Strategic Alignment; M = IT Resource Management; R = Risk Management; P = Performance Source: Adapted from Board Briefing of IT Governance 2nd Edition Home 32
________________________________________________________________________________ Questions V A M R P How certain is the board about the answers provided to the Questions answered by executive management? Is the board aware of the latest developments in IT from a business perspective? Is IT a regular item on the agenda of the board and is it addressed in a structured manner? Does the board articulate and communicate the business direction to which IT should be aligned? Is the board aware of potential conflicts between the enterprise divisions and the IT function? Does the board have a view on how and how much the enterprise invests in IT compared to other like organizations? Is the reporting level of the most senior IT manager commensurate with the importance of IT? Does the board have a clear view on the major IT investments from a risk and return perspective? Does the board obtain regular progress reports on major IT projects? Does the board obtain IT performance reports illustrating the value of IT from a business driver perspective (customer service, cost, agility, quality, etc.)? Is the board regularly briefed on IT risks to which the enterprise is exposed, including compliance risks? Is the board assured of the fact that suitable IT resources, infrastructures and skills are available (including external resourcing) to meet the required enterprise strategic objectives? Is the board getting independent assurance on the achievement of IT objectives and the containment of IT risks? V = IT Value Delivery; A = IT Strategic Alignment; M = IT Resource Management; R = Risk Management; P = Performance ________________________________________________________________________________ Source: Adapted from Board Briefing of IT Governance 2nd Edition Home 33
End of our Deck -- Thank you ________________________________________________________________________________ 34

Recommended

David johnnie
David johnnieDavid johnnie
David johnniemartha cortez
 
Integrated Service management forges link between IT and business value white...
Integrated Service management forges link between IT and business value white...Integrated Service management forges link between IT and business value white...
Integrated Service management forges link between IT and business value white...IBM India Smarter Computing
 
ICT Strategic Planning
ICT Strategic PlanningICT Strategic Planning
ICT Strategic PlanningTrainingandCoaching Trainer
 
Top 10 Imperatives for Leading a Successful IT Improvement Program
Top 10 Imperatives for Leading a Successful IT Improvement ProgramTop 10 Imperatives for Leading a Successful IT Improvement Program
Top 10 Imperatives for Leading a Successful IT Improvement ProgramCognizant
 
Microsoft India – Demonstrating Business Value Analyst Report
Microsoft India – Demonstrating Business Value Analyst ReportMicrosoft India – Demonstrating Business Value Analyst Report
Microsoft India – Demonstrating Business Value Analyst ReportMicrosoft Private Cloud
 
IT Governance Overview
IT Governance OverviewIT Governance Overview
IT Governance OverviewJim Sutter
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityJuniper Networks
 
DB2 for z/OS Update Data Warehousing On System Z
DB2 for z/OS Update Data Warehousing On System ZDB2 for z/OS Update Data Warehousing On System Z
DB2 for z/OS Update Data Warehousing On System ZSurekha Parekh
 

Recommended

David johnnie
David johnnieDavid johnnie
David johnniemartha cortez
 
Integrated Service management forges link between IT and business value white...
Integrated Service management forges link between IT and business value white...Integrated Service management forges link between IT and business value white...
Integrated Service management forges link between IT and business value white...IBM India Smarter Computing
 
ICT Strategic Planning
ICT Strategic PlanningICT Strategic Planning
ICT Strategic PlanningTrainingandCoaching Trainer
 
Top 10 Imperatives for Leading a Successful IT Improvement Program
Top 10 Imperatives for Leading a Successful IT Improvement ProgramTop 10 Imperatives for Leading a Successful IT Improvement Program
Top 10 Imperatives for Leading a Successful IT Improvement ProgramCognizant
 
Microsoft India – Demonstrating Business Value Analyst Report
Microsoft India – Demonstrating Business Value Analyst ReportMicrosoft India – Demonstrating Business Value Analyst Report
Microsoft India – Demonstrating Business Value Analyst ReportMicrosoft Private Cloud
 
IT Governance Overview
IT Governance OverviewIT Governance Overview
IT Governance OverviewJim Sutter
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityJuniper Networks
 
DB2 for z/OS Update Data Warehousing On System Z
DB2 for z/OS Update Data Warehousing On System ZDB2 for z/OS Update Data Warehousing On System Z
DB2 for z/OS Update Data Warehousing On System ZSurekha Parekh
 
IT Strategic Planning - Methodology and Approach
IT Strategic Planning - Methodology and ApproachIT Strategic Planning - Methodology and Approach
IT Strategic Planning - Methodology and ApproachDave Shiple
 
MIS5101 Key Slides from Weeks 1-3
MIS5101 Key Slides from Weeks 1-3MIS5101 Key Slides from Weeks 1-3
MIS5101 Key Slides from Weeks 1-3Steven Johnson
 
Cloud Computing in the consumergoods industry
Cloud Computing in the consumergoods industryCloud Computing in the consumergoods industry
Cloud Computing in the consumergoods industryIBM India Smarter Computing
 
Cognosante: MITA 3.0 SS-A Methodology Demonstration
Cognosante: MITA 3.0 SS-A Methodology DemonstrationCognosante: MITA 3.0 SS-A Methodology Demonstration
Cognosante: MITA 3.0 SS-A Methodology DemonstrationCognosante
 
Information på agendaen
Information på agendaenInformation på agendaen
Information på agendaenIBM Danmark
 
Solvency - II Programme Setup
Solvency - II Programme SetupSolvency - II Programme Setup
Solvency - II Programme Setupgainline
 
Ibm
IbmIbm
IbmYang Steve
 
SIP FINAL REPORT
SIP FINAL REPORTSIP FINAL REPORT
SIP FINAL REPORTRini Mahade
 
09 12 02 Marki Finansowe W Social Media
09 12 02 Marki Finansowe W Social Media09 12 02 Marki Finansowe W Social Media
09 12 02 Marki Finansowe W Social Mediailonagrzywinska
 
Bedrijfspresentatie Aan Tussenpersonen Inmaxxa 23 9 2009
Bedrijfspresentatie Aan Tussenpersonen Inmaxxa 23 9 2009Bedrijfspresentatie Aan Tussenpersonen Inmaxxa 23 9 2009
Bedrijfspresentatie Aan Tussenpersonen Inmaxxa 23 9 2009geels001
 
Efficiently Getting Cash Out Of Your Business
Efficiently Getting Cash Out Of Your BusinessEfficiently Getting Cash Out Of Your Business
Efficiently Getting Cash Out Of Your Businessskfa1982
 
Diede
DiedeDiede
Diedeguest082d88
 
Samuel Chua
Samuel ChuaSamuel Chua
Samuel Chuaxwgrace
 
Accounting
AccountingAccounting
Accountingfinbar F.Martin
 
Tenhappyreasons
TenhappyreasonsTenhappyreasons
TenhappyreasonsTian1219
 
人類的大腦隨時都在欺騙我們
人類的大腦隨時都在欺騙我們人類的大腦隨時都在欺騙我們
人類的大腦隨時都在欺騙我們Tian1219
 
比利時布魯日
比利時布魯日比利時布魯日
比利時布魯日Tian1219
 
546335bc0cf2837efdb02f2f
546335bc0cf2837efdb02f2f546335bc0cf2837efdb02f2f
546335bc0cf2837efdb02f2ffinbar F.Martin
 
PresentacióN Web 2.0
PresentacióN Web 2.0PresentacióN Web 2.0
PresentacióN Web 2.0Gloria Orrego
 
Healthcare Act Presentation
Healthcare Act PresentationHealthcare Act Presentation
Healthcare Act Presentationskfa1982
 
Deriving theoretical framework
Deriving theoretical frameworkDeriving theoretical framework
Deriving theoretical frameworkfinbar F.Martin
 
Renaissance Food & Drink
Renaissance Food & DrinkRenaissance Food & Drink
Renaissance Food & Drinkmarcholguin
 

More Related Content

What's hot

IT Strategic Planning - Methodology and Approach
IT Strategic Planning - Methodology and ApproachIT Strategic Planning - Methodology and Approach
IT Strategic Planning - Methodology and ApproachDave Shiple
 
MIS5101 Key Slides from Weeks 1-3
MIS5101 Key Slides from Weeks 1-3MIS5101 Key Slides from Weeks 1-3
MIS5101 Key Slides from Weeks 1-3Steven Johnson
 
Cognosante: MITA 3.0 SS-A Methodology Demonstration
Cognosante: MITA 3.0 SS-A Methodology DemonstrationCognosante: MITA 3.0 SS-A Methodology Demonstration
Cognosante: MITA 3.0 SS-A Methodology DemonstrationCognosante
 
Information på agendaen
Information på agendaenInformation på agendaen
Information på agendaenIBM Danmark
 
Solvency - II Programme Setup
Solvency - II Programme SetupSolvency - II Programme Setup
Solvency - II Programme Setupgainline
 
SIP FINAL REPORT
SIP FINAL REPORTSIP FINAL REPORT
SIP FINAL REPORTRini Mahade
 

What's hot (8)

IT Strategic Planning - Methodology and Approach
IT Strategic Planning - Methodology and ApproachIT Strategic Planning - Methodology and Approach
IT Strategic Planning - Methodology and Approach
 
MIS5101 Key Slides from Weeks 1-3
MIS5101 Key Slides from Weeks 1-3MIS5101 Key Slides from Weeks 1-3
MIS5101 Key Slides from Weeks 1-3
 
Cloud Computing in the consumergoods industry
Cloud Computing in the consumergoods industryCloud Computing in the consumergoods industry
Cloud Computing in the consumergoods industry
 
Cognosante: MITA 3.0 SS-A Methodology Demonstration
Cognosante: MITA 3.0 SS-A Methodology DemonstrationCognosante: MITA 3.0 SS-A Methodology Demonstration
Cognosante: MITA 3.0 SS-A Methodology Demonstration
 
Information på agendaen
Information på agendaenInformation på agendaen
Information på agendaen
 
Solvency - II Programme Setup
Solvency - II Programme SetupSolvency - II Programme Setup
Solvency - II Programme Setup
 
Ibm
IbmIbm
Ibm
 
SIP FINAL REPORT
SIP FINAL REPORTSIP FINAL REPORT
SIP FINAL REPORT
 

Viewers also liked

09 12 02 Marki Finansowe W Social Media
09 12 02 Marki Finansowe W Social Media09 12 02 Marki Finansowe W Social Media
09 12 02 Marki Finansowe W Social Mediailonagrzywinska
 
Bedrijfspresentatie Aan Tussenpersonen Inmaxxa 23 9 2009
Bedrijfspresentatie Aan Tussenpersonen Inmaxxa 23 9 2009Bedrijfspresentatie Aan Tussenpersonen Inmaxxa 23 9 2009
Bedrijfspresentatie Aan Tussenpersonen Inmaxxa 23 9 2009geels001
 
Efficiently Getting Cash Out Of Your Business
Efficiently Getting Cash Out Of Your BusinessEfficiently Getting Cash Out Of Your Business
Efficiently Getting Cash Out Of Your Businessskfa1982
 
Samuel Chua
Samuel ChuaSamuel Chua
Samuel Chuaxwgrace
 
Tenhappyreasons
TenhappyreasonsTenhappyreasons
TenhappyreasonsTian1219
 
人類的大腦隨時都在欺騙我們
人類的大腦隨時都在欺騙我們人類的大腦隨時都在欺騙我們
人類的大腦隨時都在欺騙我們Tian1219
 
比利時布魯日
比利時布魯日比利時布魯日
比利時布魯日Tian1219
 
546335bc0cf2837efdb02f2f
546335bc0cf2837efdb02f2f546335bc0cf2837efdb02f2f
546335bc0cf2837efdb02f2ffinbar F.Martin
 
PresentacióN Web 2.0
PresentacióN Web 2.0PresentacióN Web 2.0
PresentacióN Web 2.0Gloria Orrego
 
Healthcare Act Presentation
Healthcare Act PresentationHealthcare Act Presentation
Healthcare Act Presentationskfa1982
 
Deriving theoretical framework
Deriving theoretical frameworkDeriving theoretical framework
Deriving theoretical frameworkfinbar F.Martin
 
Renaissance Food & Drink
Renaissance Food & DrinkRenaissance Food & Drink
Renaissance Food & Drinkmarcholguin
 
希臘 愛琴海
希臘 愛琴海希臘 愛琴海
希臘 愛琴海Tian1219
 
Gcse business studies revision notes
Gcse business studies revision notes Gcse business studies revision notes
Gcse business studies revision notes finbar F.Martin
 
IC-Disc: An Export Tax Incentive
IC-Disc: An Export Tax IncentiveIC-Disc: An Export Tax Incentive
IC-Disc: An Export Tax Incentiveskfa1982
 

Viewers also liked (19)

09 12 02 Marki Finansowe W Social Media
09 12 02 Marki Finansowe W Social Media09 12 02 Marki Finansowe W Social Media
09 12 02 Marki Finansowe W Social Media
 
Bedrijfspresentatie Aan Tussenpersonen Inmaxxa 23 9 2009
Bedrijfspresentatie Aan Tussenpersonen Inmaxxa 23 9 2009Bedrijfspresentatie Aan Tussenpersonen Inmaxxa 23 9 2009
Bedrijfspresentatie Aan Tussenpersonen Inmaxxa 23 9 2009
 
Efficiently Getting Cash Out Of Your Business
Efficiently Getting Cash Out Of Your BusinessEfficiently Getting Cash Out Of Your Business
Efficiently Getting Cash Out Of Your Business
 
Diede
DiedeDiede
Diede
 
Samuel Chua
Samuel ChuaSamuel Chua
Samuel Chua
 
Accounting
AccountingAccounting
Accounting
 
Tenhappyreasons
TenhappyreasonsTenhappyreasons
Tenhappyreasons
 
人類的大腦隨時都在欺騙我們
人類的大腦隨時都在欺騙我們人類的大腦隨時都在欺騙我們
人類的大腦隨時都在欺騙我們
 
比利時布魯日
比利時布魯日比利時布魯日
比利時布魯日
 
546335bc0cf2837efdb02f2f
546335bc0cf2837efdb02f2f546335bc0cf2837efdb02f2f
546335bc0cf2837efdb02f2f
 
PresentacióN Web 2.0
PresentacióN Web 2.0PresentacióN Web 2.0
PresentacióN Web 2.0
 
Healthcare Act Presentation
Healthcare Act PresentationHealthcare Act Presentation
Healthcare Act Presentation
 
Deriving theoretical framework
Deriving theoretical frameworkDeriving theoretical framework
Deriving theoretical framework
 
Renaissance Food & Drink
Renaissance Food & DrinkRenaissance Food & Drink
Renaissance Food & Drink
 
7 yin hsi lo-1
7 yin hsi lo-17 yin hsi lo-1
7 yin hsi lo-1
 
Life
LifeLife
Life
 
希臘 愛琴海
希臘 愛琴海希臘 愛琴海
希臘 愛琴海
 
Gcse business studies revision notes
Gcse business studies revision notes Gcse business studies revision notes
Gcse business studies revision notes
 
IC-Disc: An Export Tax Incentive
IC-Disc: An Export Tax IncentiveIC-Disc: An Export Tax Incentive
IC-Disc: An Export Tax Incentive
 

Similar to SUIT Showdown 2010

How to implement measurements to drive value
How to implement measurements to drive valueHow to implement measurements to drive value
How to implement measurements to drive valueOMNINET USA
 
Strategic governance performance_management_systems
Strategic governance performance_management_systemsStrategic governance performance_management_systems
Strategic governance performance_management_systemsRamsés Gallego
 
Gregs BI Presentation
Gregs BI PresentationGregs BI Presentation
Gregs BI Presentationflyjock1
 
Business Analysis using Machine Learning
Business Analysis using Machine LearningBusiness Analysis using Machine Learning
Business Analysis using Machine LearningIRJET Journal
 
BI Readiness by FMT
BI Readiness by FMTBI Readiness by FMT
BI Readiness by FMTMark West
 
Fool With A Tool V2
Fool With A Tool V2Fool With A Tool V2
Fool With A Tool V2Linz1769
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...GrapesTech Solutions
 
Microsoft Business Intelligence Performance Management Dan Bulos_2011
Microsoft Business Intelligence Performance Management Dan Bulos_2011Microsoft Business Intelligence Performance Management Dan Bulos_2011
Microsoft Business Intelligence Performance Management Dan Bulos_2011Mark Ginnebaugh
 
Utf8''it organizational planning report
Utf8''it organizational planning reportUtf8''it organizational planning report
Utf8''it organizational planning reportAbuallia
 
10%2 D04%20 Art%20 Bp%20 Maturity%20 Model%20%2 D%20 Fisher%2 Epdf
10%2 D04%20 Art%20 Bp%20 Maturity%20 Model%20%2 D%20 Fisher%2 Epdf10%2 D04%20 Art%20 Bp%20 Maturity%20 Model%20%2 D%20 Fisher%2 Epdf
10%2 D04%20 Art%20 Bp%20 Maturity%20 Model%20%2 D%20 Fisher%2 Epdfshinikju
 
Benefits Identification, Assessment, Validation and Realisation for Informati...
Benefits Identification, Assessment, Validation and Realisation for Informati...Benefits Identification, Assessment, Validation and Realisation for Informati...
Benefits Identification, Assessment, Validation and Realisation for Informati...Alan McSweeney
 
Harnessing the Power of an Enterprise IT Dashboard - uptime software
Harnessing the Power of an Enterprise IT Dashboard - uptime softwareHarnessing the Power of an Enterprise IT Dashboard - uptime software
Harnessing the Power of an Enterprise IT Dashboard - uptime softwareuptime software
 
BA458 -- Research Paper
BA458 -- Research PaperBA458 -- Research Paper
BA458 -- Research PaperJovany Chaidez
 
The IT Management Function
The IT Management FunctionThe IT Management Function
The IT Management FunctionMario Navarro
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist, LLC
 

Similar to SUIT Showdown 2010 (20)

How to implement measurements to drive value
How to implement measurements to drive valueHow to implement measurements to drive value
How to implement measurements to drive value
 
Strategic governance performance_management_systems
Strategic governance performance_management_systemsStrategic governance performance_management_systems
Strategic governance performance_management_systems
 
Ups and downs in it alignment with business
Ups and downs in it alignment with businessUps and downs in it alignment with business
Ups and downs in it alignment with business
 
Gregs BI Presentation
Gregs BI PresentationGregs BI Presentation
Gregs BI Presentation
 
Business Analysis using Machine Learning
Business Analysis using Machine LearningBusiness Analysis using Machine Learning
Business Analysis using Machine Learning
 
BI Readiness by FMT
BI Readiness by FMTBI Readiness by FMT
BI Readiness by FMT
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
 
Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007Accountability Corbit Overview 06262007
Accountability Corbit Overview 06262007
 
Fool With A Tool V2
Fool With A Tool V2Fool With A Tool V2
Fool With A Tool V2
 
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...IT Governance and Compliance: Its Importance and the Best Practices to Follow...
IT Governance and Compliance: Its Importance and the Best Practices to Follow...
 
Microsoft Business Intelligence Performance Management Dan Bulos_2011
Microsoft Business Intelligence Performance Management Dan Bulos_2011Microsoft Business Intelligence Performance Management Dan Bulos_2011
Microsoft Business Intelligence Performance Management Dan Bulos_2011
 
Utf8''it organizational planning report
Utf8''it organizational planning reportUtf8''it organizational planning report
Utf8''it organizational planning report
 
10%2 D04%20 Art%20 Bp%20 Maturity%20 Model%20%2 D%20 Fisher%2 Epdf
10%2 D04%20 Art%20 Bp%20 Maturity%20 Model%20%2 D%20 Fisher%2 Epdf10%2 D04%20 Art%20 Bp%20 Maturity%20 Model%20%2 D%20 Fisher%2 Epdf
10%2 D04%20 Art%20 Bp%20 Maturity%20 Model%20%2 D%20 Fisher%2 Epdf
 
Benefits Identification, Assessment, Validation and Realisation for Informati...
Benefits Identification, Assessment, Validation and Realisation for Informati...Benefits Identification, Assessment, Validation and Realisation for Informati...
Benefits Identification, Assessment, Validation and Realisation for Informati...
 
Harnessing the Power of an Enterprise IT Dashboard - uptime software
Harnessing the Power of an Enterprise IT Dashboard - uptime softwareHarnessing the Power of an Enterprise IT Dashboard - uptime software
Harnessing the Power of an Enterprise IT Dashboard - uptime software
 
BA458 -- Research Paper
BA458 -- Research PaperBA458 -- Research Paper
BA458 -- Research Paper
 
IT Governance - OpenThinking Day
IT Governance - OpenThinking DayIT Governance - OpenThinking Day
IT Governance - OpenThinking Day
 
The IT Management Function
The IT Management FunctionThe IT Management Function
The IT Management Function
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
 
Big Data Readiness Assessment
Big Data Readiness AssessmentBig Data Readiness Assessment
Big Data Readiness Assessment
 

SUIT Showdown 2010

  • 1. Mobile Music Proposing a comprehensive framework to ensure that MM’s IT aligns and extends corporate strategy, creates value and mitigates risks Trinity Ankita Vij Team 7 Himanshu Sharma April 9th, 2010 Pranali Lad
  • 3. ________________________________________________________________________________ Ageing Infrastructure Compliance Ageing Unaligned IT with Infrastructure Business IT Governance Security ssues Security Issues Security Overstressed Network Compliance ________________________________________________________________________________ 3 Source: Team Analysis
  • 4. ________________________________________________________________________________ 0 1 2 3 4 5 Vision Mission C I Goals MM Current state MM Leadership Industry average (BOD + Executive) IT Plan Implement Mismanaged Risks and Returns Incident-based Business Metrics System Analysis Prioritization Performance Critical success IT Portfolio Indicators factors Management ________________________________________________________________________________ Source: Team analysis 4
  • 5. ________________________________________________________________________________ 0 1 2 3 4 5 Vision Mission C I F Goals MM Current state Industry average BOD + IT Strategy Committee MM Future state Executive Management + IT Steering Committee Monitor and Evaluate (ME) IT Governance Plan and organize (PO) Acquire and Implement (AI) Deliver and Support (DS) Managed Risks and Returns Metrics Control Objectives Service Management Performance Indicators RACI Matrix Business Continuity Balanced Scorecard Maturity Model Best Current Practice ________________________________________________________________________________ Source: Team Analysis 5
  • 6. ________________________________________________________________________________ MM Goals Requirements Information IT Goals IT Processes Control Control Key Activities Outcome Tests Objectives Derived from Performed by Responsibility and Performance Outcome Maturity Control Based on Control Accountability Chart Indicators Measures Models Design Test Practices ________________________________________________________________________________ Source: ISACA presentation 6
  • 7. ________________________________________________________________________________ What do Business Requirements stakeholders expect from IT? What resources are made How IT is organized available to and built up by to respond to the IT Processes IT? requirements? ________________________________________________________________________________ Source: Adopted from COBIT v4.1 7
  • 9. ________________________________________________________________________________ Financial Perspective Manage IT- Related Risks Internal Business Customer Perspective Perspective Goals Learning & Growth Perspective ________________________________________________________________________________ Source: Adapted from COBIT v4.1 9
  • 10. ________________________________________________________________________________ Business • Manage IT-related risk Goal • Ensure that critical and confidential information is IT Goal withheld from those who should not have access to it • Ensure systems security Process ________________________________________________________________________________ Source: Team Analysis, Adapted from COBIT v4.1 10
  • 11. ________________________________________________________________________________ P = Primary enabler S = Secondary enabler ________________________________________________________________________________ Source: Adopted from COBIT v4.1 11
  • 12. ________________________________________________________________________________ Control Objectives for DS5 DS5.1 Management of IT Security DS5.2 IT Security Plan ITIL Mapping DS5.3 Identity Management SD 4.6 Information DS5.4 User Account Management security management DS5.5 Security Testing, Surveillance and Monitoring SO 5.13 Information DS5.6 Security Incident Definition security management and service operation DS5.7 Protection of Security Technology DS5.8 Cryptographic Key Management DS5.9 Malicious Software Prevention, Detection and Correction DS5.10 Network Security DS5.11 Exchange of Sensitive Data ________________________________________________________________________________ Source: Team Analysis, Adapted from ‘Aligning COBIT and ITIL’ by IT governance institute and Office of Governance Commerce 12
  • 13. * ________________________________________________________________________________ Head Development Head IT Administration Functions Head Operations Business Executive Chief Architect Compliance, Audit, Business Process Risk and Security PMO Activities CEO Owner CFO CIO Define and maintain an IT security plan I C C A C C C C I I R Define, establish and operate an identity (account) management I A C R R I C process Monitor potential and actual security incidents A I R C C R Periodically review and validate user access rights and privileges I A C R Establish and maintain procedures for maintaining and safeguarding cryptographic keys A R C Implement and maintain technical and procedural controls to protect information flows across networks A C C R R C Conduct regular vulnerability assessments I A I C C C R *A RACI chart identifies who is Responsible, Accountable, Consulted and/or Informed ________________________________________________________________________________ Source: Adapted from COBIT v4.1 13
  • 15. ________________________________________________________________________________ Optimized Benefits Managed and Measurable Value Defined Process Costs Repeatable but Intuitive Audit Initial/Ad-hoc Driven Controls Timeline T1 T2 T3 Starting Point Current Point Future Point ________________________________________________________________________________ Source: Adapted from Ernst & Young – COBIT presentation 15
  • 17. ________________________________________________________________________________ Identify Needs Phase Raise awareness and obtain Define resources Define scope Define risks Plan program 1 management commitment and deliverables Envision Solution Phase 2 Assess actual Define target for Analyze gaps and performance improvement Identify Improvements Phase Plan Solution 3 Define projects Develop improvement plan Phase Implement Solution Monitor 4 Implement the implementation Review program improvements effectiveness performance Phase Operationalize Solution 5 Build Indentify new governance sustainability requirements ________________________________________________________________________________ Source: Team Analysis, Samsung COBIT Implementation roadmap 17
  • 18. ________________________________________________________________________________ Plan and Organize Acquire and Implement • PO1 Define a strategic IT plan • AI1 Identify automated solutions • PO2 Define the information architecture • AI2 Acquire and maintain application software • PO3 Determine technological direction • AI3 Acquire and maintain technology infrastructure • PO4 Define IT processes, organization and relationships • AI4 Enable operation and use • PO5 Manage IT investment • A15 Procure IT resources • PO6 Communicate management aims and direction • AI6 Manage changes • PO7 Manage IT humans resources • AI7 Install and accredit solutions and changes • PO8 Manage quality • PO9 Assess and manage IT risks • PO10 Manage projects Deliver and Support Monitor and Evaluate • DS1 Define and manage service levels • ME1 Monitor and evaluate IT performance • DS2 Manage third-party services • ME2 Monitor and evaluate internal control • DS3 Manage performance and capacity • ME3 Ensure compliance with external requirements • DS4 Ensure continuous service • ME4 Provide IT governance • DS5 Ensure systems security • DS6 Identify and allocate costs • DS7 Educate and train users • DS8 Manage service desk and incidents • DS9 Manage the configuration • DS10 Manage problems • DS11 Manage data • DS12 Manage the physical environment • DS13 Manage operations ________________________________________________________________________________ Source: Team Analysis, Adapted from COBIT v4.1 18
  • 19. ________________________________________________________________________________ Make leadership understand role of IT as a crucial ‘Business Driver’ Need to have leadership commitment Propose the suggested solution/ framework in the upcoming meeting •Assess the current CMM* state of IT •Make necessary organization structural changes •Start with the implementation of the IT governance framework towards future state Fix fundamental IT issues before venturing into new businesses ________________________________________________________________________________ *CMM – Capability Maturity Model Source: Team Analysis 19
  • 20. Thank You Questions? ________________________________________________________________________________ 20
  • 21. ________________________________________________________________________________ Capability Maturity Model Linkages of goals & processes Capability Maturity Attribute Table Business Goals to IT Goals IT Goals to IT processes Organization Change IT strategy and IT Steering Committee ITIL Functions and Processes Balanced Scorecard Overview Balanced Scorecard Template Accountability Structure Business Continuity Plan Roles and Responsibilities for Business Continuity Planning Executive Management Risks faced Questionnaires Risk Mapping Executive Management Board of Directors ________________________________________________________________________________ 21
  • 22. ________________________________________________________________________________ Awareness and Policies, Plans and Tools and Automation Skills and Expertise Responsibility and Goal Setting and Communication Procedures Accountability Measurement 1 Recognition for the There are ad hoc Some tools may exist; Skills required for the There is no definition of Goals are not clear and need for the process is approaches to usage is based on process are not accountability and no measurement takes emerging. processes and standard desktop tools. identified. responsibility. place. practices. 2 There is awareness of Similar and common Common approaches to Minimum skill An individual assumes Some goal setting the need to act. processes emerge, but use of tools exist but requirements are his/her responsibility occurs; some financial are largely intuitive are based on solutions identified for critical and is usually held measures are because of individual developed by key areas. accountable, even if established but are expertise. individuals. this is not formally known only by senior agreed. management. 3 There is Usage of good practices A plan has been defined Skill requirements are Process responsibility Some effectiveness understanding of the emerges. for use and defined and and accountability are goals and measures are need to act. standardization of tools documented for all defined and process set, but are not to automate the areas. owners have been communicated, and process. identified. there is a clear link to business goals. 4 There is The process is sound Tools are implemented Skill requirements are Process responsibility Efficiency and understanding of the and complete; internal according to routinely updated for all and accountability are effectiveness are full requirements. best practices are standardized plan, and areas, proficiency is accepted and working measured and applied. some have been ensured for all critical in a way that enables a communicated and integrated with other areas, and certification process owner to fully linked to business goals related tools. is encouraged. discharge his/her and the IT strategic responsibilities. plan. 5 There is advanced, External best practices Standardized tool sets The organization Process owners are There is an integrated forward-looking and standards are are used across the formally encourages empowered to make performance understanding of applied. enterprise. continuous measurement system requirements. improvement of skills, linking IT performance based on clearly to business goals by defined personal and global application of organizational goals. the IT balanced ________________________________________________________________________________ scorecard. Source: Adapted from COBIT 4.1 Home 22
  • 23. ________________________________________________________________________________ IT Strategy Committee IT Steering Committee Level • Board Level • Executive Level • Provides insight and advice to the board on topics such as: Decides the overall level of IT spending and how costs will be — The relevance of developments in IT from a business allocated perspective • Aligns and approves the enterprise IT architecture — The alignment of IT with the business direction • Approves project plans and budgets, setting priorities and — The achievement of strategic IT objectives milestones — The availability of suitable IT resources, skills and • Acquires and assigns appropriate resources infrastructure to meet the strategic objectives • Ensures projects continuously meet business requirements, — Optimization of IT costs, including the role and value delivery including reevaluation of the business case Responsibility of external IT sourcing • Monitors project plans for delivery of expected value and — Risk, return and competitive aspects of IT investments desired outcomes, on time and within budget — Progress on major IT projects • Monitors resource and priority conflict between enterprise — The contribution of IT to the business (i.e., delivering the divisions and the IT function, and between projects promised business value) • Makes recommendations and requests for changes to — Exposure to IT risks, including compliance risks strategic plans (priorities, funding, technology approaches, — Containment of IT risks resources, etc.) • Provides direction to management relative to IT strategy • Communicates strategic goals to project teams • Is driver and catalyst for the board’s IT governance practices • Is a major contributor to management’s IT governance Responsibilities • Advises the board and management on IT strategy • Assists the executive in the delivery of the IT strategy Authority • Is delegated by the board to provide input to the strategy and • Oversees day-to-day management of IT service delivery and prepare its approval IT projects • Focuses on current and future strategic IT issues • Focuses on implementation • Sponsoring executive Membership • Board members and (specialist) non board members • Business executive (key users) • CIO • Key advisors as required (IT, audit, legal, finance) ________________________________________________________________________________ Source: Adopted from Board Briefing of IT Governance 2nd Edition Home 23
  • 26. ________________________________________________________________________________ Governance Issues Technology issues for Management Enterprise Architecture Resource Management Selective Outsourcing Application Controls Strategic Alignment Application Security System Integration IT Service Delivery Cost Optimization Risk Management Themes mapped to Risk Prioritizing and Value Delivery Measurement Performance Factors Planning Security Low levels of user satisfaction - X - - X - - - - - - - - - Regular audit findings about poor performance - X - - X X X X X X X X X X Evaluating IT investments, investment decision making - X - - - - - - - - - X - - Improving quality of service - X - - - - X - - - - - - - Inadequate IT capability to support IT operations - - X - - - X - - - - X - - Inadequate IT capability to support new developments - - X - - - - - - - X - - - Inadequate IT capability to take advantage of new technologies - - X - - - - X - X - - - - High reliance on IT specialists X - X - - - - X - X - - - - Infrequent negotiation of supplier contracts - X X - - - - X - - - - - - Vendor support problems - - X - - - - X - - - - - - High costs of ownership - - X - - - X - - - - - - - High cost of network support and maintenance - - X - - - X - - - - - - - High network supply costs - - X - - - X X - - - - - - Configuration control problems - - X - - - - - - - - - - - Software license and version control - - X - - - - - - - - - - - ________________________________________________________________________________ Home 26 Source: Adopted from ISACA – Samsung’s presentation
  • 29. ________________________________________________________________________________ Service Strategy Service Design Service Operation Service Transition Continual service improvement Financial Service Catalog Event Management Transition planning Management Management and support The 7-step Incident improvement Service Portfolio Service Level Management Change process Management Management Management Request Fulfillment Service Reporting Demand Capacity Service asset and Management Management Problem configuration Service Management Management Measurement Availability Management Access Release and Return on Management Deployment Investment on CSI IT service continuity Management Management Operational Business Questions Activities in other Service Validation for CSI Information Security lifecycle phases Testing Management Service desk Evaluation Supplier Management Technical Knowledge Requirements Management Management Engineering Data & Information IT operations Management management Application Management ________________________________________________________________________________ Source: Adopted from ITIL v3 Home 29
  • 31. ________________________________________________________________________________ Strategic Alignment Value Delivery IT Resource Management Risk Management Performance Management CEO • Align and integrate IT • Direct the optimization of IT • Ensure the organization is in the • Adopt a risk, control • Obtain assurance of the strategy with business goals costs best position to capitalize on its and governance performance, control and risks • Align IT operations with • Establish co- responsibility information and knowledge framework of IT and independent comfort business operations between • Establish business priorities and • Embed about major IT decisions • Cascade strategy and goals the business and IT for IT allocate resources to enable responsibilities for risk • Work with the CIO on down into the organization investments effective IT performance management in the developing an IT balanced • Mediate between • Ensure the IT budget and • Set up organizational structures organization scorecard ensuring it is properly imperatives of the business investment plan is realistic and and responsibilities that facilitate • Monitor IT risk and linked to business goals and of the technology integrate into the overall IT strategy implementation accept residual IT risks financial • Define and support the CIO’s plan role, ensuring the CIO is a key • Ensure that financial business player and part of reporting has accurate executive decision-making accounting of IT Business • Understand the enterprise’s • Approve and control service • Allocate business resources • Provide business • Sign off on the IT balanced Executive IT organization, levels required to ensure effective IT impact assessments scorecard infrastructure and • Act as customer for available governance over projects and to the enterprise risk • Monitor service levels capabilities IT services operations management • Provide priorities for • Drive the definition of • Identify and acquire new IT process addressing IT performance business requirements and services problems and corrective own them • Assess and publish actions • Act as sponsor for major IT operational benefits of owned projects IT investments CIO • Drive IT strategy • Clarify and demonstrate the • Provide IT infrastructures that • Assess risks, mitigate • Ensure the day-to-day development and value facilitate creation and sharing of efficiently and make management and verification execute against it, ensuring of IT business information at optimal risks transparent to the of IT processes and controls measurable value is delivered • Proactively seek ways to cost stakeholders • Implement an IT balanced on time and budget, currently increase IT value contribution • Ensure the availability of suitable • Implement an IT scorecard and in the future • Link IT budgets to strategic IT resources, skills and control framework with few but precise • Implement IT standards aims and objectives infrastructure to meet the • Ensure that roles performance measures directly and policies • Manage business and strategic objectives critical for managing IT and demonstrably • Educate executives on executive expectations relative • Ensure that roles critical for risks are appropriately linked to the strategy dependence on IT, IT-related to IT driving maximum value from IT are defined and staffed costs, technology issues and • Establish strong IT project appropriately defined and staffed insights, and IT capabilities management disciplines • Standardize architectures and technology ________________________________________________________________________________ Source: Adopted from Board Briefing of IT Governance 2nd Edition Home 31
  • 32. ________________________________________________________________________________ Questions V A M R P How critical is IT to sustaining the enterprise? How critical is IT to rowing the enterprise? What strategic initiatives has executive management taken to manage IT’s criticality relative to maintenance and growth of the enterprise, and are they appropriate? What is the organization doing about leveraging its knowledge to increase stakeholder value? What IT assets are there and how are they managed? Are suitable IT resources, infrastructures and skills available to meet the required enterprise strategic objectives? Is the enterprise clear on its position relative to technology: pioneer, early adopter, follower or laggard? Is IT participating in overall corporate change-setting and strategic direction? Do IT practices and IT culture support and encourage change within the enterprise? Does the enterprise research technology, process and business prospects to set direction for future growth? Are enterprise and IT objectives linked and synchronized? Is the enterprise clear on its position relative to risks: risk-avoiding or risk-taking? Is there an up-to-date inventory of risks relevant to the enterprise? What has been done to address these risks? How far should the enterprise go in risk mitigation and is the cost justified by the benefit? What is management doing to address risks? Is the board regularly briefed on risks to which the enterprise is exposed? Based on these questions, can the enterprise be said to be taking “reasonable” precautions relative to technology risks? What are other similar organizations doing, and how is the enterprise placed in relation to them, relative to value, risk and resource management? What is industry best practice and how does the enterprise compare, relative to value, risk and resource management? ________________________________________________________________________________ V = IT Value Delivery; A = IT Strategic Alignment; M = IT Resource Management; R = Risk Management; P = Performance Source: Adapted from Board Briefing of IT Governance 2nd Edition Home 32
  • 33. ________________________________________________________________________________ Questions V A M R P How certain is the board about the answers provided to the Questions answered by executive management? Is the board aware of the latest developments in IT from a business perspective? Is IT a regular item on the agenda of the board and is it addressed in a structured manner? Does the board articulate and communicate the business direction to which IT should be aligned? Is the board aware of potential conflicts between the enterprise divisions and the IT function? Does the board have a view on how and how much the enterprise invests in IT compared to other like organizations? Is the reporting level of the most senior IT manager commensurate with the importance of IT? Does the board have a clear view on the major IT investments from a risk and return perspective? Does the board obtain regular progress reports on major IT projects? Does the board obtain IT performance reports illustrating the value of IT from a business driver perspective (customer service, cost, agility, quality, etc.)? Is the board regularly briefed on IT risks to which the enterprise is exposed, including compliance risks? Is the board assured of the fact that suitable IT resources, infrastructures and skills are available (including external resourcing) to meet the required enterprise strategic objectives? Is the board getting independent assurance on the achievement of IT objectives and the containment of IT risks? V = IT Value Delivery; A = IT Strategic Alignment; M = IT Resource Management; R = Risk Management; P = Performance ________________________________________________________________________________ Source: Adapted from Board Briefing of IT Governance 2nd Edition Home 33
  • 34. End of our Deck -- Thank you ________________________________________________________________________________ 34