Microsoft PowerPoint - How to Marry ITIL and COBIT to drive ...

1

How to marry ITIL and COBIT to drive strongGovernance and Continual Service

Improvement

2

SMART - 2008Harpreet Virdee

Director – Western Region , The Manta [email protected]

How to marry ITIL and COBIT to drive strongGovernance and Continual Service Improvement

Welcome! Objective:

• Provide an appreciation of how aligning Governance

3

• Provide an appreciation of how aligning Governance(COBIT 4.1 and Val IT) and CSI (ITIL v3), can make a

happy marriage.

Agenda

• How do COBIT 4.1 and Val IT and ITIL v3frameworks align?

• Why: Why align Governance and ITSM

4

• Why: Why align Governance and ITSMinitiatives?

• How: A practical approach in using COBIT 4.1and the 7 step CSI process together.

Context..How do the frameworksalign?

5

Governance: COBIT 4.1, Val ITService Management: ITIL v2, ITIL v3,

ISO20000

IT Function

Governance

COBIT 4.1 and Val IT Focus: IT as apartner: Enable Value and Compliance

COBIT 4.0 Focus: Governance

Evolution of Governance Practices

Controls &Risk

ProcessOriented

BusinessGoals

Controls andProcesses

Business & ITAlignment Value

Governance

ValueGovernance

6

Time

Audit –Controls

based

Auditors tool:Controls

COBIT 3.0 Focus: Control Environment

Risk Oriented Goals

Control Framework Risk Management

What is CobiT?

IT Governance Institute created CobiT framework is designed to enable

IT represents one of the most valuable assets ofan enterprise and needs to be governed based

on:ValueRiskControl

7

IT Governance Institute createdCobiT framework with the following

characteristics:

Business-focused Process-oriented Controls-based Measurement-driven

CobiT framework is designed to enableIT management to align its activities andoutput with business requirements by:

Making a link to the businessrequirement

Organizing IT activities into agenerally accepted process model

Identifying the major IT resources tobe leveraged

Defining the management controlobjectives to be considered

Are wedoing the

rightthings?

Are wegetting

thebenefits?

Strategic Investment• Affordable Cost• Acceptable Risk• Returns Value

Value Realization• Accountability• Processes• Track Record

What is Val IT?

Val IT = Investment Strategy & Value

8

Are wedoing them

the rightway?

Are wegetting

them donewell?

Enterprise Architecture• Integration• Performance• Change• Risk

Delivery Capabilities• Processes• People• Technology

COBIT = Supports Execution

Governance – Big Picture

COBIT 4.1Governance:Value, Risk &Compliance

9

PO 1Define

StrategicIT Plan

PO 1Define

StrategicIT Plan

PO 4Define IT

Processes,Organisation,Relationships

PO 4Define IT


PO 5Manage ITInvestment


PO 3Determine

TechnologicalDirection

PO 3Determine


PO 6Communicate

Aims andDirection

PO 6Communicate

Aims andDirection

PO 7Manage IT

HumanResource

PO 7Manage IT

HumanResource

PO 8ManageQuality

PO 8ManageQuality

PO 9Assess &

Manage ITRisks

PO 9Assess &

Manage ITRisks

PO 10ManageProjects

PO 10ManageProjects

PO 2Define

InformationArchitecture

PO 2Define


Plan & Organize

AI 1Identify

AutomatedSolutions

AI 1Identify

AutomatedSolutions

AI 2Acquire and

MaintainApplicationSoftware

AI 2Acquire and

MaintainApplicationSoftware

AI 3Acquire and

MaintainTechnology

Infrastructure

AI 3Acquire and

MaintainTechnology

Infrastructure

AI 5Procure

ITResources

AI 5Procure

ITResources

AI 7Install andAccredit

Solutions &Changes

AI 7Install andAccredit

Solutions &Changes

AI 6ManageChange

AI 6ManageChange

Acquire & Implement

AI 4Enable

Operation& Use

AI 4Enable

Operation& Use

CobiT 4.1 Overview

10

DS 3Manage

Performanceand Capacity

DS 3Manage


DS 4Ensure

ContinuousService

DS 4Ensure

ContinuousService

DS 5EnsureSystemSecurity


DS 6Identify

and AllocateCosts

DS 6Identify

and AllocateCosts

DS 2Manage

Third-partyServices

DS 2Manage

Third-partyServices

DS 1Define andManageServiceLevels

DS 1Define andManageServiceLevels

DS 7Educate

andTrain Users

DS 7Educate

andTrain Users

DS 8Manage

Service Desk& Incident

DS 8Manage


DS 9Manage

Configuration

DS 9Manage

Configuration

DS 10ManageProblems

DS 10ManageProblems

DS 11Manage

Data

DS 11Manage

Data

DS 12ManagePhysical

Environment

DS 12ManagePhysical

Environment

DS 13Manage

Operations

DS 13Manage

Operations

Deliver & Support

ME 1Monitor &

Evaluate ITPerformance

ME 1Monitor &

Evaluate ITPerformance

ME 3Ensure

RegulatoryCompliance

ME 3Ensure


ME 4Provide IT

Governance

ME 4Provide IT

Governance

Monitor & Evaluate

ME 2Monitor &EvaluateInternalControl


Service Strategy

ITIL V3 Overview

Service Design Service Transition Service Operations

SS2Financial

Management

SS2Financial

Management

SS1Strategy

Generation

SS1Strategy

Generation

SD2Service LevelManagement

SD2Service LevelManagement

SD1Service

CatalogueManagement

SD1Service

CatalogueManagement

SD3Capacity

Management

SD3Capacity

Management

SD5IT ServiceContinuity

Management

SD5IT ServiceContinuity

Management

ST1Transition &

PlanningSupport

ST1Transition &

PlanningSupport

ST3Service Asset& ConfigurationManagement

ST3Service Asset& ConfigurationManagement

ST2Change

Management

ST2Change

Management

ST5ST5

ST4Release &

DeploymentManagement

ST4Release &

DeploymentManagement

SO1Event

Management

SO1Event

Management

SO2Incident

Management

SO2Incident

Management

SO3Request

SO3Request

11

Continual Service Improvement

SS3Demand

Management

SS3Demand

Management

SS4ServicePortfolio

Management

SS4ServicePortfolio

Management

SD4Availability

Management

SD4Availability

Management

SD6Information

SecurityManagement

SD6Information

SecurityManagement

SD7Supplier

Management

SD7Supplier

Management

ST5Service

Validation &Testing

ST5Service

Validation &Testing

ST6Evaluation

ST6Evaluation

ST7Knowledge

Management

ST7Knowledge

Management

RequestFulfilmentRequestFulfilment

SO4Problem

Management

SO4Problem

Management

SO5Asset

Management

SO5Asset

Management

CSI17-Step

Improvement Process

CSI17-Step

Improvement Process

CSI3Service Reporting

CSI3Service Reporting

CSI2Service Measurement

CSI2Service Measurement

PO 1Define

StrategicIT Plan

PO 1Define

StrategicIT Plan

PO 4Define IT


PO 4Define IT




PO 3Determine


PO 3Determine


PO 6Communicate

Aims andDirection

PO 6Communicate

Aims andDirection

PO 7Manage IT

HumanResource

PO 7Manage IT

HumanResource

PO 8ManageQuality

PO 8ManageQuality

PO 9Assess &Manage IT

Risks

PO 9Assess &Manage IT

Risks

PO 10ManageProjects

PO 10ManageProjects

PO 2Define


PO 2Define


Plan & Organize

AI 1Identify

AutomatedSolutions

AI 1Identify

AutomatedSolutions

AI 2Acquire and

MaintainApplication

Software

AI 2Acquire and

MaintainApplication

Software

AI 3Acquire and

MaintainTechnology

Infrastructure

AI 3Acquire and

MaintainTechnology

Infrastructure

AI 5Procure ITResources

AI 5Procure ITResources

AI 7Install &Accredit

Solutions &Changes

AI 7Install &Accredit

Solutions &Changes

AI 6ManageChange

AI 6ManageChange

Acquire & Implement

CobiT Processes Addressed by ITIL

AI 4Enable

Operation& Use

AI 4Enable

Operation& Use

12

DS 3Manage


DS 3Manage


DS 4Ensure

ContinuousService

DS 4Ensure

ContinuousService



DS 6Identify

and AllocateCosts

DS 6Identify

and AllocateCosts

DS 1Define and

ManageServiceLevels

DS 1Define and

ManageServiceLevels

DS 7Educate

andTrain Users

DS 7Educate

andTrain Users

DS 8Manage


DS 8Manage


DS 9Manage

Configuration

DS 9Manage

Configuration

DS 10ManageProblems

DS 10ManageProblems

DS 11Manage

Data

DS 11Manage

Data

DS 12ManagePhysical

Environment

DS 12ManagePhysical

Environment

DS 13Manage

Operations

DS 13Manage

Operations

Deliver & Support

ME 1Monitor &Evaluate ITPerformance

ME 1Monitor &Evaluate ITPerformance

ME 3Ensure


ME 3Ensure


ME 4Provide ITGovernance

ME 4Provide ITGovernance

Monitor & Evaluate



DS 2Manage

Third-partyServices

DS 2Manage

Third-partyServices

COBIT ME1 and ITIL 7 step improvementprocess alignment

7 step Improvement process: What is it?

• The goal of the Seven Step Improvementprocess is to continually define whatshould and can be measured and totransform the raw data collected into ameaningful set of corrective action byusing various methods and toolsthroughout the service lifecycle

ME1: What is it?

• Monitoring is needed to make sure that ITworks on the right things in accordancewith business demands and priorities.

• This process includes defining relevantperformance indicators, a systematicand timely reporting of performance

13

throughout the service lifecycle

• 7 step Improvement process: Why do Icare?

• Are we providing business value? Toensure that IT is providing value throughmeasuring and taking corrective action.

results, and prompt actions upondeviations.

ME1: Why do I care?

• It is not clear if IT and its service providersare doing the right things for theorganization.

Why should we align?

Why align Governance and

14

Why align Governance andITSM initiatives?

Current State versus Desired State

Current State Desired State andBenefits

•IT has too many `standardterminologies`•Multiple initiatives with commongoals are not aligned:

•Same goals: Enabling business,CSI

15

goals are not aligned:• Project silos• Inefficient use of resources

•Audit and ITSM don’t speak.

•A common language

•Program (Governance and ITSM)vision and goals are aligned, usecommon approach, shareknowledge.

The Manta Group Service Architecture

About The Manta GroupIdeal Future State

16www.mantagroup.com pg.00

How to effectively use CSI – 7 stepimprovement process and COBIT together

ITILs Deming Cycle – Align to Business StrategyCSI - 7 Step Improvement Process & Metric Types

17

CSI - 7 Step Improvement Process & Metric TypesCOBITs: Business Balanced Score Card

COBITs Goals & MetricsOutputs:

Dashboard Example

ITIL: Continual Service Improvement Model

What is the Vision?

Baseline: COBIT ME1 MMModel

Business: COBITBalanced Scorecard

Where are we now?

How do we keep themomentum going?

18

18

ITIL 7 Step Imp Process

Measurable TargetsCOBIT: Goals & Metrics

Where do we want to be?

How do we get there?

Did we get there? Compliance. COBITME1 Controls.

momentum going?


What is the Vision?



Where are we now?


19

19






momentum going?

Business Demand AnalysisWho Cares?

BusinessDemands

Balanced Score Card1. Financial2. Customer3. Internal

20

3. Internal4. Learning and Growth

Plan & Organize Acquire & Implement

Deliver & SupportMonitor & Evaluate

CobiT 34 Governance Objectives

Financial Perspective (FP)1. Provide a Good ROI of IT Enabled

business investments2. Manage IT Related Business Risk3. Improve Corporate Governance and

Transparency

Customer Perspective (CP)4. Improve Customer Orientation and

Service

Internal Perspective (IP)10. Improve and Maintain Business

Processes Functionalities11. Lower Process Costs12. Provide Compliance with External

Laws, Regulations & Contracts13. Provide Compliance with Internal

Policies14. Manage Business Change15. Improve and Maintain Operational and

Demand Drivers Analysis(Who Cares)

21

Service5. Offer Competitive Products and

Services6. Establish Service Continuity and

Availability7. Create Agility in Responding to

Changing Business Environment8. Achieve Cost Optimization of Service

Delivery9. Obtain Reliable & Useful Information

for Strategic Decision Making

15. Improve and Maintain Operational andStaff Productivity

Learning and Growth Perspective (LGP)16. Manage Product & Business

Innovation17. Acquire & Maintain Skilled and

Motivated People


What is the Vision?



Where are we now?


22

22






momentum going?

Best Practices Tool: Where are we now

The Green dotsindicate the Target

23

indicate the TargetMaturity score.

Processes with highseverity need to bemore mature,processes with lowseverity may be over-controlled.


What is the Vision?



Where are we now?


24

24






momentum going?

What Target Metrics – ITIL principles

CSFsValue, Quality, Performance,

Compliance

25

KPIsQuantitative, Qualititative

Metric TypesProcess, Service, Technology

What Target Metrics – COBIT approach

Business Goals for IT

Improve Customer Orientation and Services (4)

IT Goals Mapped to Process

Ensure Service Availability as required (23)

Manage Performance and Capacity (DS3)

26

Manage Performance and Capacity (DS3)

Process Goal and Metric

Goal: Meet response time SLAs

Metric: % Not Met

Activity Goal and Metric

Goal: Provide and manage system capacity

Metric: % asset under capacity review

Example: Process Milestone Tracking Dashboard

Step 1. Translate Program Objectives to Process Goals and Metrics

Overall Project ObjectivesComplete by Achieved/ Measured by

Cascaded Process-Level Objectives

General

Service Improvement Objectives

Ensure there is a greater focus on the quality of ITin terms of reliability, availability and capacity.

Implement availability and capacity monitoring for theAdvantage and Clipper services. Implement stronglinks between the SLM, Change, Release andApplications Development processes to theAvailability and Capacity processes.

27

in terms of reliability, availability and capacity. Availability and Capacity processes.Ensure Service Management processes areimplemented using the ITIL framework. Theseprocesses must be controlled, repeatable andproducing quality management information.

Measured by the Process Maturity objectives (seesection below).

ensure the better management of Major Incidents.

Develop and implement a major incident process thatensures controlled identification, management,recovery and assessment. Measure and show animproved MTBF of Major Incidents.

Reduce the impact of Major Incidents.Show improvement by measuring and demonstratinga reduced MTTR of Major Incidents.

Example: Sample Performance DashboardProcess Category Weighted

AverageTarget Key Performance Indicator

Red Green

Incident Management Performance 10% <75% 75-100% % of Incidents with Service Restored within 1 day

Quality 30% <80% 80-100%% Tickets Complete and Accurate(tickets rated on priority,categorization, and resolution)

Value 50% <75% 75-100% % Tickets Resolved within SLA targets

Compliance 10% <80% 80-100% % Tickets Submitted by Service/Support Desk

Problem Management Performance 25% <90% 90-100% % Root cause with permanent fix identified

Quality

28

Quality 20% <80% 80-100% % Root Cause Known within Target times

Value 30% >1% <=1%% Repeated Problems after known error fix has been successfullyimplemented

Compliance25% >10% 10% % Problem Records raised based on Critical and High priority

Change Management*Performance 30% <95% 95-100% % RFC s Successfully Implemented

Quality 10% <90% 90-100%% RFC not sent back to draft or rejected due to updates requiredby Change Management

Value 30% >2% 2% % RFC Emergencies due to production failure

Compliance 30% >1% 1%% Infrastructure Incident records from Changes that bypassed theprocess

ConfigurationManagement*

Quality ? <80% 90-100%% of time that CI Attributes and/or CI Additions are completed forAll Risk Level 1&2 Changes

Value ? <80% 90-100%% of Incident, Problem or Change for which the CI is associated toService Records (Infrastructure Related)


What is the Vision?



Where are we now?


29

29

ITIL 7 Step Imp ProcessME1 Control Objectives





momentum going?

CSI – 7 step improvement process

1. Definewhat should

measure

2. Definewhat canmeasure

7.ImplementCorrective

Actions

30

3. GatherData

4. ProcessData

(process)

5. AnalyzeData

(trends)

6. PresentData

ME 1 Control Objectives

ME1.1MonitoringApproach

ME1.2Definition andCollection ofMonitoring

Data

ME1.6RemedialActions

31

ME1.3Monitoring

Method

ME1.4PerformanceAssessment

ME1.5Board andExecutiveReporting

Process Milestone Tracking Dashboard

Step 2. Identify in red the key process milestones (per processto achieve a ‘foundational level’ IM and CfM/SACM example below

Implementation Milestones (key milestones shown in red) Complete by Measure by

Incident ManagementThe process is formally documented 1

A process manager has been appointed 1

A process owner has been identified 1

A clear definition exists (aligned to ITIL) of what an Incident is 1

The Incident Management process fousses on restoring service to the user

32

The Incident Management process fousses on restoring service to the user 1

A Service Desk exists and has been established as the SPoC for IT queries 1

Incidents are detected and reported by end users and back office funtions 1

All reported Incidents are registered in the CMDB 1

Procedures exist for the registration of Incidents 1

Implementation Milestones (key milestones shown in red) Complete by Measure byConfiguration ManagementThe process is formally documented 1Process Signed-offThe process documentation has been formally commnicated to all required staffThe CMDB is part of an integrated SM toolsetA Configuration Manager has been appointed 1A process owner has been identified 1The scope of Configuration Mgt includes the entire IT InfrastructureAll supported hardware items are registered in the CMDB


What is the Vision?



Where are we now?


33

33






momentum going?

Process Milestone Tracking Dashboard

Step 3. Review and Track progress against milestones periodically

Target Today BaselineIM 3.00 2.86 2.50

PM 3.00 1.51 1.00CHM 3.00 3.13 2.00CFM 3.00 1.87 0.50

RM 3.00 2.20 0.50SLM 3.00 2.13 1.00

34

AVM 3.00 2.28 0.50CPM 3.00 1.56 0.50ITSC

M 3.00 2.84 1.50

01122334455

IM PM CHM CFM RM SLM AVM CPM ITSCMCO

BIT

Mat

urity

Leve

l

Target

Today

Baseline


What is the Vision?



Where are we now?


35

35






momentum going?

BPe Roadmap – Phased Approach

36

Keep Momentum Going?

Behavioural Change

Reward

37

Reward

Compliance

Key Take-Aways• COBIT provides business alignment to IT processes and

Goals• ITIL 7 step improvement provides an operational process• COBIT provides controls to assess compliance of the

processes• Both highly complementary

38

• Make a happy marriage..

Thank You

Question & Answer

39

Harpreet VirdeeDirector – Western Region, The Manta Group

[email protected]

Microsoft PowerPoint - How to Marry ITIL and COBIT to drive ...

Business

implement po

cobit processes

cobit framework

function cobit

followingit management

val itservice management

strong governance

management control objectives