One part ITIL, one part COBIT

www.apmg-international.com

APMG-International Webinar

One part ITIL, one part COBIT:The ingredients for repeatable and

controlled processes to support IT services.

Thursday 31 October 2013 / 14:00 EST (New York, US)

Presented by Mark Thomas, Escoute Consulting

www.APMG-International.com

The ITIL/COBIT connection

“ITIL is clear that it does not stand alone, and in fact, you cannot "do ITIL" without some form of governance. But what does "governance" mean? ITIL requires a framework of policy, process, procedures and metrics that can give direction to IT operations . . . (COBIT) does just this.

David Nichols, ITSM Solutions

Agenda

• Welcome & introduction

– Ronn Faigen, APMG-International

• One part ITIL, one part COBIT:The ingredients for repeatable and controlled processes to support IT services.

– Mark Thomas (Escoute Consulting)

• Q&A

• More Information

• Close

Your presenter…

Mark Thomas, Escoute Consulting

Areas of expertise• Governance of Enterprise IT (CGEIT)• ITIL Expert• COBIT

Experience• Enterprise Program Manager• IT Director• VP, IT Operations• Governance frameworks consulting

Challenges

Governance Frameworks

ITIL Essentials

COBIT Essentials

Putting the Two Together

Questions

Synopsis

Considering the many challenges faced by organizations today, leveraging frameworks to assist in creating repeatable approaches to managing and controlling IT services is a logical, yet difficult task. With so many best practices in the market today, how can one know which ones are applicable? Consider two basic tenets of every IT service provider: provide value in delivered services, and ensure proper governance and control of the processes that support them. This is where ITIL and COBIT play a valuable role. In this presentation we will explore 1) the essential elements of each framework, 2) their applicability in the growing role of IT in today’s organizations, and 3) how to leverage these together in a cohesive approach to delivering, managing and controlling effective IT processes. In this presentation, participants will gain not only an appreciation of the utility of these frameworks, but will walk away with the knowledge (and perhaps) a plan on how to implement these powerful tools at their companies.

Challenges

Align IT with the Business

Provide Value/Cost

Ensure Security

Meet Regulatory Requirements

Manage Risks

Trends

• Rising demand for best practices is driven by requirements to become more competitive while holding costs down

• Drivers for framework adoption include pressures created by demand for conformance and performance

• Historically, IT Service Providers were self-directed and considered cost centers – today, best practices help these providers focus on meeting enterprise objectives

• As IT moves up the list of strategic goals contribution, justifying technology investments grows - therefore the need for best practices

Challenges and Needs


ITIL Essentials

COBIT Essentials


Questions

Governance of Enterprise IT

• IT value delivery to the business

• Mitigation of IT related risk

• Powerful resource to help achieve important objectives:

–Benefit Realization

–Risk Optimization

–Resource optimization

Source: COBIT5. © ITGI. All rights reserved.

Governance ensures that stakeholder

needs, conditions and options are

evaluated to determine balanced,

agreed-on enterprise objectives to be

achieved; setting direction through

prioritization and decision making; and

monitoring performance and

compliance against agreed-on

direction and objectives.

COBIT 5 definition of governance:

Framework Characteristics

• The need for sharper business focus driven by business needs

• A common language with a standardized process model, objectives, and tools suitable for any type or size of organization

• A reliable and useful source based on best practices which are generally accepted in the industry

• Focus on creating and maintaining value

Framework Categories

Governance of Enterprise IT

Service Management

Enterprise Architecture

Project & Portfolio Management

Development Lifecycles

Process Quality & Improvement

COBIT

ITIL

TOGAF

PRINCE2

SDLC

SIX SIGMA



ITIL Essentials

COBIT Essentials


Questions

IT Infrastructure Library (ITIL)

• Widely adopted approach for IT Service Management

• Framework for identifying, planning, delivering and supporting IT services to the business

• Detailed within five core publications

• Enables delivery of appropriate services that continually ensure benefits delivery and business goal achievement

Copyright © AXELOS Limited 2013. All rights reserved. Material is reproduced under license from AXELOS

ITIL Core Elements

Processes Roles FunctionsServices

Delivering value to customers by facilitating outcomes customers want to achieve without the ownership of costs and risks.

A coordinated set of activities that produce an outcome which creates value.

Behaviors or actions that are performed by a person, team or group.

Units of organization specialized to perform certain types of work and are responsible for certain outcomes.

EmailIncident

ManagementIncidentManager

ServiceDesk


ITIL Lifecycle Phases and Processes

SS ServiceStrategy SD Service

Design ST ServiceTransition SO Service

Operations CSIContinualServiceImprovement

Strategy Management

Financial Management

Service Portfolio Management

Demand Management

Business Relationship Management

Design Coordination

Service Level Management

Service Catalog Management

Availability Management

Capacity Management

Information Security Management

Service Continuity Management

Supplier Management

Change Management

Service Asset and Configuration Management

Release and Deployment Management

Knowledge Management

Transition Planning and Support

Service Validation and Testing

Change Evaluation

Event Management

Incident Management

Request Fulfillment

Problem Management

Access Management

7-Step Improvement




ITIL Essentials

COBIT Essentials


Questions

COBIT5

• Latest edition of ISACA’s globally accepted GEIT framework• Provides an end-to-end business view of the governance and management of

enterprise IT• Builds on previous versions of COBIT (including Val IT and Risk IT).• Integrates other major industry frameworks such as ITIL, TOGAF, PRINCE2,

and related ISO standards• Some new changes include:

– Increased focus on enablers– New process reference model– New and modified processes– Management practices (formerly control objectives)– New maturity model

ISACA – Information Systems Audit and Control Association. ITGI – IT Governance Institute

COBIT5 Product Family

COBIT 5

COBIT 5 ENABLER GUIDES

COBIT 5 PROFESSIONAL GUIDES

COBIT 5 ONLINE COLLABORATIVE ENVIRONMENT

COBIT 5Enabling Processes

COBIT 5Enabling Information Other Enabler Guides

COBIT 5Implementation

COBIT 5for Information

Security

COBIT 5for Assurance

COBIT 5for Risk

Other Professional

Guides


COBIT5 Principles and Enablers

Principles

1. Meeting Stakeholder Needs

2. Covering the Enterprise End-to-End

3. Applying a Single Integrated Framework

4. Enabling a Holistic Approach

5. Separating Governance From Management

Enablers

1. Principles, Policies and Frameworks

2. Processes

3. Organizational Structures

4. Culture, Ethics and Behavior

5. Information

6. Services, Infrastructure and Applications

7. People, Skills and Competencies


COBIT5 Meeting Stakeholder Needs


• Translates stakeholder needs into specific, practical and customized goals

• Allows the definition of priorities for:– Implementation

– Improvement

– Assurance of enterprise governance of IT

COBIT5 Covering the Enterprise End to End


COBIT5 Separating Governance and Management

Governance

Ensure that stakeholder needs, conditions, and options are:

Evaluated to determine balanced, agreed-on enterprise objectives to be achieved

Setting direction through prioritization and decision making

Monitoring performance, compliance and progress against agreed direction and objectives (EDM)

Management

Plans, builds, runs and monitors activities in alignment with direction set by the governance body to achieve the enterprise objectives (PBRM)


COBIT5 Domains and Processes

EVALUATE, DIRECT & MONITOR

ALIGN, PLAN & ORGANIZE

BUILD, ACQUIRE & IMPLEMENT

DELIVER, SERVICE & SUPPORT

MONITOR, EVALUATE &

ASSESSEDM1 Ensure Governance Framework Setting and Maintenance

EDM2 Benefits Delivery

EDM3 Ensure Risk Optimization

EDM4 Ensure Resource Optimization

EDM5 Ensure Stakeholder Transparency

BAI1 Manage Programs and Projects

BAI2 Manage Requirements Definition

BAI3 Manage Solutions Identification and Build

BAI4 Manage Availability and Capacity

BAI5 Manage Organizational Change Enablement

BAI6 Manage Changes

BAI7 Manage Change Acceptance and Transitioning

BAI8 Manage Knowledge

BAI9 Manage Assets

BAI10 Manage Configuration

DSS1 Manage Operations

DSS2 Manage Service Requests & Incidents

DSS3 Manage Problems

DSS4 Manage Continuity

DSS5 Manage Security Services

DSS6 Manage Business Process Controls

MEA1 Monitor, Evaluate, and Assess Performance and Conformance

MEA2 Monitor, Evaluate and Assess the System of Internal Control

MEA3 Monitor, Evaluate and Assess Compliance with External Requirements

APO1 Manage the IT Framework

APO2 Manage Strategy

APO3 Manage Enterprise Architecture

APO4 Manage Innovation

APO5 Manage Portfolio

APO6 Manage Budget & Costs

APO7 Manage Human Resources

APO8 Manage Relationships

APO9 Manage Service Agreements

APO10 Manage Suppliers

APO11 Manage Quality

APO12 Manage Risk

APO13 Manage Security

Governance Management


COBIT5 Process Reference Model

Process Identification

Process Description

Process Purpose Statement

Goals Cascade Information

Process Goals & Metrics

RACI ChartDetailed Practice

DescriptionsRelated

Guidance


COBIT5 Process Capability


COBIT5 Implementation




ITIL Essentials

COBIT Essentials


Questions

Integration Objectives

• Implement and manage IT Service Management processes to achieve business goals while meeting governance requirements

• Enable clear process goals which are driven by business goals coupled with a meaningful measurement scheme

• Ensure IT governance and control by providing benefits realization, risk optimization, and resource optimization

Because of its high level approach, broad

coverage, and is based on many

existing practices, COBIT can easily be used as the integrator

that brings multiple practices under one framework and links

those to business objectives.

Integration Objectives

COBIT5• Comprehensive

framework assisting enterprises in achieving goals and delivering value

• Helps enterprises maintain balance between realizing benefits, optimizing risks, and optimizing resources.

ITIL• Provides a consistent

and coherent framework of best practices for IT Service Management and related processes

• Promotes a quality approach for achieving business effectiveness and efficiency with information systems.

Integrating Performance and Conformance

GEIT vs. ITSM

ITIL - ITSM “How”COBIT – GEIT “What ”

• Assists in goal alignment by cascading

• Defines processes based on business requirements

• Separates governance from management

• Intended to support GEIT and is applicable to most organizations

• Links ITIL practices to business requirements

• Defines best practice processes for Service Management and includes process activities

• Processes are more comprehensive and described with activities and flowcharts to assist in implementation

• Processes can be easily mapped to the COBIT Framework to create effective guidance

Integration Approaches

ServiceManagement

Challenges

Governance, Risk, and Compliance Challenges

Just starting, not sure

• History of poor SLA achievement

• Customer feedback identifying low service satisfaction

• Frequent or long periods of downtime

• Internal or external audit findings

• Complex or new regulatory or compliance concerns

• Program/project failures

• Fragmented adoption of multiple frameworks

• Little or no understanding of GEIT

• Significant trigger or pain point driving adoption

Primary: ITILSecondary: COBIT

Primary: COBITSecondary: ITIL

Primary: COBITSecondary: ITIL

Critical Success Factors

• Focus on value

• Management commitment

• Process ownership and accountability

• Training and communication

• Embrace processes and procedures into the culture

• Continual improvement and measurements

COBIT5 Education

Who might go to training?

• IT Management/Practitioners/Consultants, Auditors, Information Security and Risk, Business Management

• Why would you go to training?

• Gain knowledge of the scope and structure of COBIT 5 or want to improve IT Governance in your organization

• Better understand the COBIT5 Product Architecture (guides) and how they interrelate

• How COBIT5 enables IT to be governed and managed in a holistic manner for the entire enterprise

• How the COBIT5 processes and the Process reference Model (PRM) help guide the creation of the 5 Principles and the 7 Governance and Management Enablers



ITIL Essentials

COBIT Essentials


Questions

QUESTIONS & ANSWERS

More Information

• APMG-International:– www.APMG-International.com

• ITIL®– www.apmg-international.com/itil

• COBIT® 5– www.apmg-international.com/cobit5

• Escoute Consulting– www.escoute.com – Email Mark at [email protected]

http://www.linkedin.com/company/apmg-international @APMG_Inter

Thank you for attending!

http://www.apmg-international.com/

http://www.apmg-international.com/itil

http://www.apmg-international.com/cobit5

http://www.escoute.com/

http://www.agilekrc.com/

mailto:[email protected]

One part ITIL, one part COBIT

Business

definition of governance

proper governance

form of governance

best practices

itilcobit connection

infrastructure library

meeting enterprise objectives

value delivery