Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
April 2008
Harpreet Virdee
Partner, The Manta Group
harpreet.virdee@mantagroup.com
2
Marrying COBIT and ITIL for
Effective Governance
Welcome! Objective:
3
Agenda
4
Context..How do the frameworks
align?
5
Evolution of Governance Practices
IT Function
COBIT 4.1 and Val IT Focus: IT as a
partner: Enable Value and Compliance
Value
Governance
Controls and Business & IT
Processes Value
Alignment
Time
6
Val IT Approach: Enterprise Value,
Governance of IT Investments
Val IT = Investment Strategy & Value
Strategic Investment
Are we Are we Value Realization
• Affordable Cost doing the getting • Accountability
• Processes
• Acceptable Risk right the
• Returns Value • Track Record
things? benefits?
7
CobiT 4.1 Overview
• Are Business and IT strategy aligned? • Are projects likely to deliver solutions
• Is business achieving optimum use of its IT that meet business needs?
resources? • Are projects likely to deliver on time
• Does everyone in business understand IT and within budget?
objectives? • Will the new or revised systems work
• Are IT risks understood and being properly when implemented?
managed? • Will changes be made without
• Are the quality of IT systems and services upsetting current business operations?
appropriate for business needs?
8
CobiT 4.1 Overview
PO 9 AI 7
PO 6 PO 7 AI 5
PO 8 PO 10 AI 6 Install and
Communicate Manage IT Assess & Procure
Manage Manage Manage Accredit
Aims and Human Manage IT IT
Quality Projects Change Solutions &
Direction Resource Risks Resources
Changes
ME 3 DS 7 DS 8 DS 12
ME 4 DS 9 DS 10 DS 11 DS 13
Ensure Educate Manage Manage
Provide IT Manage Manage Manage Manage
Regulatory and Service Desk Physical
Governance Configuration Problems Data Operations
Compliance Train Users & Incident Environment
9
IT Function
Evolution of Service Management
Service
Practices Management
IT Service
Service Management ITIL V2 Focus: Optimization
Process Centric
Partner
Production Oriented
Optimal Levels of Service at Justifiable Costs
Basis for ISO20000
Time
10
ITIL V2 Overview
IT Service
Change Release Availability IT Financial
Continuity
Management Management Management Management
Management
Configuration Capacity
Management Management
ITIL
Service Level Processes Security
Management
Management
11
ITIL V3 Overview
SO1
SD1 ST1
SS1 SD2 ST2 Event
Service Transition &
Strategy Service Level Change Management
Catalogue Planning
Generation Management Management
Management Support
SO2
SD5 ST3 ST4 Incident
SS2 SD3
IT Service Service Asset Release & Management
Financial Capacity
Management Continuity & Configuration Deployment
Management
Management Management Management
SO3
Request
ST5 Fulfilment
SS3 SD4 SD7
Service ST6
Demand Availability Supplier
Validation & Evaluation
Management Management Management
Testing SO4
Problem
Management
SS4 SD6
ST7
Service Information
Knowledge
Portfolio Security SO5
Management
Management Management Asset
Management
CSI1
CSI2 CSI3
7-Step
Service Measurement Service Reporting
Improvement Process
12
COBIT 4.1
Governance:
Governance – Big Picture Value, Risk &
Compliance
13
All ITIL v2 Processes are addressed by CobiT 4.1
AI 7
DS 4 DS 6
AI 6 Install and PO 5
Ensure Identify
Manage Accredit Manage IT
Continuous and Allocate
Change Solutions & Investment
Service Costs
Changes
IT Service
DS 9 Change Release Availability IT Financial
Continuity
Manage Management Management Management Management
Configuration Management
DS 3
Manage
Configuration Capacity Performance
Management Management and Capacity
ITIL
DS 1 DS 5
Define and Service Level Processes Security
Management Ensure
Manage Management System
Service Security
Levels
Incident Problem Application Infrastructure
Service Desk
Management Management Management Management
DS 8 AI 2 AI 3
Manage DS 10 Acquire and Acquire and
Service Desk Manage Maintain Maintain
& Incident Problems Application Technology
Software Infrastructure
14
75% of ITIL V3 processes map to CobiT 4.1
CobiT ITIL V3 – Service Operations
DS 8 SO1
Manage
Event
Service Desk
& Incident
Management
DS 10
Manage SO2
Problems Incident
Management
DS 7
Educate
and
Train Users SO3
Request
Fulfilment
DS 11
Manage
Data
SO4
DS 12 Problem
Manage Management
Physical
Environment
SO5
DS 13 Asset
Manage
Management
Operations
15
ITIL & CobiT Inter-Operability
Business – IT –
Process Goals/Metrics
Governance Processes
Process & Metrics Oriented
Process Controls
Functions, Roles & RACI
CobiT
ITIL v2
ITIL v3 Process Oriented
Service Oriented
ITIL Process Metrics
broader scope Process Work Flows
High-level Work Flows Detail Role
Role descriptions Descriptions
Toolsets
16
COBIT : Business Goals for IT
17
ITIL & CobiT Inter-Operability
@ Process Level – Service Level
Management
SLM Service Level SLAs & Contracts
Framework Agreements Reviews
(DS1.1) (DS1.3) (DS1.6)
18
ITIL & CobiT Inter-Operability
@ Metrics Level - Service Level Management
% of Services not in the catalogue # of business stakeholders satisfied
that service delivery meets agreed levels
% of service levels reported
PMO (CI)
Service Manager (RA) CobiT
(Function,
Compliance,
Roles &
Security, Audit (CI)
RACI)
ITIL
Service Level Detail on
Manager Role Descriptions
20
Why should we align?
Why align Governance and
ITSM initiatives?
21
Current State versus Desired State
Desired State and
Current State
Benefits
22
Ideal Future State About The Manta Group
www.mantagroup.com pg.00 23
Why align Governance and Service
Management?
• We don’t know if our IT enabled investments are delivering value?
• Perception 40% of all IT spending bought no return to the organization
2004 IBM research - 1000 CIOs
(Gartner 2006 & ITGI research on 1600 projects).
Bridges the gap between business & IT goals (COBIT) and fulfilling these
goals via effective service management (ITIL).
The goals are the same: Business Alignment, Value, and Compliance.
24
How can we use them together?
25
RAPID Approach
26
1. Need to have a common Governance
Vision and Scope.
27
The Manta Group
CobiT Governance Visioning Approach
28
PO: Domain Summary example: Maturity versus Consequence
PO1 - IT Strategy
0.5
PO5 PO2 - Information Architecture
1 PO4
PO3 -Technology Direction
1.5 PO7 PO6 PO3 PO8
PO2
PO4 - Process & Organization
2
PO1 PO9
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
PO5 - Manage Investment
2.5 PO10
Consequences
(So What)
3 PO6 - Communication Strategy
5
PO10 - Manage Projects
29
PO 10
PO4.4 Organizational
Placement of the IT Function
PO4.5 IT Organizational
1 4..2
Structure
PO4.10 Supervision
4.10
4 4.14
4.11 PO4.11 Segregation of Duties
30
Example: Deliver & Support Gap Assessment
DS 1
DS 2 DS 3 DS 4 DS 5 DS 6
Define and
Manage
Manage Manage Ensure Ensure Identify
Third-party PerformanceContinuous System and Allocate
High Risk
Service
Levels
Services and Capacity Service Security Costs
and
DS 7 DS 8 DS 12
Educate Manage
DS 9
Manage
DS 10
Manage
DS 11
Manage
Manage
DS 13
Manage
Low
and Service Desk Physical
Configuration Problems Data Operations
Train Users & Incident Environment Maturity
DS 1
DS 2 DS 3 DS 4 DS 5 DS 6
Gap Areas of Focus: Define and
Manage
Manage Manage Ensure Ensure Identify
Third-party PerformanceContinuous System and Allocate
DS4 – Ensure Continuous Services Service
31
Step 2: Need to have a plan on what you will
implement and how.
32
Governance Planning
Scope Deliverables:
33
Step 3: Implementation & Review
34
How to use COBIT & ITIL together
• Validate process
metrics with ITIL
process KPIs
35
Conclusion
Top 10 Reasons
1. IT becomes the growth engine of the organization
2. Levels the playing field for IT to have a voice in the executive table
36
Thank You
Question & Answer
April 2008
Harpreet Virdee
Partner, The Manta Group
harpreet.virdee@mantagroup.com
37