1 / 49

EICL project ”Bridging the Business-IT gap”

EICL project ”Bridging the Business-IT gap”. Presenter: Jernej Huber Education:  Bachelor of Information Technology Position:  Teaching assistant Institute of Informatics Faculty of Electrical Engineering and Computer Science University of Maribor. Agenda. Personal introduction

cala
Download Presentation

EICL project ”Bridging the Business-IT gap”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. EICL project”Bridging the Business-IT gap” Presenter: Jernej Huber Education: Bachelor of Information Technology Position: Teaching assistant Institute of Informatics Faculty of Electrical Engineering and Computer Science University of Maribor

  2. Agenda • Personal introduction • Business-IT gap • Practices for Business-IT alignment • IT governance • IT service management (ITSM) • Business process management (BPM) • Conclusion

  3. About Maribor • Second largest city in Slovenia with 157,947 inhabitants as of 2011 •  Home to the oldest grapevine in the world (more than 400 years old), called Staratrta • In 2012, Maribor became European Capital of Culture

  4. About University of Maribor • established in 1975 • 17 faculties • among them: Faculty of Electrical Engineering and Computer Science • Some numbers: • 24.600 students  • 7700 beginners per year  • 3300 graduates per year (including master and doctoral degrees)  • 198 study programmes • 1800 employees  • 92,7% public founds • 7,3% from market activities I work at  Institute of Informatics which is part of  Faculty of Electrical Engineering and Computer Science

  5. The gap between Business and IT • Business and IT treat each other as enemies • Distrust and lack of cooperation prevent teamwork • They do not communicate in the same language • IT talks in technical terms, not in the language of the business • They do not have the same goals • Business often sets goals for IT that make success impossible • Innovation and creativity cannot occur because the two sides cannot work together

  6. Working together impossible? • The Business: • Fixes cost & schedule without understanding what problem they are solving • Often unclear about real needs; demands things that it doesn’t need & never uses • IT: • Waits for the Business to tell it what to do; doesn’t proactively offer solutions • Lacks deep knowledge of the business, hampering innovative solutions • They often measure the wrong things rather than the better, faster, cheaper and happier metrics

  7. Closing the Business-IT gap? • The traditional Business-IT relationship is „consumer-supplier“ like • The Business is not IT‘s customer • Real customer of both is the customer of the Business! • Better Model for Business-IT: A Real Team • Example: a soccer team - focused on winning, where everyone must • understand the rules of the game, • be good at their position • have an understanding of, and respect for, what their fellow team members contribute

  8. Closing the Business-IT gap! • Key success factors: • Common, shared objectives • Trust and respect for each others‘ contribution • Consensus on how the team will work together to achieve those objectives • Specialization of skills, built around a common set of core skills • Business agility

  9. Closing the Business-IT gap! • Types of practices • Specialist business practices that help run the business. • Shared practices that help to bridge the gap (for example ITIL and COBIT). • Specialist software development practices that help software developers develop good software. • Practices provide a simple, easy to adopt way to change the way of working • Modular - choose what you need • Just what is needed - minimize change • Just the “essentials” - not too much detail • A few key practices are usually all that is needed

  10. Example of business and IT alignment (for ITSM) • Business example: A fashion store • What are some of our organization’s objectives or strategic goals? • We want to make a lot of money $$$! • We want to have a good image and reputation • What Business Processes aide in achieving those objectives? • Retail, marketing, buying, procurement, HR etc. • What IT Services are these business processes dependent on? • Web site, email, automatic procurement system for buying products, Point of Sale Services • We have ITSM in order to make sure the IT Services are: • What we need (Service Level Management, Capacity Management etc.) • Available when we need it (Availability Management, Incident Management etc.) • Provisioned cost-effectively (Financial Management, Service Level Management) • What are technical activities? • Not in focus of ITSM practices like ITIL

  11. Shared practices that bridge the Business-IT gap: ITIL and COBIT • typically used in conjunction • usually used also with other frameworks, such as: • Six Sigma (a quality methodology) • TOGAF (a framework for IT architecture) • ISO 27000 (a standard for IT security)

  12. ITIL vs. COBIT • ITIL (Information Technology Infrastructure Library) • an approach to IT service management (ITSM) • Service • is something that provides value to customers. Services that customers can directly utilize or consume are known as “business” services • ITIL provides conformance • which allows flexibility in the adaptation of practices within an organizational context while maintaining the overall structure of the framework • COBIT (Control OBjectives for Information and related Technology) • a framework for an IT governance • IT governance • provides the structure that links IT processes, IT resources and information to enterprise strategies and objectives. • COBIT enables compliance • which is highly specific, often audited to a formal standard and the organization’s practices must mimic externally defined practices.

  13. COBIT – IT governance • IT governance is defined as a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk vs. return over IT and its processes • How does it work?

  14. COBIT – main concepts • Key elements: • IT processes • IT resources • Business requirements • Control • is defined as the policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected. • IT control objective • is defined as a statement of the desired result or purpose to be achieved by implementing control procedures in a particular IT activity.

  15. COBIT - framework of IT Control Obj.

  16. COBIT • Enterprise governance and IT governance can no longer be considered separate and distinct disciplines • On figure: Looking on relationship between IT Resources and Delivery of Services

  17. COBIT - cube *Fiduciary: trust

  18. COBIT – high-level domains • Plan and organize • Covers strategy and tactics and concerns the identification of the way IT can best contribute to the achievement of the business objectives. Furthermore, the realization of the strategic vision needs to be planned, communicated and managed for different perspectives. Finally, a proper organization as well as technological infrastructure must be put in place. • Acquire and implement • To realize the IT strategy, IT solutions need to be identified, developed or acquired, as well as implemented and integrated into the business process. Changes and maintenance of existing systems to make sure that the life cycle is continued for these systems are also covered. • Deliver and support • This domain is concerned with the actual delivery of required services. In order to deliver services, the necessary support processes must be set up. • Monitor and evaluate • All IT processes need to be regularly assessed over time for their quality and compliance with control requirements. This domain thus addresses management’s oversight of the organization's control process and independent assurance provided by internal and external audit or obtained from alternative sources.

  19. COBIT framework • COBIT provides a set of 34 high-level control objectives, one for each of the IT processes, grouped into four domains: • plan and organize, • acquire and implement, • deliver and support, and • monitor and evaluate. • By addressing these control objectives, the business process owner can ensure that an adequate control system is provided for the IT environment. • Each high-level control objective is subdivided in a list of detailed control objectives. • In total, COBIT contains 318 detailed control objectives over all the 34 IT processes.

  20. COBIT – control objective example • High-level control objective DS2 “Manage third-party services” • control over the IT process of managing third-party services • that satisfies the business requirement to ensure that roles and responsibilities of third parties are clearly defined, adhered to and continue to satisfy requirements • is enabled by control measures aimed at the review and monitoring of existing agreements and procedures for their effectiveness and compliance with organization policy • and takes into consideration • Third-party service agreements • Contract management • Nondisclosure agreements • Legal and regulatory requirements • Service delivery monitoring and reporting • Enterprise and IT risk assessments • Performance rewards and penalties • Internal and external organizational accountability • Analysis of cost and service level variances • Detailed control objectives DS2 “Manage third-party services” • Supplier interfaces • Management should ensure that all third-party providers’ services are properly identified and that the technical and organizational interfaces with suppliers are documented. • …

  21. COBIT – control practices • expand the capabilities of COBIT by providing the practitioner with an additional level of detail. • The IT control practices provide the more detailed how and whyneeded by management, service providers, end users and control professionals to implement highly specific controls based on an analysis of operational and IT risks. • Comparison: the COBIT IT processes, business requirements and detailed control objectives define what needs to be done to implement an effective control structure.

  22. COBIT – example control practice • Control practice for the detailed control objective “Supplier interfaces” of process DS2 “Manage third-party services” • Why Do It? • Identifying and defining technical and organizational interfaces provided by third-party suppliers in line with the control practices will: • Promote relationships that support the overall organizational objectives (both business and IT) • Facilitate effective and efficient communication (including problem resolution) between organizations to help maintain effective service delivery • Ensure that the ownership of those elements on each side of the boundary between the organization and third-party service provider is clear, and therefore avoid gaps or overlaps in responsibility that may lead to loss of service or operational inefficiencies • Control Practices • Policy and procedures in relation to maintaining a register of key suppliers to the IT function are developed. The register details the name of supplier and nature, scope and purpose of relationship. Procedures link to, and should be integrated with, procurement and configuration management procedures. • The register of IT suppliers is periodically reviewed to ensure that it remains current. • Policy and procedures in relation to maintaining a register of system interfaces are developed. The register details the name of interface, systems it relates to and purpose (in both business and IT terms). Procedures link to, and should be integrated with, configuration and change management procedures.

  23. COBIT - audit guidelines • Management needs assurance that the desired IT goals and objectives are being met and key controls are being addressed. • The audit guidelines outline and suggest the assessment activities to be performed corresponding to each of the 34 high-level IT control objectives, providing helpful guidance on who to interview; what questions to ask; and how to evaluate control, assess compliance and finally substantiate the risk of any identified controls not being met.

  24. COBIT - management guidelines • Management guidelines provide the vital link between IT control and IT governance. They are action-oriented and generic, and provide management direction for getting the enterprise’s information and related processes under control, monitoring achievement of organizational goals, monitoring and improving performance within each IT process, and benchmarking organizational achievement. • They help provide answers to typical management questions, such as: • How far should we go in controlling IT, and is the cost justified by the benefit? • What are the indicators of good performance? • What are the critical success factors? • What are the risks of not achieving our objectives? • What do others do? • How do we measure and compare?

  25. COBIT - maturity models • Included in Management guidelines

  26. COBIT - metrics • Critical success factors (CSFs) • CSFs define the most important issues or actions for management to consider or undertake to achieve control over and within the IT processes. They must be management oriented implementation guidelines and identify the most important things to do, strategically, technically, organizationally or procedurally. Examples: • IT processes are defined and aligned with the IT strategy and the business goals. • The customers of the process and their expectations are known. • Processes are scalable and their resources are appropriately managed and leveraged. • Key goal indicators (KGIs) • KGIs define measures that tell management, after the fact, whether an IT process has achieved its business requirements. Examples: • Achieving targeted return on investment or business value benefits • Enhanced performance management • Reduced IT risks • Key performance indicators (KPIs) • KPIs define measures to determine how well the IT process is performing in enabling the goal to be reached. They are lead indicators of whether a goal will likely be reached or not, and are good indicators of capabilities, practices and skills. Examples: • Reduced cycle times (i.e., responsiveness of IT production and development) • Service availability and response times • Number of staff trained in new technology and customer service skills

  27. COBIT – components & waterfall

  28. ITIL - an IT Service Mgmt framework • Service lifecycle: • Service Strategy, • Service Design, • Service Transition, • Service Operation, • Continual Service Improvement.

  29. ITIL element: Service Strategy • The lifecycle starts with Service Strategy: • understanding who the IT customers are, • the service offerings that are required to meet the customers’ needs, • the IT capabilities and resource that are required to develop these offerings and the requirements for executing successfully. • Driven through strategy and throughout the delivery and support of the service, IT must always try to assure that cost of delivery is consistent with the value delivered to the customer.

  30. ITIL element: Service Design • Service Design assures that new and changes services are designed effectively to meet customer expectations. • The technology and architecture required to meet customer needs cost effectively is an integral part of Service Design. • Additionally, processes required to manage services are also part of the design phase. • Service management systems and tools that are necessary to adequately monitor and support new or modified services must be considered as well as mechanisms for measuring service levels, technology and process efficiency and effectiveness.

  31. ITIL element: Service Transition • Through the Service Transition phase of the lifecycle the design is built, tested and moved into production to assure that the business customer can achieve the desired value. • This phase addresses • managing changes, • controlling the assets and configuration items (underlying components – hardware, software, etc) associated with new and changed systems, • service validation and testing and transition planning to assure that users, support personnel and the production environment has been prepared for the release to production.

  32. ITIL element: Service Operation • Once transitioned, Service Operation then delivers the service on an ongoing basis, overseeing the daily overall health of the service. • This includes • managing disruptions to service through rapid restoration of incidents, • determining the root cause of problems • and detecting trends associated with recurring issues, handling daily routine end user requests and managing service access.

  33. ITIL element: Continual Service Improvement • Enveloping the Service Lifecycle. • Continual Service Improvement offers a mechanism for IT to measure and improve the service levels, the technology and the efficiency and effectiveness or processes used in the overall management of services.

  34. ITIL benefits • Alignment with business needs • Negotiated achievable service levels. • A common language • Predictable, consistent processes • Efficiency in service delivery • Measurable, improvable services and processes

  35. ITIL benefit: Alignment with business needs • ITIL becomes an asset to the business when IT can proactively recommend solutions as a response to one or more business needs. • The IT Strategy Group recommended in Service Strategy and the implementation of Service Portfolio Management gives IT the opportunity to understand the business’ current and future needs and develop service offerings that can address them.

  36. ITIL benefits • Negotiated achievable service levels. • Business and IT become true partners when they can agree upon realistic service levels that deliver the necessary value at an acceptable cost. • A common language • terms are defined.

  37. ITIL benefit: Predictable, consistent processes • Customer expectations can be set and are easier to meet with through the use of predictable processes that are consistently used. As well, good practice processes are foundational and can assist in laying the groundwork to meet regulatory compliance requirements.

  38. ITIL benefit: Efficiency in service delivery • Well-defined processes with clearly documented accountability for each activity as recommended through the use of a RACI matrix can significantly increase the efficiency of processes. In conjunction with the evaluation of efficiency metrics that indicate the time required to perform each activity, service delivery tasks can be optimized.

  39. ITIL benefit: Measurable, improvable services and processes • Youcan’t manage what you cannot measure. Consistent, repeatable processes can be measured and therefore can be better tuned for accurate delivery and overall effectiveness. For example, presume that a critical success factor for incident management is to reduce the time to restore service. When predictable, consistent processes are used key performance indicators such as Mean Time To Restore Service can be captured to determine whether this KPI is trending in a positive or negative direction so that the appropriate adjustments can be made. Additionally, under ITIL guidelines, services are designed to be measurable. With the proper metrics and monitoring in place, IT organizations can monitor SLAs and make improvements as necessary.

  40. ITIL processes

  41. ITIL functions • A “function” is an abstract organizational unit within an IT organization. It represents a real organization or group, but not a process. A function may use one or more IT processes or practices to carry out its objectives. • There are 5 primary functions within Service Operation (some of which are divided into smaller functions): • Application Management • Control of the entire lifecycle of an application • Facilities Management • Management of IT data centers and other physical IT facilities • IT Operations Management • Ongoing operation and execution of IT services and IT resources in support of those services • Service Desk • User support for IT services • Technical Management • Provides specialized technical skills to carry out IT operations

  42. ITIL Lifecycle – Main Process Elements • Figure illustrates that the trigger for the Service Strategy processes is a desired business strategy. • The termination of the Service Strategy processes is the chartering of a service and the supply of a Service Level Package, which then triggers the Service Design processes, and so on.

  43. ITIL Lifecycle – Main Practice Elements • Within each process element, a number of main practice elements accompany each process and are carried out during the lifecycle (illustrated on Figure). • Each of the elements shown is comprised of a variety of activities.

  44. ITIL – detailed example

  45. Business process management (BPM) • BPM is one of the most promising technologies that help with “closing the gap between business and IT”. • The concept of BPM standards is now focused on vendor adoption and user acceptance of three key BPM standards: BPMN 2.0, WS-BPEL 2.0 and XPDL 2.1. • Companies use BPM to: • evaluate, • redesign, and • optimize new and existing business processes. • Business process • is a collection of interrelated activities, initiated in response to a triggering event, which achieves a specific, discrete result for the customer and other stakeholders of the process • BPM can be and is applied to IT management. ITIL and COBIT both use the term “process” pervasively, and are commonly referred to as “process” frameworks.

  46. BPMN • BPMN 2.0 is a popular and successful standard for process modeling in which a user creates a graphical, often automatable, representation of a business process, using uniform primitives for common activities. • The primary goal of BPMN is to provide a notation that is readily understandable by all business users, from the business analysts that create the initial drafts of the processes, to the technical developers responsible for implementing the technology that will perform those processes, and finally, to the business people who will manage and monitor those processes. • Thus, BPMN creates a standardized bridge for the gap between the business process design and process implementation.

  47. BPMN example

  48. Conclusion • Shared practices (for example ITIL, COBIT, BPM) help to bridge the gap • Practices bring people together • People can appreciate each others expertise • People without formal training can make a sensible start • They create an awareness of the competencies and skills needed on the team • They give structure to the knowledge within a specialty • They enable specialists to work together • IT and Business should play on the same team – to win!

  49. Literature • „Closing the Gap Between Business and IT“, Ivar Jacobson, Innovate2010 - The Rational Software Conference, IBM, 2010 • „ITIL®, COBIT®, and CMMI®: Ongoing Confusion of Process and Function“, Charles T. Betz, BPTrends, 2011 • „Why COBIT wins in a showdown with ITIL?“, Itskeptic, 2012 • „The Official Introduction to the ITIL Service Lifecycle“, TSO, 2007 • „ITIL V3 Foundation Complete Certification Kit: 2009 Edition“, The Art of Service, 2009 • „Springer ITIL V3 at a glance, Information Quick Reference“, Springer, 2008 • „COBIT student book“, IT Governance Institute, 2007 • „COBIT 4.1“, IT Governance Institute, 2007 • „Closing the Gap for Competitive Advantage True Collaboration between Business and IT“, Vitria, 2008 • „Hype Cycle for Business Process Management“, Gartner, 2012 • „Business Process Model and Notation (BPMN) version 2.0“, official specification, OMG, 2011

More Related