1 / 36

Chapter 2 Reference Models , Standards & Frameworks

Chapter 2 Reference Models , Standards & Frameworks. Learning Objectives. IT Governance frameworks Related industry standards, guideline Maturity model, reference การเลือกใช้งาน framework . ข้อจำกัดของ model, standard, framework. ส่วนใหญ่ ไม่ครบวงจร ไม่มี How to Process Template

thora
Download Presentation

Chapter 2 Reference Models , Standards & Frameworks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Chapter 2 ReferenceModels, Standards & Frameworks

  2. Learning Objectives • IT Governance frameworks • Related industry standards, guideline • Maturity model, reference • การเลือกใช้งาน framework

  3. ข้อจำกัดของ model, standard, framework • ส่วนใหญ่ ไม่ครบวงจร • ไม่มี How to • Process • Template • Checklist • Tools • Too flexible / too rigid

  4. Integrated IT Governance Framework • Philosophy • Key issue • Legal • Maturity • Culture

  5. Maturity model

  6. เนื้อหาสำคัญและจำเป็นใน Framework / Model(from chapter1) • Business plan • IT plan ที่สัมพันธ์กับ ข้อ 1 , investment port folio • การนำ IT plan ไปปฏิบัติ, ความเสี่ยง, ภัย • ประสิทธิภาพ ตัวควบคุม ตัววัด • Vendor & Outsourcing • IT People, process improvement

  7. International Standards & Frameworks:Focus Areas • IT Governance – General • Project management • System/Software development • Quality/Security • IT Operations & Infrastructure More….

  8. International Standards & Frameworks:Focus Areascont. • Human Resources • Performance measurement • Regulatory Compliance • Outsourcing & Vendor management • Voice of Customer

  9. IT Governance -General • Model Name • CObit • Author • ITGI/ Well & Ross / U of Holland v4.1 2007 • Use • A framework which links IT process • Decision maker • Certification: CISA/ CISM

  10. IT Governance –Generalcont. • Model name • COSO internal control framework • Author • COSO Comittee of Sponsoring Organsations of Tredway Comission, AICPA, AAA • Use • Reliability of financial statement

  11. COSO • Consists of 5 components • Control environment • Risk assessment • Control activities • Information & communications • Monitoring

  12. Project Management • Model • IT Investment Management (ITIM) • Author • General Account Office (GAO) of US Government • Use • Evaluate select & prioritize IT investment

  13. ITIM Maturity stages

  14. Project Management cont. • Model • PMBOK – Project Mamangement Book of Knowledge • OPM3 Organizational PM Maturity Model • Author • Project Management Institute PMI, 2004 • Use • 9 Knowledge & 5 Processes areas of PM • Tool for self assessment PM maturity • Certification • PMP Project Management Professional

  15. OPM3 Framework

  16. Project Management cont. • Model • PMMM – PM Maturity Model • blends PMBOK with CMMI • Author • Crawford 2002 • Use • Map CMMI to PMBOK to provide PM maturity roadmap

  17. Project Management cont. • Model • PRINCE2 • Author • Central Computer and Telecommunications Agency (CCTA) or Office of Government Commerce (OGC) • Use • UK Government application development

  18. System / Software Development • Model • Capability Maturity Model Integration (CMMI) • Author • SEI / Carnegie Melon University 2002, 2005 • Use • 5 stage maturity acquisition / system & software development • Certification • Organization: Level of maturity

  19. Quality /Securitycont. • Model • ISO 9001 • Author • Motorola & GE (ร่วมกันศึกษา) • Use • Quality management policy

  20. 8 Quality principle ISO 9001-2000 • Customer • Leadership • People • Process approach • System approach (inter-process) • Continuous Improvement • Decision on facts • Supplier management

  21. Quality /Security • Model • Six sigma, Lean, Baldridge Quality Award • Author • Motorola & GE • Use • Reduce error & defect • Certification: black belt

  22. Quality /Securitycont. • Model • ISO 17799 • ISO27001 implementation guideline for 17799 • Author • ISO 2005 • Use • IT security model • Certification organizational level

  23. ISO 17799 & 27001 • 17799 Plan-Do-Check-Act (PDCA model) • Plan • Do: implement / operated /maintained • Check: monitored/measured/ audited/reviewed • Act: improved • 11 security policy domains

  24. IT Operation & Infrastructure • Model • ISO 20000 • Author • ITSMF IT Service Management Forum V2 2002 • Use • 10 processes of IT service management

  25. ISO 20000 • Key Process • Service Level Management SLM • Service delivery • Relationship management (supplier) • Resolution management (Problem) • Control & release (Config & change)

  26. IT Operation & Infrastructure • Model • ITIL IT Infrastructure Library v2 v3 • Author • CCTA , APMG Accrediting Professional Management group 2007 • Use • 10 processes of IT service management

  27. Human Resource • Model • P-CMM people capability maturity model • Author • SEI software engineering institute, Carnegie Mellon University • Use • Advancing people & competencies

  28. Model Balance Scored Card, Critical success Factor Author Kaplan & Norton, Cattuci, Rockhart Use วัดผลของความสำเร็จด้วย กลยุทธ์ Performance management

  29. Outsourcing & Vendor Management • Model • OPBOK, eSCM (eSourcing Capability Model) • Author • Carnegie Mellon University • Use • How to outsource IT & how to manage vendor • Certification: COP Certify Outsourcing Personal

  30. Outsourcing & Vendor Management • eSCM • eSCM –SP for service provider • eSCM – CL for customer • OPBOK Outsourcing Processional Body of Knowledge

  31. Customer • Model • VOC Voice of Customer • Author • Kano • Use • Customer requirement

  32. Regularity Compliance กฎหมาย • Model • Sarbanes-Oxley Act SOX 2002 • Author • US Congress • Use • For Board & executive responsibility

  33. Regularity Compliance กฎหมาย cont.Sarbanes-Oxley Act of 2002 • Public Company Accounting Reform and Investor Protection Act of 2002 • SOX or Sarbox • Senator Paul Sarbanes (D-MD) and Representative Michael G. Oxley • SOX Section 404: Assessment of internal control

  34. Regularity Compliance กฎหมาย cont. AS 8000 / AS 8015 • Model • AS8000 for enterprise governance • AS8015 for ICT governance • Author • Standard Australia 2003

  35. Regularity Compliance กฎหมาย cont. • Model • FDA, FDIC, HIPPA, SEC • Author • US government agency • Use • Selected industry

  36. ค้นคว้าต่อ chapter2 • http://www.sei.cmu.edu/The Carnegie Mellon Software Engineering Institute (SEI) • http://www.isaca-bangkok.org/ สมาคมผู้ควบคุมและตรวจสอบระบบสารสนเทศ-ภาคพื้นกรุงเทพฯ • http://www.aicpa.org/ The American Institute of Certified Public Accountants (AICPA) • http://aaahq.org/ The American Accounting Association • http://www.gao.gov/ The General Accounting Office (GAO), created by the Budget and Accounting Act • http://www.pmi.org/ Project management Institute • http://www.ogc.gov.uk/ The Office of Government Commerce (OGC) • http://www.itil-officialsite.com/ is the most widely accepted approach to IT service management • http://www.kanomodel.com/ Professor Noriaki Kano

More Related