1 / 27

Information Technology Management (ITM101)

Information Technology Management (ITM101) . Week 02: IT Standards & Governance . Matthew W. Stephan: CISM, CISSP, CGEIT, CRISC, PMP. Governance?. IT governance aims to ensure that expectations for IT are met and IT risks are mitigated. .

vina
Download Presentation

Information Technology Management (ITM101)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Technology Management (ITM101) Week 02: IT Standards & Governance Matthew W. Stephan: CISM, CISSP, CGEIT, CRISC, PMP

  2. Governance? IT governance aims to ensure that expectations for IT are met and IT risks are mitigated. Corporate Governance: Leadership by corporate directors in creating and presenting value for all stakeholders IT Governance: Subset of the Corporate Governance framework tasked with ensuring the alignment of IT with enterprise objectives

  3. IT Governance Objectives • Governance should be a top-down process • Linkages to business process and strategy exist for all actions • Information in oral, paper, and electronic forms • Governance transcends physical boundaries • Through governance, acceptable practices, policies, and procedures are established The purpose of IT governance is to direct IT endeavors and that IT is aligned with business objectives. Ideally:

  4. Focus Areas of IT Governance IT Resource Management • Two are outcomes: • Value delivery • Risk management. • Three are drivers: • Strategic alignment • Performance measurement • Resource management (which overlays them all) Five main focus areas for IT governance, all driven by stakeholder value.

  5. IT Governance Frameworks

  6. Val IT Principles • IT-enabled investments will: • Be managed as a portfolio of investments • Include the full scope of activities that are required to achieve business value • Be managed through their full economic life cycle • Value delivery practices will: • Recognize that there are different categories of investments that will be evaluated and managed differently • Define and monitor key metrics and will respond quickly to any changes or deviations • Engage all stakeholders and assign appropriate accountability for the delivery of capabilities and the realization of business benefits • Be continually monitored, evaluated and improved

  7. The Four Questions • The value question. Do we have: • A clear and shared understanding of the expected benefits? • Clear accountability for realising the benefits? • Relevant metrics? • An effective benefits realisation process over the full economic life cycle of the investment? • The strategic question. Is the investment: • In line with our vision? • Consistent with our business principles? • Contributing to our strategic objectives? • Providing optimal value, at affordable cost, at an acceptable level of risk? about thevalue enabledby IT Some fundamental questions • The architecture question. Is the investment: • In line with our architecture? • Consistent with our architectural principles? • Contributing to the population of our architecture? • In line with other initiatives? • The delivery question. Do we have: • Effective and disciplined delivery and change management processes? • Competent and available technical and business resources to deliver: • The required capabilities? • The organisational changes required to leverage the capabilities?

  8. Program—A structured grouping of projects designed to produce clearly identified business value Portfolio—A suite of business programs managed to optimize overall enterprise value Project—A structured set of activities concerned with delivering a defined capability based on an agreed schedule and budget P3M—Projects, Programs and Portfolios Portfolio Management Program Management Project Management

  9. Val IT COBIT ITIL What fits where? Board / Senior Executive Business Management Auditors IT (Functional Mgt) IT Operations

  10. Outsourcing Benefits: Access to Expertise and Technologies • Access to expertise and the deployment of new technologies • rapid technological developments require a significant portion of the human resources capacity of internal IT divisions and require high investments in the training of IT professionals. • An IT supplier whose core business consists of the delivery of IT services is able to keep the level of knowledge of its IT professionals up to date more effectively and efficiently.

  11. Outsourcing Benefits: Increase in the Level of Flexibility • Increase in the level of flexibility • Due to the fact that an IT supplier has several customers, the IT supplier is better able to absorb the peaks and valleys in the demand for IT services than the internal IT division, which generally only provides services to its parent organization.

  12. Outsourcing Benefits: Decrease in Costs • Decrease in costs • Due to their scale and ability to share production resources, IT suppliers are able to provide more efficient and effective IT services • Increase the predictability of costs: • Outsourcing contracts are generally multi-year contracts • This increases the predictability of costs for the outsourcing organization. • This is an important advantage, particularly for investors.

  13. Outsourcing Benefits: Generation of Cash Flows • The generation of cash flows • Through the sale of assets, hardware and immovable property, the outsourcing organization is able to generate a one-time cash flow by outsourcing its IT services.

  14. Outsourcing Disdvantages: Management of IT Suppliers • Management of IT supplier(s) • The management of IT suppliers requires the attention of the management of the outsourcing organization and this carries its own costs. • Furthermore, many organizations have difficulty finding qualified managers to assume this role.

  15. Outsourcing Disdvantages: Confidentiality • Confidentiality • Outsourcing arrangements cause the outsourcing organization’s confidential data to be accessible to the IT supplier’s employees • This constitutes a risk that must be considered when the decision to outsource is taken • Dependency on the IT supplier(s): • By entering into a multi-year contract, outsourcing organizations become dependent on their IT suppliers, particularly when there are changes in IT services required by the outsourcing organization

  16. Outsourcing Disdvantages: Dependency on the IT Supplier • Dependency on the IT supplier(s) • By entering into a multi-year contract, outsourcing organizations become dependent on their IT suppliers, • Particularly when there are changes in IT services required by the outsourcing organization.

  17. Outsourcing Disdvantages: Confidentiality • Confidentiality • Outsourcing arrangements cause the outsourcing organization’s confidential data to be accessible to the IT supplier’s employees • This constitutes a risk that must be considered when the decision to outsource is taken • Dependency on the IT supplier(s): • By entering into a multi-year contract, outsourcing organizations become dependent on their IT suppliers, particularly when there are changes in IT services required by the outsourcing organization

  18. Outsourcing Disdvantages: Dependency on the IT Supplier • Dependency on the IT supplier(s) • By entering into a multi-year contract, outsourcing organizations become dependent on their IT suppliers, • Particularly when there are changes in IT services required by the outsourcing organization.

  19. Projects • The three main goals of project management are… • Complete the project on time or earlier. • Complete the project on budgetor under. • Meet the specifications to the satisfaction of the customer.

  20. Project Structure • Functional Structure: • The team is housed in a specific functional area. Assistance from other areas must be negotiated. • Pure Project: • Team members work exclusively for the project manager, which is best for large projects. • Matrix Structure: • A compromise between the functional and project structures. Members remain in various functional areas and the project manager coordinates across functional areas. Dual authority can cause problems.

  21. Slack (S) is the difference, if any, between the earliest start (ES) and latest start times (LS) or the early finish (EF) and late finish (EF) times. S = LS - ES or S = LF - EF The is the earliest you can start an activity. It is determined by the earliest finish time of the precedent activity. If there are two or more precedent activities, this time is the same as precedent activity with the latest “Early Finish” time. Slack The earliest you can complete an activity--determined by adding the activity time (duration) to the early start time. Activity Early Start Early Finish Late Finish Late Start This is the latest you can finish an activity without delaying project completion. It is the same as the Latest Start time of the next activity. If there are two or more subsequent activities, this time is the same as the earliest of those “Latest Start” times. Activity Duration This is the Latest Finish time minus the activity duration. What AON Nodes look like.

  22. Types of Project Risk • Service/Product Risks: If the project involves new service or product, several risks can arise. • Market riskcomes from competitors. • Technological riskcan arise from advances made once the project has started, rendering obsolete the technology chosen for service or product. • Legal riskfrom liability suits or other legal action. • Project Team Problems: Poor member selections and inexperience, lack of cooperation, etc. • Operations Risk: Information inaccuracy, miss-communications, bad project timing, weather…

  23. Types of Project Risk • Service/Product Risks: If the project involves new service or product, several risks can arise. • Market riskcomes from competitors. • Technological riskcan arise from advances made once the project has started, rendering obsolete the technology chosen for service or product. • Legal riskfrom liability suits or other legal action. • Project Team Problems: Poor member selections and inexperience, lack of cooperation, etc. • Operations Risk: Information inaccuracy, miss-communications, bad project timing, weather…

  24. Budget Category Considerations Average % of IT New IT investments: Projects that deliver new These projects were likely business capabilities conceived and approved 20% before the lean times began. Projects to improve IT Waste creeps in when IT is efficiency busy completing other work on 9% behalf of the business. IT MOOSE*: Maintenance and smaller Maintenance budgets are often enhancement activity against based on previous year with 15% applications little year to year scrutiny. Operational costs of Inattention to detail over time applications and services, can create waste in licensing 19% including software licenses and and contractual maintenance support fees. Data centre and networking Data centre and networking costs costs Reduced business can correlate to reduced 19% requirements for storage and computing capacity. End user support, including What level of support/time desktop software between desktop upgrades is 10% appropriate during lean times? Administration, planning, Can you shift deployments of architecture, and IT administrative or architecture 7% management staff to more tactical assignments, temporarily? Breakdown of IT spending Support business growth Reduce cost of business Reduce cost of IT MOOSE 30% Investment – new/improved capabilities 70% Support current business at current business volumes IT MOOSE* IT Spend * Maintenance, Operations, and Ongoing support of Systems and Equipment Forrester Research Inc. (2008): ” Budget Adjustments For CIOs In Lean Economic Times”

  25. Adoption of ITIL and Other Frameworks Brings Discipline and Efficiency to IT Ops • The Information Technology Infrastructure Library (ITIL) standardizes IT terminologies to establish guidelines and a common language for IT operational processes like: • Change management, • Problem resolution, • Service delivery, and • Resolution of customer inquiries. • Other frameworks include: • COBIT (control objectives for information and related technology) • ISO 17799 • These frameworks help companies standardize: • IT operations, • Management processes, and • Practices • Helps lower costs by: • Reducing unplanned and unscheduled work and • Making it easier to adopt and implement cost-reducing technologies

  26. Server virtualization lowers hardware costs and reduces administrative burden • The proliferation of smaller Wintel and Linux servers has started to escalate the costs of scale-out/scale-up efforts, • Drives greater staff costs to administer and provision the burgeoning number of individual servers. • With virtualization, the decentralize/recentralize pendulum swings back toward centralization as small mainframes and even larger Unix servers, become the new platform on which to consolidate hundreds of virtual servers • Lowering software licensing costs • Lowering server administration staff costs.

  27. Introduction: The Local Contingency Plan Questions answered by the Local Contingency Plan: WHO: Designates individuals and invests them with authority WHAT: Expectations and procedures associated with an incident WHEN: The tasks that need to be performed before, during, and after an incident WHERE: Identifies key locations for incident planning and response, including locations of emergency equipment, escape routes, and indoor post-evacuation rendezvous points WHY: Protects people and serves as a gateway to continuity HOW: Explains the way your department should prepare and respond

More Related