An Overview of
IT Governance
Mitigate risk:• Ensure security and
continuity of internal business operations, while minimizing exposure to external risk factor
Maximize return:• Improve business results;
grow revenue and earnings, cash flow, reducedcost-of-operation
Improve performance:
• Improve business operations performance end-to-end across the enterprise
• Increase customer and employee satisfaction
Increase agility:• Enable the business
organization and operations to adapt to changing business needs
… and CIO’s must balance among many competing priorities.
Needs, Issues & Challenges
Procedure, Audits, Metrics
Control
StrategicTactical
Operations
Demand
IT andBusiness
Resources
Supply
Capital, Capacity, Priorities
Planning
Alignment Flexibility
EfficiencyQuality
Lack of Business aligned strategyLack of Business aligned strategy
Reduce costs across business Reduce costs across business Ineffective project ManagementIneffective project Management
Deployment Complexity through lack of standard &
legacy
Deployment Complexity through lack of standard &
legacy
No Audit Trails No Audit Trails
Management of Service Changes
Management of Service Changes
Must reduce IT costs by 30%Must reduce IT costs by 30%
Lack of IT resource transparencyLack of IT resource transparency
Missed targets due to lack of steering control Missed targets due to lack of steering control
Deployment Complexity in number of project
Deployment Complexity in number of project
Cannot aggregate need and distribute ROI
Cannot aggregate need and distribute ROI
No means of governing outsourced contracts
No means of governing outsourced contracts
No means of capturing demands
No means of capturing demands
No means of prioritization of business need
No means of prioritization of business need
No means of reporting SLANo means of reporting SLA
Making new outsourcing decisions
Making new outsourcing decisions
What is IT Governance?(Ref.)HP working definition
IT governance is the formal process of defining the strategy of the IT organization and overseeing its execution to achieve the goals of the enterprise.
Aligned/synchronized with the enterprise strategy, including
other key asset strategies
Decision rights
framework & mechanisms
Vision,goals/priorities, measures; value
prop & service portfolio;resource approaches &
commitments;change management
plans
Translation intoaligned, tactical, operational
plans; closed-loop monitoring & control;accountability;
regulatory compliance
Who are the Decision Makers?
Business and IT Collaboration
IT DecisionBusiness Decision
De-centralised
Centralized
Federal
Business Exec.Business Exec.
Business Exec./Mgt.Business Exec./Mgt.
Business Mgt.Business Mgt.
IT Exec.IT Exec.
IT Exec./Mgt.IT Exec./Mgt.
IT ManagementIT Management
Business and IT Exec.Business and IT Exec.
Business and ITExec./Mgt.
Business and ITExec./Mgt.
Business and IT Mgt.Business and IT Mgt.
Non-CooperativeNon-Cooperative CooperativeCooperative
AnarchyAnarchy
Core Competencies for Effective IT Governance
Enterprise ArchitectureManage
ment
Relationship
Management
IT Strategy Managem
ent
Financial Managem
ent
Supply / Demand
Management
Portfolio Manageme
nt
IT Operating Model
•Align operational and strategic IT investments to business strategies & objectives.
•Establish policies, standards, models and processes for managing IT as an enterprise asset
•Lifecycle management of infrastructure, applications and services
•Understand the drivers of IT costs to allocate appropriate costs to the consumers of IT services.
•Establish effective, collaborative relationships with business stakeholders and suppliers.
•Balance the demand for IT services with available resources to meet immediate and strategic goals.
4/19/23 7
Optimized Business Value
Impact
Enterprise Cost Management
IT Cost TransferIT Cost Minimization
Expense Driven, Budget Focused
Balanced & Aligned Adaptive
Enterprise
Enterprise Demand Driven
Supply ConstrainedDeliver to Budget
Technology Centric
Technology-based Services
Service Centric Business Centric Customer Centric
IT Operating Model
Relationship Management
Management
Financial Management
IT Strategy Management
Ad Hoc or IT Centric
Technology Based
Supply Constrained Value Based Demand Driven
Silo IT Process-Based Business Process Based
Internal Service Provider Shared Services
Balanced & Aligned Multi-
Sourcing
ITG
o ver
nan c
eC
apab
ility
Do m
a in s
None
Technology Based
Supply Constrained Value Based Demand Driven
Silo IT Process-Based Business Process Based
Internal Service Provider Shared Services
Balanced & Aligned Multi-
Sourcing
ITG
o ver
nan c
eC
apab
ility
Do m
a in s
None UtilityUtility Dependent Agile
Portfolio Management
Level 1: Initial Level 2: Repeatable Level 4: ManagedLevel 3: Defined Level 5: Optimized
Role of IT
IT Governance Capability Levels
IT Governance Capability Model
Ad Hoc Review of Portfolio
Synergies
IT Cost Minimization
Emerging ROI Based Funding
Business Unit Aligned
Enterprise IT Portfolio
Management
Optimized Business Value
Impact
Enterprise Cost Management
IT Cost TransferIT Cost Minimization
Expense Driven, Budget Focused
Balanced & Aligned Adaptive
Enterprise
Enterprise Demand Driven
Supply ConstrainedDeliver to Budget
Technology Centric
Technology-BasedServices
Service Centric Business Centric Customer Centric
IT Operating Model
Business Relationship Management
Supply / Demand Management
Financial Management
Agile Enterprise Architecture
Architecture Driven Design
Business Strategy Linked
Program-based Architecture Management
Ad hoc Technical Architecture
Enterprise Architecture Management
Integrated Enterprise Architecture &
Business Planning
Architecture-Compliant
Design
Business Strategy Aligned
Architecture
Initial Enterprise Architecture
Program
Ad hoc / Ineffective Enterprise
Architecture
Enterprise Architecture Management
Agile Enterprise Architecture
Architecture Driven Design
Business Strategy Linked
Program-based Architecture Management
Ad hoc Technical Architecture
Enterprise Architecture Management
Integrated Enterprise Architecture &
Business Planning
Architecture-Compliant
Design
Business Strategy Aligned
Architecture
Initial Enterprise Architecture
Program
Ad hoc / Ineffective Enterprise Architecture
Enterprise Architecture Management
IT Strategy Management
Ad Hoc or IT Centric
Technology Based
Supply Constrained Value Based Demand Driven
Silo IT Process-Based Business Process Based
Internal Service Provider Shared Services
Balanced & Aligned Multi-
Sourcing
ITG
o ver
nan c
eC
apab
ility
Do m
a in s
None
Technology Based
Supply Constrained Value Based Demand Driven
Silo IT Process-Based Business Process Based
Internal Service Provider Shared Services
Balanced & Aligned Multi -
Sourcing
ITG
o ver
nan c
eC
apab
ility
Do m
a in s
None UtilityUtility Dependent Agile
Portfolio Management
1: Initial 2: Repeatable 4: Managed3: Defined 5: Optimized
Role of IT
IT Governance Capability Levels
IT Governance Capability Model
Ad Hoc Review of Portfolio Synergies
IT Cost Minimization
Emerging ROI Based Funding
Business Unit Aligned
Enterprise IT Portfolio
Management
The HP IT Governance Capability Model
April 19, 2023 9
IT Governance Models - the 5 Characteristics
Corporate Governance
IT Governance Framework
Val ITCobit
ITILISO
PPM Methods…
BTO portfolio
Business ChangeOrg. Alignment & Competencies
Processes
Technology
People
Value Benefits Assurance
There are many models.
But they share 5 characteristics:
• Underpinned by processes that must be implemented (e.g. Incident management)
• Supported by technology• Define business change
issues to be addressed• Define organisational
realignment to be achieved
• Include some way of measuring the value to be achieved (e.g. balanced scorecard)
April 19, 2023 10
How to Implement GovernanceExecute
IT GovernanceAssessment
ExecuteIT GovernanceAssessment
SetupIT Governance
Framework
SetupIT Governance
Framework
DesignIT Governance
Processes
DesignIT Governance
Processes
ImplementSupporting Tools
ImplementSupporting Tools
•Execute assessment to identify gaps•Define new role of IT in organization•Define evolution roadmap to address the gaps
•Define roles and responsibilities•Setup communication path to support IT-business alignment•Define management structures for decision making, reporting and escalation
•Define policies•Define processes•Define KPIs and reporting requirements
•Implement tool to support the execution of the solution•Implement tools for data collection and management reporting
Continuous Improvement Plan(Control Lifecycle)
Continuous Improvement Plan(Control Lifecycle)
•Identify indicators to monitor strategy execution•Define steering committee to manage relationships within IT and between business & IT•Review IT strategy periodically and evolve governance environment
Critical success factors for ITG
• Clarity of Purpose • Senior Management Commitment• Management of Business Change• Focus, execute and enforce• Measure achievable targets and expectations• Don’t over-engineer IT Governance• Evolution not revolution
• Clarity of Purpose • Senior Management Commitment• Management of Business Change• Focus, execute and enforce• Measure achievable targets and expectations• Don’t over-engineer IT Governance• Evolution not revolution
Practical Advice to Successfully Implementing ITIL Best Practices
Ed HolubResearch Vice President,
IT Operations Management
Hype Surrounding ITIL
ITIL makes the business love the IT group!
ITIL is easy! Buy our tool and have ITIL! Everybody is doing it …
What's next …– ITIL cures cancer!
– ITIL solves world hunger!
Technology Trigger
Peak ofInflated
Expectations
Trough of Disillusionment Slope of Enlightenment
Plateau of Productivit
y
time
visibility
ITIL 2005
ITIL 2012
ITIL 2006
ITIL 2008
ITIL 2010
IT Operations Management Hype Cycle
Key Issues
1.What is ITIL and how can it serve as a guide to transforming operations?
2.What pitfalls should be avoided whenimplementing ITIL?
3.What are the critical success factors and practical methods to maximize return on investment?
Key Issues
1.What is ITIL and how can it serve as a guide to transforming operations?
2.What pitfalls should be avoided whenimplementing ITIL?
3.What are the critical success factors and practical methods to maximize return on investment?
Positioning the Frameworks
Level of Abstraction HighLow
ITRelevance
Holistic
Specific
TCO
ITIL CMMI
CobiT
Six Sigma
ISO 9000
National Awards(e.g., Baldrige)
People CMM
Scorecards
ISO 20000
CMM =capability maturity model
CobiT =Control Objectives for Information and Related Technology
ITIL =IT Infrastructure Library
TCO =total cost of ownership
IS0 20000 = IT service mgt standard
ISO 9000 = quality mgt standard
Point solutions are useful, but a broader, holistic approach to process and quality
improvement is POWERFUL.
Process Framework — ITIL
ITIL is a best-practice process framework.– Service delivery
– Service support
– Others (application management, security management)
Shows the goals, general activities, inputs and outputs of the various processes.
ITIL: The Good and the Bad
Service Delivery:
– Service-level management
– Financial management
– Capacity management
– IT service continuity
– Availability management
Service Support:
– Incident management
– Problem management
– Change management
– Configuration management
– Release management
Service Desk
Core Benefits: Standard process language
Emphasis on process vs. technology
Process integration
Standardization enables cost and quality improvements
Focus on customer
Limitations:
– Not a process improvement methodology
– Specifies "what" but not "how"
– Doesn't cover all processes
– Doesn't cover organization issues
– Hype driving unrealistic expectations
Key Issues
1.What is ITIL and how can it serve as a guide to transforming operations?
2.What pitfalls should be avoided whenimplementing ITIL?
3.What are the critical success factors and practical methods to maximize return on investment?
More Process Refinement Initiatives Fail Due to Ineffective Governance than Due to Bad Designs
Stakeholders
IT operations and production engineering
Architecture and standards IT controller IT service desk Security and compliance Business applications
Steering Committee Responsibilities
Service management vision Project management
and process prioritization Funding and infrastructure
investment Technical architecture Standards, tools and
vendor criteria Measurement criteria Reporting to management
Trying to Run Before Walking
Reactive
Proactive Analyze trends Set thresholds Predict problems Measure appli-
cation availability Automate Mature problem,
configuration, change, asset and performance mgt processes
Fight fires Inventory Desktop SW
distribution Initiate
problem mgt process
Alert and event mgt
Measure component availability (up/down)
IT as a service provider
Define services, classes, pricing
Understand costs Guarantee SLAs Measure & report
service availability Integrate processes Capacity mgt
Service
Value IT as strategic
business partner IT and business
metric linkage IT/business
collaboration improves business process
Real-time infrastructure
Business planning
Level 1
Level 2
Level 3
Chaotic Ad hoc Undocumented Unpredictable Multiple help
desks Minimal IT
operations User call
notification
Level 0
Tool Leverage
Manage IT as a Business
Service Delivery Process Engineering
Operational Process Engineering
Service and Account Management
Level 4
Assuming Tools Will Solve Your Problems
Be wary of vendor hype Focus on process first Tools can be enablers or inhibitors Assess capabilities of your
current tools Review new tools where they would pay
significant dividends Buy what you need, as you need it
"Man is a tool-using animal. Nowhere do you find him without tools; without tools he is nothing, with tools he is all." – Thomas Carlyle
Confusing the 'Means' With the 'End'
This Is Not the Goal!
ITIL
Six Sigma
CMM-IMalcolm Baldrige
"Certification"
Etc.
Certification Does Not Guarantee Good Outcomes!
Beware of Process for Its Own Sake!
Process Improvement Is About Better Outcomes and Experiences for Customers
Key Issues
1.What is ITIL and how can it serve as a guide to transforming operations?
2.What pitfalls should be avoided whenimplementing ITIL?
3.What are the critical success factors and practical methods to maximize return on investment?
Keep Focus Narrow and Deliver Benefits
Determine Where to Start Not necessarily on the least mature processes 80 percent of clients start on core service support processes like change, incident
and problem management Configuration management is a steeper challenge Service-level management is often first of service delivery processes
Deliver Benefits Quickly to Address "Pain Points" Examples: Reduce percentage of changes causing incidents, improve MTTR Builds momentum
Take an Iterative Approach Design 80 percent solutions and plan to improve later Channel benefits to "self-fund" the next phase Periodically reassess priorities
Build Top-Down and Grass-Roots Support
Tailor messages for stakeholder groups Reward process victories vs. traditional hero behavior
Emphasize "WIIFM"
Treat as an Organizational Change Initiative
Communicate Frequently and Consistently
CIO or Head of Infrastructure and Operations must be visible champion
ITIL is much more about people than technology Change culture to embrace standardization vs. unique
solutions Don't ignore the aspects of people change and simply
concentrate on process and tools
Clearly articulate underlying goals and objectives Report on progress – macro and micro
Take a Structured and Holistic Approachto Process Refinement
Structure ProgramWhat is the Governance Structure?What pain points are addressed?
Measurement and GovernanceHow will you know when you achieve the desired maturity?
How will you market and communicate the program value and progress?
Task-Level Process Detail
InformationRequirements
AutomationDetail = Reference Material
= Detail Design
= Implementation
Adopt Process Taxonomy
Common and consistent language!Better alignment of expectations!
Adopt Process Reference Architecture
Define a conceptual, integrated target state!Clean-sheet design concept!
Develop Process Baseline(s)How do the current processes perform?Identify key gaps against best practice!
Develop Transition Approach and Plan
How should the target state be implemented?Knowledge transfer and training!
Build Technical IntegrationFramework
What standards and protocols should be used?How should new automation be assimilated?
Implement and ManageImplement the target state!
Operate and manage new processes!
Build Process Logical ArchitecturesDefine the target state detail for each process!
Leverage Process Integration Comprehensive monitoring Iteratively tune thresholds Filter out noise Train operations center staff Automate on call staff notification
Perform parallel investigation Designate senior technical leaders Utilize problem isolation tools Prioritize effort based on criticality
Dedicate staff to problem management Conduct quick review on all problems Perform in-depth postmortem on
significant problems Identify root cause risk areas Identify action items and track
to completion Maintain an Availability Hit List
AvailabilityManagement
Smell the smoke
ProblemManagement
Fireproofing
Incident Management
Firefighting
Take action to prevent future
problems
Discover anomalies as soon
as possible, preferably before customer impact
Resolve incidents as quickly as
possible
1
2
3
Use Metrics to Drive Behavior andMeasure Progress
People inherently want to do a good job What gets measured gets attention What doesn't get measured drops off the radar People will take action to move a metric in a
positive direction– People will do "dumb" things
– People will stop doing "smart" things
Focus on analysis and action vs. reporting– Select a few key metrics instead of many
– Measure what will help you improve, not what's easy to measure
– Create "tiers" of metrics tailored to different audiences
Effectively Staff Crucial Roles
Designate individuals as process owners
Assign (virtual) teams of subject matter experts
Utilize program or project managers Desirable characteristics for team
members
– Credibility
– Communication skills
– Process and customer focus
– Ability to deal with ambiguity
– Commitment to the cause
People will make or break your ITIL initiative
Comprehensive Approach to Improvement
Six σ
IT Operational Processes — ITIL
App. Development Processes — CMM, CMMI, ASL
Project Management Processes — PMI
1. Establish the Work
2. Align Roles With Work RACIRACI
3. Identify Appropriate Measures
4. Apply Governance
CobiT
Recommendations
Keep the scope narrow enough to deliver tangible benefits before losing momentum.
Demonstrate senior management commitment repeatedlyto inspire grass-roots support.
Remember that ITIL is an organizational change initiative.
Look for "best of fit" process modifications.
Tools are not a substitute for good process.
Set attainable process improvement measurement targets.
Maintain awareness that process improvement is ameans to an end.
Implementing ITSM at DTS
• Our approach
• Current efforts
Approach
• Why we are embracing ITSM– Serve our customers more efficiently and
effectively– Position DTS to take on new services– Prepare DTS to manage services across two
data centers
Approach
• Leverage experience/expertise of others
• Change to an IT service culture
• Internalize incremental changes
Approach
• Build an ITSM foundation core– Tendency to look at a single ITIL process– Keep in mind the linkages between processes
Approach
• Take actions to address specific organizational issues– Completed ITIL Foundations training– Began the “change the language” campaign– Established the Service Desk function – Developed first version of a service level
agreement – Conducted assessments
Current Efforts
• Defining Service Request Management process to replace our current SR system
• Procuring consulting services– To support refinement of implementation
roadmap– To raise the maturity of other processes
How is DTS Implementing ITSM?
• With multiple projects following project management practices
• With Executive sponsorship
• With stakeholder involvement
• With some communication and a lot more to come
• With feedback and course adjustments