A new white paper has just been releaseed: TOGA and COBIT. This is the mapping of TOGAF 8.1 with COBIT 4.0 By The IT Governance Institute(R) (ITGI(R)).
This document provides a detailed mapping of TOGAF 8.1 with COBIT 4.0 and also contains the classification of the standards discussed in this publication, as presented in the overview document COBIT Mapping:Overview of International IT Guidance, 2nd Edition. This mapping helps enterprise architects and auditors using the COBIT framework to consider the requirements and value-add of The Open Group Architecture Framework(TOGAF) 8.1, and vice versa.
This White Paper is available as two parts in separate documents.
Part I (Doc. No. W072) contains the actual TOGAF 8.1/COBIT 4.0 mapping. The research supporting the mapping is available in Part II (Doc. No.W072A) and consists of the following appendices:
* Appendix 1: Plan and Organize
* Appendix 2: Acquire and Implement
* Appendix 3: Deliver and Support
* Appendix 4: Monitor and Evaluate
* Appendix 5: Harmonization of Terms and Concepts
This is now freely available to members in The Open Group bookstore at:
http://www.opengroup.org/bookstore/catalog/w072.htm
and
http://www.opengroup.org/bookstore/catalog/w072a.htm
and also listed in the Architecture Forum White Papers index at:
https://www.opengroup.org/architecture/wp/
Showing posts with label Cobit. Show all posts
Showing posts with label Cobit. Show all posts
19 July, 2007
28 March, 2007
Achieving IT Operational Excelllence
You may be interested in an article I wrote for a magazine: Pharma Focus Asia Issue 4 2007 titled :
Operational Excellence: IT governance, Enterprise Architecture and service management, which explains what are the components of such a program in my company.
The article will soon be downloadable from http://www.pharmafocusasia.com/magazine/ (issue 4), but I'm copying its content:
IT governance defines a structure of relationships, processes and measures to direct and control IT in order to achieve the enterprise's goals.
IT governance is currently a key topic for many IT functions. Its definition varies very often, but key themes remain essential for all companies: effectiveness, efficiency and reliability. Business value and risk mitigation are also at the centre of this domain. It represents a significant part of enterprise governance, and due to the horizontal nature of IT, wherein almost everyone in the enterpriseuses IT assets to complete their responsibilities, the impact of effective IT governance is most visible.
IT governance defines a structure of relationships, processes and measures to direct and control IT assets (e.g. people, finance, infrastructure) in order to achieve the enterprise's goals by adding value while balancing risk with return. It helps to define roles and responsibilities and specify accountability framework to encourage desirable behaviour in IT and accountability for the use of IT assets. ITgovernance also helps to standardise best practices and define monitoring methods.
For XXXXX International SA, IT governance has always been the responsibility of the IT management team, being an integral part of XXXXX's governance, and consists of the leadership and organisational structures and processes that ensure that the IT function sustains and extends the company’s strategies and objectives to deliver value. IT does this within acceptable risk boundarieswhile taking into account culture, organisational structure and maturity.
For the XXXXX IT function, IT governance ensures that delivery expectations are fulfilled, IT resource deployment is continuously planned, targeted and optimised while IT performance is measurable and that the risks are minimised.Among the various components of an IT governance framework, the following domains were retained as being key themes to reach a high level of quality and excellence through continuous improvement:
• Quality management
• Balance scorecard
• Risk management
• Skills management
• Project and portfolio management
• Service management
• Enterprise Architecture
• Information security management
• Audit management
• IT performance and value management
Quality management was initially the main focus for IT, and since 1999, has been certified worldwide in ISO 9001. For the last two years, quality management has also included risk management(identifying risks from strategy down to operations and providing mitigation) as well as skills management (ensuring that the staff in the IT function have the appropriate skills in line with the strategy).Since 2001, IT measures its business alignment, which is highly integrated within the business strategy, using the IT balance scorecard tool. For more than three years, service management and IT Infrastructure Library (ITIL) have been the drivers to improve the quality of services for the end users. XXXXX's IT function deployed the ITIL processes covering both service support and service delivery. Thepurpose of this initiative was to:
• Increase customer satisfaction with IT
• Enhance communication with clients
• Achieve higher reliability in missioncritical systems and infrastructure
• Improve the cost-benefit of services
• Create a “common sense” among staff
These processes are mostly supported by tools from HP-Peregrine and IBM Tivoli. Project management has always been a key practice for IT people. Based on a traditional System Development Life Cycle (SDLC), the methodology has been widely used by the IT function for manyyears. All projects have to comply with documentation, templates and checkpoints where project progress is monitored.Committees validate the various steps of the methodology and give their approval to move to the next phase.
Portfolio management is known internally as the “Funnel”. The portfolio governance process starts when a business user requests or suggests a new capability. The request is automatically routed to aninformation manager (internal relationship manager), then to a business analyst or team for an initial business case before being routed to the IT management committee for review and scoring. The ITmanagement team then evaluates the prioritised, ranked projects to determine the proper portfolio mix and whether to accept the recent request. The “Funnel” is:
• A categorisation model
• A common language for business and IT to:
> Support business strategy
> Organise investments
> Evaluate and prioritise IT projects
> Govern and manage applications portfolio
> Decide when and how to make changes
> Understand what can and cannot be changed
> Provide real-time visibility into resources, budgets, costs, programmes, projects, and overall IT demand
• An input to the IT strategic planSolutions from HP-Mercury help XXXXX to support both project and portfolio management. An Enterprise Architecture (EA) consists of the vision, principles, standards and processes thatguide the purchase, design and deployment of technology within an enterprise. EA describes the interrelationships between business processes, information, applications and underlying infrastructurefor that enterprise, and provides best practices for technology purchase, design and deployment. EA structures and processes govern adherence to an organisation’s technology strategy and provide amanaged environment for the use of new technology.
Enterprise Architecture
• Allows alignment with the company’s business model and strategy
• Enables business changes, technologically based business opportunities
• Easier introduction of new technologies
• Allows standardisation
• Drives information/data consolidation
• Reduces enterprise-application integration complexity
• Facilitates outsourcing as appropriate
• Utilises assets more efficiently
• Provides the facility to better assess the impact of changes
• Ultimately, reduces time to market
Architecture governance is essentially a control or series of controls in the development process which is efficient when supported by good documentation (principles, guidelines, standards) and communicated effectively. To build such an Enterprise Architecture, XXXXX considered the use of both the Zachman and the Open Group TOGAF’s frameworks. Such a programme requires solid processes with ownership and accountability.
Enterprise Architecture is a component of IT governance which interacts with most of the other frameworks such as project and portfolio management, quality, maturity and security management. To manage EA, the company decided to use the Metis-Troux technologies solution.
Security management is another component of the IT governance programme, covering both information security and technical security. The BS 7799 certification was obtained in 2005 for GenevaHQ and ISO 27001 obtained on a worldwide basis in 2006. At the beginning of 2006, a new position reporting directly to the CIO was created to further develop IT performance and value management. Keydrivers for this are: optimising IT value, demonstrating IT value as a critical component of business processes, improving the quality of IT value measurement and reporting and becoming a potentialsource of innovation.
Performance management is not a stand-alone initiative; it is a process that needs to be established and fully integrated in strategic alignment with the business, value delivery and company performancemanagement. This performance framework consistently ensures that IT:
1. Is adding business value to the corporation
2. Is meeting the real customers’ real needs
3. Is running well as a business
Control Objectives for Information and related Technology (COBIT) provides a set of best practices and tools for auditing IT processes and assessing standards compliance, maturity and associatedrisks. COBIT can be associated to other frameworks, as architecture can be audited with certain KPIs.
In the frame of an IT research and innovation initiative, CMMi has been under evaluation. It is the Capability Maturity Model Integration which has been developed by the Carnegie MellonUniversity – Software Engineering Institute, a suite of products used for process improvement. It consists of best practices that address the development and maintenance of products and services covering the product life cycle from conception through delivery and maintenance.
CCMi models could be used in conjunction with all XXXXXs IT processes found in service management(ITIL), COBIT, project management (SDLC/Prince), Enterprise Architecture (Zachman-TOGAF), quality (ISO 9001), security management (ISO 27001), but the programme has not yet been considered.IT governance at XXXXX encompasses many disciplines within the organisation including IT strategy, risk management, IT service management and compliance management to name a few. Understandably, this presents a significant challenge for companies seeking to identify a starting point for their IT governance initiative. Fortunately, best practice governance guidelines and procedures do exist within the industry. Firms, moving ahead with the adoption of a standard will be well served to utilise a phased implementation project approach and start with elements of the standard that will yield their organisation the most benefits—
• Optimised IT strategy and execution
• Improve resource utilisation
• Improve planning and resourcing
• Risk assessment
• Real-time management reporting
In 2005, a benchmark with KPMG positioned XXXXX’s IT as number one among 119 other companies in the life sciences industry. In 2006, the number one position was maintained while thenumber of organisations increased to 125. This recognition states that the IT functionis using IT best practices to support the business and that XXXXX IT controls can now be classed as “excellent”.This was driven by major improvements in the areas of IT operations (incident, problem, operation, and configuration management), security (ISO27001), control assurance (risk, audit, planning management)and Sarbanes Oxley (SOX).
13 February, 2007
Urbanisation des Systèmes d’Information & Architecture d’Entreprise 2007
Urbanisation des Systèmes d’Information & Architecture d’Entreprise 2007
Communiquer et Vendre son Projet d’Urbanisation comme un Investisssement de long terme & Estimer la Valeur et la Rentabilité de cet Investissement
Event Date: 26-27 March 2007
Location: A Five Star Venue To Be Announced Shortly, Paris, France
14:30 Mise en Oeuvre d'une Gouvernance Informatique, démarche, standards, processus et outils
- Vision de XXXXXX des composantes d'une Gouvernance IT (ex: ITIL, CMMi, TOGAF, Cobit, ISO)
- Les standards des domaines de Recherche et Innovation, Architecture d'Enterprise,
- Service Management ainsi que leurs relations
- Définition et démarche des processus clés de Gouvernance
- Choix d'outils pour le support des standards de Gouvernance IT
- Intégrer l'Architecture d'Enterprise comme composant clé de la Gouvernance
- Faire fonctionner le tout ensemble!
23 November, 2006
Does an IT ERP make sense?
Despite the fact that some software vendors companies such as ITM Software are considered to deliver such a solution, I would rather qualify this product as a Project and Portfolio Management solution such as Primavera, Artemis, Mercury and others.
Many companies have a wide range of non integrated solutions covering several aspects of IT Governance such as:
-Project Management
-Portfolio Management
-Time Management
-Service Management
-Enterprise Architecture
-System Management
-Security Management
-Asset Management
etc..
For each of these components some of them have associated processes but no real touch points between them and the visibility is quite difficult to get in terms of IT Service quality. Some companies passed certifications such as ISO 9000, ISO 27001, went through COBIT, and are ITIL based etc... But from my various observations, they do not have a consolidated or integrated view of their IT Services which would contribute to the improvement of Business IT Alignment.
Very often, top management including the CIO ask for IT to deliver Dashboards where we can have in real time indicators (KPIs) on the department performance and then be able to benchmark against competition.
Among existing solutions we have, IT Governance suites such as Mercury ITG or CA Clarity, Service Management platforms such as Peregrine Service Desk, Remedy, CA, HP, Asset management solutions, and finally Time Management product. In the system management landscape, Tivoli, CA Unicenter, and lots of various monitor solutions to manage networks. Fiinally, Enterprise Architecure is often covered by companies such as Telelogic (Popkin), Casewise, Metis solutions etc…
My experience would be to claim that first we need to re-engineer the process, have integrated flows between domains in order ro be able deliver these dashboards, finally avoid duplicated activities within an IT Department.
As no vendors today is able to deliver such an “IT ERP” (but probably HP, IBM and CA will be able to deliver this but nor before a couple of years…), an alternative would be to consider services around these platforms and then from a portal, orchestrate those services, provide results in various dashboards. Obviously if we had an integrated platform, that would be easier.
For the time being, mash-up applications are probably the only way to produce an IT ERP.
Many companies have a wide range of non integrated solutions covering several aspects of IT Governance such as:
-Project Management
-Portfolio Management
-Time Management
-Service Management
-Enterprise Architecture
-System Management
-Security Management
-Asset Management
etc..
For each of these components some of them have associated processes but no real touch points between them and the visibility is quite difficult to get in terms of IT Service quality. Some companies passed certifications such as ISO 9000, ISO 27001, went through COBIT, and are ITIL based etc... But from my various observations, they do not have a consolidated or integrated view of their IT Services which would contribute to the improvement of Business IT Alignment.
Very often, top management including the CIO ask for IT to deliver Dashboards where we can have in real time indicators (KPIs) on the department performance and then be able to benchmark against competition.
Among existing solutions we have, IT Governance suites such as Mercury ITG or CA Clarity, Service Management platforms such as Peregrine Service Desk, Remedy, CA, HP, Asset management solutions, and finally Time Management product. In the system management landscape, Tivoli, CA Unicenter, and lots of various monitor solutions to manage networks. Fiinally, Enterprise Architecure is often covered by companies such as Telelogic (Popkin), Casewise, Metis solutions etc…
My experience would be to claim that first we need to re-engineer the process, have integrated flows between domains in order ro be able deliver these dashboards, finally avoid duplicated activities within an IT Department.
As no vendors today is able to deliver such an “IT ERP” (but probably HP, IBM and CA will be able to deliver this but nor before a couple of years…), an alternative would be to consider services around these platforms and then from a portal, orchestrate those services, provide results in various dashboards. Obviously if we had an integrated platform, that would be easier.
For the time being, mash-up applications are probably the only way to produce an IT ERP.
25 October, 2006
IT Service Capability Maturity Model
CMMI has been developed by the Carnegie Mellon University – Software Engineering Institute. It consists of best practices that address the development and maintenance of products and services covering the product life cycle from conception through delivery and maintenance.
CMMi provides a robust discipline to help developers achieve maturity in their software development processes. There are a number of factors that influence the maturity of the software development processes within an enterprise. These include the strategic plans of the enterprise, the enterprise’s own organization and culture, as well as the technologies that are adopted within the enterprise IT architecture.
A product can be an airplane, a digital camera, a drug or a software package available from a commercial retailer. It can also be a Service such as those defined into IT Service Management. CMMi integrates bodies of knowledge that are essential when developing products, but that have been addressed separately in the past, such as software engineering, systems engineering, and acquisition.
CMMi:
- Emphasizes the development of processes to improve product development and customer services in organizations.
- Provides a framework from which to organize and prioritize process improvement activities (product, business, people, technology)
- Supports the coordination of multi-disciplined activities that may be required to successfully build a product
- Emphasizes the alignment of process improvement efforts objectives with organizational business objectives
A CCMi model is not a process but describes the characteristics of effective processes. CCMI models could be used in conjunction with all IT processes found in Service Management (ITIL), COBIT, Project Management (SDLC/Prince 2), Enterprise Architecture (TOGAF), Quality (ISO 9000), Security Management (ISO 17799). CMMi allows companies to assess their practices and compare them to those of other companies. The CMMi measures process maturity, progresses through five levels: Level 1 (initial), 2 (managed), 3 (defined), 4 (predictable) and 5 (optimizing).
The CMM has been applied to several disciplines within different industries. It is not surprising that maturity models have also been applied to IT Service Management (ITSM).
Recently, the Vrije Universiteit Amsterdam and CIBIT, published a very interesting document “The IT Service CMM” which is free to download and use. This should help companies to evaluate their level of maturity for their ITIL processes, using the CMMi framework.
CMMi provides a robust discipline to help developers achieve maturity in their software development processes. There are a number of factors that influence the maturity of the software development processes within an enterprise. These include the strategic plans of the enterprise, the enterprise’s own organization and culture, as well as the technologies that are adopted within the enterprise IT architecture.
A product can be an airplane, a digital camera, a drug or a software package available from a commercial retailer. It can also be a Service such as those defined into IT Service Management. CMMi integrates bodies of knowledge that are essential when developing products, but that have been addressed separately in the past, such as software engineering, systems engineering, and acquisition.
CMMi:
- Emphasizes the development of processes to improve product development and customer services in organizations.
- Provides a framework from which to organize and prioritize process improvement activities (product, business, people, technology)
- Supports the coordination of multi-disciplined activities that may be required to successfully build a product
- Emphasizes the alignment of process improvement efforts objectives with organizational business objectives
A CCMi model is not a process but describes the characteristics of effective processes. CCMI models could be used in conjunction with all IT processes found in Service Management (ITIL), COBIT, Project Management (SDLC/Prince 2), Enterprise Architecture (TOGAF), Quality (ISO 9000), Security Management (ISO 17799). CMMi allows companies to assess their practices and compare them to those of other companies. The CMMi measures process maturity, progresses through five levels: Level 1 (initial), 2 (managed), 3 (defined), 4 (predictable) and 5 (optimizing).
The CMM has been applied to several disciplines within different industries. It is not surprising that maturity models have also been applied to IT Service Management (ITSM).
Recently, the Vrije Universiteit Amsterdam and CIBIT, published a very interesting document “The IT Service CMM” which is free to download and use. This should help companies to evaluate their level of maturity for their ITIL processes, using the CMMi framework.
05 September, 2006
The art (and difficulty) of selecting an IT Governance Framework
IT Governance is one of those concepts that everyone is talking about.
Many companies after having selected a set of IT Governance pillars are looking for solutions to support them and deliver several types of dashboard to either the Corporate and/or IT Management. But, what are these pillars? Some IT department considers one or more components as IT Governance, some other cumulates several components.
IT Managers very often refer to ITIL, or COBIT, or Balance Scorecards or any other frameworks which will improve efficiency and give some visibility to the business.
Let me briefly describe first what I’m considering as components of an IT Governance, but prior to that, I would like to refer to a very simple definition from the Harvard Business School:
“We define IT Governance as specifying the decision rights and accountability framework to encourage desirable behavior in IT”
Fundamentally, IT Governance is concerned about two main things: IT’s delivery of value to the business and mitigation of IT risks.
The components of IT Governance can or should include at least:
- Aligning IT strategy with the business strategy
- Quality Management
- Strategic IT Planning
- Enterprise Architecture
- Project and Portfolio Management (PPM)
- Service Management
- Audit Management
- Security Management
- Risk Management
- Performance Measurement
The list is not exhaustive and could obviously be completed.
I tried to find if there were any IT Governance frameworks available in the market and always ended with specific frameworks related to the components of this IT Governance. ITIL, COBIT, ISO 9000, CMMi and others… Now, from there, where do I start?
What we need is a Framework of Frameworks… where I know where to start, where to pursue, where to end…all of that in an iterative mode..
I recently discovered The Calder-Moir IT Governance Framework http://www.itgovernance.co.uk/page.framework which looks like as a good initiative in terms of standards framing. This has been developed by IT Governance Limited.
Until today, to my knowledge, no single organization has provided a full picture of how to manage IT Governance. Is this framework something which should be seriously be considered or only a way to sell consultancy?
Many companies after having selected a set of IT Governance pillars are looking for solutions to support them and deliver several types of dashboard to either the Corporate and/or IT Management. But, what are these pillars? Some IT department considers one or more components as IT Governance, some other cumulates several components.
IT Managers very often refer to ITIL, or COBIT, or Balance Scorecards or any other frameworks which will improve efficiency and give some visibility to the business.
Let me briefly describe first what I’m considering as components of an IT Governance, but prior to that, I would like to refer to a very simple definition from the Harvard Business School:
“We define IT Governance as specifying the decision rights and accountability framework to encourage desirable behavior in IT”
Fundamentally, IT Governance is concerned about two main things: IT’s delivery of value to the business and mitigation of IT risks.
The components of IT Governance can or should include at least:
- Aligning IT strategy with the business strategy
- Quality Management
- Strategic IT Planning
- Enterprise Architecture
- Project and Portfolio Management (PPM)
- Service Management
- Audit Management
- Security Management
- Risk Management
- Performance Measurement
The list is not exhaustive and could obviously be completed.
I tried to find if there were any IT Governance frameworks available in the market and always ended with specific frameworks related to the components of this IT Governance. ITIL, COBIT, ISO 9000, CMMi and others… Now, from there, where do I start?
What we need is a Framework of Frameworks… where I know where to start, where to pursue, where to end…all of that in an iterative mode..
I recently discovered The Calder-Moir IT Governance Framework http://www.itgovernance.co.uk/page.framework which looks like as a good initiative in terms of standards framing. This has been developed by IT Governance Limited.
Until today, to my knowledge, no single organization has provided a full picture of how to manage IT Governance. Is this framework something which should be seriously be considered or only a way to sell consultancy?
Subscribe to:
Comments (Atom)
