Upload
others
View
2
Download
1
Embed Size (px)
Citation preview
신시개천 5906년
IT Governance Implementation IT Governance Implementation GuideGuide
Using CUsing COBITOBIT ANDAND VVALAL ITIT
January 19, 2009January 19, 2009
SeungSeung won, Jungwon, JungISACA Korea GRA, Samsung SDSISACA Korea GRA, Samsung SDS
Val IT and slides copyright © 2006 IT Governance Institute. Used with permission.
2신시개천 5906년
목 차
1. COBIT and Val IT Review1. COBIT and Val IT Review
2. ITG Implementation Guide Introduction2. ITG Implementation Guide Introduction
3. 3. Implementation Road MapImplementation Road Map
4. Related Publications4. Related Publications
3신시개천 5906년
1. COBIT and Val IT ReviewCOBIT and Val IT Review
4신시개천 5906년
IT Governance: Definitions
2. IT Governance Institute. 2007 CobiT 4.1, p5. Rolling Meadows, Ill: ITGI
1. Weill, P. and Ross, J.W. 2004. IT Governance, p8. Boston, MA, Harvard Business Press
Specifying the decision rights and accountability
framework to encourage desirable behaviour in the
use of IT1
IT governance is the responsibility of executives and the
board of directors, and consists of the leadership,
organizational structures and processes that ensure
that the enterprise’s IT sustains and extends the
organization’s strategies and objectives2
5신시개천 5906년
Value delivery
Focuses on ensuring the linkage of business and IT plans;
on defining, maintaining and validating the IT value proposition;
and on aligning IT operations with enterprise operations
Is about executing the value proposition throughout the delivery cycle, ensuring
that IT delivers the promised benefits against the strategy, concentrating on
optimising costs and proving the intrinsic value of IT
Is about the optimal investment in, and the proper management of, critical IT
resources: applications, information, infrastructure and people. Key issues
relate to the optimisation of knowledge and infrastructure.
Requires risk awareness by senior corporate officers, a clear understanding of
the enterprise’s appetite for risk, understanding of compliance
requirements, transparency about the significant risks to the enterprise, and
embedding of risk management responsibilities in the organisation
Tracks and monitors strategy implementation, project completion, resource
usage, process performance and service delivery, using, for example,
balanced scorecards that translate strategy into action to achieve goals
measurable beyond conventional accounting
Performance
measurement
Risk management
Resource
management
Strategic
alignment
IT Governance focus Area
6신시개천 5906년
IT governance is:
• The responsibility of the board of directors and
executive management
• An integral part of enterprise governance,
consisting of the leadership, organisational
structures and processes that ensure that the
enterprise’s IT sustains and extends the
organisation’s strategies and objectives
PERFORMANCE
MEASUREMENT
RESOURCE
MANAGEMENT
RISK
MANAGEMENT
VALUEDELIVERY
STRATEGIC
ALIGNMENT
www.itgi.orgwww.itgi.org
64% Doing something about it
42% Not doing something about it2003
2005
Source: Surveys by PwC for the IT Governance Institute Sep-Oct 2003 and Sep-Oct 2005
36%
58%
7신시개천 5906년
COBITControl Objectives for Information and related Technology
2007
COBIT의목적은경영진과업무프로세스의책임자들에게 IT에연관된위험을이해하고관리하는것을도와줄수있는 IT 관리모델을제공하는것이다. COBIT은기업이직면하고있는위험, 통제필요성, 기술적인문제들간에존재하고있는괴리를없애는것을도와준다. COBIT은 IT 관리의필요성을충족시키고, 정보와정보시스템의무결성을보장해주는하나의통제모델이다.
8신시개천 5906년
As a control and governance framework for IT, COBIT focuses on two key areas:
► Providing the information required to support business objectives and requirements
► Treating information as the result of the combined application of IT-related resources that need
to be managed by IT processes
Processes
Activities
Domains
IT Processes
Effectiveness
Efficiency
Confidentiality
Integrity
Availability
Compliance
Reliability
IT Resources
Applications
Information
Infrastructure
People
IT Process
Business Requirement
Control Approach
Consideration
• ……………………………
• ……………………………
• ……………………..……..
Information Criteria
COBIT Framework
9신시개천 5906년
COBIT Domain and Process
10신시개천 5906년
COBIT Contents(1)
11신시개천 5906년
COBIT Contents(2)
12신시개천 5906년
COBIT 적용사례
www.isaca.org/cobitcasestudies
13신시개천 5906년
Val IT Framework
A comprehensive, credible and pragmatic
organising framework—with practical guidelines,
principles, processes and supporting practices
that help boards, executive management and other
organisational leaders maximise the realisation
of value from IT investments.
14신시개천 5906년
Focus Area
The strategic question.
The architecture question.
The value question.
The delivery question.
Val IT
COBIT
15신시개천 5906년
Val IT Domain and Process
16신시개천 5906년
2. ITG Implementation Guide IntroductionITG Implementation Guide Introduction
17신시개천 5906년
ITG Implementation Guide 구성
ITG Implementation Guide TOOL KIT
1.Introduction to This Guide
2.Using COBIT and Val IT
to Implement IT Governance
3.Implementation Road Map
4.Appendix I
- Generic Approach to IT Initiative Scoping
5.Appendix II
- COBIT and Related Products
18신시개천 5906년
• Introduction to IT governance, stakeholders and their interests
• Using COBIT and Val IT to implement IT governance
• A road map for implementing IT governance expressed as a task-based action plan
ITG Implementation Guide Objectives
19신시개천 5906년
Scope
• Provide a detailed ROAD MAP that can help the enterprise to identify and address its IT governance needs
• Provide the identification of COBIT and Val IT components to be leveraged
• This does not provide ‘the solution’, provides ‘an approach’ for implementing IT governance
20신시개천 5906년
Road Map to IT Governance
Phase 1
5 phases , 15 steps
Phase 2
Phase 3
Phase 4
Phase 5
21신시개천 5906년
Road Map details
22신시개천 5906년
IT Governance Life Cycle
23신시개천 5906년
3. Implementation Road MapImplementation Road Map
24신시개천 5906년
Step 1. Raise Awareness
25신시개천 5906년
Management Awareness Diagnostic
02. Management Awareness Diagnostic 1.xls
26신시개천 5906년
Step 2. Define Scope
27신시개천 5906년
IT Heat Map
28신시개천 5906년
Step 3. Define Risk
29신시개천 5906년
Themes Mapped to Risk Factors
30신시개천 5906년
Step 4. Define resources & deliverables
31신시개천 5906년
Themes to Controls Diagnostic
32신시개천 5906년
Step 5. Plan programme
33신시개천 5906년
Communication Plan Template Executive Summary
Introduction and Background
Communication Plan Overview
Target Audiences
Communication Objectives
Key Messages
Awareness Approach
• Training
• Publications
• Intranet
• Surveys
Awareness Monitoring and Feedback
34신시개천 5906년
Step 6. Assess actual performance
35신시개천 5906년
Capability WorksheetIT Process/Maturity
Levels for Process XX
Awareness
and
Communication
Tools and
Automation Skills and
Expertise
Responsibility
and
Accountability
Goal Setting
and
Measurement
1 Initial/Ad Hoc
2 Repeatable but
Intuitive
3 Defined Process
4 Managed and
Measurable
5 Optimised
36신시개천 5906년
Step 7. Define Target for improvement
37신시개천 5906년
IT Process Capability Maturity Scorecard
38신시개천 5906년
Step 8. Analyse gaps
39신시개천 5906년
Report Tool (Star Chart)IT Process/Maturity
Levels for Process XX
Awareness
and
Communication
Policies, Standards
and Procedures
Tools and
Automation Skills and
Expertise
Responsibility
and
Accountability
Goal Setting
and
Measurement
3 Defined Process
2 Repeatable but
Intuitive
1 Initial/Ad Hoc
5 Optimised
4 Managed and
Measurable
40신시개천 5906년
Step 9. Define Project
41신시개천 5906년
Prioritise improvements into justifiable projects.
Reworking Good, Hard-to-justify Solutions
LowLow
HighHigh
HighHigh
Impact on the Business
Potential for Success
Break down
into smaller
projects.
Reconsider business
benefits and the
potential to bundle
with other solutions.
Change Mgt Improvements
Desktop Upgrade
Standard Incident Procedures
Security Policy and
Awareness
Help Desk Improvement
42신시개천 5906년
Step 10. Develop Improvement plan
43신시개천 5906년
Project Gantt ChartBusiness/ IT Strategy
IT Governance Plan
Project Management
Change Enablement
Security Policy and Awareness
Standard Incident Procedures
Desktop Upgrade
Help Desk Improvements
Change Management Improvements
44신시개천 5906년
Step 11. Implement the Improvements
45신시개천 5906년
Step 12. Monitor Implementation Performance
46신시개천 5906년
IT Balanced Scorecard Example
47신시개천 5906년
Step 13. Review Programmeeffectiveness
48신시개천 5906년
Step 14. Implement the Improvements
49신시개천 5906년
Step 15. Identify new governance requirements
50신시개천 5906년
4. Related Publications
51신시개천 5906년
http://www.isaca.org