신시개천 5906년

IT Governance Implementation IT Governance Implementation GuideGuide

Using CUsing COBITOBIT ANDAND VVALAL ITIT

January 19, 2009January 19, 2009

SeungSeung won, Jungwon, JungISACA Korea GRA, Samsung SDSISACA Korea GRA, Samsung SDS

Val IT and slides copyright © 2006 IT Governance Institute. Used with permission.

2신시개천 5906년

목 차

1. COBIT and Val IT Review1. COBIT and Val IT Review

2. ITG Implementation Guide Introduction2. ITG Implementation Guide Introduction

3. 3. Implementation Road MapImplementation Road Map

4. Related Publications4. Related Publications

3신시개천 5906년

1. COBIT and Val IT ReviewCOBIT and Val IT Review

4신시개천 5906년

IT Governance: Definitions

2. IT Governance Institute. 2007 CobiT 4.1, p5. Rolling Meadows, Ill: ITGI

1. Weill, P. and Ross, J.W. 2004. IT Governance, p8. Boston, MA, Harvard Business Press

Specifying the decision rights and accountability

framework to encourage desirable behaviour in the

use of IT1

IT governance is the responsibility of executives and the

board of directors, and consists of the leadership,

organizational structures and processes that ensure

that the enterprise’s IT sustains and extends the

organization’s strategies and objectives2

5신시개천 5906년

Value delivery

Focuses on ensuring the linkage of business and IT plans;

on defining, maintaining and validating the IT value proposition;

and on aligning IT operations with enterprise operations

Is about executing the value proposition throughout the delivery cycle, ensuring

that IT delivers the promised benefits against the strategy, concentrating on

optimising costs and proving the intrinsic value of IT

Is about the optimal investment in, and the proper management of, critical IT

resources: applications, information, infrastructure and people. Key issues

relate to the optimisation of knowledge and infrastructure.

Requires risk awareness by senior corporate officers, a clear understanding of

the enterprise’s appetite for risk, understanding of compliance

requirements, transparency about the significant risks to the enterprise, and

embedding of risk management responsibilities in the organisation

Tracks and monitors strategy implementation, project completion, resource

usage, process performance and service delivery, using, for example,

balanced scorecards that translate strategy into action to achieve goals

measurable beyond conventional accounting

Performance

measurement

Risk management

Resource

management

Strategic

alignment

IT Governance focus Area

6신시개천 5906년

IT governance is:

• The responsibility of the board of directors and

executive management

• An integral part of enterprise governance,

consisting of the leadership, organisational

structures and processes that ensure that the

enterprise’s IT sustains and extends the

organisation’s strategies and objectives

PERFORMANCE

MEASUREMENT

RESOURCE

MANAGEMENT

RISK

MANAGEMENT

VALUEDELIVERY

STRATEGIC

ALIGNMENT

www.itgi.orgwww.itgi.org

64% Doing something about it

42% Not doing something about it2003

2005

Source: Surveys by PwC for the IT Governance Institute Sep-Oct 2003 and Sep-Oct 2005

36%

58%

7신시개천 5906년

COBITControl Objectives for Information and related Technology

2007

COBIT의목적은경영진과업무프로세스의책임자들에게 IT에연관된위험을이해하고관리하는것을도와줄수있는 IT 관리모델을제공하는것이다. COBIT은기업이직면하고있는위험, 통제필요성, 기술적인문제들간에존재하고있는괴리를없애는것을도와준다. COBIT은 IT 관리의필요성을충족시키고, 정보와정보시스템의무결성을보장해주는하나의통제모델이다.

8신시개천 5906년

As a control and governance framework for IT, COBIT focuses on two key areas:

► Providing the information required to support business objectives and requirements

► Treating information as the result of the combined application of IT-related resources that need

to be managed by IT processes

Processes

Activities

Domains

IT Processes

Effectiveness

Efficiency

Confidentiality

Integrity

Availability

Compliance

Reliability

IT Resources

Applications

Information

Infrastructure

People

IT Process

Business Requirement

Control Approach

Consideration

• ……………………………

• ……………………………

• ……………………..……..

Information Criteria

COBIT Framework

9신시개천 5906년

COBIT Domain and Process

10신시개천 5906년

COBIT Contents(1)

11신시개천 5906년

COBIT Contents(2)

12신시개천 5906년

COBIT 적용사례

www.isaca.org/cobitcasestudies

13신시개천 5906년

Val IT Framework

A comprehensive, credible and pragmatic

organising framework—with practical guidelines,

principles, processes and supporting practices

that help boards, executive management and other

organisational leaders maximise the realisation

of value from IT investments.

14신시개천 5906년

Focus Area

The strategic question.

The architecture question.

The value question.

The delivery question.

Val IT

COBIT

15신시개천 5906년

Val IT Domain and Process

16신시개천 5906년

2. ITG Implementation Guide IntroductionITG Implementation Guide Introduction

17신시개천 5906년

ITG Implementation Guide 구성

ITG Implementation Guide TOOL KIT

1.Introduction to This Guide

2.Using COBIT and Val IT

to Implement IT Governance

3.Implementation Road Map

4.Appendix I

- Generic Approach to IT Initiative Scoping

5.Appendix II

- COBIT and Related Products

18신시개천 5906년

• Introduction to IT governance, stakeholders and their interests

• Using COBIT and Val IT to implement IT governance

• A road map for implementing IT governance expressed as a task-based action plan

ITG Implementation Guide Objectives

19신시개천 5906년

Scope

• Provide a detailed ROAD MAP that can help the enterprise to identify and address its IT governance needs

• Provide the identification of COBIT and Val IT components to be leveraged

• This does not provide ‘the solution’, provides ‘an approach’ for implementing IT governance

20신시개천 5906년

Road Map to IT Governance

Phase 1

5 phases , 15 steps

Phase 2

Phase 3

Phase 4

Phase 5

21신시개천 5906년

Road Map details

22신시개천 5906년

IT Governance Life Cycle

23신시개천 5906년

3. Implementation Road MapImplementation Road Map

24신시개천 5906년

Step 1. Raise Awareness

25신시개천 5906년

Management Awareness Diagnostic

02. Management Awareness Diagnostic 1.xls

26신시개천 5906년

Step 2. Define Scope

27신시개천 5906년

IT Heat Map

28신시개천 5906년

Step 3. Define Risk

29신시개천 5906년

Themes Mapped to Risk Factors

30신시개천 5906년

Step 4. Define resources & deliverables

31신시개천 5906년

Themes to Controls Diagnostic

32신시개천 5906년

Step 5. Plan programme

33신시개천 5906년

Communication Plan Template Executive Summary

Introduction and Background

Communication Plan Overview

Target Audiences

Communication Objectives

Key Messages

Awareness Approach

• Training

• Publications

• Intranet

• Surveys

Awareness Monitoring and Feedback

34신시개천 5906년

Step 6. Assess actual performance

35신시개천 5906년

Capability WorksheetIT Process/Maturity

Levels for Process XX

Awareness

and

Communication

Tools and

Automation Skills and

Expertise

Responsibility

and

Accountability

Goal Setting

and

Measurement

1 Initial/Ad Hoc

2 Repeatable but

Intuitive

3 Defined Process

4 Managed and

Measurable

5 Optimised

36신시개천 5906년

Step 7. Define Target for improvement

37신시개천 5906년

IT Process Capability Maturity Scorecard

38신시개천 5906년

Step 8. Analyse gaps

39신시개천 5906년

Report Tool (Star Chart)IT Process/Maturity

Levels for Process XX

Awareness

and

Communication

Policies, Standards

and Procedures

Tools and

Automation Skills and

Expertise

Responsibility

and

Accountability

Goal Setting

and

Measurement

3 Defined Process

2 Repeatable but

Intuitive

1 Initial/Ad Hoc

5 Optimised

4 Managed and

Measurable

40신시개천 5906년

Step 9. Define Project

41신시개천 5906년

Prioritise improvements into justifiable projects.

Reworking Good, Hard-to-justify Solutions

LowLow

HighHigh

HighHigh

Impact on the Business

Potential for Success

Break down

into smaller

projects.

Reconsider business

benefits and the

potential to bundle

with other solutions.

Change Mgt Improvements

Desktop Upgrade

Standard Incident Procedures

Security Policy and

Awareness

Help Desk Improvement

42신시개천 5906년

Step 10. Develop Improvement plan

43신시개천 5906년

Project Gantt ChartBusiness/ IT Strategy

IT Governance Plan

Project Management

Change Enablement

Security Policy and Awareness

Standard Incident Procedures

Desktop Upgrade

Help Desk Improvements

Change Management Improvements

44신시개천 5906년

Step 11. Implement the Improvements

45신시개천 5906년

Step 12. Monitor Implementation Performance

46신시개천 5906년

IT Balanced Scorecard Example

47신시개천 5906년

Step 13. Review Programmeeffectiveness

48신시개천 5906년

Step 14. Implement the Improvements

49신시개천 5906년

Step 15. Identify new governance requirements

50신시개천 5906년

4. Related Publications

51신시개천 5906년

http://www.isaca.org

신시개천 5906년

정승원정승원jsw94@samsung.comjsw94@samsung.com

Thank you.