1 Optimizing IT Better Planning, Better Control, Better Results Copyright © 2009 K-12 Technology Works

2 IT Today IT has a growing impact on organizations IT is fundamental for day-to-day operations IT is key to increasing productivity IT processes are now spread across organizations – not just IT or IS IT needs to function like a utility — “always on”

3 What This Means The stakes have grown for IT – Do more with less – Operate more effectively and efficiently – Become more proactive and less reactive Transition from Support Center to Strategic Asset

4 CTO Concerns 1. Infrastructure management 2. Keeping up with technology 3. Maintaining skills and knowledge 4. Time and resource management 1990’s

5 CTO Concerns (Today) 1. Managing costs, budgets and resources 2. Meeting organization and user needs 3. Aligning IT strategy with organization strategy 4. Coping with change 5. Dealing with senior management 6. Recruiting and retaining staff 7. Time and resource management 8. Infrastructure management 9. Keeping up with technology 10. Maintaining skills and knowledge

6 What’s a CTO to do? Best Practices Without Best Practices – IT staff often “reinvent the wheel” – Lessons learned are rarely shared – Same mistakes are often repeated With Best Practices – Improved quality, efficiency and effectiveness – Reduced errors, risk, and wasted effort

7 Focus – IT Challenges Keep IT Running Value Costs Mastering Complexity Aligning IT with Business Regulatory Compliance Security

8 Best Practices IT Governance COBIT ITIL Infrastructure Optimization

9 Purpose of IT Governance To direct IT endeavors and ensure that IT performance meets the following objectives: – Alignment of IT with the enterprise and realization of the promised benefits – Use of IT to enable the enterprise by exploiting opportunities and maximizing benefits – Responsible use of IT resources – Appropriate management of IT-related risks

10 Focus Areas IT Governance Strategic Alignment Value Delivery Risk Management Resource Management Performance Measurement

11 IT Governance Strategic Alignment – Set goals, ensure linkage and devise strategies Value Delivery – Prove intrinsic value by delivering on promises Risk Management – Awareness, safeguarding and compliance Resource Management – Optimal investment in and management of critical resources Performance Measurement – Track and monitor processes and resources

12 In Summary IT governance ensures that IT goals are met and IT risks are mitigated such that IT delivers value to sustain and optimize enterprise operations Success is dependent on buy-in from all stakeholders Commitment starts with education Control and structure gained through the use of control frameworks

13 Control Frameworks

14 Framework Benefits Business Focus – IT aligned, meaningful priorities, executive sponsorship Process Orientation – Organized processes with clear responsibilities General Acceptability – Good practices employed across the community evolve Common Language – Best Practices tend to develop a distinctive terminology Regulatory Compliance – Easier to demonstrate when based on accepted standards

15 Frameworks for IT Governance Confidence of Executive Leadership Responsiveness of IT to Business Higher Return on Investment More Reliable Services More Transparency

16 C OBI T Control Objectives for Information and related Technologies Globally accepted as the umbrella process model for IT best practice Balance between useful guidance and concise requirements Often seen in association with audit community (e.g. Sarbanes-Oxley) Information Systems Audit and Control Association (ISACA)

17 4 Domains 34 Processes 215 Control Objectives CobiT Cube

18 C OBI T Domains Plan and Organize Monitor and Evaluate Deliver and Support Acquire and Implement

19 Plan and Organize PO1 Define a Strategic IT Plan PO2 Define the Information Architecture PO3 Determine the Technological Direction PO4 Define the IT Processes, Organization and Relationships PO5 Manage the IT Investment PO6 Communicate Management Aims and Direction PO7 Manage IT Human Resources PO8 Manage Quality PO9 Assess and Manage Risks PO10 Manage Projects

20 Acquire and Implement AI1 Identify Automated Solutions AI2 Acquire and Maintain Application Software AI3 Acquire and Maintain Technology Infrastructure AI4 Enable Operation and Use AI5 Procure IT Resources AI6 Manage Changes AI7 Install and Accredit Solutions and Changes

21 Deliver and Support DS1 Define and Manage Service Levels DS2 Manage Third-Party Services DS3 Manage Performance and Capacity DS4 Ensure Continuous Service DS5 Ensure Systems Security DS6 Identify and Allocate Costs DS7 Educate and Train Users DS8 Manage Service Desk and Incidents DS9 Manage the Configuration DS10 Manage Problems DS11 Manage Data DS12 Manage the Physical Environment DS13 Manage Operations

22 Monitor and Evaluate ME1 Monitor and Evaluate IT Performance ME2 Monitor and Evaluate Internal Control ME3 Ensure Compliance with External Requirements ME4 Provide IT Governance

23 Framework Content Process Definition Detailed Control Objectives

24 PO1 – Define a Strategic IT Plan PO1.1 IT Value Management PO1.2 Business-IT Alignment PO1.3 Assessment of Current Capability and Performance PO1.4 IT Strategic Plan PO1.5 IT Tactical Plans PO1.6 IT Portfolio Management

25 Framework Content Process Definition Detailed Control Objectives Inputs and Outputs RACI Goals and Metrics

26 Generic Maturity Model Five Level Ordinal Scale – Level 1 – Initial – Level 2 – Repeatable – Level 3 – Defined – Level 4 – Managed – Level 5 - Optimized

27 ITIL Information Technology Infrastructure Library – A framework for managing IT – Developed by OGC – ITIL v1, 1990’s – 30 Volumes – ITIL v2, 2001 – 8 Volumes – ITIL v3, 2007 – 5 Volumes

28 ITIL Worldwide Aetna Barclays Bank Boeing Exxon Federal Express Fujitsu Guinness Hewlett Packard IBM Merrill Lynch Microsoft Oracle Proctor and Gamble Shell Oil Telstra

29 The New ITIL® Version 3 Library Service Strategy – Design, develop and implement service management Service Design – Design and develop services and SM proc Service Transition – Transition new and changed services into operations Service Operation – Manage IT Service delivery and support Continual Service Improvement – Create and maintain business value through better – service design, transition and operation

30

31 Service Strategy Developing Service Strategies Service Portfolio Management Financial Management Demand Management

32 Service Design Service Catalog Management Service Level Management Availability Management Capacity Management Continuity Management Information Security Supplier Management

33 Service Transition Transition Planning and Support Change Management Asset and Configuration Management Release and Deployment Validation and Testing Evaluation Knowledge Management

34 Service Operation Incident Management Problem Management Event Management Request Management Access Management

35 Continual Service Improvement Service Measurement 7 Step Improvement Process Deming Cycle CSI Model Service Reporting ROI for CSI

K-12 INFRASTRUCTURE OPTIMIZATION (IO) 36 OPTIMIZING IT Better Planning, Better Control, Better Results

K12 IO Model Ad-hoc Distributed Static Overweight Manual processes Unpredictable Informal Hybrid Structured Consumer Stable Formal Centralized Flexible Rationalized Monitored Agile Collaborative Adaptive Fully automated Dynamic Self assessing 37 Reactive Cost Center Reactive Cost Center Proactive Strategic Asset Proactive Strategic Asset

K12 IO Drivers 38 K12 IO CobiTITILVal ITEconomicTechnology Industry Standards LegalCustomers Best Practices

K12 IO Domains Identity Management Resource Management*Support Management*Application Management* Business Continuity Planning 39  Servers  Workstations  Peripherals  Networking Equipment  Cabling System  Software  Communications Equipment

K12 IO Results Optimize IT resources Measure growth Become a strategic asset Provide the catalyst for change 40

Defined Process Model Services Requests – How do users request service? – How does IT interact regarding requests? How is security maintained? How are assets tracked? How long are records kept? What happens in case of a disaster?

Generic Process Model Roles Rules Task RWO

Operational Processes Where do we want to be? Where are we now? How do we get where we want to be? How do we know when we’ve arrived? Vision and Business Objectives Assessments Process Change Metrics A Process Led Approach

Continual Process Improvement Document As-Is Process Establish Measurements Follow Process Measure Performance Identify and Implement Improvements

Business Process Reengineering Scope Project Learn from Others Create To-be Process Plan Transition Implement

Optimizing IT Adopt Best Practices Identify Baseline Business Alignment Process Improvement Develop Business Case Project Management Monitor, Measure and Report