Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improving IT Governance Through Formal Change Management

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Improving IT Governance Through Formal Change Management"— Presentation transcript:

1 Improving IT Governance Through Formal Change Management

2 My Role at Marquette Change Manager Head of the PMO
ITIL Practitioner in release & control (change, configuration & release management) Head of the PMO PMP certification

3 Why Did We Start? Stabilize the infrastructure

4 Audit Questions Change Management and Program Development Controls
Change Management policy and procedure documentation (requirements for requesting, documenting, testing, approving, and migrating/implementing changes to the production environment). Emergency change procedure documentation. List of all requested changes (development and configuration changes) made to the financial reporting applications and underlying environment (between 6/1/06 – present). Program development methodology (SDLC) and formal testing procedure documentation (if exist and different from Change Management Policy) System generated evidence (access control list, etc) showing users that have access to modify system code or system configurations for the production environment

5 What is Governance There is no universal definition COBIT
The need for assurance about the value of IT, the management of IT-related risks and increased requirements for control over information are now understood as key elements of enterprise governance. Value, risk and control constitute the core of IT governance.

6 Gartner Definition "The processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals." This definition contains certain key concepts: ITG is composed of processes with the inputs, outputs, roles and responsibilities that are inherent in a process definition (however, the definition does not talk about how these processes might be implemented). The role of ITG "ensures," as opposed to "executes." The goal of ITG is defined as a business goal, not just IT-related. Key performance measures, identified as effectiveness and efficiency, together represent business value.

7 COBIT Governance Management Control Audit 1996 1998 2000 2005

8 Perspective of Frameworks and Standards
COSO, ISO 9001,King II, Sarbanes-Oxley, Industry BEE Charter What COBIT Domains Plan & Organize Acquire & Implement Deliver & Support Monitor & Evaluate What This may be clarified by considering some of the major frameworks and standards: • COSO Internal Control—Integrated Framework—This report from the Committee of Sponsoring Organizations of the Treadway Commission (COSO) consists of four volumes dedicated to improving the quality of financial reporting and ethics through effective internal control (corporate governance). • ISO 9001—This international quality standard from the International Organization for Standardization is used to increase customer satisfaction and address regulatory requirements (corporate governance). • IT Infrastructure Library (ITIL)—A collection of best practices in IT service management, it is focused on the service processes of IT and considers the central role of the user. • ISO 17799, Code of Practice for Information Security Management—This international standard is based on BS It is presented as best practice for implementing information security management. • COBIT—This framework and its supporting tools reach beyond information security and beyond IT service management into general practices for secure, efficient, auditable and effective IT governance. It covers all IT processes, including strategy, finance and human resources. Based on these descriptions, this slide COBIT into perspective relative to the major standards and frameworks with regard to corporate and IT governance. Based on these descriptions, this slide places COBIT and ITIL into perspective relative to the major Bus Alignment TOGAF PMBOK CMMI SDLC ITIL ISO17799 NIST 800 Balanced Scorecard IASCA Audit Standards Board briefing IT Governance How Project Methodology COBIT Focus April 2007 Volume 1

9 Hype Cycle Removed at Gartner’s Request http://www.gartner.com
A Hype Cycle is a graphic representation of the maturity, adoption and application of specific technologies. Technology Trigger breakthrough, product launch or other event that generates significant press and interest. Peak of Inflated Expectations A frenzy of publicity typically generates over-enthusiasm and unrealistic expectations. There may be some successful applications of a technology, but there are typically more failures. Trough of Disillusionment Technologies fail to meet expectations and quickly become unfashionable. Slope of Enlightenment Some institutions experiment to understand the benefits and practical application of the technology. Plateau of Productivity Benefits of it become widely demonstrated and accepted. The technology becomes increasingly stable and evolves in second and third generations

10 Hype Cycle Removed at Gartner’s Request

11 ITIL ITIL is not a temporary fashion – ISO20000
It’s not about tests and certification Going from a technology focus – to a customer service focus Short term costs will be balanced by long-term gains Other cultures have benefited from adopting ITIL It is easier to sell a best practice than an idea

12 ITIL Managing service levels from the customer’s perspective instead of insular technology or infrastructure perspective Going beyond reactive break/fix – to proactive management of service requests and service support Actively managing infrastructure components (assets) and systematically managing changes (planned and un-planned) Remember ITIL concentrates on Continuous Improvement – Deming A non-proprietary set of best practices – public domain

13 ITIL Service Management v2

14 Continual Service Improvement
ITIL v3 Service Strategy Business Requirements Policies Resource Constraints Service Design Solutions Standards Architectures Service Transition Transition Plans Testing Service Operation Operational Plans Operational services Continual Service Improvement

15 Service Services are a means of delivering value to customers by facilitating outcomes customers want to achieve, without the ownership of specific costs and risks. ITILv3 Road show

16 Marquette IT Governance
We have a PMO that is based on PMBOK and we have our own Project Methodology We also have begun to implement ITIL

17 Marquette Process Incident Change Config
How incidents and requests are handled Change How changes to the production system are handled Config Components of the IT infrastructure Data Center Working on getting all university owned PCs in the CMDB

18 Incident Management The goal of Incident Management is to restore normal service operation as quickly as possible and minimize the adverse effect on business operations, thus ensuring that the best possible levels of service quality and availability are maintained.

19 Configuration Management
Configuration Management is a process that tracks all of the individual Configuration Items (CI) in a system. A Configuration Item (CI) is an IT asset or a combination of IT assets that may depend and have relationships with other IT processes

20 Change Management The goal of Change Management is to ensure that standardized methods and procedures are used for efficient handling of all changes, in order to minimize the impact of change-related incidents and to improve day-to-day operations.

21 What is a Change? A service may become unavailable or degraded during service hours, The functionality of a service to become different, or The CMDB to require an update.

22 High-Level Change Process
Change Coordinator Change Manager Register the change Complete R&I Work Orders Develop Change Plan Review Change Plan Assign Imp Work Orders Get Approval(s)

23 Types of Change Templates
Application Mod Develop mod, Test, Back-out, UAT, Move to Prod, Verify, Update CMDB MAC (Move Add Change) Risk assessment, Service Provide, UAT, Move to Prod, Verify, Update CMDB Emergency Update capacity, Inform Service Provider, Update CMDB

24 Change Metrics

25 Communications In addition to the UAT Forward Schedule of Changes

26 What did we get? More stable infrastructure
More proactive less reactive Better alignment with University needs Better communication Internal IT University units Better support Finance audit

27 Lessons Learned More of a culture change than technology change
Mostly IT, but functional users also Objections It will slow us down More “paperwork” Management doesn’t trust us People may leave the organization

28 Lessons Learned Adopt a best practice framework (ITIL)
Attend local itSMF chapter and learn from others Start with an obtainable scope Minimize the bureaucracy Process first then tool, but with an eye towards the tool

29 Questions?

30 References http://www.itsmfusa.org http://www.gartner.com/

Download ppt "Improving IT Governance Through Formal Change Management"

Similar presentations

Texas Department of Information Resources Presents

Texas Department of Information Resources Presents
ITIL: Service Transition

ITIL: Service Transition
TI BISNIS ITG using COBIT &

TI BISNIS ITG using COBIT &
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.

Internal Control Concepts Knowledge. Best Practices for IT Governance IT Governance Structure of Relationship Audit Role in IT Governance.
ITIL Model Overview and Impact on ITS

ITIL Model Overview and Impact on ITS
Remedyforce Value Enablement Kit – Change Management

Remedyforce Value Enablement Kit – Change Management
IIBA Denver | may 20, 2015 | Kym Byron , MBA, CBAP, PMP, CSM, CSPO

IIBA Denver | may 20, 2015 | Kym Byron , MBA, CBAP, PMP, CSM, CSPO
ITIL: Why Your IT Organization Should Care Service Support

ITIL: Why Your IT Organization Should Care Service Support
ITIL Process Management An Overview of Service Management Processes Presented by Jerree Catlin, Sue Silkey & Thelma Simons.

ITIL Process Management An Overview of Service Management Processes Presented by Jerree Catlin, Sue Silkey & Thelma Simons.
Integrated IT Service Management

Integrated IT Service Management
Integrated Process Model - v2

Integrated Process Model - v2
Information Technology Service Management

Information Technology Service Management
Release & Deployment ITIL Version 3

Release & Deployment ITIL Version 3
Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],

Corporate Governance: Beyond Compliance at a time of Recession Prof. Ashley G. Frank BA(Econ)[Magna Cum Laude], MDPA (Cum Laude], MBA, MCom [Cum Laude],
What is Business Analysis Planning & Monitoring?

What is Business Analysis Planning & Monitoring?
Effective Methods for Software and Systems Integration

Effective Methods for Software and Systems Integration
Developing Enterprise Architecture

Developing Enterprise Architecture
© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.

© 2010 Plexent – All rights reserved. 1 Change –The addition, modification or removal of approved, supported or baselined CIs Request for Change –Record.
Certificate IV in Project Management Project Management Environment Course Number 17871 Qualification Code BSB41507.

Certificate IV in Project Management Project Management Environment Course Number Qualification Code BSB41507.

Similar presentations

Ads by Google