IT

GOVERNANCE
FRAMEWORK
TOOLKIT
IT BEST PRACTICES
Why its significant?
• A demand on better return from IT investments and a
concern over the generally increasing amount of IT
expenditures.

• The need to meet regulatory requirements for IT controls in

areas such as financial reporting and healthcare.

• The selection of service providers and the management of

service outsourcing and acquisition.
IT BEST PRACTICES
• Having complex IT-related risks, such as
network security

• IT governance help monitor and improve

critical IT activities to increase business value
and reduce business risk.

• The need for enterprises to assess how they

are performing against accepted standards
and against their peers.
(benchmarking)
THE GUIDELINES FOR GOOD IT
GOVERNANCE

1• Strategic Alignment: Alignment of IT goals align with the

enterprise goals.
2. IT Value: It delivers value to business, increase Org.
profits.
3. Performance Measurement: Its performance is
measured // no guessing here,
4. Resource Management: IT resources properly allocated,
5. Risk Management: How the risks being managed
GUIDELINES-CONT’D
IT governance is a continuous life cycle that can be entered
at any point.
Usually one starts with the strategy and its alignment
throughout the enterprise.
Then implementation occurs, delivering the value the
strategy promised and addressing the risks that need
mitigation.
Its recommended that strategy needs to be monitored
continuously and the results need to be:
a. measured,
b. reported and
c. acted upon.
Strategy must be re-evaluated and realigned
annually, if needed.
This life cycle operates in an environment that is
influenced by:
• Stakeholder values
• The mission, vision and values of the enterprise
• The community and Co. ethics and culture
• laws, regulations and policies

• Industry practices
IT GOVERNANCE
FRAMEWORK

ITIL

CMMI

COBIT
Val IT
COBIT, ITIL, VAL IT
1. COBIT was designed as an IT governance
model,

It tells you what you should be doing,

COBit is “Control Objectives for Information and
Related Technology (COBIT) is a framework created
by ISACA for (IT) and IT governance. It is a supporting
toolset that allows: managers to bridge the gap
between control requirements, technical issues and
business risks.”
COBIT, ITIL, VAL IT
2. while ITIL tells you How it should be done

Put them together, and you will have a very

powerful model.

3- Val IT: how to do the right things in the right

way and doing them well and are we getting
the value?
Val IT talks about strategy (how well is it
aligned) & its value.
COBIT
To govern IT effectively, it is important to appreciate the
activities and risks within IT that need to be managed.
These can be summarized as follows.

COBIT Framework subdivides IT into four domains

Plan and Organize, PO
Acquire and Implement, AI
Deliver and Support, DS
Monitor and Evaluate, ME
PLAN AND ORGANISE
(PO)
Provides direction to solution delivery

Ask the questions:

• Is IT and the business strategy aligned and is the
usage of ressources optimized?
• Does everyone in the organisation understand the
IT objectives and the risks?
• Are these properly managed?
CONT’D
(AI) Acquire and Implement:
Provides the solutions and passes them to be turned
into services

Ask the question:

Will the new projects deliver solutions

that meet business needs
in time and within the budget?
DS
Deliver and Support (DS)

Ask the questions:

• Are IT costs optimized and employees using IT

efficiently and safely?
• Are Security measures such as confidentiality,
integrity and availability in place?
ME
Monitor and Evaluate (ME)

Ask the questions:

• Is IT performance being measured to detect

problems before it is too late ?
• Are risks, control, compliance and performance
being measured and reported?
COBIT USES TWO TYPES OF
METRICS
• Outcome measures, key goal indicators
(KGIs)
What is measured here:
• is the information needed available all the
time to support the business needs?
• Are integrity and confidentiality risks Absent?
• Is the information & resources reliable?
PERFORMANCE INDICATORS,

Performance indicators, or
key performance indicators (KPIs), indicate
whether goals are likely to be met.

How? for example: Sales Target

Measure the number of wins over a specific
time period and compare it to a future target
and past performance to motivate your sales
team.
Wins: The number of new customers over a certain time period.
Revenue: Income received through sales activities
INFORMATION TECHNOLOGY
INFRASTRUCTURE LIBRARY(ITIL)
The Information Technology Infrastructure
Library (ITIL) is a set of guidance
developed by the United Kingdom’s Office
Of Government Commerce (OGC)
ITIL does not doc how to do things, But tells
you what can and should be done.
It shares with us what other people found to be
the best way to approach IT as a service
provider.
ITIL CONSISTS OF 5
CORE STRATEGIES:

1. Service Strategy volume:

Provide guidance in developing a strategy for
IT service management.
This involves understanding ur market, ur
customers, ur capabilities & resources &
financial constraints under which services must
be delivered and supported.
PROCESSES WITHIN
SERVICE STRATEGY ARE:

1. Service Strategy
Service portfolio management:
is the process of maximizing the ROI while managing risks.

Financial management:
Evaluates investments in services to assist with strategic
decision-making.

Demand management:
works closely with the business to identify & understand
patterns of business demand.
2. Service Design volume:

Service Design begins with a set of business requirements and

ends with a solution designed to meet these business needs.

3. Service Transition:
Looks at managing change, risk and quality assurance during the
deployment of service into operation.

4. Service Operation volume:

is concerned with daily activities, provide guidance on the
effective & efficient operation of the service.
Its where the value of the service is realized & strategy of the
organization is executed.
ITIL –CONT’D

•5. Continual Service Improvement volume (CSI) :

Provide guidance to improve the overall process and
how its executed.
This should be integrated into all the other lifecycle
stages. This is a continual activity
Based on this report, org strive for improvements.
BENEFITS OF ITIL
• Improve Resource Utilization
• Be More Competitive
• Decrease Rework
• Eliminate Redundant Work
• Improve upon project deliverables and
time
• Improve availability, reliability and
security of critical IT services
• Justify the cost of service quality
BENEFITS OF ITIL –
CONT’D
• Provide services that meet business,
customer and user demands
• Integrate central processes
• Document and communicate roles and
responsibilities in service provision
• Learn from previous experience
• Provide performance indicators
COBIT VS ITIL
• ITIL was designed as a service
management framework to help you
understand how you support processes, &
how you deliver services
• COBIT was designed as an IT governance
model, particularly and initially with audit in
mind to give you control objectives and
control practices on how that process
should behave
COBIT VS ITIL
CONT’D
The difference between the two is,
COBIT tells you what you should be doing,
while ITIL tells you how you should be
doing it
• Put them together, and you have a very
powerful model of what you need to be
doing and how to do it.
None of these frameworks are in
competition with each other, in fact, it is
best if they are used together.
– ISO 17799 outlines security controls, but
does not focus on how to integrate them
into business processes
– ITIL focuses on IT processes/services,
not on security
– COBIT focuses on controls and metrics,
not as much on security So, a combination
of all three is usually the best approach.
HOW CAN THEY BE
USED?
COBIT can be used to determine if the
company's needs (including security) are
being properly supported by IT.
ISO 17799 can be used to determine and
improve upon the company's security
posture.
And ITIL can be used to improve IT
processes & services to meet the
company's goals (including security).
TOOLKIT
Start investigating possible tools for strategic
planning and aligning IT with the organization’s
strategic plan. For toolkit
If you don’t know where to start, do a web search
on SWOT analysis (strengths, weaknesses,
opportunities and threats), metrics, analytics and
the balanced scorecard.
Describe what you find here and share as
appropriate on the D2L discussion topic for IT
Toolkits.
Answer these questions for each tool you want to include:

How is the tool accessed?

How is the tool used?
What is the value of the tool for the IT manager?
General comments on the tool:
END