1 / 56

IT Governance: Implementation Strategies Developed at NTU (U.K.) and at USP (Brazil)

IT Governance: Implementation Strategies Developed at NTU (U.K.) and at USP (Brazil). Mauro Cesar Bernardes Richard Eade Tereza Cristina M. B. Carvalho 14/10/2010. IT Governance. Background: Universidade de Sao Paulo Implementing IT Governance at USP

lulm
Télécharger la présentation

IT Governance: Implementation Strategies Developed at NTU (U.K.) and at USP (Brazil)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IT Governance: Implementation Strategies Developed at NTU (U.K.) and at USP (Brazil) Mauro Cesar Bernardes Richard Eade Tereza Cristina M. B. Carvalho 14/10/2010

  2. IT Governance • Background: Universidade de Sao Paulo • Implementing IT Governance at USP • Background: Nottingham Trent University • Implementing IT Governance at NTU

  3. USP background

  4. USP campuses Campus at Piracicaba Campus at São Paulo Campus at Bauru Campus at Pirassununga Campus at São Paulo East Campus at São Carlos Medicine Institute at São Paulo Campus at Lorena Paulista Museum at São Paulo Campus at Ribeirão Preto

  5. USP main campus

  6. USP in numbers • General data: • Established in 1934. •  Advanced center for research, education and community services.  • Physical space of all campuses : 76.314.505 m2. • Student Enrollment: 88.261 • Undergraduate: 56.988 • Graduate: 25.591 • Master: 13.127 • PhD: 12.464 • Special Enrollment: 5.672 • Undergraduate courses • Majors: 239 • Graduate Programs . Programs: 233 . Master & PhD: 608 . Master: 309 . PhD: 299

  7. Electronic Computing Center • CCE provides IT services to USP, including: • Networking and Telecommunication infrastructure and maintenance • Hardware and Software • Internet Data Center • Internet: e-mail, connection, backbone management Mission: To be a reference in ICT (Information and Communications Technology) sustainable service provision for university campus.

  8. IT Governance at USP

  9. Future Vision Challenges IT & all Governance Mechanisms Indicators Corporate Governance Indicators Strategic Planning Strategy

  10. IT Governance Strategies at CCE/USP Strategic Planning Phase 4: Balanced Scorecard Phase 2 MIT Framework Phase 3 Process Control Process Execution COBIT Phase 1 ITIL

  11. Phase 1: • Service Managed based on ITIL best practices • Management focus area: • Service Desk function • Incident • Problem • Configuration • Change • Availability • Continuity • Control Objectives from COBIT Source: Office of Government Commerce (OGC). Source: IT Governance Institute, COBIT 4.1; Source: IT Governance Institute, COBIT 4.1;

  12. Phase 2: Strategic Planning

  13. Phase 2: Strategic Planning

  14. Phase 3: MIT Sloan Framework

  15. Phase 4: Dashboards based on BSC

  16. Dashboards

  17. Next Steps We know where we want to be The main actions are defined Strategy review The budget is settled Budget review & priorities Indicator analysis, review & tuning Control objectives are identified We know where we are

  18. NTU background

  19. Nottingham Trent University

  20. Nottingham • UK East Midlands • 120 miles north of London • City of Nottingham population – about 288,000 • Greater Nottingham population - about 667,000 • Two Universities • University of Nottingham • Nottingham Trent University • “Home” of Robin Hood

  21. Nottingham Trent University • 1843 - Nottingham Government School of Design opened • 1881 - University College was established. It later became the new university's Arkwright Building. • 1945 - Nottingham and District Technical College was designated. • 1958 - Nottingham Regional College of Technology was opened. • 1959 - Nottingham College of Education opens at Clifton • 1964 - Nottingham Regional College was officially launched. • 1966 - Nottingham College of Art and Design was linked with the Regional College - as a Polytechnic designate. • 1970 - Trent Polytechnic was granted polytechnic status. • 1975 - Trent amalgamated with Nottingham College of Education at Clifton. • 1988 - The official name change to Nottingham Polytechnic took place. • 1992 - The Nottingham Trent University was launched. • 2008 - Nottingham Trent University is named as the top post-1992 university. • 2009 – NTU named as the UK’s most environmentally friendly university by the People and Planet Green League published in the Times Higher Education Supplement.

  22. Nottingham Trent University • About 2,800 members of staff (US faculty and staff) • About 25,000 registered students on campus • About 40,000 registered users of computing facilities • 3 locations • central Nottingham • Clifton - about 5 miles south west of the City • Brackenhurst – about 12 miles east of the City • Predominantly a teaching based University with about 10% of our activity research based • We have a tendency towards courses with a placement period with an employer – focus on employability of graduates • Senior management team have a strong commercial focus

  23. Information Systems • Centralised IT services, created in 2004 by bringing together several smaller departments • Team of about 165 • Operations and development, hardware and software; server and desktop • Historical focus on operations (80/20) – moving towards increased focus on development (50/50) • Recent extension of the project management team (now 12) and appointment of Business Analysts (4) • No IT support located in the Academy except for a very limited number of very specialist activities • Funding pressures – 14 redundancies in July/August 2010

  24. IT Governance at NTU

  25. IT in crisis • IT was recentralised in 2004 because the University Senior Management Team identified weak management in the decentralised departments • IT was also seen as driving the business rather that the business driving IT and with a new University strategic plan pending the University management aim was for the new IT Director to change gear and deliver business led solutions

  26. Fundamental problems • Reviewing the new department the new IT management team quickly identified areas ‘out of control’: • There was no risk register • Processes were undefined • Budgets were in the wrong hands • There was no Disaster Plan or Business Impact Analysis • There were no project managers and no definition of when work should be undertaken as a project • There was no concept of resource management • Internal audit reports highlight other shortcomings • Within IT staff the University culture of ‘Academic Freedom’ had been allowed to prevail i.e. Staff were able to ‘Do what they liked’

  27. IT Governance At a practical level • Crisis management to try and identify the issues • Look for some industry best practice to bring some structure – the IS Director decided she wanted to tackle the lack of processes so proposed adopting ITIL – the IT Infrastructure Library – however the outcome was less than half hearted attempt at implementation – essentially staff were sent out training courses but without preparation and without thinking about the processes to be implemented and how we wanted to do it • This outcome was that we had staff passing ITIL exams but who were alienated to the ITIL concept because they didn’t see how it related to their work environment

  28. Summer 2006 - The IT Director resigns • An interim director is appointed • He instigates a reorganisation • This includes a new post “ICT Process Oversight Manager” but we still don’t have any formalised processes • A new IT director is appointed from outside of the HE sector – coming from a bank governance of IT comes as a given (Sarbanes-Oxley; Basel 2, etc.) • I’m tasked with trying to bring order out of chaos

  29. ASIDE: IS it just NTU? • A this point I become worried – is this situation peculiar to NTU; is it just us in a mess? • Subsequent Discussions with colleagues in the UK and in Europe suggest that it is not just us. Being honest about where we were has identified that other are in the same situation as us and often like us are unclear about what to do next

  30. Our approach • Tackle the areas we had addressed as deficiencies • Communicate to managers why we have a problem and win support – this led to a successful training day • Look at the literature • Peter Weill and Jeanne W Ross’s book seems to be the classic text • It does address public sector/not for profit organisations • It proposes a top down approach where we needed a bottom up • Find out what other people are doing • Look for a model which we could use or adapt to give the work some structure and to which we might be able to attach a strategy • We looked at COBIT but at that stage it did not work for us as processes were undefined • We’ve looked at ISO38500 but have not adopted it yet

  31. IT Governance – NCC Book • We are members of the UK National Computing Centre who support UK business in developing IT. Their book ‘IT Governance’ is bottom up based and identified for us the scope of what we needed to do: • Creating a business case for IT Governance • Performance Measurement • Implementation roadmap • Communication Strategy and Culture • Capability Maturity and Assessment • Risk Management • Supplier Governance • IT and Internal Audit working together and using COBIT • Information Security Governance • Legal and Regulatory aspects of IT Governance • Architecture Governance • Managing the IT Investment

  32. JISC – The Joint Information Services Committee • JISC is a UK government funded organisation which has an on-going programme of research and development looking at ways develop and support the use of IT across Further and Higher Education • There are a number of IT governance related activities for which they have researched and published supporting materials including Change Management, Project management, Programme management and Risk Management (See http://www.jiscinfonet.ac.uk/infokits) • They have also researched how IT Governance can support Higher Education again using a bottom up approach and produced a governance model, self assessment process and supporting toolkit (see http://www.ismg.ac.uk/)

  33. IT Governance Model - JISC

  34. The JISC self assessment questionnaire • The JISC toolkit for IT governance includes a self assessment questionnaire • This enables a snapshot on where you are with pointers as to what to do next • We asked senior mangers to compete the questionnaire; consolidated the responses and used the to direct our strategy

  35. Organisation - PoliciesDoes the institution have in place appropriate policies and procedures to manage its information systems?

  36. The JISC Toolkit • Provides a summary of each area of the JISC model • Suggests appropriate things to do • Offers indicators of good practice • Offers other sources of information to look at

  37. Organisation: Policies and Procedures Indicators of Good Practice • The following would serve as indicators of good practice in relation to policies and procedures • Agreed policies in relation to IT use and relevant legislation • Effective dissemination of policies • Monitoring and reporting breaches of compliance with policies • Robust testing of the Disaster Recovery Plan with results reported to the Information Strategy Steering Committee.

  38. What success? • Good in parts; but still things to be done • There are slides appended to the talk should you be interested in seeing more of the practical outcomes • ECAR subscribers can see how we applied the JISC model in more detail in the ECAR Research Bulletin “Making IT Governance Work” http://www.educause.edu/Resources/MakingITGovernanceWork/214687

  39. Looking forward • Resources pressures have identified we need to look at what we do and the way that we do it • We want to introduce tools to improve our management activity - practical management as well as system management • Consequently we are reviewing our end-to-end process with a view to joining up disparate activity and updating our service catalogue • We are also reviewing project management and looking at improving/formalising the gates for approval and progression • We need to join up activity using a similar approach to USP • We need to develop a dashboard and scorecard

  40. Key attributes for Success at NTU • Establishing a culture where people start thinking that governance is important and start asking themselves what would the IT Governance team make of what I am doing/proposing to do • Strong support for the IS Director and Senior managers – At NTU the IT Governance team is viewed as the conscience of the IS Director; he knows he will get nagged! • Having a Governance team who have the ability to find out what is going on – having someone who can get people to talk to them about what is really happening; what staff are really thinking; what mad ideas managers are proposing; etc. • Be prepared to ask questions and expect answers

  41. Any Questions?

  42. Appendix Implementing IT Governance at NTU

  43. IT Governance in practice – Risk and Audit

  44. IT Governance in practice - Finance

  45. IT Governance in practice - Information Security

  46. IT Governance in practice - Legal Issues

  47. IT Governance in practice - Capability Improvement

  48. IT Governance in practice - Performance Measurement

More Related