1 / 30

Improving IT Governance Through Formal Change Management

Improving IT Governance Through Formal Change Management. My Role at Marquette. Change Manager ITIL Practitioner in release & control (change, configuration & release management) Head of the PMO PMP certification . Why Did We Start?. Stabilize the infrastructure. Audit Questions.

nayef
Télécharger la présentation

Improving IT Governance Through Formal Change Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Improving IT Governance Through Formal Change Management

  2. My Role at Marquette • Change Manager • ITIL Practitioner in release & control (change, configuration & release management) • Head of the PMO • PMP certification

  3. Why Did We Start? • Stabilize the infrastructure

  4. Audit Questions • Change Management and Program Development Controls • Change Management policy and procedure documentation (requirements for requesting, documenting, testing, approving, and migrating/implementing changes to the production environment). • Emergency change procedure documentation. • List of all requested changes (development and configuration changes) made to the financial reporting applications and underlying environment (between 6/1/06 – present). • Program development methodology (SDLC) and formal testing procedure documentation (if exist and different from Change Management Policy) • System generated evidence (access control list, etc) showing users that have access to modify system code or system configurations for the production environment

  5. What is Governance • There is no universal definition • COBIT • The need for assurance about the value of IT, the management of IT-related risks and increased requirements for control over information are now understood as key elements of enterprise governance. • Value, risk and control constitute the core of IT governance.

  6. Gartner Definition • "The processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals." • This definition contains certain key concepts: • ITG is composed of processes with the inputs, outputs, roles and responsibilities that are inherent in a process definition (however, the definition does not talk about how these processes might be implemented). • The role of ITG "ensures," as opposed to "executes." • The goal of ITG is defined as a business goal, not just IT-related. • Key performance measures, identified as effectiveness and efficiency, together represent business value.

  7. COBIT Governance Management Control Audit 1996 1998 2000 2005

  8. Perspective of Frameworks and Standards COSO, ISO 9001,King II, Sarbanes-Oxley, Industry BEE Charter What COBIT Domains What Plan & Organize Acquire & Implement Deliver & Support Monitor & Evaluate Bus Alignment TOGAF PMBOK CMMI Project Methodology SDLC ITIL ISO17799 NIST 800 Balanced Scorecard Board briefing IT Governance IASCA Audit Standards How COBIT Focus April 2007 Volume 1

  9. Hype Cycle Removed at Gartner’s Request http://www.gartner.com

  10. Hype Cycle Removed at Gartner’s Request http://www.gartner.com

  11. ITIL • ITIL is not a temporary fashion – ISO20000 • It’s not about tests and certification • Going from a technology focus – to a customer service focus • Short term costs will be balanced by long-term gains • Other cultures have benefited from adopting ITIL • It is easier to sell a best practice than an idea

  12. ITIL • Managing service levels from the customer’s perspective instead of insular technology or infrastructure perspective • Going beyond reactive break/fix – to proactive management of service requests and service support • Actively managing infrastructure components (assets) and systematically managing changes (planned and un-planned) • Remember ITIL concentrates on Continuous Improvement – Deming • A non-proprietary set of best practices – public domain

  13. ITIL Service Management v2

  14. ITIL v3 Service Strategy Business Requirements Policies Resource Constraints Service Design Solutions Standards Architectures Service Transition Transition Plans Testing Service Operation Operational Plans Operational services Continual Service Improvement

  15. Service • Services are a means of delivering value to customers by facilitating outcomes customers want to achieve, without the ownership of specific costs and risks. ITILv3 Road show

  16. Marquette IT Governance • We have a PMO that is based on PMBOK and we have our own Project Methodology • We also have begun to implement ITIL

  17. Marquette Process • Incident • How incidents and requests are handled • Change • How changes to the production system are handled • Config • Components of the IT infrastructure • Data Center • Working on getting all university owned PCs in the CMDB

  18. Incident Management • The goal of Incident Management is to restore normal service operation as quickly as possible and minimize the adverse effect on business operations, thus ensuring that the best possible levels of service quality and availability are maintained.

  19. Configuration Management • Configuration Management is a process that tracks all of the individual Configuration Items (CI) in a system. • A Configuration Item (CI) is an IT asset or a combination of IT assets that may depend and have relationships with other IT processes

  20. Change Management • The goal of Change Management is to ensure that standardized methods and procedures are used for efficient handling of all changes, in order to minimize the impact of change-related incidents and to improve day-to-day operations.

  21. What is a Change? • A service may become unavailable or degraded during service hours, • The functionality of a service to become different, or • The CMDB to require an update.

  22. High-Level Change Process Change Coordinator Change Manager Register the change Complete R&I Work Orders Develop Change Plan Review Change Plan Assign Imp Work Orders Get Approval(s)

  23. Types of Change Templates • Application Mod • Develop mod, Test, Back-out, UAT, Move to Prod, Verify, Update CMDB • MAC (Move Add Change) • Risk assessment, Service Provide, UAT, Move to Prod, Verify, Update CMDB • Emergency • Update capacity, Inform Service Provider, Update CMDB

  24. Change Metrics

  25. Communications • In addition to the UAT • Forward Schedule of Changes

  26. What did we get? • More stable infrastructure • More proactive less reactive • Better alignment with University needs • Better communication • Internal IT • University units • Better support Finance audit

  27. Lessons Learned • More of a culture change than technology change • Mostly IT, but functional users also • Objections • It will slow us down • More “paperwork” • Management doesn’t trust us • People may leave the organization

  28. Lessons Learned • Adopt a best practice framework (ITIL) • Attend local itSMF chapter and learn from others • Start with an obtainable scope • Minimize the bureaucracy • Process first then tool, but with an eye towards the tool

  29. Questions?

  30. References http://www.itsmfusa.org http://www.gartner.com/ http://www.isaca.org

More Related