Chapter 2 Reference Models Standards Frameworks 1 Learning

Chapter 2 Reference Models, Standards & Frameworks 1

Learning Objectives o o IT Governance frameworks Related industry standards, guideline Maturity model, reference การเลอกใชงาน framework 2

ขอจำกดของ model, standard, framework o สวนใหญ ไมครบวงจร o ไมม How to n n Process Template Checklist Tools o Too flexible / too rigid 3

Integrated IT Governance Framework o Philosophy o Key issue o Legal o Maturity o Culture 4

Maturity model 5

International Standards & Frameworks: Focus Areas o IT Governance – General o Project management o System/Software development o Quality/Security o IT Operations & Infrastructure More…. 7

International Standards & Frameworks: Focus Areas cont. o Human Resources o Performance measurement o Regulatory Compliance o Outsourcing & Vendor management o Voice of Customer 8

IT Governance -General o Model Name n CObit o Author n ITGI/ Well & Ross / U of Holland v 4. 1 2007 o Use n A framework which links IT process n Decision maker o Certification: CISA/ CISM 9

IT Governance –General cont. o Model name n COSO internal control framework o Author n COSO Comittee of Sponsoring Organsations of Tredway Comission, AICPA, AAA o Use n Reliability of financial statement 10

COSO o Consists of 5 components n n n Control environment Risk assessment Control activities Information & communications Monitoring 11

Project Management o Model n IT Investment Management (ITIM) o Author n General Account Office (GAO) of US Government o Use n Evaluate select & prioritize IT investment 12

ITIM Maturity stages 13

Project Management cont. o Model n PMBOK – Project Mamangement Book of Knowledge n OPM 3 Organizational PM Maturity Model o Author n Project Management Institute PMI, 2004 o Use n 9 Knowledge & 5 Processes areas of PM n Tool for self assessment PM maturity o Certification n PMP Project Management Professional 14

OPM 3 Framework 15

Project Management cont. o Model n PMMM – PM Maturity Model n blends PMBOK with CMMI o Author n Crawford 2002 o Use n Map CMMI to PMBOK to provide PM maturity roadmap 16

Project Management cont. o Model n PRINCE 2 o Author n Central Computer and Telecommunications Agency (CCTA) or Office of Government Commerce (OGC) o Use n UK Government application development 17

System / Software Development o Model n Capability Maturity Model Integration (CMMI) o Author n SEI / Carnegie Melon University 2002, 2005 o Use n 5 stage maturity acquisition / system & software development o Certification n Organization: Level of maturity 18

Quality /Security cont. o Model n ISO 9001 o Author n Motorola & GE )รวมกนศกษา ) o Use n Quality management policy 19

8 Quality principle ISO 9001 -2000 o Customer o Leadership o People o Process approach o System approach (inter-process) o Continuous Improvement o Decision on facts o Supplier management 20

Quality /Security o Model n Six sigma, Lean, Baldridge Quality Award o Author n Motorola & GE o Use n Reduce error & defect o Certification: black belt 21

Quality /Security cont. o Model n ISO 17799 n ISO 27001 implementation guideline for 17799 o Author n ISO 2005 o Use n IT security model o Certification organizational level 22

ISO 17799 & 27001 o 17799 Plan-Do-Check-Act (PDCA model) n Plan n Do: implement / operated /maintained n Check: monitored/measured/ audited/reviewed n Act: improved o 11 security policy domains 23

IT Operation & Infrastructure o Model n ISO 20000 o Author n ITSMF IT Service Management Forum V 2 2002 o Use n 10 processes of IT service management 24

ISO 20000 o Key Process 1. Service Level Management SLM 2. Service delivery 3. Relationship management (supplier) 4. Resolution management (Problem) 5. Control & release (Config & change) 25

IT Operation & Infrastructure o Model n ITIL IT Infrastructure Library v 2 v 3 o Author n CCTA , APMG Accrediting Professional Management group 2007 o Use n 10 processes of IT service management 26

Human Resource o Model n P-CMM people capability maturity model o Author n SEI software engineering institute, Carnegie Mellon University o Use n Advancing people & competencies 27

Performance management o Model n Balance Scored Card, Critical success Factor o Author n Kaplan & Norton, Cattuci, Rockhart o Use n วดผลของความสำเรจดวย กลยทธ 28

Outsourcing & Vendor Management o Model n OPBOK, e. SCM (e. Sourcing Capability Model) o Author n Carnegie Mellon University o Use n How to outsource IT & how to manage vendor o Certification: COP Certify Outsourcing Personal 29

Outsourcing & Vendor Management o e. SCM n e. SCM –SP for service provider n e. SCM – CL for customer o OPBOK Outsourcing Processional Body of Knowledge 30

Customer o Model n VOC Voice of Customer o Author n Kano o Use n Customer requirement 31

Regularity Compliance กฎหมาย o Model n Sarbanes-Oxley Act SOX 2002 o Author n US Congress o Use n For Board & executive responsibility 32

Regularity Compliance กฎหมาย cont. Sarbanes-Oxley Act of 2002 o Public Company Accounting Reform and Investor Protection Act of 2002 o SOX or Sarbox o Senator Paul Sarbanes (D -MD) and Representative Michael G. Oxley o SOX Section 404: Assessment of internal control 33

Regularity Compliance กฎหมาย cont. AS 8000 / AS 8015 o Model n AS 8000 for enterprise governance n AS 8015 for ICT governance o Author n Standard Australia 2003 34

Regularity Compliance กฎหมาย cont. o Model n FDA, FDIC, HIPPA, SEC o Author n US government agency o Use n Selected industry 35

คนควาตอ • • • chapter 2 http: //www. sei. cmu. edu/ The Carnegie Mellon Software Engineering Institute (SEI) http: //www. isaca-bangkok. org/ สมาคมผควบคมและตรวจสอบระบบสารสนเทศ ภาคพนกรงเทพฯ - http: //www. aicpa. org/ The American Institute of Certified Public Accountants (AICPA) http: //aaahq. org/ The American Accounting Association http: //www. gao. gov/ The General Accounting Office (GAO), created by the Budget and Accounting Act http: //www. pmi. org/ Project management Institute http: //www. ogc. gov. uk/ The Office of Government Commerce (OGC) http: //www. itil-officialsite. com/ is the most widely accepted approach to IT service management http: //www. kanomodel. com/ Professor Noriaki Kano 36