IT Governance Infocom India Presentation December 6 2006

IT Governance Infocom India Presentation December 6, 2006 Pathfinder Technology Solutions

Agenda n n Pathfinder Technology Solutions n n Why have IT Governance? What is IT Governance? Various elements of IT Governance Frameworks for IT Governance How Frameworks interact How IT processes underpin IT Governance Example of Framework integration Metrics to measure IT process health

Why Bother About IT Governance? Lack of Effective Governance Can Lead to Catastrophic Failures!! IT Readiness Decline of Business Readiness Desired Level Pathfinder Technology Solutions Major Effort for Recovery Catastrophic Failure!! Time

This is not a Rhetorical Conjecture! n Some Examples: Largest Asian Stock Exchange suspended trading in November, 2005 due to incorrect software patch n Payroll of millions of customers of a major North American bank was affected in June, 2004 due to incorrect system update n Erroneous changes to Airline Ticketing system caused hundreds of international travel tickets being sold for less than $100 Pathfinder Technology Solutions n

IT Governance – The Definition n IT Governance is a system that: Directs and controls to administer necessary IT services to its clients n Specifies rights and responsibilities of parties* involved n Defines the policies and procedures; n Provides the structure to achieve the above Pathfinder Technology Solutions n The above closely follows corporate governance definition outlined by OECD (Organization for Economic Cooperation and Development) located in Paris, France. * Customers, Regulators and Stakeholders

IT Governance – Differing Viewpoints n Three Parties & Three Areas of Interest n Regulators – in Regulatory Compliance n Pathfinder Technology Solutions n Customers – in Effectiveness of IT Services and somewhat in Regulatory Compliance n n Regulators are Government Agencies Customers are recipients of IT Services Stakeholders – in Efficiency and Effectiveness of IT Services and Regulatory Compliance n Stakeholders are managers and employees of an IT organization

Pathfinder Technology Solutions Interest Areas of the Three Parties Efficiency, Effectiveness and Compliance are only possible through Deployment and Management of a Process Environment of Best Practices

Pathfinder Technology Solutions

Elements of Governance Standard against which Governance can be assessed n Proven Set of Practices for the processes of an organization n Compliance for government regulations n Continuous Improvement to address Efficiency Pathfinder Technology Solutions n Governance is NOT just compliance of Government Regulations for Financial Disclosure

Frameworks impacting IT Governance – The Alphabet Soup n Standards Frameworks n ISO (Int. Org. for Standardization) – for Quality n n SOXA (Sarbanes-Oxley Act) – for Compliance Pathfinder Technology Solutions n n Adoption for competitive reason and is optional Regulatory requirements make adoption mandatory Compliance Framework n COBIT (Control Objectives for Information Related Technology) – for Controls and

Frameworks impacting IT Governance – The Alphabet Soup n Best Practices Frameworks CMMI (Capability Maturity Modeling Integration) – for IT Development n ITIL (Information Technology Infrastructure Library) – for IT Infrastructure Support Pathfinder Technology Solutions n n Continuous Improvement Framework n Six Sigma

Pathfinder Technology Solutions Governance Elements Also Underpinned by Best Practices

Processes Underpin Governance Elements n n Pathfinder Technology Solutions n n n ITIL processes are necessary for ISO 20000 certification ITIL helps to provide controls for COBIT ITIL processes underpin CMMI for support and maintenance Continuous Improvement & Six Sigma is only possible through deployment of ITIL best practices ITIL Best Practices allow addressing of Effectiveness, Efficiency and Compliance

ITIL (IT Infrastructure Library) Users Difficulties, Inquiries Service Requests Communication, Updates, Workarounds Change Requests Service Desk Incidents Incident Management Service Support Problem Management Change Management Releases Release Management Pathfinder Technology Solutions Configuration Management Availability Management Financial Management for IT Services Service Delivery Capacity Management IT Service Continuity Management Requirements, Targets, Achievements Service Level Management Queries, Inquiries Communication` The Business, Customers

Pathfinder Technology Solutions ITIL and ISO - Achieving ISO 20000 Certification

Necessary Tasks for SOXA* Compliance 1. 2. Pathfinder Technology Solutions 3. 4. 5. ITIL Best Display the Business Process Practices Define Control Objectives Identify Risks (or “what-can-gowrong”) in the process Define specific Controls that are in place to mitigate the above Risks, and, Produce Evidence to prove that the ITIL Best above Controls are effective Practices *Sarbanes-Oxley Act – enacted by US Congress in 2002

ITIL and COBIT While ITIL is about process best practice, COBIT is about control points n Procedures are mapped by ITIL best practices n Risks can be defined through Metrics n Software tool for ITIL management provide Control Evidence and Audit Logs Pathfinder Technology Solutions n

Integration of Development and Support Best Practices Pathfinder Technology Solutions Application Management Lifecycle Elegantly Integrates ITIL and CMMI

ITIL and Six Sigma n ITIL Best Practice allows rapid adoption n No need to develop from scratch ITIL defines metrics used as Six Sigma CTQs (“y”) and also for causes (“x”) n ITIL process management software tool provides data for necessary analyses n Application of Six Sigma require mature environment Pathfinder Technology Solutions n CTQ – “Critical to Quality” (as defined by customer)

Deployment of Frameworks n Parts of Frameworks can be applied as needed and incrementally n Pathfinder Technology Solutions n n n Even partial implementations of Frameworks can provide major benefits for superior Governance Business goals decide what to adopt Any Framework implementation is a major effort Strong and committed leadership is not just crucial, it is absolutely mandatory to achieve superior governance

Support Infrastructure is a Must for Deployed Frameworks n Successful deployments require that the processes be: n n n Pathfinder Technology Solutions n n Aligned – ensuring process objectives address business needs Streamlined – through adoption of best practice Mapped – through mapping of tasks for workflows and role assignments Verified – by various organizational functions to meet their business requirements Owned – by assigning formal roles for accountability Documented – for consistency of implementation throughout the organization Measured – to ensure that the process is effective and efficient while meeting compliance A support infrastructure essentially includes a number of formal roles such as the champions, process owners, process managers and others – depending on the nature of the framework and the organization

Pathfinder Technology Solutions Integration of Frameworks – An Example in an ITIL Process

Metrics – Crucial to Manage Processes and Frameworks Metrics Determine Process Health or Framework Maturity n 3 M Principle – Measure-to-Monitor-to. Manage n To manage, one needs to monitor n To monitor, one needs to measure Pathfinder Technology Solutions n n ITIL Best Practices also provide relevant and well-defined Metrics for IT processes Continuous improvement is NOT possible without appropriate metrics

06 05 05 Ju l Ju n ay Ja n De c No v Oc t Se p Au g 05 05 ar Ap r M Fe b Ja M 05 05 05 Outage Duration (Min. ) Pathfinder Technology Solutions Examples of Applying 6σ Based Metrics Traditional Chart for Outage Boxplot of Monthly Outage Duration 500 400 300 200 100 0

Examples of Applying 6σ Based Metrics Pathfinder Technology Solutions Statistical Chart (Boxplot) for Outage

Examples of Applying 6σ Based Metrics Traditional Outage Chart by Platform Boxplot of Outage Time by Platform 500 Outage Time (Min. ) Pathfinder Technology Solutions 400 300 200 100 0 External Internal-Mid Internal-MVS Internal-Server Internal-Other

Examples of Applying 6σ Based Metrics Pathfinder Technology Solutions Outage Boxplot by Platform

Examples of Applying 6σ Based Metrics Pathfinder Technology Solutions Xbar-R Control Chart – Internal Outages Weeks

Examples of Applying 6σ Based Metrics Pathfinder Technology Solutions Xbar-R Control Chart – Int. & Ext. Outages Weeks

Agenda n n Pathfinder Technology Solutions n n Why have IT Governance? What is IT Governance? Various elements of IT Governance Frameworks for IT Governance How Frameworks interact How IT processes underpin IT Governance Example of Framework integration Metrics to measure IT process health

Pathfinder Technology Solutions Questions?