docMaturity Assessment Tool
download 
Reclamo Transcript
Maturity Assessment Tool
® COBIT Control Objectives for Information and related Technology Maturity Assessment Tool 1 Maturity Assesment Tool • • • Concetti CobiT sui quali il tool è basato Panoramica sul tool Esempi di utilizzo – Obiettivi di Business -> Aree di miglioramento – Progetti IT -> giustificazione • Considerazioni finali 2 CobiT in sintesi – Obiettivi di Business e Governance Business C ME1 ME2 ME3 ME4 Monitor and evaluate IT performance. Monitor and evaluate internal control. Ensure compliance with external requirements. Provide IT governance. O B I T FRAMEWORK PO1 PO2 INFORMATION Integrity Efficiency Effectiveness Compliance Availability Confidentiality Reliability PLAN AND ORGANISE MONITOR AND EVALUATE DS1 DS2 DS3 DS4 DS5 DS6 DS7 DS8 DS9 DS10 DS11 DS12 DS13 Define and manage service levels. Manage third-party services. Manage performance and capacity. Ensure continuous service. Ensure systems security. Identify and allocate costs. Educate and train users. Manage service desk and incidents. Manage the configuration. Manage problems. Manage data. Manage the physical environment. Manage operations. IT RESOURCES Applications Information Infrastructure People DELIVER AND SUPPORT Define a strategic IT plan. Define the information architecture. PO3 Determine technological direction. PO4 Define the IT processes, organisation and relationships. PO5 Manage the IT investment. PO6 Communicate management aims and direction. PO7 Manage IT human resources. PO8 Manage quality. PO9 Assess and manage IT risks. PO10 Manage projects. AI1 AI2 ACQUIRE AND IMPLEMENT AI3 AI4 AI5 AI6 AI7 Identify automated solutions. Acquire and maintain application software. Acquire and maintain technology infrastructure. Enable operation and use. Procure IT resources. Manage changes. Install and accredit solutions and changes. 3 3 CobiT in sintesi - Linee di evoluzione • Più integrazione con gli obiettivi di business – Nell’individuazione delle aree di miglioramento – Nella pianificazione dei progetti – Nella verifica dei risultati Business – Nel controllo dei rischi C O B I T F R A M E W O INFORMATION RK Integrity Efficiency Effectiveness Availability Compliance Confidentiality PLAN Reliability MONITOR AND AND ORGANISE EVALUATE IT RESOURCES Applications Information DELIVERInfrastructure ACQUIRE AND AND People SUPPORT IMPLEMENT 4 4 5 Impatti in termini di business 6 CobiT L’IT e : - Extended Balanced Scorecards Improve customer orientation and service Offer competitive products and services Establish service continuity and availability Obtain reliable and useful information for strategic decision making Achieve cost optimalisation of service delivery Operational excellence Improve and maintain business process functionality Improve corporate governance and transparancy Create agility in responding to changing business requirements (time to market) Customer orientation Lover process cost Manage ITrelated business risk Manage business change Improve and maintain operational and staff productivity Provide compliance with external laws, regulations and contracts Compliance with internal policies Provide a good return on investment of IT-enabeled business investments Financial contribution Vision and Strategy Future orientation Manage product and business innovation 9 L’IT è adeguata ? 9 Dove intervenire ? Acquire and maintain skilled and motivated people 9 Cosa fare, come ? 7 7 …. in altre parole: da dove comincio ? Dov’è l’Agility ? 8 Mapping Business goals to IT goals 9 Mapping IT goals to IT Processes (1/2) 10 Mapping IT goals to IT Processes (2/2) 11 Maturity . . . 12 13 Il Tool • Una serie di fogli excel che aiuta e guida nel processo nelle sue tre fasi: – Individuazione dei Processi più importanti – Analisi dei Processi individuati / scelti – Reportistica 14 Valutazione degli obiettivi di business – Fase1 15 15 Valutazione degli obiettivi di business – Fase2 Assegnazione importanza ai Processi IT 16 16 Importanza del dominio / processo • PO PO 10 Gestire progetti • AI AI 1 Identificare soluzioni automatizzate • DS DS 1 Definire e gestire i livelli di servizio DS 3 Gestire le prestazioni e la capacità produttiva • ME ME 1 Monitorare e valutare le prestazioni dell’IT Si vedono chiaramente complementarietà tra aspetti strutturali / organizzativi ed aspetti operativi / strumentali 17 Valutazione degli obiettivi di business – Fase2 Assegnazione importanza ai Processi IT 18 18 Usiamo direttamente il Tool ! Maturity Assessment Tool 4Jan2010.xls 19 Utilizzo • Top down – Dal Business all’IT –… –… • Bottom-up – Come giustificare l’acquisto di un nuovo pacchetto di Capacity Planning – Dare un significato di business ai controlli ISO 27001 (A10.3.1 Capacity Planning !) – …. 20 Contenuti • • • • • • • • • • • • • • • • • • • • • • • Introduction 1.1 Context 1.2 Purpose of the Document and Assumptions 1.3 Target Audience 1.4 COBIT Concepts on Which the Tool is Based 1.5 Business Benefits of Maturity Assessments and This Tool High-level Tool Description 2.1 Scoping 2.2 Analysis 2.3 Reporting 3. Detailed User Guide 3.1 Before Starting to Use the Tool 3.2 Introduction 3.3 ‘START’ Sheet 3.4 Clear All Inserted Data and Reports 3.5 Step 1: Determine the Scope of the Assessment 3.6 Step 2: Scope Review 3.7 Step 3: Analysis 3.8 Step 4: Reporting 4. Conclusions 4.1 Summary 4.2 Use of the Tool 4.3 Graphic Interpretation 21 Cosa manca • Mappatura maturity statements => attributi di maturità • Consente di individuare carenze del “Sistema IT” • Volontari ? 22 Maturity Model – Attributi di maturità Categoria di requisiti Significato Consapevolezza e Comunicazione Conoscenza e comunicazione dei rischi e dei problemi di controllo Politiche, Standard e Procedure Metodi e pratiche in essere Strumenti ed Automazione Tecniche e strumenti adottati per rendere i processi più efficaci ed efficienti Competenze ed Esperienze Disponibilità ed utilizzo di competenze specialistiche Responsabilità e Accountability Nell’accezione dei sistemi di qualità Definizione e Misurazione degli Obiettivi Sistemi di misurazione delle performance 23 Business Benefits of Maturity Assessments and This Tool • Maturity models can be helpful in: – – – – – – Increasing awareness regarding IT governance and the need for it Assessing the current state of maturity of IT processes Performing a gap analysis between the current and future state of IT processes Identifying areas of improvement to mature the IT processes to the required state Allowing management to follow the evolution of IT governance and IT process improvement in their organisation The use of this simple tool can provide: • • • An effective and efficient way to determine IT process improvement opportunities to focus on in the future A prioritisation mechanism based on business and IT goals The identification of important input for strategic and tactical action plans 24 Per approfondire l’argomento 25 Da dove scaricarlo ? Oppure: [email protected] 26
Marco Salvato, CGEIT, CISA, CISM, Generali Business Solutions
Giulio Spreafico, CGEIT, CISA, CISM, Studio Spreafico