Implementing IT Processes

Size: px
Start display at page:

Download "Implementing IT Processes"

Transcription

1 Implementing IT Processes

2 Lionel Pilorget Implementing IT Processes The Main 17 IT Processes and Directions for a Successful Implementation

3 Lionel Pilorget Basel, Switzerland ISBN DOI / ISBN (ebook) Library of Congress Control Number: Springer Vieweg Springer Fachmedien Wiesbaden 2015 This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilm or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law. The use of general descriptive names, registered names, trademarks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. Printed on acid-free paper Springer is part of Springer Science+Business Media (

4 Preface The use of modern information technologies has become so pervasive in today s society that we no longer perceive it as a novelty. It s simply there, continuously within reach as we navigate our world, inform ourselves about our current circumstances, and conduct our business transactions. While the use of information technologies has also become overwhelmingly important to enterprises as they strive to automate their processes and achieve ever higher degrees of efficiency, the accelerated development and the growing diversity of these technologies represent a growing challenge. Enterprises repeatedly find themselves struggling to make major IT investments with no guarantee that the implemented solutions will really deliver the expected advantages. This is why IT is often an uncomfortable subject and why those responsible for it are most of the time under pressure. Owing to the strategic significance of information technologies, it is important to establish a well-functioning IT organization. The crucial first step towards this goal is to introduce greater transparency by carefully defining the IT processes that are necessary for the enterprise. This, however, is naturally easier said than done. What IT processes are currently in use? Where does each one begin and end? What are the relationships between the various processes? Difficulties in obtaining answers to these questions often end in discouragement and decisions to postpone the matter. It is precisely at this juncture that the process model featured in the present book is meant to help. The model offers a convenient framework that is based on systematic analyses and years of practical experience. The origin of the model is actually a bottom-up approach to the development of standard IT processes that is then converted at the end to a top-down approach. Seventeen core IT processes are carefully defined and the numerous dependencies between the various process areas are illuminated. Visualizations of the processes and dependencies as well as clear information structures are used to minimize the resulting complexity. It would be naïve, however, to assume that the mere representation of IT processes will be enough to solve all of an enterprise s IT problems. Other factors such as a heightened awareness of the processes on the part of employees and a commitment to process implementation are also keys to success. Furthermore, improvements will not happen overnight. Indeed, it may take a number of years before enterprises begin to reap the full rewards of v

5 vi Preface the standardized processes. Nonetheless, nurturing the right enterprise culture and instilling certain process principles in the minds of the many stakeholders will help to guarantee an IT organization s capacity to make the valuable contribution it is expected to make. In other words, enterprises will wind up with the IT they deserve, either a source of perpetual complaint or a strategic instrument that propels the enterprise forward. Lionel Pilorget

6 List of Abbreviations BCM BCP BIA BMC BSC BSI B2B CAB CFO CIO CIP CO COBIT CONFIG CPU CRM CSV DC DEV DWH ECAB ERP FIN FTE GB GPS HP HR ICA ICS ICT Business Continuity Management Business Continuity Planning Business Impact Analysis Software manufacturer founded by Scott Boulett, John Moores, and Dan Cloer Balanced Scorecard German Federal Office for Information Security Business-to-Business Change Advisory Board Chief Financial Officer Chief Information Officer Continuous Improvement Process Controlling Control Objectives for Information and Related Technology Configuration Central Processing Unit Customer Relationship Management Computer System Validation Data Center Development Data-Warehouse Emergency Change Advisory Board Enterprise Resource Planning Finance Full-Time Equivalent Gigabit Global PositioningSystem Hewlett-Packard Human Resources Internal Cost Allocation Internal Control System Information Communication Technology vii

7 viii IM ISO IT ITGS ITSM KPI LAN LIMS LoC MGMT NAS OLA OS PCS PDCA RA RCB RfC ROI ROM SAN SAP SL SLA SLO SLS SM SPOC STC SW SWOT TOP UAT UC UPS USD List of Abbreviations Information Manager International Organization for Standardization Information Technology IT Grundschutz (term used by the German Federal Office for IT Security to describe a standard level of IT protection) Information Technology Service Management Key Performance Indicator Local Area Network Laboratory Information Management System Lines of Code Management Network Attached Storage Operational Level Agreement Operating System Process Control System Plan-Do-Check-Act Risk Analysis Release Control Board Request for Change Return on Investment Rough Order of Magnitude Storage Area Network System Analysis and Program Development Service Level Service Level Agreement Service Level Objective Service Level Specification Senior Management Single Point of Contact Steering Committee Software Strengths Weaknesses Opportunities Threats Technical Operation Procedure User Acceptance Test Underpinning Contract Uninterruptible Power Supply US Dollar

8 Contents List of figures... xi List of Tables...xiii 1 Introduction... 1 Part I Introduction of IT Process Modeling 2 Presentation of the IT Process Map Process Dependencies IT Governance and Process Roles Part II Description of the Individual IT Processes 5 Functional Group: Strategic Decision Making Functional Group: Planning and Controlling Functional Group: Account Management Functional Group: Implementation of Changes Functional Group: IT Operation and Configuration Management Functional Group: Supply Management Functional Group: IT Support ix

9 x Contents Part III Implementation of the Model 12 Introduction of Standard IT Processes Process Performance Indicators and Reporting Evaluation of Process Maturity Conclusion A) IT Management Standards B) COBIT Glossary Further Reading...237

10 List of figures Fig. 2.1 The role of the IT organization... 9 Fig. 2.2 The IT process map Fig. 2.3 Basic process dependency Fig. 2.4 Different ways of activating process Fig. 2.5 Interfaces between enterprise levels and IT organization Fig. 2.6 Preparing for a project to implement standard IT processes Fig. 3.1 Overview of process integration Fig. 3.2 Process dependencies at the strategic level Fig. 3.3 Process dependencies at the tactical level Fig. 3.4 Process dependencies at the operational level Fig. 4.1 General organizational model Fig. 4.2 General model of IT organization Fig. 4.3 Business process roles Fig. 4.4 IT process roles Fig. 4.5 Business & IT process roles Fig. 4.6 Main IT roles Fig. 5.1 Description of P01 IT Strategy Fig. 5.2 Description of P02 HR Management Fig. 5.3 Representation of IT architecture Fig. 5.4 Description of P03 IT Standards & Architecture Fig. 5.5 IT Financial management as a key process Fig. 5.6 Description of P04 IT Financial Management Fig. 5.7 Description of P05 IT Quality Management Fig. 5.8 Process dependencies in strategic decision-making Fig. 6.1 Project portfolio management process Fig. 6.2 IT project portfolio matrix Fig. 6.3 Description of P06 IT Project Portfolio Management Fig. 6.4 Description of P07 Capacity and Availability Management Fig. 6.5 The continuity management process Fig. 6.6 Description of P08 Continuity Management Fig. 6.7 Process dependencies in planning and controlling xi

11 xii List of figures Fig. 7.1 Description of P09 Service Management Fig. 7.2 Description of P10 Requirements Management Fig. 7.3 Process dependencies in Account Management Fig. 8.1 Project development Fig. 8.2 Standard project organization Fig. 8.3 Standard project phases Fig. 8.4 Description of P11 IT Project Management Fig. 8.5 Release sequence Fig. 8.6 Testing types Fig. 8.7 Description of P12 Release Management Fig. 8.8 Description of P13 Application Development Fig. 8.9 Process dependencies in implementation of changes Fig Project management dependencies Fig. 9.1 Description of P14 IT Operation and Configuration Management..133 Fig. 9.2 Process dependencies in IT operation and configuration Fig Description of P15 IT Supplier Management Fig Process dependencies in supplier management Fig Description of P16 Incident Management Fig Problem management (ABB Group) Fig Description of P17 Problem Management Fig Process dependencies in IT support Fig Procedure for introducing standard IT processes Fig IT process introduction plan Fig Motivational factors Fig Employee concerns associated with change Fig BSC model for IT organizations Fig Reporting model Fig Reporting of time taken to complete tasks Fig Levels of process maturity Fig Evaluation of process maturity...213

12 List of Tables Table 2.1 Factors that influence the selection of standard IT processes Table 2.2 Benefits of a project to implement standard IT processes Table 3.1 IT process dependencies Table 4.1 Process roles for senior management Table 4.2 Process roles for middle management Table 4.3 Process roles for employees Table 5.1 Main activities in P01 IT Strategy Table 5.2 Roles for P01 IT Strategy Table 5.3 Main activities in P02 HR Management Table 5.4 Roles for P02 HR Management Table 5.5 Main activities in P03 IT Standards & Architecture Table 5.6 Roles for P03 IT Standards & Architecture Table 5.7 Main activities in P04 IT Financial Management Table 5.8 Roles for P04 IT Financial Management Table 5.9 Main activities in P05 IT quality management Table 5.10 Roles for P05 IT Quality Management Table 6.1 Examples of critical success factors for IT projects Table 6.2 Main activities in P06 IT Project Portfolio Management Table 6.3 Roles for P06 IT Project Portfolio Management Table 6.4 Main activities in P07 Capacity and Availability Management Table 6.5 Roles for P07 Capacity and Availability Management Table 6.6 Main activities in P08 Continuity Management Table 6.7 Roles for P08 Continuity Management Table 7.1 Definition of service times Table 7.2 Response times according to application criticality Table 7.3 SLO definition parameters Table 7.4 SLO examples Table 7.5 Main activities in P09 Service Management Table 7.6 Roles for P09 Service Management Table 7.7 Main activities in P10 Requirements Management Table 7.8 Roles for P10 Requirements Management xiii

13 xiv List of Tables Table 8.1 Main activities in P11 IT Project Management Table 8.2 Roles for P11 IT Project Management Table 8.3 Main activities in P12 Release Management Table 8.4 Roles for P12 Release Management Table 8.5 Main activities in P13 Application Development Table 8.6 Roles for P13 Application Development Table 8.7 Release management versus project management Table 9.1 Main activities in P14 IT Operation & Configuration Process Table 9.2 Roles for P14 IT Operation and Configuration Table 9.3 Tasks handled by the service manager and system owner Table 10.1 Main activities in P15 IT Supplier Management Table 10.2 Roles for P15 IT Supplier Management Table 11.1 Main activities in P16 Incident Management Table 11.2 Roles for P16 Incident Management Table 11.3 Main activities in P17 Problem management Table 11.4 Roles for P17 Problem management Table 12.1 Selection criteria for tools used to support IT processes Table 13.1 List of useful key performance indicators (KPIs) Table 13.2 Details on where the measurements take place Table 13.3 Key process performance indicators in the annual IT report Table 13.4 Key process performance indicators in the quarterly IT report Table 13.5 Key process performance indicators in the monthly IT report Table 14.1 COBIT PO processes and Standard IT Processes Table 14.2 COBIT AI processes and Standard IT Processes Table 14.3 COBIT DS Processes and Standard IT Processes Table 14.4 COBIT ME processes and Standard IT Processes Table 14.5 COBIT Light and Standard IT Processes Table 14.6 Process maturity model Table 14.7 Process audit results Table 14.8 Criticality card for IT processes Table 14.9 Identifying maturity gaps in IT processes...212