ISO/IEC Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance
|
|
- Carmella Fowler
- 6 years ago
- Views:
Transcription
1 DISCUSS THIS ARTICLE ISO/IEC Process Mapping to COBIT 4.1 to Derive a Balanced Scorecard for IT Governance By Christopher Oparaugo, CISM, CGEIT, CRISC COBIT Focus 14 December 2015 The balanced scorecard (BSC) initially developed by Kaplan and Norton 1, 2, 3, 4 is a performance management system that should allow enterprises to drive their strategies on measurement and follow-up. In recent years, the BSC has been applied to IT and, currently, the first real-life IT security governance application has been developed based on mapping International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) control objectives to COBIT 4.1 process areas and IT governance focus areas. As a further exercise, the relationships and similarities of COBIT 4.1 and COBIT 5 can be explored to create a mapping for COBIT 5 in future publications. This article explains how an exercise in instituting controls can be used to establish the IT BSC, which can be linked to the business BSC and, in so doing, can support the IT/business governance and alignment processes as derived from mapping ISO/IEC and COBIT 4.1 controls. Balanced Scorecard Introduction Kaplan and Norton introduced the BSC at the enterprise level. Their basic idea is that the evaluation of an organization should not be restricted to a traditional financial evaluation, but should be supplemented with measures concerning customer satisfaction, internal processes and the ability to innovate. These additional measures should assure future financial results and drive the organization toward its strategic goals while keeping all 4 perspectives in balance. Kaplan and Norton proposed a triple-layered structure for the 4 perspectives: mission (e.g., to become the customers most preferred supplier), objectives (e.g., to provide the customers with new products) and measures (e.g., percentage of turnover generated by new products). The BSC can be applied to the IT function and its processes. 5,, 7, 8 This article transformed previous visions into actions that can be used to correct any lapses and reduce value in the BSC results. The use of the BSC can also be applied to IT risk management. 9 IT Governance Through Controls This article illustrates how a cascade of scorecards can be instrumental in the development of IT/business 1 P a g e
2 governance processes and how this hierarchy of scorecards can support the alignment of business and IT strategy. The IT development BSC and the IT controls/operational BSC are introduced as enablers for the strategic BSC, which, in turn, is the enabler of the business BSC (figure 1). Governance is established through compliance to standards and control objectives. Figure 1 IT Balanced Scorecard as a Business Enabler Source: Christopher Oparaugo. Reprinted with permission. Controls Through Compliance to Standards IT governance is part of corporate governance and has to provide the organizational structures to enable the creation of business value through IT, the assurance that there are no IT investments in bad projects and that there are adequate IT control mechanisms established through compliance to the control objectives of COBIT and ISO/IEC The methodology of the BSC is a measurement and management system that is suitable for supporting the IT governance process and the IT-business alignment process. Figure 2 shows sample cumulative average scores for the ISO/IEC control objectives and questions showing inputs for the security policy domain used in the exercise for mapping ISO/IEC to COBIT 4.1. Figure 2 Sample Cumulative Average Scores for the ISO/IEC Control Objectives and Questions Showing Inputs for Security Policy Domain Reference ISO/IEC Control Objective and Question Results Checklist Standard Section Control Question Status (%) Security Policy Information Security Policy Information security policy document Whether there exists an information security policy, which is approved by the management, published and communicated as appropriate P a g e
3 to all employees? Whether the policy states management commitment and sets out the organizational approach to managing information security? Whether the information security policy is reviewed at planned intervals, or if significant changes occur to ensure its continuing suitability, adequacy and effectiveness? Review of informational security policy Whether the information security policy has an owner who has approved management responsibility for development, review and evaluation of the security policy? Whether any defined information security policy review procedures exist and whether they include requirements for the management review? Whether the results of the management review are taken into account? Whether management approval is obtained for the revised policy? 9.7 Source: Christopher Oparaugo. Reprinted with permission. Figure 3 shows sample cumulative domain scores for the ISO/IEC control objectives. These results are computed by domain as used in the exercise for mapping ISO/IEC to COBIT 4.1. The future state results are arbitrary figures that are being aspired to as targets for the exercise. Figure 3 Resulting ISO/IEC Compliance Data by Domain 3 P a g e
4 Objecives Status (%) Security Policy Information security policy 88% Domain Organization of Information Security Internal organization 72% External parties 40% Asset Management Responsibilities for assets 74% Information classification 37% Human Resources Security Prior to employment 74% During employment 70% Termination or change of employment 77% Physical and Environmental Security Secure areas 42% Equipment security % Communication and Operations Management Operational procedures and responsibilities 9% Third-party service delivery management 57% System planning and acceptance 58% Protection against malicious and mobile code 73% Backup 57% Network security management 4% Media handling 57% Exchange of information 5% Electronic commerce services 71% Monitoring 54% Access Control Business control for access control 78% User access management 8% User responsibilities 59% Network access control 0% Operating system access control 78% Application and information access control 57% Mobile computing and telecommuting 5% Information System Acquisition, Development and Maintenance Information Security Incident Management Security requirements of information systems 58% Correct processing in applications 71% Cryptographic controls 78% Security of system files 72% Security in development and support services 70% Technical vulnerability management 74% Reporting information security events and weaknesses 3% Management of information security incidents 73% 4 P a g e
5 % Compliance By Domain and improvements Business Continuity Management Information security aspects of Business continuity management 53% Compliance Source: Christopher Oparaugo. Reprinted with permission. Compliance with legal requirements 58% Compliance with technical policies and standards and technical compliance 0% Information system audit considerations 3% Figure 4 is the bar chart representation of the ISO/IEC results. Figure 4 ISO/IEC Compliance Data by Domain Result in Bar Chart Format Domain Status (%) Source: Christopher Oparaugo. Reprinted with permission. The generic maturity model score was derived from the data of the assessment based on the values that are mapped to the COBIT 4.1 domains (figure 5). These scores are used to create the charts in figures and 7 for maturity benchmark results by domains. 5 P a g e
6 Figure 5 Compliance Output Data to Generic Future Desired State With Generic Maturity Model Source: Christopher Oparaugo. Reprinted with permission. Figure ISO/IEC Compliance Data Results to Generic Future Desired State P a g e
7 Source: Christopher Oparaugo. Reprinted with permission. Figure 7 COBIT Compliance to Generic Future Desired State Source: Christopher Oparaugo. Reprinted with permission. The value inputs of 0% to 100% from the ISO control objectives, sections and control questions are mapped to COBIT 4.1 domains and processes. These are linked to the IT focus areas as shown in figure 8. Figure 8 Sample Results Showing Mapping of ISO/IEC Data to COBIT Processes 7 P a g e
8 COBIT 4.1 Domains and Processes IT Governance Focus Areas Mapped COBIT4.1 processes cumulative average scores from ISO/IEC Assessment results Res ourc e Ri sk R a n k Strat egic Align men t Val ue Deli ver y Resou rce Mana geme nt Risk Mana geme nt Perfor manc e Mana geme nt ISO/IE C Stat us (%) 1 Plan and Organize Res ourc e ISO/IEC Mapped cumulative average results => Mappe d Result PO1 Define a strategic IT plan H P S S - 0% PO2 Define the information architecture L P S P S % PO3 Determine technological direction M S S P S.78 7% PO4 Define the IT processes, organization and relationships L S P P % PO5 Manage the IT investment M S P S S % PO Communicate management aims and direction M P P.78 7% PO7 Manage IT human resources L P P S S % PO8 Manage quality M P S S 1.7 2% PO9 Assess and manage IT risk H P P % PO10 Manage projects H P S S S S - 0% 55% 2 Acquire and Implement Res ourc e 8 P a g e AI1 Identify automated solutions M P P S S 53%
9 53.33 AI2 Acquire and maintain application software M P P S % AI3 Acquire and maintain technology infrastructure L P.90 7% AI4 Enable operation and use L S P S S % AI5 Procure IT resources M S P % AI Manage changes H P S % AI7 Install and accredit solutions and changes M S P S S S % 4% 3 Deliver and Support Res ourc e DS1 Define and manage service levels. M P P P P % DS2 Manage third-party services L P S P S 2.9 3% DS3 Manage performance and capacity L S S P S S % DS4 Ensure continuous service M S P S P S % DS5 Ensure systems security H P.29 % DS Identify and allocate costs L S P S - 0% DS7 Educate and train users M S P S % DS8 Manage service desk and incidents M S P S % DS9 Manage the configuration M P S % 9 P a g e
10 DS10 Manage problems M P S % DS11 Manage data H P P P % DS12 Manage the physical environment L S P.85 7% DS13 Manage operations L P % 55% 4 Monitor and Evaluate Res ourc e ME1 Monitor and evaluate IT performance H P % ME2 Monitor and evaluate internal control M P P % ME3 Ensure regulatory compliance H P P % ME4 Provide IT governance H P P P P P % 4% Source: ISACA, Mapping COBIT 4.1 to ISO /IEC 27001, USA, 2005 These resultant data from the exercise are further employed as COBIT information criteria for primary and secondary grouping. The resultant values of the ISO/IEC mapping into COBIT processes are linked with the defined IT goals. Exercise results showing the values from the data mapping outputs are shown in figure 9. Figure 9 Linking COBIT Processes Data Results to IT Goals Showing the Information Criteria for Governance Activities COBIT's Domains and Processes IT GOVERNANCE FOCUS AREAS Resource Risk Rank Strategic Alignment Value Delivery Resource Mgt Risk Mgt Perfor mance Manag ement 2 1 Plan and Organise Resource M n 10 P a g e
11 PO1 Define a strategic IT plan H P S S - PO2 Define the information architecture L P S P S PO3 Determine technological direction M S S P S PO4 Define the IT processes, organisation and relationships L S P P PO5 Manage the IT investment M S P S S 8 PO Communicate management aims and direction M P P PO7 Manage IT human resources L P P S S 7 PO8 Manage quality M P S S PO9 Assess and manage IT risk H P P PO10 Manage projects H P S S S S - 2 Acquire and Implement Resource AI1 Identify automated solutions M P P S S 5 AI2 Acquire and maintain application software M P P S AI3 Acquire and maintain technology infrastructure L P AI4 Enable operation and use L S P S S 5 AI5 Procure IT resources M S P AI Manage changes H P S 7 AI7 Install and accredit solutions and changes M S P S S S 7 11 P a g e
12 3 Deliver and Support Resource DS1 Define and manage service levels M P P P P 4 DS2 Manage third-party services L P S P S DS3 Manage performance and capacity L S S P S S DS4 Ensure continuous service M S P S P S 5 DS5 Ensure systems security H P DS Identify and allocate costs L S P S - DS7 Educate and train users M S P S 4 DS8 Manage service desk and incidents M S P S DS9 Manage the configuration M P S DS10 Manage problems M P S 7 DS11 Manage data H P P P 5 DS12 Manage the physical environment L S P DS13 Manage operations L P 7 4 Monitor and Evaluate Resource ME1 Monitor and evaluate IT performance H P 5 ME2 Monitor and evaluate internal control M P P ME3 Ensure regulatory compliance H P P 12 P a g e
13 Effectiveness Efficiency Confidentiality Integrity Availability Compliance ME4 Provide IT governance H P P P P P Source: Christopher Oparaugo. Reprinted with permission. Based on the data values from the COBIT process linking to IT goals, the IT goals to business goals are derived and the elements of the BSC are developed. Figure 10 shows the results of these links. Figure 10 Data Linking IT Goals to Business Goals Linking IT Goals To Business Goals Legend COBIT Information Criteria = Used; Blank=Not Used Business Goals IT Goals 1 Expand market share Increase revenue Financial Perspective 3 Return on investment 24 4 Optimize asset utilization 14 5 Manage business risk Improve customer orientation and service 3 23 Customer Perspective 7 Offer competitive products and services Service availability Agility in responding to changing business requirements (time to market) P a g e
14 10 Cost optimization of service delivery Automate and integrate the enterprise value chain Improve and maintain business process functionality 7 11 Internal Business Perspective 13 Lower process costs Compliance with external laws and regulations Transparency Compliance with internal policies 2 13 Improve and maintain operational and staff productivity Learning and Growth Perspective Product/business innovation Obtain reliable and useful information for strategic decision making Increase in value delivery per employee Acquire and maintain skilled and motivated personnel 9 28 Source: ISACA, COBIT 4.1: Framework for IT Governance and Control and IT Governance Institute Information Security Governance Balanced Scorecard The BSC is a management system (not only a measurement system) that enables organizations to clarify their vision 14 P a g e
15 and strategy and translate those into action. It provides feedback around both the internal business processes and external outcomes in order to continuously improve strategic performance and results. When fully deployed, the BSC transforms strategic planning from an academic exercise into the nerve center of an enterprise. The BSC uses 4 perspectives, develops metrics, collects data and analyzes the data relative to each of these perspectives: 1. Financial To succeed financially, how should we appear to our shareholders? 52.38% 2. Customer To achieve our vision, how should we appear to our customers? 59.40% 3. Internal business To satisfy our shareholders and customers, at what business process must we excel? 1.31% 4. Learning and growth To achieve our vision, how will we sustain our ability to change and improve? 55.54% Conclusion The vision and strategy driver scores are achieved from the mapping exercise of ISO/IEC to COBIT 4.1 and these can be used in determinig key permormance indicator (KPI) scores for a department and be drilled down to an individual s contribution in the overall department success. The results from linking IT goals to business goals and reviewing with the COBIT information criteria helps form a better perspective of the BSC. The assessment results can be drilled and backward review of the mapping values used in determining the root cause of having low values from a set of mapped data in ISO/IEC control objectives and questions; this will form a basis for developing an action plan as needed by the business. Successful enterprises understand the risk and exploit the benefits of IT, and find ways to deal with aligning IT strategy with the business strategy, cascading IT strategy and goals down into the enterprise and insisting that an IT control framework be adopted and implemented. IT governance is not an isolated discipline. It is an integral part of overall enterprise governance that drives the business in these days of the Internet of Things. The need to integrate IT governance with overall business governance is similar to the need for IT to be an integral part of the enterprise business. Christopher Oparaugo, CISM, CGEIT, CRISC Is the chief technology officer of KATEC Consulting Ltd. He has worked for IBM Global Business Services as an information security consultant. He has also worked in the telecommunication and banking industries in West Africa. Oparaugo has contributed to the ISACA CISM, CGEIT and CRISC Certification Project and Test Enhancement Committee since 2005, setting exam questions and reviewing the manuals. Endnotes 1 Kaplan, R.; D. Norton; The Balanced Scorecard Measures That Drive Performance, Harvard Business Review. January-February 1992, p Kaplan, R.; D. Norton; Putting the Balanced Scorecard to Work, Harvard Business Review. September-October 1993, p Kaplan, R.;D. Norton; Using the Balanced Scorecard as a Strategic Management System, Harvard Business Review. January-February 199, p Kaplan, R.; D. Norton; The Balanced Scorecard: Translating Vision Into Action, Harvard Business School Press, Boston, Gold, C.; Total Quality Management in Information Services IS Measures: A Balancing Act, research note, Ernst & Young Center for Information Technology and Strategy, USA, 1992 Gold, C.; US Measures A Balancing Act, Ernst &Young Center for Business Innovation, USA, Willcocks, L.; Information Management, The Evaluation of Information Systems Investments, Chapman & Hall, UK, Van Grembergen, W.; D. Timmerman; Monitoring the IT Process Through the Balanced Scorecard, Proceedings of the 9 th Information Resources Management (IRMA) International Conference, USA, May 1998, p P a g e
16 9 Van Grembergen, W.; The Balanced Scorecard and IT Governance, Information Systems Control Journal, vol.2, P a g e
EVALUATION OF INFRASTRUCTURE INFORMATION TECHNOLOGY GOVERNANCE USING COBIT 4.1 FRAMEWORK
International Conference on Information Systems for Business Competitiveness (ICISBC 2013) 20 EVALUATION OF INFRASTRUCTURE INFORMATION TECHNOLOGY GOVERNANCE USING COBIT 4.1 FRAMEWORK Rusmala Santi 1) Syahril
More informationTranslate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.
Principles Principle 1 - Meeting stakeholder needs The governing body is ultimately responsible for setting the direction of the organisation and needs to account to stakeholders specifically owners or
More informationSelftestengine COBIT5 36q
Selftestengine COBIT5 36q Number: COBIT5 Passing Score: 800 Time Limit: 120 min File Version: 16.5 http://www.gratisexam.com/ Isaca COBIT 5 COBIT 5 Foundation I have correct many of questions answers.
More informationPortfolio, Program and Project Management Using COBIT 5
DISCUSS THIS ARTICLE Portfolio, Program and Project Using COBIT 5 By Sunil Bakshi, CISA, CRISC, CISM, CGEIT, ABCI, AMIIB, BS 25999 LI, CEH, CISSP, ISO 27001 LA, MCA, PMP COBIT Focus 11 September 2017 Many
More informationThe IT Balanced Scorecard Revisited
The IT Balanced Scorecard Revisited By Alec Cram, CISA, CISSP, Volume 5, 2007 "What gets measured is what gets done." 1 Carly Fiorina The intense spotlight on information technology (IT) governance within
More informationIf It s not a Business Initiative, It s not COBIT 5
If It s not a Business Initiative, It s not COBIT 5 Steve Romero CISSP PMP CPM Romero Consulting Core Competencies C22 CRISC CGEIT CISM CISA 1 9/13/2013 1 COBIT Page 11 COBIT 5 product family 2 COBIT Page
More informationPlans for a Balanced Scorecard Approach to Information Security Metrics
MetriCon 3.0 Workshop Presentation Plans for a Balanced Scorecard Approach to Information Security Metrics Kevin Peuhkurinen The Great-West Life Assurance Company Background The Information Security Office
More informationBraindumps COBIT5 50q
Braindumps COBIT5 50q Number: COBIT5 Passing Score: 800 Time Limit: 120 min File Version: 16.5 http://www.gratisexam.com/ Isaca COBIT 5 COBIT 5 Foundation I have correct many of questions answers. If there
More informationGovernance SPICE. Using COSO and COBIT Process Assessment Models BPM GOSPEL
Governance SPICE Using COSO and COBIT Process Assessment Models Linking Governance to Sustainable Value Creation BPM GOSPEL (LLP-LDV-TOI-2010-HU-001) This project has been funded with support from the
More informationDeveloping a successful governance strategy. By Muhammad Iqbal Hanafri, S.Pi., M.Kom. IT GOVERNANCE STMIK BINA SARANA GLOBAL
Developing a successful governance strategy By Muhammad Iqbal Hanafri, S.Pi., M.Kom. IT GOVERNANCE STMIK BINA SARANA GLOBAL it governance By NATIONAL COMPUTING CENTRE The effective use of information technology
More informationMeasuring and Improving Information Technology Governance through the Balanced Scorecard
Measuring and Improving Information Technology Governance through the Balanced Scorecard Wim Van Grembergen University of Antwerp University Antwerp Management School Steven De Haes University Antwerp
More informationISACA. The recognized global leader in IT governance, control, security and assurance
ISACA The recognized global leader in IT governance, control, security and assurance High-level session overview 1. CRISC background information 2. Part I The Big Picture CRISC Background information About
More informationWhite paper Balanced Scorecard (BSC) Draft Date: July 02, 2012
White paper Balanced Scorecard (BSC) Draft Date: July 02, 2012 Whitepaper ISM Balanced Scorecard (BSC) Ganesh Iyer, JMD Draft Date: July 02, 2012 1. Introduction 2 2. What is BSC? 2 3. Steps to implement
More informationThe Balanced Scorecard: Translating Strategy into Results
The Balanced Scorecard: Translating Strategy into Results By Becky Roberts, President, Catoctin Consulting, LLC (540) 882 3593, broberts@catoctin.com Abstract The balanced scorecard provides managers and
More informationQuadrant I. Module 25: Balanced Scorecard
Quadrant I Module 25: Balanced Scorecard 1. Learning Outcomes 2. Introduction 3. Balanced Scorecard Framework 4. Balanced Scorecard 5. Organisational Effectiveness 6. Balanced Scorecard & Organisational
More informationThe Balanced Scorecard- A strategic Management Tool. By Mr. Tarun Mishra. Prologue:
The Balanced Scorecard- A strategic Management Tool Prologue: By Mr. Tarun Mishra It was in 1992, when Robert S Kaplan and David P Norton formed the concept of Balanced Scorecard (BSC) and this revolutionized
More informationBuilding a Government Balanced Scorecard. Phase 1 - Planning
Building a Government Balanced Scorecard Phase 1 - Planning Paul Arveson The Balanced Scorecard Institute March 2003 2003 Balanced Scorecard Institute 1 Example of a Government Balanced Scorecard Implementation
More informationFeature. IT Governance and Business-IT Alignment in SMEs
Feature Steven De Haes, Ph.D., is professor of information systems management at the Antwerp Management School and the University of Antwerp (Belgium) and a managing director of the Information Technology
More informationCOBIT 5. COBIT 5 Online Collaborative Environment
COBIT 5 Product Family COBIT 5 COBIT 5 Enabler Guides COBIT 5: Enabling es COBIT 5: Enabling Information Other Enabler Guides COBIT 5 Professional Guides COBIT 5 Implementation COBIT 5 for Information
More informationISO 9001 Auditing Practices Group. Aligning the QMS with the achievement of organizational and business success
Slide 1 ISO 9001 Auditing Practices Group Guidance on: Effectiveness Aligning the QMS with the achievement of organizational and business success Slide 2 Business, Quality and Excellence Models and Tools
More informationThe 10th INternational Conference on Software Process Improvement Research into Education and training, INSPIRE 2005, March 2005,
Key Performance Indicators for Quality Assurance in Higher Education the Case of the Department of Informatics at the Technological Educational Institute of Thessaloniki, Greece Kerstin V. Siakas, Aristea-Alexandra
More informationChanges Reviewed by Date. JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology: Issa Laty. CIO, Jordan- Mohammad Aburoub
Governance and Management of Information and Related Technologies Guide 2017 Revision History Changes Reviewed by Date Version Author JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology:
More informationThe SAM Optimization Model. Control. Optimize. Grow SAM SOFTWARE ASSET MANAGEMENT
The Optimization Model Control. Optimize. Grow The Optimization Model In an ever-changing global marketplace, your company is looking for every opportunity to gain a competitive advantage and simultaneously
More informationEnterprise Architecture and COBIT
Enterprise and COBIT The Open Group October 22, 2003 www.realirm.co.za reducing risk, adding value, driving change Agenda 2 Introduction Case Study Enterprise and IT Governance Conclusion Business Orientation
More informationAuditing Open Source Applications by Using COBIT 4.1
Auditing Open Source Applications by Using COBIT 4.1 Assist. Cristian AMANCEI, PhD candidate Academy of Economic Studies, Bucharest, Romania Department of Computer Science in Economics cristian.amancei@ie.ase.ro
More informationThe Balanced Scorecard
By Dr. Warren Helfrich The Balanced Scorecard Originated by Drs. Robert Kaplan (Harvard Business School) and David Norton as a performance measurement framework. Believed that if strategic non financial
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Guidelines for information security management systems auditing
INTERNATIONAL STANDARD ISO/IEC 27007 First edition 2011-11-15 Information technology Security techniques Guidelines for information security management systems auditing Technologies de l'information Techniques
More information10 Steps KPI System Template Checklist
10 Steps KPI System Template Checklist What is the subject of measurement? What do you want to measure? Who are the stakeholders? Who has an interest? 1. 2. 3. 4. 5. 6. Break-down the subject of measurement
More informationManaging Service Level Agreement
Managing Service Level Agreement Natasa Zabkar ¹Triglav Insurance Company Ltd Miklošičeva 19, 1000 Ljubljana, Slovenia e-mail: nzabkar@zav-triglav.si Viljan Mahnic ²University of Ljubljana Faculty of Computer
More informationBALANCE SCORECARD. Introduction. What is Balance Scorecard?
BALANCE SCORECARD Introduction In this completive world where techniques are change in nights, it s very hard for an organization to stay on one technique to grow business. To maintain the business performance
More informationPerformance Management, Balanced Scorecards and Business Intelligence: Alignment for Business Results
Performance Management, Balanced Scorecards and Business Intelligence: Alignment for Business Results Introduction The concept of performance management 1 is not a new one, though modern management constructs
More informationProject performance management using balanced score card (BSC) approach
Project performance management using balanced score card (BSC) approach Published in PMI global network Prepared by Ilango Vasudevan, Consulting Director, SaraS Project Performance Management Scorecard
More informationEnsuring BD Success With Metrics-Based Management
Ensuring BD Success With Metrics-Based Management Presented by Vicki Griesinger, Director of Operations 16th Annual APMP Conference and Exhibits June 9, 2005 Capability Maturity Model and CMM are registered
More informationInformation technology has become pervasive in today s
Copyright 2005 Information ystems Audit and Control Association. All rights reserved. www.isaca.org. Linking to and COBIT Processes By Wim Van Grembergen, teven De Haes and Jan Moons Information technology
More informationUnderstanding the Balanced
Understanding the Balanced IT is not the core competency Geographically distributed environment Grant driven technology decisions Spending is focused on saving lives not IT requirements Scorecard: 1) ACHIEVEMENT
More informationInternational Balanced Scorecard Certification Master Class
International Balanced Scorecard Certification Master Class How to Create and Sustain High Performance Using the Balanced Scorecard Institute EMEA s 10 Steps Execution Success Process (XSP) www.balancedscorecard.co.uk
More informationGovernance and Management of Information and Related Technologies Guide. Prepared for Jordan Ahli Bank
Governance and Management of Information and Related Technologies Guide Prepared for Jordan Ahli Bank 2017 Revision History Changes Reviewed by Approval Date Version Author ISACA Peter Tessin Feb 2017
More informationInternal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)
Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017) Assessor 1: Assessor 2: Date: Date: Legend: Generally
More informationDesigning the Lean Enterprise Performance Measurement System
Designing the Lean Enterprise Performance Measurement System Vikram Mahidhar web.mit.edu/lean 2005 Massachusetts Institute of Technology Vikram Mahidhar 03/22/05-1 Agenda Metrics Team Challenge from LAI
More informationInternational Balanced Scorecard Certification Master Class
International Balanced Scorecard Certification Master Class How to Create and Sustain High Performance Using the Balanced Scorecard Institute EMEA s 10 Steps Execution Success Process (XSP) www.performancegrowth.org
More informationBALANCED SCORECARD (BSC) Ratapol Wudhikarn, Ph.d. Knowledge management College of Arts, Media and Technology
BALANCED SCORECARD (BSC) Ratapol Wudhikarn, Ph.d. Knowledge management College of Arts, Media and Technology Contents IC and BSC A concept of BSC The BSC as a management system Why does business need a
More informationService Desk Certification YOUR ESSENTIAL HANDBOOK
Service Desk Certification YOUR ESSENTIAL HANDBOOK COPYRIGHT NOTICE The trade mark SDI Logo is a registered trade mark of Customers International Ltd. Please see the list of countries where the trade mark
More informationUsing COBIT 4.1. Overview Process Dimension Process Performance Indicators Process Capability Indicators
Using COBIT 4.1 Overview Process Dimension Process Performance Indicators Process Capability Indicators COBIT Process Assessment Model (PAM) ISACA With 95,000 constituents in 160 countries, ISACA (www.isaca.org)
More informationOverview. Basic idea Goals and benefits of a BSC Conversion Example Exercise
Balanced Scorecard Overview Basic idea Goals and benefits of a BSC Conversion Example Exercise What is a balanced scorecard? it is a management system (not only a measurement system) it is a concept that
More informationInternational Conference on Information Systems for Business Competitiveness (ICISBC 2013) 332
International Conference on Information Systems for Business Competitiveness (ICISBC 2013) 332 Business Performance Management On New Sofware Implementation Of Information Technology Project Using Balance
More informationQuality Management System Guidance. ISO 9001:2015 Clause-by-clause Interpretation
Quality Management System Guidance ISO 9001:2015 Clause-by-clause Interpretation Table of Contents 1 INTRODUCTION... 4 1.1 IMPLEMENTATION & DEVELOPMENT... 5 1.2 MANAGING THE CHANGE... 5 1.3 TOP MANAGEMENT
More informationCOBIT 5. COBIT 5 Online Collaborative Environment
COBIT 5 Product Family COBIT 5 COBIT 5 Enabler Guides COBIT 5: Enabling es COBIT 5: Enabling Information Other Enabler Guides COBIT 5 Professional Guides COBIT 5 Implementation COBIT 5 for Information
More informationSoftware Process Assessment
Software Process Assessment A method of determining the effectiveness of the software process with a goal towards improving the process. Software Process Assessment Approaches Capability Maturity Model
More informationPerformance Indicators in Software Project Monitoring: Balanced Scorecard Approach
Performance Indicators in Software Project Monitoring: Balanced Scorecard Approach Lj. Kazi, B. Radulovic and Z. Kazi University of Novi Sad, Technical faculty Mihajlo Pupin, Zrenjanin, Serbia leremic@tfzr.uns.ac.rs,
More informationThis is the third and final article in a series on developing
Performance measurement in Canadian government informatics Bryan Shane and Gary Callaghan A balanced performance measurement system requires that certain principles be followed to define the scope and
More informationMethodology for evaluating usage and comparison of risk assessment and risk management items
ENISA ad hoc working group on risk assessment and risk management Methodology for evaluating usage and comparison of risk assessment and risk management items Deliverable Version Date: 6/4/7 Index of Contents
More informationM 4:30; 7:20 SPRING, 2018
38:533:680:1-2 School of Management and Labor Relations (SMLR) HUMAN RESOURCE STRATEGY AND THE FIRM III (Measurement Issues) M 4:30; 7:20 SPRING, 2018 Dave Ferio School of Management and Labor Relations
More informationEQUASS 2018 Principles, criteria and Indicators for EQUASS Excellence recognition
EQUASS Awarding Committee Annex 3: EQUASS 2018 Principles, criteria and indicators for EQUASS Excellence Recognition / Certification. EQUASS 2018 Principles, criteria and s for EQUASS Excellence recognition
More informationApplying Integrated Assurance Management Scenarios for Governance Capability Assessment
Applying Integrated Assurance Management Scenarios for Governance Capability Assessment János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract. The well established
More informationProject Management Professional (PMP)
Project Management Professional (PMP) E X A M I N AT I O N CO N T E N T O U T L I N E Project Management Institute Project Management Professional (PMP) Examination Content Outline June 2015 Published
More informationMATURITY LEVEL MEASUREMENTS OF THE EIS ACADEMIC SYSTEM IN IMPROVING CUSTOMER ORIENTATION AND SERVICES USING COBIT 4
MATURITY LEVEL MEASUREMENTS OF THE EIS ACADEMIC SYSTEM IN IMPROVING CUSTOMER ORIENTATION AND SERVICES USING COBIT 4.1 MATURITY MODEL AND STRUCTURAL EQUATION MODEL Umi Sa adah 1, Riyanarto Sarno 2 1, 2
More informationUsing assessment & benchmarking techniques as a strategic approach to drive Continual Service Improvement
Using assessment & benchmarking techniques as a strategic approach to drive Continual Service Improvement Ian MacDonald Function Leader, Group Technology Co-operative Group IT Session Outline What you
More informationdoing the right things.
U.S. Foundation Improve Public Sector Results With A Balanced Scorecard: Nine Steps To Success Howard Rohm Vice-President, the Balanced Scorecard Institute Director, U.S. Foundation Internet: www.balancedscorecard.org
More informationCSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting
Introduction CSR / Sustainability Governance and Management Assessment By Coro Strandberg President, Strandberg Consulting www.corostrandberg.com November 2015 Companies which adopt CSR or sustainability
More informationCOBIT 5 Foundation Exam
COBIT 5 Foundation Exam Sample Paper Multiple Choice Instructions 1. All 50 questions should be attempted. 2. All answers are to be marked on the answer sheet provided. 3. Please use a pencil and NOT ink
More information... Organizational Performance and Competence Management. STF Kompetens - Sweden. The success of any organization is always about management
. Organizational Performance and Competence Management......... The success of any organization is always about management Tommie Johansson and Centre for Socio-Eco-Nomic Development (CSEND), 2001. All
More informationDRAFT ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management system implementation guidance
INTERNATIONAL STANDARD ISO/IEC 27003 First edition 2010-02-01 Information technology Security techniques Information security management system implementation guidance Technologies de l'information Techniques
More informationSocial Enterprise Balanced Scorecard
Social Enterprise Balanced Scorecard Primary purpose Social Enterprise London s (SEL s) version of the Balanced Scorecard (BSC) was developed expressly to help social enterprises to clarify and articulate
More informationTHE BALANCED SCORECARD: A QUALITY ASSURANCE SYSTEM FOR COLLEGE HEALTH KEVIN READDEAN, MSED RENSSELAER POLYTECHNIC INSTITUTE NYSCHA ANNUAL MEETING
THE BALANCED SCORECARD: A QUALITY ASSURANCE SYSTEM FOR COLLEGE HEALTH KEVIN READDEAN, MSED RENSSELAER POLYTECHNIC INSTITUTE NYSCHA ANNUAL MEETING OCTOBER 24, 2014 OVERVIEW/OBJECTIVES Evidence-Based Management
More informationPassit4Sure.OG Questions. TOGAF 9 Combined Part 1 and Part 2
Passit4Sure.OG0-093.221Questions Number: OG0-093 Passing Score: 800 Time Limit: 120 min File Version: 7.1 TOGAF 9 Combined Part 1 and Part 2 One of the great thing about pass4sure is that is saves our
More informationDASA DEVOPS FUNDAMENTALS. Syllabus
DASA DEVOPS FUNDAMENTALS Syllabus Version 1.0 May 2016 RELEASE VERSION DATE Previous Not Applicable Not Applicable Current 1.0.0 May 2016 Next 2.0.0 September 2016 SCOPE AND PURPOSE OF THIS DOCUMENT The
More informationINTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO 19011 Second edition 2011-11-15 Guidelines for auditing management systems Lignes directrices pour l audit des systèmes de management Reference number ISO 19011:2011(E) ISO 2011
More informationEA Best Practice Workshop Developing an assessment and improvement framework for managing an EA Program
EA Best Practice Workshop Developing an assessment and improvement framework for managing an EA Program The Open Group Conference Washington DC, 18 July 2012 EA Best Practice : 18 July 2012 Slide 1 Aims
More informationBECOMING A STRATEGY-FOCUSED ORGANIZATION
BECOMING A STRATEGY-FOCUSED ORGANIZATION Presented by Paul Kenny Chief Executive Officer June 16, 2011 In 2010, MFG was inducted into Palladium Balanced Scorecard Hall of Fame for Executing Strategy We
More informationAsset management Management systems Guidelines for the application of ISO 55001
INTERNATIONAL STANDARD ISO 55002 First edition 2014-01-15 Asset management Management systems Guidelines for the application of ISO 55001 Gestion d actifs Systèmes de management Lignes directrices relatives
More informationDESIGN OF IT GOVERNANCE MODEL IN XYZ COLLEGE
Proceeding 8 th International Seminar on Industrial Engineering and Management ISSN : 1978-774X DESIGN OF IT GOVERNANCE MODEL IN XYZ COLLEGE Rizqi Sukma Kharisma 1, Anggit Dwi Hartanto 2 Informatics Engineering,
More informationOrganizational capacity Assessment tool 1
Organizational capacity Assessment tool 1 Purpose This assessment tool is intended to guide HI staff and members of local structures to assess organisational capacity. The questions highlight three key
More informationThe Anatomy and Lifecycle of a Metric
A metric is the expression of the state and/or quality of a critical aspect of your IT and security infrastructure and is the basis for directing investments to areas of high risk, as well as a forum for
More informationA Guide to the. Incorporating the Essential Elements of Strategy Within Your Organization. Empower
A Guide to the Balanced Scorecard Incorporating the Essential Elements of Strategy Within Your Organization This guide covers Create Keeping strategy creation practical, focused and agile Empower Empowering
More informationPosition Title Customer & Service Delivery Manager, Metropolitan
Position Title Customer & Service Delivery Manager, Metropolitan Position Purpose This role is one of five functional roles that form the leadership team directly reporting into the General Manager Customer
More informationBUSINESS PERFORMANCE MANAGEMENT METHODOLOGIES. ITM-761 Business Intelligence ดร. สล ล บ ญพราหมณ
1 BUSINESS PERFORMANCE MANAGEMENT METHODOLOGIES ITM-761 Business Intelligence ดร. สล ล บ ญพราหมณ 2...การใช จ ายอย างประหย ดน น จะเป นหล กประก นความ สมบ รณ พ นส ขของผ ประหย ดเอง และครอบคร วช วย ป องก นความขาดแคลนในว
More informationCOBIT Control Assessment Questionnaire
The key to maintaining profitability in a technologically changing environment is how well you maintain control. COBIT's Control Objectives provides the critical insight needed to delineate a clear policy
More informationDASA DEVOPS FUNDAMENTALS. Syllabus
DASA DEVOPS FUNDAMENTALS Syllabus Version 1.0.1 February 2017 RELEASE VERSION DATE Previous 1.0.0 May 2016 Current 1.0.1 February 2017 Next 2.0.0 May 2017 SCOPE AND PURPOSE OF THIS DOCUMENT The purpose
More informationExtending Enterprise Architecture to a Business Discipline. William Sheleg Senior Manager Deloitte Consulting July 20, 2009
Extending Architecture to a Business Discipline William Sheleg Senior Manager Deloitte Consulting July 20, 2009 Agenda The Strategy Disconnect What s Needed to Make Strategy Work EA s Support for Business
More informationDoes your organization need an Head Count Estimate? Detecon s Value Proposition July 2016
Does your organization need an Head Count Estimate? Detecon s Value Proposition July 2016 Planning Summary Head Count () planning and revision is mainly required during or after designing a new organization.
More informationKING III IT GOVERNANCE ALIGNED TO. Simon Liell-Cock Julio Graham Peter Hill CISA CISM CGEIT
IT GOVERNANCE ALIGNED TO KING III Simon Liell-Cock Julio Graham Peter Hill CISA CISM CGEIT IT Governance Network South Africa USA UK Switzerland www.itgovernance.co.za info@itgovernance.com 0825588732
More informationSupply Chain Performance Measures for gaining Competitive Advantage: A Review
Supply Chain Performance Measures for gaining Competitive Advantage: A Review Ambuj Khare (Corresponding author) Birla Institute of Technology India Tel: +968-950-76845 E-mail: ambujkhare@gmail.com Anurag
More informationA Model for Implementing HR S Strategic Role
Expert Journal of Business a nd Management (2 0 1 3 ) 1, 36-41 2013 Th e Au thor. Publish ed by Sp rint In v estify. Business.Exp ertjou rn als.c om A Model for Implementing HR S Strategic Role Anca ȘERBAN
More informationGOVERNANCE AUDIT OF APPLICATION PROCUREMENT USING COBIT FRAMEWORK
GOVERNANCE AUDIT OF APPLICATION PROCUREMENT USING COBIT FRAMEWORK 1 GUSTI AYU THERESIA KRISANTHI, 2 I MADE SUKARSA, 3 I PUTU AGUNG BAYUPATI 123 Department of Information Technology, Udayana University,
More informationCHAPTER 4 PRODUCT DEVELOPMENT LIFE CYCLE
CHAPTER 4 PRODUCT DEVELOPMENT LIFE CYCLE 1 Learning Objectives Review the Systems Development Life Cycle (SDLC). Examine the problems and alternatives with SDLC. Know the key issues in ERP implementation
More informationBALANCED SCORECARD FOR ALIGNING IT STRATEGY WITH BUSINESS STRATEGY IN AN ENERGY COMPANY
BALANCED SCORECARD FOR ALIGNING IT STRATEGY WITH BUSINESS STRATEGY IN AN ENERGY COMPANY Faisal Rachmadianto 1 1 School of Business Management ITB faisalr@sbm-itb.ac.id Abstract. In this paper, we look
More informationUNIVERSITY OF CALIFORNIA, DAVIS GRADUATE SCHOOL OF MANAGEMENT
UNIVERSITY OF CALIFORNIA, DAVIS GRADUATE SCHOOL OF MANAGEMENT MGP 271: Incentives and Control Instructor: Class Sessions: Office Hours: Required Readings: Recommended Texts: Suneel Udpa, udpa@earthlink.net
More informationVISION. Vision. e.g. DRB-HICOM Vision: To Be No.1 And Continuously Excel In All That We Do. Manufacturing & Engineering Division
Manufacturing & Engineering Division Vision A concise statement that defines the mid to long-term goals (3-10 years) of the organization. The vision should be external & market oriented and should be expressed
More informationProgram Management Professional (PgMP)
Program Management Professional (PgMP) E X A M I N AT I O N CO N T E N T O U T L I N E Project Management Institute Program Management Professional (PgMP ) Examination Content Outline April 2011 Published
More informationBuilding a Foundation for Effective Service Delivery and Process Automation
Building a Foundation for Effective Service Delivery and Process Automation Agenda Service Management World Tour IBM Service Management Customer Challenges Overview of Service Delivery and Process Automation
More informationTOTAL PERFORMANCE SCORECARD
Anca ȘERBAN Oana DUMITRAȘCU Department of Management, Marketing and Business Administration Faculty of Economics, "Lucian Blaga" University Sibiu, Romania TOTAL PERFORMANCE SCORECARD Keywords Balanced
More informationThis resource is associated with the following paper: Assessing the maturity of software testing services using CMMI-SVC: an industrial case study
RESOURCE: MATURITY LEVELS OF THE CUSTOMIZED CMMI-SVC FOR TESTING SERVICES AND THEIR PROCESS AREAS This resource is associated with the following paper: Assessing the maturity of software testing services
More informationIntroduction to the Balanced Scorecard for the Public Sector
Introduction to the Balanced Scorecard for the Public Sector This is about leadership and management coming together to think, talk and act on strategy. www.stellarleadership.com Introduction The balanced
More informationPortfolio Management Professional (PfMP)
Portfolio Management Professional (PfMP) E X A M I N AT I O N CO N T E N T O U T L I N E Project Management Institute Portfolio Management Professional (PfMP) Examination Content Outline Published by:
More informationTHE DEVELOPMENT OF A SITE WIDE KPI AND INFORMATION SYSTEM FOR NABALCO. O Sullivan, D. and Barnes, J. Nabalco Pty Ltd
Proceedings of the 6th International Alumina Quality Workshop 2002 THE DEVELOPMENT OF A SITE WIDE KPI AND INFORMATION SYSTEM FOR NABALCO O Sullivan, D. and Barnes, J. Nabalco Pty Ltd Abstract During September
More informationLMS Selection in High Consequence Industries
LMS Selection in High Consequence Industries Panelists: Michael Rochelle Chief Strategy Officer Brandon Hall Group Alex Poulos Chief Marketing Officer NetDimensions RESEARCH PRACTICES Learning & Development
More informationCMMI-DEV V1.3 CMMI for Development Version 1.3 Quick Reference Guide
processlabs CMMI-DEV V1.3 CMMI for Development Version 1.3 Quick Reference Guide CMMI-DEV V1.3 Process Areas Alphabetically by Process Area Acronym processlabs CAR - Causal Analysis and Resolution...
More informationSOFTW ARE PRODUCTIVITY CONSORTIUM
SOFTW ARE PRODUCTIVITY CONSORTIUM Integrating PSM and the Balanced Scorecard David N. Card March 26, 2002 Agenda Problem Statement Balanced Scorecard Mapping PSM and BSC Implementing BSC with PSM Summary
More informationAn Introduction to the Green IT Balanced Scorecard as a Strategic IT Management System from An Environmental Perspective
An Introduction to the Green IT Balanced Scorecard as a Strategic IT Management System from An Environmental Perspective Authors: Yulia Wati; Chulmo Koo Chosun University South Korea Go green??? Source:
More informationSOLUTION BRIEF RSA ARCHER PUBLIC SECTOR SOLUTIONS
RSA ARCHER PUBLIC SECTOR SOLUTIONS INTRODUCTION Federal information assurance (IA) professionals face many challenges. A barrage of new requirements and threats, a need for better risk insight, silos imposed
More information