1 chapter 2 reference models, standards & frameworks
Post on 19-Dec-2015
228 views
TRANSCRIPT
1
Chapter 2 Reference Models, Standards & Frameworks
2
Learning Objectives IT Governance frameworks Related industry standards, guideline Maturity model, reference การเลื�อกใช้งาน framework
3
ข้อจำ�าก�ดข้อง model, standard, framework
ส่�วนใหญ่� ไม่�ครบวงจำร ไม่�ม่� How to
Process Template Checklist Tools
Too flexible / too rigid
4
Integrated IT Governance Framework
PhilosophyKey issueLegalMaturityCulture
5
Maturity model
6
เน��อหาส่�าค�ญ่แลืะจำ�าเป็!นใน Framework / Model (from chapter1)
1. Business plan2. IT plan ที่�#ส่�ม่พั�นธ์&ก�บ ข้อ 1 ,
investment port folio3 .การน�า IT plan ไป็ป็ฏิ(บ�ติ(, ความ่เส่�#ยง,
ภั�ย4. ป็ระส่(ที่ธ์(ภัาพั ติ�วควบค,ม่ ติ�วว�ด5. Vendor & Outsourcing6. IT People, process improvement
7
International Standards & Frameworks: Focus Areas
IT Governance – GeneralProject managementSystem/Software developmentQuality/Security IT Operations & Infrastructure
More….
8
International Standards & Frameworks: Focus Areas cont.
Human ResourcesPerformance measurementRegulatory ComplianceOutsourcing & Vendor managementVoice of Customer
9
IT Governance -General
Model Name CObit
Author ITGI/ Well & Ross / U of Holland v4.1
2007Use
A framework which links IT process Decision maker
Certification: CISA/ CISM
10
IT Governance –General cont.Model name
COSO internal control framework
Author COSO Comittee of Sponsoring Organsations of
Tredway Comission, AICPA, AAA
Use Reliability of financial statement
11
COSO
Consists of 5 components Control environment Risk assessment Control activities Information & communications Monitoring
12
Project Management
Model IT Investment Management (ITIM)
Author General Account Office (GAO) of US
Government Use
Evaluate select & prioritize IT investment
13
ITIM Maturity stages
14
Project Management cont. Model
PMBOK – Project Mamangement Book of Knowledge OPM3 Organizational PM Maturity Model
Author Project Management Institute PMI, 2004
Use 9 Knowledge & 5 Processes areas of PM Tool for self assessment PM maturity
Certification PMP Project Management Professional
15
OPM3 Framework
16
Project Management cont.
Model PMMM – PM Maturity Model blends PMBOK with CMMI
Author Crawford 2002
Use Map CMMI to PMBOK to provide PM
maturity roadmap
17
Project Management cont. Model
PRINCE2
Author Central Computer and
Telecommunications Agency (CCTA) or Office of Government Commerce (OGC)
Use UK Government application
development
18
System / Software Development
Model Capability Maturity Model Integration (CMMI)
Author SEI / Carnegie Melon University 2002, 2005
Use 5 stage maturity acquisition / system & software
development
Certification Organization: Level of maturity
19
Quality /Security cont.
Model ISO 9001
Author Motorola & GE (ร�วม่ก�นศึ.กษา)
Use Quality management policy
20
8 Quality principle ISO 9001-2000
CustomerLeadershipPeopleProcess approachSystem approach (inter-process)Continuous ImprovementDecision on factsSupplier management
21
Quality /Security Model
Six sigma, Lean, Baldridge Quality Award
Author Motorola & GE
Use
Reduce error & defect Certification: black
belt
22
Quality /Security cont.
Model ISO 17799 ISO27001 implementation guideline
for 17799Author
ISO 2005 Use
IT security modelCertification organizational level
23
ISO 17799 & 27001
17799 Plan-Do-Check-Act (PDCA model) Plan Do: implement / operated /maintained Check: monitored/measured/
audited/reviewed Act: improved
11 security policy domains
24
IT Operation & InfrastructureModel
ISO 20000
Author ITSMF IT Service Management Forum V2 2002
Use 10 processes of IT service management
25
ISO 20000
Key Process1. Service Level Management SLM
2. Service delivery
3. Relationship management (supplier)
4. Resolution management (Problem)
5. Control & release (Config & change)
26
IT Operation & InfrastructureModel
ITIL IT Infrastructure Library v2 v3
Author CCTA , APMG
Accrediting Professional Management group 2007
Use 10 processes of IT
service management
27
Human ResourceModel
P-CMM people capability maturity model
Author SEI software
engineering institute, Carnegie Mellon University
Use Advancing people &
competencies
28
Performance managementModel
Balance Scored Card, Critical success Factor
Author Kaplan & Norton,
Cattuci, Rockhart
Use ว�ดผลืข้องความ่ส่�าเร1จำดวย
กลืย,ที่ธ์&
29
Outsourcing & Vendor Management
Model OPBOK, eSCM (eSourcing Capability Model)
Author Carnegie Mellon University
Use How to outsource IT & how to manage vendor
Certification: COP Certify Outsourcing Personal
30
Outsourcing & Vendor Management
eSCM eSCM –SP for service provider eSCM – CL for customer
OPBOK Outsourcing Processional Body of Knowledge
31
CustomerModel
VOC Voice of Customer
Author Kano
Use Customer requirement
32
Regularity Compliance กฎหม่ายModel
Sarbanes-Oxley Act SOX 2002
Author US Congress
Use For Board & executive
responsibility
33
Regularity Compliance กฎหม่าย cont. Sarbanes-Oxley Act of 2002 Public Company
Accounting Reform and Investor Protection Act of 2002
SOX or Sarbox Senator Paul Sarbanes (D
-MD) and Representative Michael G. Oxley
SOX Section 404: Assessment of internal control
34
Regularity Compliance กฎหม่าย cont. AS 8000 / AS 8015
Model AS8000 for enterprise governance AS8015 for ICT governance
Author Standard Australia 2003
35
Regularity Compliance กฎหม่าย cont.
Model FDA, FDIC, HIPPA, SEC
Author US government agency
Use Selected industry
36
คนควาติ�อ chapter2 • http://www.sei.cmu.edu/ The Carnegie Mellon Software
Engineering Institute (SEI)• http://www.isaca-bangkok.org/ ส่ม่าคม่ผ3ควบค,ม่แลืะติรวจำส่อบระบบ
ส่ารส่นเที่ศึ-ภัาคพั��นกร,งเที่พัฯ• http://www.aicpa.org/ The American Institute of Certified Public
Accountants (AICPA)• http://aaahq.org/ The American Accounting Association • http://www.gao.gov/ The General Accounting Office (GAO), created by
the Budget and Accounting Act• http://www.pmi.org/ Project management Institute • http://www.ogc.gov.uk/ The Office of Government Commerce (OGC) • http://www.itil-officialsite.com/ is the most widely accepted approach to
IT service management • http://www.kanomodel.com/ Professor Noriaki Kano