it governance framework - ovpue information … it governance framework: oitgf1 05/2016 in addition...

OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016

GovernanceFrameworkOVPUEITMAY2016


OVPUEITGOVERNANCEFRAMEWORK

OverthenexttwoyearstheITdepartmentintheOfficeoftheViceProvostforUndergraduateEducation(OVPUE)willimplementanITGovernanceFramework(OITGF1)to:

1. advanceITaccountabilityandstrategicalignment;2. optimizeefficiencies,controls,andriskmanagement;3. guaranteequalityofproductsandservices;4. andenhancevaluedelivery

MeasuresarticulatedinOITGF1aregearedtowardsensuringthatOVPUEITworksontherightthings,therightway,doesthemwell,andgetstheintendedbenefits.

GP1:ACCOUNTABILITYANDSTRATEGICALIGNMENT

AligninginvestmentinITwithorganizationalstrategicobjectivesreinforcesIT’saccountabilitytothegoalsoftheorganizationandensuresthattheinstitutionderivesoptimumvalueoutofits investment in information technology. IT resourcesandactivitiesarechanneled towardseffortsthattheinstitutionidentifiesaspriorities,answeringthequestion‘isITworkingontherightthings?’.

Strategic objectives in this context include goals established at Institutional, Campus,ResponsibilityCenter(RC)andProgram/Unit level.Examples includeobjectivespresented inthe Bicentennial Strategic Plan for Indiana University (IU), and IU Bloomington’simplementationofit;thegoalsoftheOfficeoftheViceProvostforUndergraduateEducation(OVPUE); Program Unit strategic objectives, and the IU Strategic Plan for InformationTechnology(ITSP2/EmpoweringPeople).

GP1.1:PROMOTINGSTRATEGICALIGNMENT

Topromotestrategicalignment,projects in ITwill followastructuredprocess that includescompletionofprojectproposalsstatingtheintendedgoalsoftheprojects,andinwhatwaystheproposedprojectsalignwithstrategicobjectives.

AsampleProjectProposalFormforuseindocumentingproposedprojectsisshowninAppendixA.


Project alignmentwith strategic objectives, alongside other listed factors,will facilitate theprocess of prioritizing projects. Strategic alignment will also provide validation for why ITinvestmentshouldbemadeintheprojects.

GP1.1.1:ROLEOFOVPUELEADERSHIP

OVPUE leadershipwill appointorendorsemembersofan ITProjectsPrioritizationSteeringCommittee(PSC).ThePrioritizationSteeringCommitteewillcompriseofrepresentativesfromunits in OVPUE, thatwill serve for terms of stipulated lengths. Their taskwill be to assignprioritiestoOVPUEproject-requests,forITprojectsrequiringsignificantdevelopmentwork.

TheparticipationofthePSCwillpromotetransparencyinhowITprojectsareprioritized,andunderscoreOVPUEIT’saccountabilitytotheOVPUEanditsunits.

GP1.1.2:ROLEOFPRIORITIZATIONSTEERINGCOMMITTEE(PSC)

ThePSCwillmeetwiththeDirectorandAssociateDirectorofITquarterlyto:1)obtainfeedbackon IT project-work conducted during the prior quarter, 2) receive updates on progress ofprojectsunderwayinthecurrentquarter,and3)establishprioritiesonprojectsforthenextquarter.

Projectalignmentwithstrategicobjectiveswillbeasignificantfactortoprioritization.AsamplerubricforhowthisalignmentwillbedeterminedisappendedinAppendixA.InformationonproposedprojectswillbesubmittedtothePSC,organizedintherubricformat.DuringthePSCquarterlymeetings,metricswillbeassignedforprojectprioritizations.

GP1.1.3:ROLEOFOVPUEIT

OVPUEITwillworkwithunitsintheprojectproposalcompilationphase,tounderstandtheirneedsandtoprovidesupportincompletingtheprojectproposals.ITwillalsoproposepossiblesolutionsasoptions,giveestimatesoftimeandresourcesrequired,andprovideassessmentsofthefeasibilityofproposals.

InmeetingswiththePSC,theDirectorofITandAssociateDirectorofITwillassistinbringingclaritytowhatproposedprojectswouldentail,aswellashighlightotherextenuatingfactorsthatmaynotbecapturedexplicitlyintheprojectproposaldocumentsunderreview.

GP1.2:PROMOTINGACCOUNTABILITY


InadditiontopromotingITaccountabilitythroughaligninginvestmentinITwithstrategicobjectives,OITGF1emphasizesaccountabilitythroughtransparencyandclarityondecision-makinginIT.

GP1.2.1:TRANSPARENCY

ToestablishprogramleadershipthatareinformedonhowOVPUEisleveragingandderivingvalue out of IT, the IT department will issue quarterly communications to unit headshighlightingitsworkduringthepreceding3months.Thecommunicationswilloutlinehowthework alignswith strategic initiatives and goals, aswell aswhat the projectedwork for theensuing3monthswillbe.

ITwillalsomaintainapubliclyaccessiblewebsitewithup-to-dateinformationondevelopment,data,andsupport-relatedprojects.

GP1.2.2:DECISIONMAKING

OITGF1includesanestablishedstructureformakingIT-relateddecisions.ThematrixofwhatrolesmakeeachtypeofdecisionisshowninAppendixB,alongsidethedefinitionofwhateachroleanddecisiondomainentails.

GP2:EFFICIENCY,CONTROLSANDRISKMANAGEMENT

Toanswerthequestion‘isITdoingthingstherightway?’OITGF1mandatestheuseofindustryrecognizedstandards, frameworksandmethodologieswhereapplicable - for formulationofprocessesusedacrossportfoliosinOVPUEIT.OITGF1isitselfframedaftertheCOBITandValITgovernance frameworks, with defined mechanisms for monitoring and evaluating theeffectivenessofthegovernanceprocess.

GP2.1:MANAGINGTHEGOVERNANCEPROCESS

Following the COBIT framework, the IT governance process will itself be managed andmaintainedasfollowsunderOITGF1:

G2.1.1:ESTABLISHEFFECTIVEGOVERNANCEMONITORING

TheValueGovernanceMaturityModel(AppendixC)andtheInvestmentManagementMaturityModel(AppendixD)willbeusedtoidentifythelevelatwhichpracticesinOVPUEalignwithvaluegovernance.The findingsof thismonitoringprocesswill establishabasisuponwhich


correctiveactioncanbeappliedtothegovernanceprocessitself,tobuttressareasrequiringattention.

GP2.1.2:CONTINUOUSLYIMPROVEGOVERNANCEPRACTICES

TheValueGovernanceMaturityModelandtheInvestmentManagementMaturityModelwillalso be used to set subsequent goals for value management, based on the findings ofgovernancemonitoringactivitiesandrecommendedactionsteps.TheValITmatrixreferencedin Appendix E will serve as a resource for determining and formulating action steps forimprovingthegovernancepractices.

GP2.1.3:ALIGNANDINTEGRATEGOVERNANCEWITHFINANCIALPLANNING

ThevaluedeliveryofITservicesandproducts,asafactorofthefinancialinvestmentmadeinIT, will remain a core tenet of the governance process. This necessitates structuring of ITactivities in evaluable ways to facilitate detailed analyses of the time spent, and expensesincurred,insupportingdifferentunitsandsoftware,andindevelopingproducts.‘Doingthingstherightway’enlists,asacomponent,anaccountingofIToperationsinfiscalterms.OITGF1mandatestheevaluationofITactivitiesinmonetaryterms.

GP2.2:MANAGINGPORTFOLIOSINOVPUEIT

AppendixFshowsOVPUEIT’sorgchart.Itisstructuredtoprovideservicesthroughfourdistinctportfolios,eachrepresentingareasthatrequirespecializedmeasuresandgovernancecontrols.

TheITportfoliosareasfollows:

GP2.2.1:WebCommunications

The Web Communications portfolio has oversight of websites, multimedia, and socialnetworkingsupportforOVPUEunits.

‘Doing things the right way’ for Web Communications includes conducting projects in astructuredway,wherecollaborationwithstakeholders isvalued. Itfactors inuseofwebsiteframeworks,forefficienciesinproduction;codingandwebstandards;useofestablishedvisualdesignelementsandprinciples,andbestpracticesforinformationarchitecture.

GP2.2.2:SupportServices


The Support Services portfolio assumes direct support of OVPUE end-users; vended andOVPUE-developedsoftware;hardware,serverandinfrastructuresupport;andmanagementofOVPUE-widetools,plustheenforcementofpolicies.

‘Doingthingstherightway’forSupportServicesincludesuseofanindustrystandards-basedITsecurityframeworkforriskmitigation,theOVPUEITSecurityFramework(OITSF1)-basedonNIST standards and the UITS IT Security Framework. It also includes a structured changemanagement process, for scheduling and documenting changes to servers and systems; aworkflowforticketing,processingandescalatingrequests;proceduresforaccessgrantingandrevocation;inventoryingofsoftwareandhardware;andadocumentedandregularlyreviseddisasterrecoveryplan(DRP),maintainedinthedesignatedIUReadysystem.

GP2.2.3:ApplicationServices

TheApplicationServicesportfolioenlistsallOVPUE-ownedsoftwareprojects,includingthoseinherited,purchased,orhostedonOVPUEservers.

‘Doing things the rightway’ for Application Services includes use of agilemethodology forsoftware development, use of coding and accessibility standards, building-in adequatesoftware testing into the development process, and using industry recommended DevOpspractices.

GP2.2.4:DataServices

The Data Services portfolio includes services for data reporting; decision support; dataintegrations;andextract,transform,load(ETL)transactionsinsupportofallOVPUEunits.

‘Doingthingstherightway’forDataServicesincludesconductingthenecessarycheckstoverifytheaccuracyofresults.

GP3:QUALITYOFPRODUCTSANDSERVICES

Toensurequalityofproductsandservices,andinresponsetothequestion‘isITdoingthingswell?’, OITGF1 establishes metrics and processes for evaluation of products and services.AppendixGshowsalistofmetricsapplicableforuseduringsuchevaluations.

Periodicsurveyswillbeadministeredforoverallqualitybaselines,andacultureofwelcomingfeedbackfromOVPUEunitswillbenurtured.

Specificmeasuresforeachportfoliowillincludethefollowing:


GP3.1:QUALITYOFWEBCOMMUNICATIONSERVICES

The ongoing quality and value metrics for this portfolio include unit satisfaction withdevelopmentandsupportprojects;metricsofoutreachandmultimediacampaigns;usabilityratings andmobile-readiness ratings forwebsites; unit satisfactionwithongoing supportofinformationarchitectureanddesignforwebsitesinmaintenance,andfocusgroupfeedbackonthequalityandusabilityofwebsites.

GP3.2:QUALITYOFSUPPORTSERVICES

Theongoingqualityandvaluemetricsforthisportfolioincludeunitandstaffsatisfactionwithsoftware and hardware support; help-ticket time to completion and time invested incompletion; server availability and performance metrics, and reporting from OVPUE-widesurveys.

GP3.3:QUALITYOFAPPLICATIONSERVICES

Theongoingqualityandvaluemetricsforthisportfolioincludeunitandstaffsatisfactionwithdevelopmentand supportprojects;metricsof addedefficiencies (in timeorexpense) fromsoftware and software improvements; reporting on added efficiencies from reusable code,software, and data; and focus group feedback on the quality and usability of public-facingapplications.

GP3.4:QUALITYOFDATASERVICES

Theongoingqualityandvaluemetricsforthisportfolioincludeunitandstaffsatisfactionwithdataprojects;help-tickettimetocompletionandtimeinvestedincompletion,andreportsontheavailabilityofdatarequiredforbusinessprocesses.

GP4:VALUEDELIVERY

Post product implementation and service delivery evaluations will be conducted to assesswhetherintendedoutcomesforITprojectsandinitiativesweremet.Keytothisassessmentisthe gathering of intended goals for projects during the project-proposal phases ofundertakings.EstablishinghowwellintendedoutcomesweremetformsabasisforevaluatingthevaluedeliveryofITtotheorganization.


APPENDIX

APPENDIXA–PROJECTPROPOSALRUBRIC

ProjectDetailsDepartment

Whatarethegoalsoftheproject?Howwillstudents,faculty,andstaffbenefitfromit?Howcanwemeasuresuccessatachievingthesegoals?

StrategicAlignmentHowdoestheprojectalignwiththeIUBicentennialPlanPriorities?

HowdoestheprojectalignwiththeIUBloomingtonBicentennialObjectives?

HowdoestheprojectalignwithOVPUEstrategicobjectives?

HowdoestheprojectalignwithUnitobjectives?

OtherFactors(Y/N)InnovativeIdea(stayingaheadofindustry)?

InnovativeIdea(keepingupwithindustry)?

TimeSavings?

CostSavings?

CustomerExperienceImprovement?

ReputationImprovement?

ProposalSpecifics

ProjectNameandVersionNumber:

Department:

ProjectManager:

MeetingsWillInclude:

OptimalReleaseDate:


AcceptableReleaseDates:

ProjectType:(NewDevelopmentProject,ModificationtoExistingDevelopmentProject,NewVersionofExistingDevelopmentProject,DecommissionProject,ImplementationofLicensedSoftware/ApplicationProject

Documentation/EstablishingMetricsonExistingProject)

OVPUEITDetails

DevelopmentTimeEstimate:(inperson-weeks)

DevelopmentCostEstimate:(person-weeks*$1.7k+additionalcosts)

MaintenanceEstimates

DataClassification


APPENDIXB–ITGOVERNANCEMATRIX

ITDECISIONDOMIAN

GOVERNANCEARCHETYPE Principles Architecture InfrastructureStrategies

BusinessApplication

NeedsInvestment Operations

OVPUELeadership

ITLeadership

OVPUEUnits

ITLeadershipANDOVPUEUnits

ITProfessionals

ITDECISIONDOMAINS

PRINCIPLES: WhattheroleofITintheorganizationis;HowtheIToperationwillbefunded

ARCHITECTURE: Underlyingmodels/designsforfacilitatingaconsistentandcoherentapproachtodelivery

ofITcapabilitiesinsupportofbusinessprocessesacrosstheorganization.Thisreferences

ITarchitectureandnotthesystemsarchitectureofparticularsystemsandapplications.

INFRASTRUCTURESTRATEGIES: Strategiesforwhatinfrastructuretoleverageacrosstheorganizationtoimplementand

supportthearticulatedITarchitecture


BUSINESSAPPLICATIONNEEDS: Specificationsforapplicationsrequiredforbusinessprocessesthatstandard/available

applicationsfailtomeet

INVESTMENT: HowinvestmentinITportfoliosandininitiativesacrosstheorganizationisdistributed

OPERATIONS: Execution/implementation-leveldecisionmaking

GOVERNANCEARCHTYPE

OVPUELEADERSHIP: BusinessMonarchy-TheleadershipoftheOfficeoftheViceProvostforUndergraduate

Education

ITLEADERSHIP: ITMonarchy-ITleadershipintheOfficeoftheViceProvostforUndergraduateEducation

OVPUEUNITS: Federal-Theacademic/businessunitsoftheOfficeoftheViceProvostforUndergraduate

Education

ITLEADERSHIPANDOVPUEUNITS: ITDuopoly-ITleadershipincollaborationwithacademic/businessunits

ITPROFESSIONALS: Feudal-ITprofessionalsresponsibleforcarryingoutIToperation


APPENDIXC–VALUEGOVERNANCEMATURITYMODEL

Page26-Resource:https://www.isaca.org/Knowledge-Center/Val-IT-IT-Value-Delivery-/Documents/Val-IT-Getting-Started-Jul-2008.pdf

APPENDIXD–INVESTMENTMANAGEMENTMATURITYMODEL

Page 28 - Resource: https://www.isaca.org/Knowledge-Center/Val-IT-IT-Value-Delivery-/Documents/Val-IT-Getting-Started-Jul-2008.pdf

APPENDIXE–APPROACHESFORADDRESSINGGOVERNANCEDEFICITS

Page 20 – Resource: https://www.isaca.org/Knowledge-Center/Val-IT-IT-Value-Delivery-/Documents/Val-IT-Getting-Started-Jul-2008.pdf


APPENDIXF–OVPUEITORG-CHART

DirectorofIT

AnesuChaora

SupportServicesLead/Manager

LesaWilliams

ServerAdmin/UserAnalyst

ZenonMontanez

Software/TechnologySpecialist/UserAnalyst

ShaneKearney

Software/TechnologySpecialist/UserAnalyst

ChrisAnderson

DataServicesLead/Manager

GulshanPatil

DataSpecialist(Hourly)

DimitarNikolov

ApplicationServicesLead/AssociateDirectorofIT

ClintonMcKay

Programmer/Analyst

DavidWacukauski

Programmer/Analyst

BenMartin

WebCommunicationsLead/Manager

MatthewBerry

WebDeveloper

NathanRodriguez

InteractionDesigner

RachelO'Connor


APPENDIXG–PROJECTEVALUATION

1. Matchbetweenappandtherealworld

2. Aesthetic3. Minimalistdesign4. Pleasurableinteraction5. Respectfulinteraction6. Consistency7. Safety8. Utility9. Taskmigratability10. Taskconformance11. Effectiveness,efficiency12. Effort

13. Easeoflearning(theuser)14. Taskefficiency15. Easeofremembering16. Understandability17. Subjectivesatisfaction18. Robustness19. Learnability(oftheapp,nottheuser!)20. Generalizability21. Simplicity22. Feedback23. Responsiveness24. Recoverability25. Others!Discuss.