it governance framework - ovpue information … it governance framework: oitgf1 05/2016 in addition...
TRANSCRIPT
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
GovernanceFrameworkOVPUEITMAY2016
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
OVPUEITGOVERNANCEFRAMEWORK
OverthenexttwoyearstheITdepartmentintheOfficeoftheViceProvostforUndergraduateEducation(OVPUE)willimplementanITGovernanceFramework(OITGF1)to:
1. advanceITaccountabilityandstrategicalignment;2. optimizeefficiencies,controls,andriskmanagement;3. guaranteequalityofproductsandservices;4. andenhancevaluedelivery
MeasuresarticulatedinOITGF1aregearedtowardsensuringthatOVPUEITworksontherightthings,therightway,doesthemwell,andgetstheintendedbenefits.
GP1:ACCOUNTABILITYANDSTRATEGICALIGNMENT
AligninginvestmentinITwithorganizationalstrategicobjectivesreinforcesIT’saccountabilitytothegoalsoftheorganizationandensuresthattheinstitutionderivesoptimumvalueoutofits investment in information technology. IT resourcesandactivitiesarechanneled towardseffortsthattheinstitutionidentifiesaspriorities,answeringthequestion‘isITworkingontherightthings?’.
Strategic objectives in this context include goals established at Institutional, Campus,ResponsibilityCenter(RC)andProgram/Unit level.Examples includeobjectivespresented inthe Bicentennial Strategic Plan for Indiana University (IU), and IU Bloomington’simplementationofit;thegoalsoftheOfficeoftheViceProvostforUndergraduateEducation(OVPUE); Program Unit strategic objectives, and the IU Strategic Plan for InformationTechnology(ITSP2/EmpoweringPeople).
GP1.1:PROMOTINGSTRATEGICALIGNMENT
Topromotestrategicalignment,projects in ITwill followastructuredprocess that includescompletionofprojectproposalsstatingtheintendedgoalsoftheprojects,andinwhatwaystheproposedprojectsalignwithstrategicobjectives.
AsampleProjectProposalFormforuseindocumentingproposedprojectsisshowninAppendixA.
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
Project alignmentwith strategic objectives, alongside other listed factors,will facilitate theprocess of prioritizing projects. Strategic alignment will also provide validation for why ITinvestmentshouldbemadeintheprojects.
GP1.1.1:ROLEOFOVPUELEADERSHIP
OVPUE leadershipwill appointorendorsemembersofan ITProjectsPrioritizationSteeringCommittee(PSC).ThePrioritizationSteeringCommitteewillcompriseofrepresentativesfromunits in OVPUE, thatwill serve for terms of stipulated lengths. Their taskwill be to assignprioritiestoOVPUEproject-requests,forITprojectsrequiringsignificantdevelopmentwork.
TheparticipationofthePSCwillpromotetransparencyinhowITprojectsareprioritized,andunderscoreOVPUEIT’saccountabilitytotheOVPUEanditsunits.
GP1.1.2:ROLEOFPRIORITIZATIONSTEERINGCOMMITTEE(PSC)
ThePSCwillmeetwiththeDirectorandAssociateDirectorofITquarterlyto:1)obtainfeedbackon IT project-work conducted during the prior quarter, 2) receive updates on progress ofprojectsunderwayinthecurrentquarter,and3)establishprioritiesonprojectsforthenextquarter.
Projectalignmentwithstrategicobjectiveswillbeasignificantfactortoprioritization.AsamplerubricforhowthisalignmentwillbedeterminedisappendedinAppendixA.InformationonproposedprojectswillbesubmittedtothePSC,organizedintherubricformat.DuringthePSCquarterlymeetings,metricswillbeassignedforprojectprioritizations.
GP1.1.3:ROLEOFOVPUEIT
OVPUEITwillworkwithunitsintheprojectproposalcompilationphase,tounderstandtheirneedsandtoprovidesupportincompletingtheprojectproposals.ITwillalsoproposepossiblesolutionsasoptions,giveestimatesoftimeandresourcesrequired,andprovideassessmentsofthefeasibilityofproposals.
InmeetingswiththePSC,theDirectorofITandAssociateDirectorofITwillassistinbringingclaritytowhatproposedprojectswouldentail,aswellashighlightotherextenuatingfactorsthatmaynotbecapturedexplicitlyintheprojectproposaldocumentsunderreview.
GP1.2:PROMOTINGACCOUNTABILITY
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
InadditiontopromotingITaccountabilitythroughaligninginvestmentinITwithstrategicobjectives,OITGF1emphasizesaccountabilitythroughtransparencyandclarityondecision-makinginIT.
GP1.2.1:TRANSPARENCY
ToestablishprogramleadershipthatareinformedonhowOVPUEisleveragingandderivingvalue out of IT, the IT department will issue quarterly communications to unit headshighlightingitsworkduringthepreceding3months.Thecommunicationswilloutlinehowthework alignswith strategic initiatives and goals, aswell aswhat the projectedwork for theensuing3monthswillbe.
ITwillalsomaintainapubliclyaccessiblewebsitewithup-to-dateinformationondevelopment,data,andsupport-relatedprojects.
GP1.2.2:DECISIONMAKING
OITGF1includesanestablishedstructureformakingIT-relateddecisions.ThematrixofwhatrolesmakeeachtypeofdecisionisshowninAppendixB,alongsidethedefinitionofwhateachroleanddecisiondomainentails.
GP2:EFFICIENCY,CONTROLSANDRISKMANAGEMENT
Toanswerthequestion‘isITdoingthingstherightway?’OITGF1mandatestheuseofindustryrecognizedstandards, frameworksandmethodologieswhereapplicable - for formulationofprocessesusedacrossportfoliosinOVPUEIT.OITGF1isitselfframedaftertheCOBITandValITgovernance frameworks, with defined mechanisms for monitoring and evaluating theeffectivenessofthegovernanceprocess.
GP2.1:MANAGINGTHEGOVERNANCEPROCESS
Following the COBIT framework, the IT governance process will itself be managed andmaintainedasfollowsunderOITGF1:
G2.1.1:ESTABLISHEFFECTIVEGOVERNANCEMONITORING
TheValueGovernanceMaturityModel(AppendixC)andtheInvestmentManagementMaturityModel(AppendixD)willbeusedtoidentifythelevelatwhichpracticesinOVPUEalignwithvaluegovernance.The findingsof thismonitoringprocesswill establishabasisuponwhich
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
correctiveactioncanbeappliedtothegovernanceprocessitself,tobuttressareasrequiringattention.
GP2.1.2:CONTINUOUSLYIMPROVEGOVERNANCEPRACTICES
TheValueGovernanceMaturityModelandtheInvestmentManagementMaturityModelwillalso be used to set subsequent goals for value management, based on the findings ofgovernancemonitoringactivitiesandrecommendedactionsteps.TheValITmatrixreferencedin Appendix E will serve as a resource for determining and formulating action steps forimprovingthegovernancepractices.
GP2.1.3:ALIGNANDINTEGRATEGOVERNANCEWITHFINANCIALPLANNING
ThevaluedeliveryofITservicesandproducts,asafactorofthefinancialinvestmentmadeinIT, will remain a core tenet of the governance process. This necessitates structuring of ITactivities in evaluable ways to facilitate detailed analyses of the time spent, and expensesincurred,insupportingdifferentunitsandsoftware,andindevelopingproducts.‘Doingthingstherightway’enlists,asacomponent,anaccountingofIToperationsinfiscalterms.OITGF1mandatestheevaluationofITactivitiesinmonetaryterms.
GP2.2:MANAGINGPORTFOLIOSINOVPUEIT
AppendixFshowsOVPUEIT’sorgchart.Itisstructuredtoprovideservicesthroughfourdistinctportfolios,eachrepresentingareasthatrequirespecializedmeasuresandgovernancecontrols.
TheITportfoliosareasfollows:
GP2.2.1:WebCommunications
The Web Communications portfolio has oversight of websites, multimedia, and socialnetworkingsupportforOVPUEunits.
‘Doing things the right way’ for Web Communications includes conducting projects in astructuredway,wherecollaborationwithstakeholders isvalued. Itfactors inuseofwebsiteframeworks,forefficienciesinproduction;codingandwebstandards;useofestablishedvisualdesignelementsandprinciples,andbestpracticesforinformationarchitecture.
GP2.2.2:SupportServices
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
The Support Services portfolio assumes direct support of OVPUE end-users; vended andOVPUE-developedsoftware;hardware,serverandinfrastructuresupport;andmanagementofOVPUE-widetools,plustheenforcementofpolicies.
‘Doingthingstherightway’forSupportServicesincludesuseofanindustrystandards-basedITsecurityframeworkforriskmitigation,theOVPUEITSecurityFramework(OITSF1)-basedonNIST standards and the UITS IT Security Framework. It also includes a structured changemanagement process, for scheduling and documenting changes to servers and systems; aworkflowforticketing,processingandescalatingrequests;proceduresforaccessgrantingandrevocation;inventoryingofsoftwareandhardware;andadocumentedandregularlyreviseddisasterrecoveryplan(DRP),maintainedinthedesignatedIUReadysystem.
GP2.2.3:ApplicationServices
TheApplicationServicesportfolioenlistsallOVPUE-ownedsoftwareprojects,includingthoseinherited,purchased,orhostedonOVPUEservers.
‘Doing things the rightway’ for Application Services includes use of agilemethodology forsoftware development, use of coding and accessibility standards, building-in adequatesoftware testing into the development process, and using industry recommended DevOpspractices.
GP2.2.4:DataServices
The Data Services portfolio includes services for data reporting; decision support; dataintegrations;andextract,transform,load(ETL)transactionsinsupportofallOVPUEunits.
‘Doingthingstherightway’forDataServicesincludesconductingthenecessarycheckstoverifytheaccuracyofresults.
GP3:QUALITYOFPRODUCTSANDSERVICES
Toensurequalityofproductsandservices,andinresponsetothequestion‘isITdoingthingswell?’, OITGF1 establishes metrics and processes for evaluation of products and services.AppendixGshowsalistofmetricsapplicableforuseduringsuchevaluations.
Periodicsurveyswillbeadministeredforoverallqualitybaselines,andacultureofwelcomingfeedbackfromOVPUEunitswillbenurtured.
Specificmeasuresforeachportfoliowillincludethefollowing:
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
GP3.1:QUALITYOFWEBCOMMUNICATIONSERVICES
The ongoing quality and value metrics for this portfolio include unit satisfaction withdevelopmentandsupportprojects;metricsofoutreachandmultimediacampaigns;usabilityratings andmobile-readiness ratings forwebsites; unit satisfactionwithongoing supportofinformationarchitectureanddesignforwebsitesinmaintenance,andfocusgroupfeedbackonthequalityandusabilityofwebsites.
GP3.2:QUALITYOFSUPPORTSERVICES
Theongoingqualityandvaluemetricsforthisportfolioincludeunitandstaffsatisfactionwithsoftware and hardware support; help-ticket time to completion and time invested incompletion; server availability and performance metrics, and reporting from OVPUE-widesurveys.
GP3.3:QUALITYOFAPPLICATIONSERVICES
Theongoingqualityandvaluemetricsforthisportfolioincludeunitandstaffsatisfactionwithdevelopmentand supportprojects;metricsof addedefficiencies (in timeorexpense) fromsoftware and software improvements; reporting on added efficiencies from reusable code,software, and data; and focus group feedback on the quality and usability of public-facingapplications.
GP3.4:QUALITYOFDATASERVICES
Theongoingqualityandvaluemetricsforthisportfolioincludeunitandstaffsatisfactionwithdataprojects;help-tickettimetocompletionandtimeinvestedincompletion,andreportsontheavailabilityofdatarequiredforbusinessprocesses.
GP4:VALUEDELIVERY
Post product implementation and service delivery evaluations will be conducted to assesswhetherintendedoutcomesforITprojectsandinitiativesweremet.Keytothisassessmentisthe gathering of intended goals for projects during the project-proposal phases ofundertakings.EstablishinghowwellintendedoutcomesweremetformsabasisforevaluatingthevaluedeliveryofITtotheorganization.
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
APPENDIX
APPENDIXA–PROJECTPROPOSALRUBRIC
ProjectDetailsDepartment
Whatarethegoalsoftheproject?Howwillstudents,faculty,andstaffbenefitfromit?Howcanwemeasuresuccessatachievingthesegoals?
StrategicAlignmentHowdoestheprojectalignwiththeIUBicentennialPlanPriorities?
HowdoestheprojectalignwiththeIUBloomingtonBicentennialObjectives?
HowdoestheprojectalignwithOVPUEstrategicobjectives?
HowdoestheprojectalignwithUnitobjectives?
OtherFactors(Y/N)InnovativeIdea(stayingaheadofindustry)?
InnovativeIdea(keepingupwithindustry)?
TimeSavings?
CostSavings?
CustomerExperienceImprovement?
ReputationImprovement?
ProposalSpecifics
ProjectNameandVersionNumber:
Department:
ProjectManager:
MeetingsWillInclude:
OptimalReleaseDate:
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
AcceptableReleaseDates:
ProjectType:(NewDevelopmentProject,ModificationtoExistingDevelopmentProject,NewVersionofExistingDevelopmentProject,DecommissionProject,ImplementationofLicensedSoftware/ApplicationProject
Documentation/EstablishingMetricsonExistingProject)
OVPUEITDetails
DevelopmentTimeEstimate:(inperson-weeks)
DevelopmentCostEstimate:(person-weeks*$1.7k+additionalcosts)
MaintenanceEstimates
DataClassification
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
APPENDIXB–ITGOVERNANCEMATRIX
ITDECISIONDOMIAN
GOVERNANCEARCHETYPE Principles Architecture InfrastructureStrategies
BusinessApplication
NeedsInvestment Operations
OVPUELeadership
ITLeadership
OVPUEUnits
ITLeadershipANDOVPUEUnits
ITProfessionals
ITDECISIONDOMAINS
PRINCIPLES: WhattheroleofITintheorganizationis;HowtheIToperationwillbefunded
ARCHITECTURE: Underlyingmodels/designsforfacilitatingaconsistentandcoherentapproachtodelivery
ofITcapabilitiesinsupportofbusinessprocessesacrosstheorganization.Thisreferences
ITarchitectureandnotthesystemsarchitectureofparticularsystemsandapplications.
INFRASTRUCTURESTRATEGIES: Strategiesforwhatinfrastructuretoleverageacrosstheorganizationtoimplementand
supportthearticulatedITarchitecture
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
BUSINESSAPPLICATIONNEEDS: Specificationsforapplicationsrequiredforbusinessprocessesthatstandard/available
applicationsfailtomeet
INVESTMENT: HowinvestmentinITportfoliosandininitiativesacrosstheorganizationisdistributed
OPERATIONS: Execution/implementation-leveldecisionmaking
GOVERNANCEARCHTYPE
OVPUELEADERSHIP: BusinessMonarchy-TheleadershipoftheOfficeoftheViceProvostforUndergraduate
Education
ITLEADERSHIP: ITMonarchy-ITleadershipintheOfficeoftheViceProvostforUndergraduateEducation
OVPUEUNITS: Federal-Theacademic/businessunitsoftheOfficeoftheViceProvostforUndergraduate
Education
ITLEADERSHIPANDOVPUEUNITS: ITDuopoly-ITleadershipincollaborationwithacademic/businessunits
ITPROFESSIONALS: Feudal-ITprofessionalsresponsibleforcarryingoutIToperation
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
APPENDIXC–VALUEGOVERNANCEMATURITYMODEL
Page26-Resource:https://www.isaca.org/Knowledge-Center/Val-IT-IT-Value-Delivery-/Documents/Val-IT-Getting-Started-Jul-2008.pdf
APPENDIXD–INVESTMENTMANAGEMENTMATURITYMODEL
Page 28 - Resource: https://www.isaca.org/Knowledge-Center/Val-IT-IT-Value-Delivery-/Documents/Val-IT-Getting-Started-Jul-2008.pdf
APPENDIXE–APPROACHESFORADDRESSINGGOVERNANCEDEFICITS
Page 20 – Resource: https://www.isaca.org/Knowledge-Center/Val-IT-IT-Value-Delivery-/Documents/Val-IT-Getting-Started-Jul-2008.pdf
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
APPENDIXF–OVPUEITORG-CHART
DirectorofIT
AnesuChaora
SupportServicesLead/Manager
LesaWilliams
ServerAdmin/UserAnalyst
ZenonMontanez
Software/TechnologySpecialist/UserAnalyst
ShaneKearney
Software/TechnologySpecialist/UserAnalyst
ChrisAnderson
DataServicesLead/Manager
GulshanPatil
DataSpecialist(Hourly)
DimitarNikolov
ApplicationServicesLead/AssociateDirectorofIT
ClintonMcKay
Programmer/Analyst
DavidWacukauski
Programmer/Analyst
BenMartin
WebCommunicationsLead/Manager
MatthewBerry
WebDeveloper
NathanRodriguez
InteractionDesigner
RachelO'Connor
OVPUEITGOVERNANCEFRAMEWORK:OITGF1 05/2016
APPENDIXG–PROJECTEVALUATION
1. Matchbetweenappandtherealworld
2. Aesthetic3. Minimalistdesign4. Pleasurableinteraction5. Respectfulinteraction6. Consistency7. Safety8. Utility9. Taskmigratability10. Taskconformance11. Effectiveness,efficiency12. Effort
13. Easeoflearning(theuser)14. Taskefficiency15. Easeofremembering16. Understandability17. Subjectivesatisfaction18. Robustness19. Learnability(oftheapp,nottheuser!)20. Generalizability21. Simplicity22. Feedback23. Responsiveness24. Recoverability25. Others!Discuss.