360 likes | 560 Views
Chapter 2 Reference Models , Standards & Frameworks. Learning Objectives. IT Governance frameworks Related industry standards, guideline Maturity model, reference การเลือกใช้งาน framework . ข้อจำกัดของ model, standard, framework. ส่วนใหญ่ ไม่ครบวงจร ไม่มี How to Process Template
E N D
Learning Objectives • IT Governance frameworks • Related industry standards, guideline • Maturity model, reference • การเลือกใช้งาน framework
ข้อจำกัดของ model, standard, framework • ส่วนใหญ่ ไม่ครบวงจร • ไม่มี How to • Process • Template • Checklist • Tools • Too flexible / too rigid
Integrated IT Governance Framework • Philosophy • Key issue • Legal • Maturity • Culture
เนื้อหาสำคัญและจำเป็นใน Framework / Model(from chapter1) • Business plan • IT plan ที่สัมพันธ์กับ ข้อ 1 , investment port folio • การนำ IT plan ไปปฏิบัติ, ความเสี่ยง, ภัย • ประสิทธิภาพ ตัวควบคุม ตัววัด • Vendor & Outsourcing • IT People, process improvement
International Standards & Frameworks:Focus Areas • IT Governance – General • Project management • System/Software development • Quality/Security • IT Operations & Infrastructure More….
International Standards & Frameworks:Focus Areascont. • Human Resources • Performance measurement • Regulatory Compliance • Outsourcing & Vendor management • Voice of Customer
IT Governance -General • Model Name • CObit • Author • ITGI/ Well & Ross / U of Holland v4.1 2007 • Use • A framework which links IT process • Decision maker • Certification: CISA/ CISM
IT Governance –Generalcont. • Model name • COSO internal control framework • Author • COSO Comittee of Sponsoring Organsations of Tredway Comission, AICPA, AAA • Use • Reliability of financial statement
COSO • Consists of 5 components • Control environment • Risk assessment • Control activities • Information & communications • Monitoring
Project Management • Model • IT Investment Management (ITIM) • Author • General Account Office (GAO) of US Government • Use • Evaluate select & prioritize IT investment
Project Management cont. • Model • PMBOK – Project Mamangement Book of Knowledge • OPM3 Organizational PM Maturity Model • Author • Project Management Institute PMI, 2004 • Use • 9 Knowledge & 5 Processes areas of PM • Tool for self assessment PM maturity • Certification • PMP Project Management Professional
Project Management cont. • Model • PMMM – PM Maturity Model • blends PMBOK with CMMI • Author • Crawford 2002 • Use • Map CMMI to PMBOK to provide PM maturity roadmap
Project Management cont. • Model • PRINCE2 • Author • Central Computer and Telecommunications Agency (CCTA) or Office of Government Commerce (OGC) • Use • UK Government application development
System / Software Development • Model • Capability Maturity Model Integration (CMMI) • Author • SEI / Carnegie Melon University 2002, 2005 • Use • 5 stage maturity acquisition / system & software development • Certification • Organization: Level of maturity
Quality /Securitycont. • Model • ISO 9001 • Author • Motorola & GE (ร่วมกันศึกษา) • Use • Quality management policy
8 Quality principle ISO 9001-2000 • Customer • Leadership • People • Process approach • System approach (inter-process) • Continuous Improvement • Decision on facts • Supplier management
Quality /Security • Model • Six sigma, Lean, Baldridge Quality Award • Author • Motorola & GE • Use • Reduce error & defect • Certification: black belt
Quality /Securitycont. • Model • ISO 17799 • ISO27001 implementation guideline for 17799 • Author • ISO 2005 • Use • IT security model • Certification organizational level
ISO 17799 & 27001 • 17799 Plan-Do-Check-Act (PDCA model) • Plan • Do: implement / operated /maintained • Check: monitored/measured/ audited/reviewed • Act: improved • 11 security policy domains
IT Operation & Infrastructure • Model • ISO 20000 • Author • ITSMF IT Service Management Forum V2 2002 • Use • 10 processes of IT service management
ISO 20000 • Key Process • Service Level Management SLM • Service delivery • Relationship management (supplier) • Resolution management (Problem) • Control & release (Config & change)
IT Operation & Infrastructure • Model • ITIL IT Infrastructure Library v2 v3 • Author • CCTA , APMG Accrediting Professional Management group 2007 • Use • 10 processes of IT service management
Human Resource • Model • P-CMM people capability maturity model • Author • SEI software engineering institute, Carnegie Mellon University • Use • Advancing people & competencies
Model Balance Scored Card, Critical success Factor Author Kaplan & Norton, Cattuci, Rockhart Use วัดผลของความสำเร็จด้วย กลยุทธ์ Performance management
Outsourcing & Vendor Management • Model • OPBOK, eSCM (eSourcing Capability Model) • Author • Carnegie Mellon University • Use • How to outsource IT & how to manage vendor • Certification: COP Certify Outsourcing Personal
Outsourcing & Vendor Management • eSCM • eSCM –SP for service provider • eSCM – CL for customer • OPBOK Outsourcing Processional Body of Knowledge
Customer • Model • VOC Voice of Customer • Author • Kano • Use • Customer requirement
Regularity Compliance กฎหมาย • Model • Sarbanes-Oxley Act SOX 2002 • Author • US Congress • Use • For Board & executive responsibility
Regularity Compliance กฎหมาย cont.Sarbanes-Oxley Act of 2002 • Public Company Accounting Reform and Investor Protection Act of 2002 • SOX or Sarbox • Senator Paul Sarbanes (D-MD) and Representative Michael G. Oxley • SOX Section 404: Assessment of internal control
Regularity Compliance กฎหมาย cont. AS 8000 / AS 8015 • Model • AS8000 for enterprise governance • AS8015 for ICT governance • Author • Standard Australia 2003
Regularity Compliance กฎหมาย cont. • Model • FDA, FDIC, HIPPA, SEC • Author • US government agency • Use • Selected industry
ค้นคว้าต่อ chapter2 • http://www.sei.cmu.edu/The Carnegie Mellon Software Engineering Institute (SEI) • http://www.isaca-bangkok.org/ สมาคมผู้ควบคุมและตรวจสอบระบบสารสนเทศ-ภาคพื้นกรุงเทพฯ • http://www.aicpa.org/ The American Institute of Certified Public Accountants (AICPA) • http://aaahq.org/ The American Accounting Association • http://www.gao.gov/ The General Accounting Office (GAO), created by the Budget and Accounting Act • http://www.pmi.org/ Project management Institute • http://www.ogc.gov.uk/ The Office of Government Commerce (OGC) • http://www.itil-officialsite.com/ is the most widely accepted approach to IT service management • http://www.kanomodel.com/ Professor Noriaki Kano