From Value Governance To Benefits Realization In A Controlled Environment
1. IT GOVERNANCE: From Value
Governance to Benefits
Realization in a Controlled
Environment
George Papoulias, CISA, CGEIT, CRISC
Senior Project Manager
National Bank of Greece
2. PRESENTATION OUTLINE
•Essential Concepts
•ISACA’S Frameworks Relationships
AN OVERVIEW OF THE •COBIT5 Overview
ENTERPRISE •COBIT Mappings
GOVERNANCE OF IT
•ITGI’s Val IT Framework
•Key Terms
•Goals & Objectives
•Why Val IT?
•Synergies between Val IT and Cobit 4.1
THE VAL IT
FRAMEWORK
•How Val IT Works
•Key Terms and Principles
•Val IT Domains & Processes
•The Business Case
•Projects, Programs, and Portfolios Defintions
•IT Project Portfolio Categorization
BENEFITS RELEASATION •PM Guide Process and Mapping to SDLC
THROUGH IT •SDLC Guide
GOVERNANCE
•IT Governance Supporting Tools
•A Structured Approach
•The Challenge
CONCLUSION
•The Ingredients of Success
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 2
3. ENTERPRISE GOVERNANCE DRIVES IT GOVERNANCE
• Enterprise governance
is about:
Conformance
• Adhering to legislation, internal Performance
policies, audit requirements, etc.
Conformance
Performance
• Improving profitability, efficiency,
effectiveness, growth, etc.
Enterprise governance and IT governance require a balance between
conformance and performance goals directed by the board.
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 3
4. WITHOUT EFFECTIVE GOVERNANCE
Situation Leads to.. Results in..
Budget overruns
Reluctance to say no
to projects Project delays
Too many projects
Business needs
Lack of Strategic Focus
not met
Benefits not
Can‟t kill projects received
Quality of execution
Projects are “sold” on
suffers
Increased
emotional basis -- not
selected
Complexity
Sub-optimal
Underestimation of use of
risks and costs
No strong review process resources
Finger pointing
Overemphasis on
Financial ROI Projects not aligned to
strategy Lack of
No clear strategic confidence (in
criteria for
selection
George Papoulias IT)
7 December 2011 Senior Project Manager 4
National Bank of Greece Source: Fujitsu
5. What is IT Governance?
ITGI defines enterprise governance of IT as:
The set of responsibilities—as well as the leadership and organizational
structures and processes—exercised by the board of directors and executive
management to ensure that IT creates value for the enterprise. An integral part
of overall enterprise governance, enterprise governance of IT ensures that IT
sustains and extends the enterprise’s evolving objectives and strategies.
Source: IT Governance Institute, Board Briefing on IT Governance
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 5
6. Relationship Between IT Governance and IT Management
The scope if IT Governance involves setting objectives, providing direction end evaluating performance
The scope of IT Management involves translating the direction already set in the strategy,
implementing the strategy (translating the strategy into action) and measuring and reporting on
performance
IT GOVENANCE
Set objectives
* IT is aligned with the business
* IT enables the business and maximizes benefits
VAL IT RISK IT
* IT resources are used responsibly
* It related risks are managed appropriately
Evaluate Provide
Performance Direction
Measure and
Translate into
Report
Strategy
Performance
COBIT
Translate Strategy into Action
* Increase automation(make the business effective)
* Decrease cost (make the business efficient)
Source:
Courtesy of
Erik
* Manage Risks (Security, Reliability and Compliance) Guldentops,
EG Consult,
IT MANAGEMENT Belgium
George Papoulias
7 December 2011 Senior Project Manager 6
National Bank of Greece
7. Enterprise Governance of IT Focus Areas
According to the IT Governance Institute the Enterprise
Governance of IT has been subdivided into five focus areas:
IT
GOVERNANCE
RESOURCE
MANAGEMENT
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 7
8. IT Governance Focus Areas
Strategic alignment, focuses on ensuring the linkage of business and IT plan; on
defining, maintaining and validating the IT value proposition; on aligning IT operations
with the enterprise operations; and establishing collaborative solutions to
• Add value and competitive positioning to the enterprise’s products and services
• Contain costs while improving administrative efficiency and managerial effectiveness
Va
gic nt De lue
te liv
ra me
t n er
S ig y
A l
IT
Governance
ent
Perf sureme
Mea
Mea
erfo remen
Domains
agem
Man isk
orm
rma
u
R
ance t
ce
Resource
t
Management
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 8
9. IT Governance Focus Areas
Value delivery is about executing the value proposition throughout the delivery cycle,
ensuring that IT delivers the promised benefits against the strategy, concentrating on
optimising expenses and proving the value of IT, and on controlling projects and
operational processes with practices that increase the probability of success (quality,
risk, time, budget, cost, etc)
V
gic De alue
te ent liv
ra er
St ignm y
Al IT
Governance
ent
Perf sureme
Mea
Mea
erfo remen
Domains
agem
Man isk
orm
rma
u
R
ance t
ce
Resource
t
Management
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 9
10. IT Governance Focus Areas
Risk management requires risk awareness of senior corporate officers, a clear under-
standing of the enterprise’s appetite for risk and transparency about the significant
risks to the enterprise; it embeds risk management responsibilities in the operation of
the enterprise and specifically addresses the safeguarding of IT assets, disaster
recovery and continuity of operations
Va
gic nt De lue
te liv
tra nme
S ig er
y
Al IT
Governance
ent
Perf s rem
Perf sureme
Mea
Mea
Domains
agem
Man isk
orm
orm
R
ance t
ance t
Resource
n
n
Management
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 10
11. IT Governance Focus Areas
Resource management covers the optimal investment, use and allocation of IT
resources and capabilities (people, applications, technology, facilities, data) in servicing
the needs of the enterprise, maximising the efficiency of these assets and optimising
their costs, and specifically focusses on optimising knowledge and the IT infrastructure
and on where and how to outsource
Va
gic nt De lue
te liv
ra me
t n er
S ig y
A l
IT
Governance
ent
Perf s rem
Perf sureme
Me
Mea
Domains
agem
Man isk
orm
orm
R
ance t
ance t
Resource
n
n
Management
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 11
12. IT Governance Focus Areas
Performance measurement, tracking project delivery and monitoring IT services, using
balanced scorecards that translate strategy into action to achieve goals measurable
beyond conventional accounting, measuring those relationships and knowledgebased
assets necessary to compete in the information age: customer focus, process efficiency
and the ability to learn and grow.
Va
gic nt De lue
te liv
tra nme
S ig er
y
Al IT
Governance
ent
Perf sure
Perf sureme
Me
Mea
Domains
agem
Man isk
orm
orm
R
ance t
ance t
Resource
n
n
Management
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.24, 2008, ITGI
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 12
13. Relationships amongst CobiT, Val IT and Risk IT
ITGI’s guidance, centered on the
COBIT, Val IT and Risk IT
frameworks, enables enterprise
directors and managers to better
understand how to direct and
manage the enterprise’s use of IT
and the standard of good practice
to be expected from IT providers.
COBIT, Val IT and Risk IT provide
the tools to direct and oversee all
IT-related activities.
Source: The Risk IT Framework, Executive Summary, p.7, 2008, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 13
14. Comparing how COBIT and Val IT focus on governance,
processes and portfolios further helps to understand the
relationship between the two frameworks as shown in figure
15.
Source: Enterprise Value: Governance of IT Investments, The Val It Framework 2.0, p.25, 2008, ITGI
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 14
15. Integration of CobiT 4.1,Val IT 2.0 and Risk IT into COBIT 5
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 15
16. ISACA’s COBIT5 Framework
• COBIT 5 is a governance and management framework for information
and related technology that starts from stakeholder needs with regard
to information and technology.
• COBIT 5 is complete in enterprise coverage, providing a basis to
integrate effectively other frameworks, standards and practices used.
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 16
17. COBIT 5 Process Reference Model
Governance and Management Processes
One of the guiding principles in COBIT is the distinction made between governance and management. In line with this principle, every organisation would be
expected to implement a number of governance processes and a number of management processes in order to provide comprehensive governance and
management of enterprise IT.
When considering processes for governance and management in the context of the enterprise, the difference between types of processes lies into the
objectives of the processes:
• Governance processes—Governance processes will deal with the governance objectives—value delivery, risk management and resource balancing—and will
include practices and activities aimed at evaluating strategic options,providing direction to IT and monitoring the outcome. (EDM—in line with the ISO/IEC
38500 standard concepts)
• Management processes—In line with the definition of management, practices and activities in management processes will cover the responsibility areas of
plan, build, run and monitor (PBRM) enterprise IT, and they will haveto provide end‐to‐end coverage of IT.
Source: COBIT5, Process Reference Guide Exposure Draft, p.13, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 17
18. Complete set of 36 Governance and Management Processes within COBIT5
Source: COBIT5, Process Reference Guide Exposure Draft, p.15, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 18
19. COBIT 5 Drivers
A need to link together and reinforce all major ISACA frameworks (CobiT, Val IT, Risk
IT)
A need to connect to, and, where relevant ,align with, other major frameworks and
standards in the marketplace, such as Information Technology Infrastructure Library
(ITIL®), The Open Group Architecture Forum (TOGAF), Project Management Body of
Knowledge (PMBOK), PRojects IN Controlled Environments 2 (PRINCE2®) and the
International Organization of Standards (ISO) standards. This will help stakeholders
understand how various frameworks, best practices and standards are positioned
relative to each other and how they can be used together and could augment each
other.
A need to for the enterprise to achieve increased:
- Value creation through enterprise IT
- Business user satisfaction with IT engagement and services
- Compliance with relevant laws, regulations and policies
Source: COBIT5, Process Reference Guide Exposure Draft, p.16, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 19
20. COBIT5 Goals Cascade Overview
Source: COBIT5, Process Reference Guide Exposure Draft, p.2, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 20
21. Enterprise Goals Mapped to Governance Objectives
The following scale applies:
- ‘P’ stands for primary, when there is an important relationship, i.e., the IT‐related goal is a
primary support for the enterprise goal.
- ‘S’ stands for secondary, when there is still a strong but less important relationship, i.e., the
IT‐related goal is a secondary support for the enterprise goal.
Source: COBIT5, Process Reference Guide Exposure Draft, p.4, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 21
22. Mapping COBIT 5 Enterprise Goals to IT‐related Goals
Source: COBIT5, Process Reference Guide Exposure Draft, p.215, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 22
23. Mapping COBIT 5 IT–related Goals to COBIT5 Processes (1)
Source: COBIT5, Process Reference Guide Exposure Draft, p.217, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 23
24. Mapping COBIT 5 IT–related Goals to COBIT5 P Processes (2)
Source: COBIT5, Process Reference Guide Exposure Draft, p.218, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 24
25. COBIT 5 Organisational Structures Model
Illustrative Organisational Structures in COBIT 5
Source: COBIT5, Process Reference Guide Exposure Draft, p.76, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 25
26. COBIT 5 Organisational Structures Model
Illustrative Organisational Structures in COBIT 5
Source: COBIT5, Process Reference Guide Exposure Draft, p.77, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 26
27. Detailed process‐related information
Source: COBIT5, Process Reference Guide Exposure Draft, p.106, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 27
28. Source: COBIT5, Process Reference Guide Exposure Draft, p.106, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 28
29. Source: COBIT5, Process Reference Guide Exposure Draft, p.107, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 29
30. Source: COBIT5, Process Reference Guide Exposure Draft, p.108, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 30
31. George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 31
32. George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 32
33. MAPPING BETWEEN COBIT 5 AND LEGACY ISACA FRAMEWORKS
COBIT 4.1 Control
Objectives
COBIT5 Governance Val IT 2.0 Key
and Management Management
Practices Practices
Risk IT Management
Practices
Source: COBIT5, Process Reference Guide Exposure Draft, p.205, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 33
34. Source: COBIT5, Process Reference Guide Exposure Draft, p.206, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 34
35. Source: COBIT5, Process Reference Guide Exposure Draft, p.212, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 35
36. Source: COBIT5, Process Reference Guide Exposure Draft, p.212, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 36
37. COBIT and Other IT and Project Management Frameworks
Governance
Layer
COSO
Governance
VAL IT ISO 27001
COBIT
Layer
PMBOK
IT
WHAT HOW
ITILV3
Management
CMMI
Layer
IT
SCOPE OF COVERAGE
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 37
38. COMBINATION OF COBIT AND ITIL V3
OVERVIEW
Figure 8 is an overview of ITIL V3 and COBIT and highlights the differences in
guidance.
(+) Significant match
(o) Minor match
(-) Unrelated or minor focus
() No COBIT IT process exists.
Source: COBIT® MAPPING: MAPPING OF ITIL® V3 WITH COBIT® 4.1, p.22, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 38
39. COMBINATION OF COBIT AND PMBOK
OVERVIEW
Figure 12 is an overview of PMBOK and COBIT highlights the differences in
guidance.
(+) Significant match
(o) Minor match
(-) Unrelated or minor focus
() No COBIT IT process exists.
Source: COBIT® Mapping: Mapping of CMMI® for Development, V1.2, Wit h COBIT® 4.1, p.28, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 39
40. COMBINATION OF COBIT AND CMMI-DEV
OVERVIEW
Figure 13 is an overview of CMMI-DEV and COBIT highlights the differences in
guidance.
(+) Significant match
(o) Minor match
(-) Unrelated or minor focus
() No COBIT IT process exists.
Source: COBIT® Mapping: Mapping of CMMI® for Development, V1.2, Wit h COBIT® 4.1, p.28, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 40
41. PRESENTATION OUTLINE
•Essential Concepts
•ISACA’S Frameworks Relationships
AN OVERVIEW OF THE •COBIT5 Overview
ENTERPRISE •COBIT Mappings
GOVERNANCE OF IT
•ITGI’s Val IT Framework
•Key Terms
•Goals & Objectives
•Why Val IT?
•Synergies between Val IT and Cobit 4.1
THE VAL IT
FRAMEWORK
•How Val IT Works
•Key Terms and Principles
•Val IT Domains & Processes
•The Business Case
•Projects, Programs, and Portfolios Defintions
•IT Project Portfolio Categorization
BENEFITS RELEASATION •PM Guide Process and Mapping to SDLC
THROUGH IT •SDLC Guide
GOVERNANCE
•IT Governance Supporting Tools
•A Structured Approach
•The Challenge
CONCLUSION
•The Ingredients of Success
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 41
42. ITGI’s Val IT Framework
• The Val IT framework is a comprehensive, credible and pragmatic
organizing framework, with practical guidelines, principles, processes and
supporting practices that help boards, executive management and other
organizational leaders maximize the realization of value from IT
investments.
• Proven practices and techniques for evaluating and managing investment
in business change and innovation
• Val IT helps executives:
– Increase the probability of picking winners
– Increase the likelihood of IT investment success
– Reduce surprises from IT cost and delivery date overruns
– Reduce costs due to inefficient investments
Source: The Business Case Guide: Using Val IT 2.0, p.22, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 42
43. Key Terms of Val IT
Portfolio: A grouping of programme, projects, services or assets, selected,
managed and monitored to optimize business return. (Note that the initial focus
of Val IT is primarily interested in a portfolio of programmes. COBIT is interested
in portfolios of projects, services or assets.)
Programme: A structured group of interdependent projects that are both
necessary and sufficient to achieve the business outcome and deliver value.
These projects could include, but not be limited to, changes to the nature of the
business, business processes, the work performed by people, as well as the
competencies required to carry out the work, enabling technology and
organizational structure. The investment programme is the primary unit of
investment within Val IT.
Project: A structured set of activities concerned with delivering a defined
capability (that is necessary but NOT sufficient to achieve a required business
outcome) to the enterprise based on an agreed schedule and budget.
Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.11, 2008, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 43
44. Goals & Objectives
The goal of Val IT is to enable organizations to manage their investments in IT such
that they deliver optimal value to the enterprise at an affordable cost and with an
acceptable level of risk by:
• Identifying and clearly defining strategically aligned investment opportunities
with clearly defined business outcomes
• Evaluating, prioritizing and selecting investments based upon their potential risk-
adjusted value in the context of the organization’s strategic objectives
• Managing the execution of investments through their full economic life cycle such
that they deliver the optimal value
Source: The Business Case Guide: Using Val IT 2.0, p.22, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 44
45. ™
Why Val IT ?
An organization needs stronger governance over IT investments if:
• IT investments are not supporting the business strategy or
providing expected value
• There are too many projects, resulting in inefficient use of
resources
• Projects often are delayed, run over budget, and/or do not provide
the needed benefits
• There is an inability to cancel projects when necessary
• It needs to ensure compliance to industry or governmental
regulations
Source: The Business Case Guide: Using Val IT 2.0, p.22, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 45
46. Val IT and COBIT: A Synergistic Relationship
Val IT and COBIT provide business and IT decision makers with a comprehensive framework for
the creation of value from the delivery of high-quality IT-based services. Val IT both complements
COBIT and is supported by it.
Val IT takes the enterprise governance view. It helps executives focus on two of four
fundamental IT governance-related questions
‘Are we doing the right things?’ (the strategic question)
‘Are we getting the benefits?’ (the value question)
COBIT, on the other hand, takes the IT view, helping executives focus on answering
the questions.
‘Are we doing them the right way?’ (the architecture question)
‘Are we getting them done well?’ (the delivery question)
Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.11, 2008, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 46
47. Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.9, 2008, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 47
48. How Does Val IT Fit With/ Complement
COBIT?
While COBIT is a
comprehensive framework
for IT governance, its primary
focus has traditionally been
on the
delivery of IT services
through the effective and
efficient management of IT
assets. Val IT complements
COBIT
(see figure 2) by supporting
the effective alignment,
deployment and use of IT
services such that they
deliver optimal value to the
enterprise.
Source: The Business Case Guide: Using Val IT 2.0, p.22, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 48
49. Val IT is guided by a number of principles:
•IT-enabled investments will be managed as a portfolio of investments.
•IT-enabled investments will include the full scope of activities that are required to
achieve business value.
•IT-enabled investments will be managed through their full economic life cycle.
•Value delivery practices will recognize that there are different categories of
investments that will be evaluated and managed differently.
•Value delivery practices will define and monitor key metrics
and will respond quickly to any changes or deviations.
•Value delivery practices will engage all stakeholders and assign appropriate
accountability for the delivery of capabilities and the realization of business benefits.
•Value delivery practices will engage all stakeholders and assign appropriate
accountability for the delivery of capabilities and the realization of business
benefits.
Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.11, 2008, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 49
50. The Val IT principles are applied in three
management processes:
Value Governance (VG)
Portfolio management (PM)
Investment Management (IM)
Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.12, 2008, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 50
51. How Val IT™ Works
Establish informed and Define and Define portfolio
committed leadership. implement processes. characteristics.
Value
Governance Align and integrate value
(VG) Continuously improve
management with Establish effective
value management
enterprise financial governance monitoring.
practices.
planning.
Establish strategic
direction Determine the availability Manage the availability
Portfolio and target investment and sources of funds. of human resources.
mix.
Management
(PM) Monitor and report
Evaluate and select Optimise investment
on investment
programmes to fund. portfolio performance.
portfolio performance.
Develop and evaluate the Understand the candidate
Develop the programme Develop full life cycle costs
initial programme concept programme and
plan. and benefits.
business case. implementation options.
Source: The Business Develop the detailed
Launch and manage Update operational
Case Guide: Using Val candidate
Investment programme business case.
the programme. IT portfolios.
IT 2.0, p.14, 2011, Management
ISACA (IM)
Monitor and report on
Update the business case. Retire the programme.
the programme.
George Papoulias
7 December 2011 Senior Project Manager 51
National Bank of Greece
52. Source: Enterprise Value: Governance of IT Investments The Val IT Framework 2.0, p.16, 2008, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 52
53. Source: The Business Case Guide: Using Val IT 2.0, p.12, 2011, ISACA
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 53
54. The Business Case
The Business Case is a detailed investment proposal that considers quantitative and
qualitative evaluation factors that underlie selection of a business solution.
A business case analysis is used to compare various business solution
alternatives and to provide a basis for selecting the one that delivers the
greatest value to the organization and the Stakeholders.
Ultimately, use of a Business Case should help the organisation prioritize its
technology investments by making smart decisions, and provide the basis for
evaluation of business outcomes following project closure.
Use of the Business Case should provide answers to the following questions:
• Why do the project now?
• What is the impact of not doing the project?
• How does the project support the organization goals?
• What business problem does the project solve?
• What is the financial impact?
• When will the project show results?
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 54
55. The Business Case
The investment, category size, the impact if not successful, and position in the economic life cycle are factors that
determine which components of the business case require greater attention and what level of detail is required. The
following example illustrates an overall structure and content of a business case:
Source: The Business Case Guide: Using Val IT 2.0, p.38, ISACA, 2010
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 55
56. PRESENTATION OUTLINE
•Essential Concepts
•ISACA’S Frameworks Relationships
AN OVERVIEW OF THE •COBIT5 Overview
ENTERPRISE •COBIT Mappings
GOVERNANCE OF IT
•ITGI’s Val IT Framework
•Key Terms
•Goals & Objectives
•Why Val IT?
•Synergies between Val IT and Cobit 4.1
THE VAL IT
FRAMEWORK
•How Val IT Works
•Key Terms and Principles
•Val IT Domains & Processes
•The Business Case
•Projects, Programs, and Portfolios Definitions
•IT Project Portfolio Categorization
BENEFITS RELEASATION •PM Guide Process and Mapping to SDLC
THROUGH IT •SDLC Guide
GOVERNANCE
•IT Governance Supporting Tools
•A Structured Approach
•The Challenge
CONCLUSION
•The Ingredients of Success
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 56
57. Projects, Programs, and Portfolios
Portfolio – a suite of business
programmes managed to optimise
overall enterprise value
Portfolio
Management
Programme – a structured
grouping of projects designed to
Programme produce clearly identified business
Management value
Project
Management Project – a structured set of
activities concerned with delivering
a defined capability based on an
agreed schedule and budget
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 57
58. IT Project Portfolio Categorization
Two popular Project Portfolio Categorization paradigms:
The META Group Categorization
Run the Business Grow the Business Transform the Business
•The spending necessary to •The spending necessary to, for •The introduction of new areas
maintain existing operations at instance, provide additional of business, the expansion into
the existing level automation to improve new markets or any other
efficiency or the consolidation radical transformation project
of data centers to reduce costs designed to lead to significantly
and increase competitiveness enhanced revenues and profits
Source: META Group, „Portfolio Management and the CIO, Part 3‟, March 2002
The MIT Center for Information Systems Research (CISR)
Transformational Legislative, Regulatory or
Informational Investments Strategic Investments Infrastructure Investments
Investments Mandatory Investments
•Information Systems to •Information Systems for •Information Systems •Infrastructure Systems •Projects that need to be
process the basic, managing and controlling enabling entry into new that may not generate any undertaken just to stay in
repetitive transactions of the enterprise markets and adding value direct quantifiable business by implementing
the business •Example: Financial by increasing competitive financial benefit the requirements of
•Example: Mortgage control, decision making, advantage to the business themselves but they industry regulators,
processing, account planning, communication •Example: Internet- benefit the business environmental agencies or
management enabled Banking, Data applications that depend governmental bodies
Center consolidation upon them •Example: The US
•Example: Network Sarbanes-Oxley Act of
Systems replacement or 2002 and, for financial
major upgrade services companies,
Basel II requirements.
Source: Weill, Peter; Marianne, Broadbent; Leveraging the New Infrastructure, HBS Press 1998
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 58
59. Application of Project Management
Types of Work
Initiatives categorized as ‘tasks’ or ‘operational’ are not required to follow the
project management methodologies. Upcoming/potential work should be
analyzed to determine which category is applicable:
Task
• Small piece of work
• Independent of a project
• Lasting not longer than a few person-hours
• Involving only a few people
• Meant to accomplish a simple and straightforward goal
• May be a component of operational work
• May require change management processes
• Rated as such from the Project Complexity and Risk Assessment model
Operational
• Ongoing work to sustain or provide a service
• Change management processes applicable for non project-related changes
Project
• Temporary endeavor (defined beginning and end)
• Which uses progressive elaboration
• To create products, services, or results
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 59
60. Project Classification Model
Assigns a classification level to a project based on a combination of complexity
and risk; this step also defines projects that require an additional level of
management.
The Project Classification Model includes the most predominant factors
contributing to determining the Classification Level of a project. It includes also
the Project Management Processes required to successfully implement a project.
Information technology projects are managed through standardized project
management practices. However, the specific processes engaged within each
Project Management process group is based upon a project’s classification level.
As new project ideas and requests are brought for consideration, they must first
be classified through the Project Complexity and Risk Assessment model, which
scores factors that define a project’s complexity and risk.
The Classification Matrix uses this information to determine the Classification
Level of a project.
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 60
61. Project Complexity and Risk Assessment Criteria
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 61
62. Classification Matrix
The Classification Matrix uses this information to determine the Classification Level of a
project.
Complexity High risk Medium risk Low risk
Complex Level 1 Level 1 Level 2
Medium Level 1 Level 2 Level 3
Small Level 2 Level 3 Level 3
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 62
63. Classification Level
Based on the risks identified through the Project Classification process, a project‟s risk score is used to help
assess the Classification Level (Level 1, Level 2, Level 3) of the project and indicate the project management
processes required for the project.
The classification level of a project will determine the project management methodologies (Project
Management Process Group Processes) required or recommended for each phase of the project lifecycle
of the project.
Classification level one (1) indicates that risk will play a very crucial
role throughout the project development, planning,
implementation, and closeout. A more detailed analysis and
documentation of procedures are required to avoid, mitigate, and
transfer risks associated with the project.
Level two (2) denotes less complex projects with medium-to-low
risk and risk is handled as a key project component that influences
development, planning, implementing, and closeout.
Level three (3) identifies risk as a consideration in development,
planning, implementing and is particularly important in the
closeout stage.
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 63
64. PROJECT CLASSIFICATION
Requirements by Project Level
Level 1 Level 2 Level 3
Project Initiation Project Initiation
• Identify Project Sponsor • Identify Project Sponsor
• Identify Initial Project Team • Identify Initial Project Team Project Initiation
• Develop Project Charter • Develop Project Charter • Identify Initial Project Team
• Conduct Project Kick-off Meeting • Conduct Project Kick-off Meeting • Develop Project Charter
• Establish Project Repository • Establish Project Repository • Conduct Project Kick-off
• Define Project Scope • Define Project Scope Meeting
• Develop High-Level Schedule • Develop High-Level Schedule • Develop High-Level Schedule
• Identify Quality Standards • Establish Project Budget
• Establish Project Budget • Identify and Document Stakeholders‟
• Document Risks Involvement
• Identify and Document Stakeholders‟ • Develop Communications Plan
Involvement • Compile All Information to produce the
• Develop Communications Plan Initial Project Plan Project Planning
• Compile All Information to produce the Initial • Review/Refine Business Case
• ………
Project Plan • ………
• Review/Refine Business Case
• Gain Approval Signature from Project Sponsor
Project Planning
Project Planning
• ………
• ……… • ………
• ………
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 64
65. Program/Project Portfolio Management Process
who Input Processing Output
Market,
Portfolio/ Industry
Gate 1 Gate 2 Project Reviews Gate3
Program/ Trends,
Project Process
Management Tools,
Office (PMO) 7
Templates & Analyze Portfolio & Recommend
Guides Project Priorities
Yes
Project
Decision No
Criteria, 6
Project 2 No Yes
Yes 4 Gate2-
Decision Guidelines, Gate 1-
End/Suspend Authorize
Board Strategic Approve
or Replan Impleme
Plans, project
PP/BC ntation?
Budgets, proposal?
Mergers,
Acquisitions
8
&
Prioritize Project Portfolio
Divestitures
Project Idea,
Project
Guidelines,
Project
Status,
Budgets,
9 12
Business Financial 1 10 11
Implement Close
Leaders, Assumptions Create Project Review Realize
& Manage Project
Sponsors , Risks, Proposal Project Benefits
Project
Resources,
Results,
Benchmark 5
Results, Develop
Polices, Business Case
Procedures,
Standards
Finance
Budgeting 3
Process
Incorporate into Budgeting Process
George Papoulias
7 December 2011 Senior Project Manager 65
National Bank of Greece
66. Mapping the Project Management and System Development Lifecycles
PROJECT MANAGEMENT LIFECYCLE
PROJECT
PROJECT PROJECT PROJECT
EXECUTION & PROJECT CLOSE
ORIGINATION INITIATION PLANNING
CONTROL
SYSTEM
SYSTEM SYSTEM SYSTEM SYSTEM
REQUIREMENTS SYSTEM DESIGN
INITIATION CONSTRUCTION ACCEPTANCE IMPLEMETATION
ANALYSIS
SYSTEM DEVELOPMENT LIFECYCLE
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 66
67. PROJECT MANAGEMENT LIFE CYCLE
WORK BRAKEDOWN STRUCTURE
Project Execution
Project Origination Project Initiation Project Planning Project Close
and Control
Conduct Project
Prepare for the Conduct Project
Develop Project Execution and Control
Project Planning Kick-Off
Proposal Kick-Off
Conduct Post-
Implementation
Manage Cost Review
Define Cost Schedule Refine Cost Schedule
Schedule Scope
Scope Quality Scope Quality
Quality
Develop Business
Case
Perform Risk Perform Risk Monitor and Control
Identification Assessment Risks
Evaluate Project
Proposals
Develop Initial Project Manage Project
Refine Project Plan
Plan Execution
Perform
Administrative Close
Select Projects Confirm Approval to Confirm Approval to
Gain Project
Proceed to Next Proceed to Next
Acceptance
Phase Phase
SYSTEM DEVELOPMENT LIFECYCLE
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 67
68. BUSINESS PROCESSES
DIVISION
&
INFORMATION TECHNOLOGY
DIVISION
Project Management Life Cycle
(PMLC)
VOLUME 1
Introduction to the PMLC
VOLUME 2
PMLC Phases
VOLUME 3
Glossary and Acronyms
VOLUME 4
Templates
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 68
69. Table of Contents
VOLUME 1 2.2 Define Cost Schedule Scope Quality
INTRODUCTION 2.2.1 Define Project Scope
OVERVIEW 2.2.2 Develop High-Level Schedule
______________ 2.2.3 Identify Quality Standards
VOLUME 2 2.2.4 Establish Project Budget
PROJECT ORIGINATION 2.3 Perform Risk Identification
1.1 Develop Project Proposals 2.3.1 Identify Risks
1.1.1 Develop Business Case 2.3.2 Document Risks
1.1.2 Develop Proposed Solution 2.4 Develop Initial Project Plan
1.2 Evaluate Project Proposals 2.4.1 Identify and Document Stakeholders‟
1.2.1 Present Project Proposals Involvement
1.2.2 Screen Project Proposals 2.4.2 Develop a Communications Plan
1.2.3 Rate Project Proposals 2.4.3 Compile All Information to Produce Initial
1.3 Select Projects Project Plan
1.3.1 Prioritize Project Proposals 2.5 Confirm Approval to Proceed to Next Phase
1.3.2 Choose Projects 2.5.1 Review/Refine Business Case
1.3.3 Notify Project Sponsors 2.5.2 Prepare for Formal Acceptance
PROJECT INITIATION 2.5.3 Gain Approval Signature From Project
2.1 Prepare for the Project Sponsor
2.1.1 Identify Project Sponsor
2.1.2 Identify Initial Project Team
2.1.3 Review Historical Information
2.1.4 Develop Project Charter
2.1.5 Conduct Project Kick-off Meeting
2.1.6 Establish Project Repository
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 69
70. Table of Contents (continued)
VOLUME 2 (Continued) 3.5 Confirm Approval to Proceed to Next
PROJECT PLANNING Phase
3.1 Conduct Project Planning Kick-Off 3.5.1 Review/Refine Business Case
3.1.1 Identify New Project Team Members 3.5.2 Prepare Formal Acceptance Package
3.1.2 Review Outputs of Project Initiation and 3.5.3 Gain Approval Signature from Project
Current Project Status Sponsor
3.1.3 Kick-Off Project Planning PROJECT EXECUTION AND CONTROL
3.2 Refine Cost Scope Schedule Quality 4.1 Conduct Project Execution and Control
3.2.1 Refine Project Scope Kick-Off
3.2.2 Refine Project Schedule 4.1.1 Orient New Project Team Members
3.2.3 Refine/Define Quality Standards and 4.1.2 Review Outputs of Project Planning and
Quality Assurance Activities Current Project Status
3.2.4 Refine Project Budget 4.1.3 Kick Off Project Execution and Control
3.3 Perform Risk Assessment 4.2 Manage Cost Scope Schedule Quality
3.3.1 Identify New Risks, Update Existing Risks 4.2.1 Manage Project Scope
3.3.2 Quantify Risks 4.2.2 Manage Project Schedule
3.3.3 Develop Risk Management Plan 4.2.3 Implement Quality Control
3.4 Refine Project Plan 4.2.4 Manage Project Budget
3.4.1 Define Change Control Process 4.3 Monitor and Control Risks
3.4.2 Define Acceptance Management Process 4.3.1 Monitor Risks
3.4.3 Define Issue Management and 4.3.2 Control Risks
Escalation Process 4.3.3 Monitor Impact on Cost Scope Schedule
3.4.4 Refine Communications Plan and Define Quality
Communications Management Process
3.4.5 Define Organizational Change
Management Plan
3.4.6 Establish Time and Cost Baseline
3.4.7 Develop Project Team
3.4.8 Develop Project Implementation and
Transition Plan
George Papoulias
7 December 2011 Senior Project Manager 70
National Bank of Greece
71. Table of Contents (continued)
VOLUME 2 (Continued)
4.4 Manage Project Execution
4.4.1 Manage Change Control Process
4.4.2 Manage Acceptance of Deliverables
4.4.3 Manage Issues
4.4.4 Execute Communications Plans
4.4.5 Manage Organizational Change
4.4.6 Manage the Project Team
4.4.7 Manage Project Implementation and
Transition
4.5 Gain Project Acceptance
4.5.1 Conduct Final Status Meeting
4.5.2 Gain Acceptance Signature from Project
Sponsor
PROJECT CLOSE
5.1 Conduct Post-Implementation Review
5.1.1 Solicit Feedback
5.1.2 Conduct Project Assessment
5.1.3 Prepare Post-Implementation Report
5.2 Perform Administrative Closeout
5.2.1 Update Skills Inventory and Provide
Performance Feedback
5.2.2 Archive Project Information
______________
VOLUME 3
GLOSSARY & ACRONYMS
_______________
VOLUME 4
TEMPLATES
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 71
72. SYSTEM DEVELOPMENT LIFE CYCLE
WORK BRAKEDOWN STRUCTURE
System
System System System System
Requirements System Design
Initiation Construction Acceptance Implementation
Analysis
Prepare
Requirements Prepare System Prepare System
Design Construction Prepare System
Prepare System Analysis Environment Environment Acceptance Prepare System
Initiation Environment Environment Implementation
Environment Environment
Determine
Define Technical Refine System
Business
Architecture Standards
Requirements
Validate Data
Develop, Test and Initialization and
Define Business Define System Conversion
Validate (Unit
Process Model Standards
Validate Level)
Proposed Deploy System
Solution Conduct
Define Logical Create Physical
Integration and
Data Model Database Perform
System Testing
Acceptance Test
Reconcile
Business Prototype System Produce User and
Requirements with Components Training Materials
Models Transition to
Support
System Schedule
Refine Supporting Operational
Produce Material System
Produce Technical Produce Technical
Functional
Specifications Documentation
Specification
PROJECT MANAGEMENT LIFECYCLE
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece
72
73. BUSINESS PROCESSES
DIVISION
&
INFORMATION TECHNOLOGY
DIVISION
System Development Life Cycle
(SDLC)
VOLUME 1
Introduction to the SDLC
VOLUME 2
SDLC Phases
VOLUME 3
Glossary and Acronyms
VOLUME 4
Templates
George Papoulias
7 December 2011 Senior Project Manager 73
National Bank of Greece
74. Table of Contents
VOLUME 1 4 SYSTEM CONSTRUCTION
INTRODUCTION 4.1 Prepare for System Construction
OVERVIEW 4.2 Refine System Standards
______________ 4.3 Develop, Test and Validate (Unit Level)
VOLUME 2 4.4 Conduct Integration and
1 SYSTEM INITIATION System Testing
1.1 Prepare for System Initiation 4.5 Produce User and Training Materials
1.2 Validate Proposed Solution 4.6 Produce Technical Documentation
1.3 Develop System Schedule 5 SYSTEM ACCEPTANCE
2 SYSTEM REQUIREMENTS 5.1 Prepare for System Acceptance
ANALYSIS 5.2 Validate Data Initialization and
2.1 Prepare for System Requirements Conversion
Analysis 5.3 Test, Identify, Evaluate, React
2.2 Determine Business Requirements 5.4 Refine Supporting Materials
2.3 Define Process Model 6 SYSTEM IMPLEMENTATION
2.4 Define Logical Data Model 6.1 Prepare for System Implementation
2.5 Reconcile Business Requirements with 6.2 Deploy System
Models 6.3 Transition to Support Operational
2.6 Produce Functional Specification System
3 SYSTEM DESIGN ______________
3.1 Prepare for System Design VOLUME 3
3.2 Define Technical Architecture GLOSSARY & ACRONYMS
3.3 Define System Standards _______________
3.4 Create Physical Database VOLUME 4
3.5 Prototype System Components TEMPLATES
3.6 Produce Technical Specifications
George Papoulias
7 December 2011 Senior Project Manager 74
National Bank of Greece
75. IT Governance Supporting Tools
NBG BPO DIVISION Enterprise Business and IT Process Architecture
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 75
76. George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 76
77. George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 77
78. George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 78
79. George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 79
80. NBG IS DIVISION Project Management Portal
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 80
81. The Fundamental Question
Are we maximizing the value of our IT
enabled business investments such that:
• we are getting optimal benefits;
• at an affordable cost; and
• with an acceptable level of risk?
Over the full economic life-cycle of the
investment
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 81
82. IT‐RELATED GOAL METRICS
Having a Robust and well run Program/Project Management Methodology is not
a Silver Bullet!
What about the Metrics and the Realized Benefits?
IT RELATED GOALS AND METRICS
IT‐RELATED
METRICS
GOALS
Percent of IT‐enabled
Realized benefits from
investments where Percent of IT services
IT enabled
benefit realization where expected Percent of IT‐enabled investments where claimed benefits met or exceeded
investments and
monitored through full benefits realised
services portfolio
economic lifecycle
Delivery of
Number of Percent of Number of
programmes on time, Cost of application
programmes / projects stakeholders satisfied programmes needing
on budget, and maintenance vs.
on time and within with programme / significant rework due
meeting requirements overall IT cost
budget project quality to quality defects
and quality standards
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 82
83. PRESENTATION OUTLINE
•Essential Concepts
•ISACA’S Frameworks Relationships
AN OVERVIEW OF THE •COBIT5 Overview
ENTERPRISE •COBIT Mappings
GOVERNANCE OF IT
•ITGI’s Val IT Framework
•Key Terms
•Goals & Objectives
•Why Val IT?
•Synergies between Val IT and Cobit 4.1
THE VAL IT
FRAMEWORK
•How Val IT Works
•Key Terms and Principles
•Val IT Domains & Processes
•The Business Case
•Projects, Programs, and Portfolios Defintions
•IT Project Portfolio Categorization
BENEFITS RELEASATION •PM Guide Process and Mapping to SDLC
THROUGH IT •SDLC Guide
GOVERNANCE
•IT Governance Supporting Tools
•A Structured Approach
•The Challenge
CONCLUSION
•The Ingredients of Success
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 83
84. A Structured Approach
IT-enabled investments can bring huge rewards, but only with the right
governance and management processes and full engagement from all
management levels.
Using a Comprehensive IT Governance Framework:
The CobiT 4.1 Framework.
A comprehensive, proven,
structured framework that can
provide boards and executive
management teams with
information about the delivery of
IT services through the effective
The Val and efficient management of IT
IT 2.0 Framework. assets can be used. The Risk IT Framework.
A comprehensive, proven, A comprehensive, structured
practice-based structured framework that provides board
governance framework that can and executive management teams
provide boards and executive with practical guidance in making
management teams with practical decisions to balance risk and
guidance in making IT investment reward for all IT systems matters
decisions and using IT to create can be used
enterprise value can be used
The COBIT5 Framework
A governance and
management framework
for information and related
technology that starts from
stakeholder needs and
create optimal value by
maintaining a balance
amongst realizing benefits,
managing risk and
balancing resources is
about to be released
George Papoulias
7 December 2011 Senior Project Manager 84
National Bank of Greece
85. The Challenge
Frameworks and best practices like CobiT don’t work as an off the self
product. They must be adapted and customized to suit the organizations
culture and operating style.
Strong leadership, of course, is imperative, particularly from leaders in addition to
the CIO, such as senior executives, all of whom must be visibly committed to
championing the value that IT and IT governance can deliver to the enterprise.
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 85
86. The ingredients of Success
The key to realizing the true potential of IT-enabled business investments is to
recognize that the organization is implementing change—not technology.
Val IT, together with COBIT, enables such an approach by ensuring that
investments are aligned with the enterprise’s strategic objectives, that a
complete and comprehensive business case is developed, that there is
appropriate accountability and relevant metrics, and that the business case is
managed through the full economic life cycle of the investment.
The intelligent and disciplined implementation of the best practices contained
within COBIT and Val IT will make a significant contribution to enterprises
realizing value from their IT-enabled business investments.
The IT governance process, to be successful, needs visibility, leadership and
commitment from the top.
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 86
87. Questions?
George Papoulias
Senior Project Manager
7 December 2011 National Bank of Greece 87