Add to collection(s) Add to saved
  1. Business
  2. Management

Appendix 3 - Fife Direct

advertisement 
ICT Governance Board
26-03-2012
Agenda Item No. 5
Process Improvement Update
Report by: Charlie Anderson
Purpose
This report presents the next stage in developing the use of the COBIT framework to
support the improvement of processes within IT Services.
Recommendation(s)
The Board is asked to consider the contents of this report and agree it as the basis
for developing a detailed action plan for process improvement within IT Services
Resource Implications
Improvements in processes are supported by existing resources.
Legal & Risk Implications
No implications are quantified within this report.
Impact Assessment
Not applicable.
Consultation
The report reflects the views of IT Management team. Internal Audit has reviewed
the existing maturity levels of the processes.
1.0 Background
1.1
The use of the COBIT framework for managing IT delivery processes was
considered by the Board on the 23rd January 2012 and we are now reporting on
progress in it’s use. In particular IT Services has undertaken a review of the existing
level of maturity for each process and the levels we consider achievable in the
future.
1.2
The COBIT framework includes a set of statements describing six possible maturity
levels for each of the 34 processes. These statements are built up from a generic
maturity model: 0
Non-existent – Complete lack of any recognisable process. The
enterprise has not even recognised that there is an issue to be addressed.
1
2
3
4
5
Initial/ Ad hoc – There is evidence that the enterprise has recognised that
the issues exist and need to be addressed. There are, however, no
standardised processes; instead there are ad hoc approaches that tend to
be applied on an individual or case-by-case basis. The overall approach
to management is disorganised.
Repeatable but intuitive – Processes have developed to the stage where
similar procedures are followed by different people undertaking the same
task. There is no formal training or communication of standard
procedures, and responsibility is left to the individual. There is a high
degree of reliance on the knowledge of individuals and therefore, errors
are likely.
Defined Process – Procedures have been standardised and documented,
and communicated through training. It is mandated that these processes
should be followed; however, it is unlikely that deviations will be detected.
The procedures themselves are not sophisticated but are the formalisation
of existing practices.
Managed and Measurable – Management monitors and measures
compliance with procedures and takes action where processes appear not
to be working effectively. Processes are under constant improvement and
provide good practice. Automation and tools are used in a limited or
fragmented way.
Optimised – Processes have been refined to a level of good practice,
based on the results of continuous improvement and maturity modelling
with other enterprises. IT is used in an integrated way to automate the
workflow, providing tools to improve quality and effectiveness, making an
enterprise quick to adapt.
Relevant elements from the following attributes are then progressively added to each
level to customise them to the particular process: 





1.3
The processes are structured into four areas in line with the overall framework: 



1.4
Awareness and communication
Policies, plans and procedures
Tools and automation
Skills and expertise
Responsibility and accountability
Goal setting and measurement
Plan and Organise – 10 processes
Acquire and Implement – 7 processes
Deliver and Support – 13 processes
Monitor and Evaluate – 4 processes
IT Services undertook a maturity assessment in 2010 and this was refreshed over
the last few weeks to take account of changes since then. The assessment of the
present position was then shared with Internal Audit to undertook an assurance
exercise and have confirmed the accuracy of the current position as shown in
appendix 1. The existing maturity levels are:  Level one – 5 processes
 Level two – 14 processes
 Level three – 15 processes
2.0 Planned Maturity
2.1
IT management have identified the target maturity levels they believe are achievable
including indicative timescales. All processes should be at level three with 19
targeted for level four and 9 level five.
The following sections highlight overall maturity level and key issues in each of the
four areas.
2.2
Plan and Organise – The processes here are at a reasonable base line with six
already at level 3 (Defined). The targets are mostly for level four (Managed and
Measurable) and should be achievable over the next year however there are two
areas of particular weakness. Firstly our Information Architecture is not well defined
meaning that we are not organised to make the best use of the data we have and
are continuing to hold the same information in multiple locations. Improving this will
allow for more streamlined processes and reduce the need for re-keying data into
different systems. Secondly there is no clear effective focus for managing the quality
within IT Services. This effects both how we do things with the Service and the end
user experience of the services we provide.
2.3
Acquire and Implement – Existing maturity level is generally 2 (Repeatable but
Intuitive) giving a major challenge to meet the dominant target level of 5 (Optimised).
Central to making this shift are improving the ways we acquire and maintain our main
applications together with controlling how changes are made. Effective engagement
with the business change processes will be vital to ensuring that what IT provides
matches the changing needs of the Council. Increasing the automation of solutions
will also have a key impact on how we focus on adding value to all our processes.
2.4
Deliver and Support – This is the largest grouping of processes and broadly they
have level 2 (Repeatable but Intuitive) or level 3 (Defined) as the existing
assessment. The targets are mostly level 4 (Managed and measurable) with several
areas needed significant improvement. Firstly in quantifying and managing service
levels both for IT Service’s own products and the relationships with third party
suppliers. The second key area is how we manage faults, issues and problems to
deliver high quality cost effective services. Recent developments are moving us in
the right direction but there will need be much more standardisation to deliver the
desired improvements.
2.5
Monitor and Evaluate – The present maturity in this area is low and the it is not
proposed to ain at level 5 (Optimised). This reflects the close integration needed
between what IT Services does and the whole Council approach to this area of work.
Effective governance and control of ICT activity across the whole organisation
remains a real challenge for all of us.
3.0 Conclusions
3.1
IT Services assessment of the present maturity levels has been endorsed by Internal
Audit and provides a secure baseline for us to develop from.
3.2
It target maturity levels and indicative timescales (Appendix 1) set out a clear
direction of travel for improving our processes. While progress is needed in every
process the exercise has highlighted the following key areas: -






3.3
Information architecture
Managing quality
Acquiring, maintaining and managing changes to applications
Defining and managing service levels internally and with third parties
Managing individual faults/ problems and standardising our products to minise
them.
Consistent governance of ICT across the organisation.
Once there is agreement on the target levels of maturity and the processes we need
to focus on most the next stage will be a detailed gap analysis to identify the specific
actions needed. The resulting action plan will be brought back to this board for sign
off in May.
Report Contact
Edmund Whiffen
IT Manager Supply-Demand
Carleton House
Telephone: 08451 55 55 55 444278
Email – Edmund.whiffen@fife.gov.uk
Appendix 1
Cobit Maturity Level Assessments
PO1 Define a Strategic Plan
PO2 Define the Information
Architecture
PO3 Determine Technological
Direction
PO4 Define the IT processes,
organisation and relationships
PO5 Manage the IT investment
Current
Maturity
3
1
Maturity
Target
4
3
Indicative Date to be achieved
3
4
4
December 2014
DECEMBER 2012
3
5
DECEMBER 2013
3
3
December 2012 ongoing
4
MARCH 2013
December 2012
PO6 Communicate Management
Aims and Direction
PO7 Manage IT Human
Resources
PO8 Manage Quality
PO9 Assess and Manage IT
Risks
PO10 Manage Projects
3
4
Recognition that level 4 difficult to
achieve as there appears to be little
appetite across the rest of the
organisation for formal costings.
DECEMBER 2012
2
3
MARCH 2013
1
2
3
4
March 2013
March 2014
3
4
DECEMBER 2012
AI1 Identify Automated Solutions
3
4
March 2013
AI2 Acquire and Maintain
Application Software
2
5
4
March 2014
December 2012
AI3 Acquire and Maintain
Technology Infrastructure
AI4 Enable Operation and Use
3
5
5
March 2014
March 2014
2
3
March 2013
AI5 Procure IT resources
3
4
4
March 2014
December 2012
2
5
4
March 2014
March 2013
5
3
Achievable assuming that there is
greater integration with the business
change process
March 2013
4
March 2014
AI6 Manage Changes
AI7 Install and Accredit Solutions
and Changes
2
DS1 Define and Manage Service
Levels
DS2 Manage Third-party
Services
DS3 Manage Capacity and
Performance
DS4 Ensure Continuous Service
DS5 Ensure Systems Security
DS6 Identify and Allocate Costs
DS7 Educate and Train Users
Current
Maturity
1
Maturity
Target
3
Indicative Date to be achieved
3
4
4
June 2013
December 2012
5
December 2012
1
3
Achievable depending on
discussions with the rest of the
organisation
December 2012
3
2
4
4
3
June 2013
December 2012
March 2013
September 2014
2
2
4
3
3
March 2014
3
4
Appetite of the rest of the
organisation will be a factor in
achieving this
December 2012
3
2
5
4
3
March 2014
March 2014
September 2012
DS11 Manage Data
2
4
3
March 2013
September 2013
DS12 Manage the Physical
Environment
3
4
5
September 2014
March 2013 (critical sites only)
DS8 Manage Service Desk and
Incidents
DS9 Manage the Configuration
DS10 Manage Problems
March 2013 (all other sites)
3
DS13 Manage Operations
3
4
*List of sites needs defined*
March 2013
ME1 Monitor and Evaluate IT
Performance
ME2 Monitor and Evaluate
Internal Control
ME3 Ensure Compliance with
External Requirements
ME4 Provide IT Governance
2
3
December 2012
1
3
September 2013
2
4
March 2014
2
3
March 2013
4
March 2014
EJW/IT Services
19-03-2012
Related documents
Term Deposit Rates - Summerland Credit Union
Term Deposit Rates - Summerland Credit Union
How to use your impact map
How to use your impact map
Consumer Demand & Product Life Cycle
Consumer Demand & Product Life Cycle
TERM SHEET FOR GOVERNMENT OF JAMAICA
TERM SHEET FOR GOVERNMENT OF JAMAICA
TERM SHEET FOR GOVERNMENT OF JAMAICA
TERM SHEET FOR GOVERNMENT OF JAMAICA
product_life_cycle - Study Is My Buddy 2014
product_life_cycle - Study Is My Buddy 2014
Product life cycle is very important for a company. If studies it, the
Product life cycle is very important for a company. If studies it, the
Examples on Computing Present Value and Yield to
Examples on Computing Present Value and Yield to
Download
advertisement