Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

Ontario Pension Board (OPB) administers a major government-sponsored defined benefit

advertisement 
COBIT and IT Governance Case Study: Ontario Pension Board
Using COBIT for continual improvement of IT value and control
ABSTRACT
Ontario Pension Board (OPB) administers a major government-sponsored defined benefit
pension plan. OPB recognized the need to ensure it had the people, processes and
technology to provide better and more personalized service to all clients and
stakeholders. As part of an internal review of its information technology (IT), OPB’s IT
Services & Project Management Office (PMO) engaged The Manta Group to use the
COBIT 4.0 framework to support a self-assessment of its IT functions. Control Objectives
for Information and related Technology (COBIT) provided OPB with a comprehensive
framework for IT governance that helped identify strategies to close gaps, optimize IT
investments, ensure effective service delivery and provide a measure against which to
judge when things go right.
BACKGROUND
Ontario Pension Board (OPB) administers the Public Service Pension Plan (PSPP), a
major defined benefit pension plan sponsored by the government of Ontario, Canada.
With more than CAN $15 billion in assets, 150 employees, 34,600 active members,
36,900 pensioners and 4,800 deferred members, the PSPP is one of Canada’s largest
pension plans. It is also one of the country’s oldest pension plans, dating back to the early
1920s. Membership is made up of eligible employees of the provincial government and
its agencies, boards and commissions. OPB manages investment-related processes in
accordance with relevant legislation.
The PSPP is a defined benefit pension plan. This means retired members receive a
pension benefit based on a preset formula that takes into account each member’s earnings
history and years of service with the plan. To fund the pension promise, members and
employers make contributions to the plan.
OPB’s promise is fourfold:
protect the long-term health of the PSPP;
invest PSPP’s assets to maximize returns within acceptable risk parameters;
keep contribution levels stable and affordable;
deliver superior, cost-effective service to all stakeholders.
The total cost of operating the PSPP in 2006 was CAN $41.6 million. OPB has a welldefined operating structure and high professional standards, and places considerable
emphasis on a solid governance framework to ensure that OPB:
operates effectively and efficiently;
prudently invests and manages PSPP’s assets;
protects and promotes the best interests of OPB’s clients and other stakeholders;
meets applicable legislative requirements.
The Board delegates the day-to-day administration to OPB’s management team. During
2006, OPB moved forward with a multiyear action plan aimed at ensuring that OPB has
the people, processes and technology needed to protect the pension promise and provide
better and more personalized service to all clients and stakeholders. The action plan
includes IT system upgrades, an elevation of service delivery, increased training and
development efforts, redesign of annual pension statements, client satisfaction surveys,
and educational and advocacy initiatives.
OPB will accomplish this by transforming IT technology resources by re-engineering and
leveraging current technologies and frameworks, such as imaging, enterprise content
management, workflow and service-oriented architecture. The business goal is to provide
better, faster, smarter service to clients. This is a significant undertaking, and it was
deemed necessary by IT Services and PMO management that enhancements to the
current service delivery methods and tools, along with improved IT governance and
control, would be necessary to ensure the success of the project and supporting
operational infrastructure. OPB has a quality management system accredited to ISO
9001:2000 and saw an opportunity to leverage other best practice standards.
OPB engaged The Manta Group, which offers four sets of main consulting services:
Governance, Portfolio Management, Service Management, and Risk and Compliance.
The Manta Group recommended using Control Objectives for Information and related
Technology (COBIT), published by the IT Governance Institute (ITGI) as the IT
governance framework. The company has solid experience using COBIT within
government, retail, media and finance sectors in Canada.
PROCESS
OPB’s IT Services & PMO department used COBIT as the basis for a self-assessment of
IT functions as part of its continual improvement process. OPB operates in a highly
regulated environment and has a strong desire to use best practices where value can be
leveraged in support of its operational and strategic goals and transformation activities.
Given OPB’s current adoption of ISO 9001:2000, there was a desire to investigate other
more specific IT-related management system frameworks to assess value. OPB has an
existing outsourcing arrangement where a number of IT functions are delivered to the
business through a third-party service organization. As part of an internal review of IT,
OPB’s IT Services & PMO called on the Manta Group to use the COBIT 4.0 framework
to support a self-assessment of its IT functions. COBITT’s value was determined to be its
presentation of good practices across a domain and process framework in a manageable
and logical structure that assists management in identifying strategies to close the gaps,
optimize IT investments, ensure effective service delivery, and also provide a measure
against which to judge when things go right. OPB has a strong governance focus, and this
is driven from a fiduciary perspective and a desire to ensure that an effective and efficient
decision-making process exists at all levels of the organization. OPB’s Board of Directors
is cognizant of regulations, including Sarbanes-Oxley, and supports a governance
framework, such as COBIT, that is aligned to these objectives.
COBIT ASSSESSMENT FRAMEWORK
The Manta Group developed its COBIT Assessment Framework to accelerate assessment
and reduce the costs of adopting COBIT 4.0. The framework uses a high insight-to-effort
methodology, tailored to the client. This approach facilitates rapid assessment and
identification of under-controlled targets for quick-win results by analyzing customer
demand for technology against risks and capabilities and value. This approach is aimed
not just at assessing maturity but also at determining what level of maturity is desirable
and why.
PROJECT SCOPE AND STRUCTURE
The scope of the project was for The Manta Group to assess the IT functions as an input
to OPB’s review of its current outsourcing model. This included performing a gap
analysis to identify opportunities for servicing the business. Recommendations were
made in relation to the possible refinement and enhancement of IT Services & PMO
functions to align the overall services being delivered to the business.
The Manta Group worked with OPB to use COBIT 4.0 to:
build a control environment using COBIT for the structure of IT and the services
IT needs to deliver to meet business objectives;
analyze the current state of service delivery at OPB and the interrelationship with
current outsourcing services;
clearly define the integration of IT Services, PMO and the outsourcing vendor;
conduct a gap assessment between as-is status and to-be model;
provide recommendations with an accompanying roadmap to assist OPB in
implementing its vision.
The assessment included the entire 34 COBIT control objectives and the supporting 215
detailed control objectives. A self-evaluation methodology was used to assess the level of
maturity and impact of the 34 COBIT control objectives. An audit approach was not used;
hence, the results are based upon perceived conformance as opposed to using objective
evidence.
OPB’s IT management team and staff members successfully assessed the entire 34
COBIT control objectives and the supporting 215 detailed control objectives. Each of the
34 COBIT control objectives and their supporting detailed control objectives were
allocated to either management or staff to assess according to their familiarity with the
subject matter.
OPB’s management team assessed PO1, PO2, PO3, PO5, PO7, PO9, AI5, DS4, DS6 and
ME4. Twelve OPB staff assessed PO4, PO6, PO8, PO10, AI1, AI2, AI3, AI4, AI6, AI7,
ME1, ME2 and ME3
The project was conducted in four components: familiarization/rationalization,
assessment, recommendations and knowledge transfer.
Familiarization/rationalization
A familiarization workshop was conducted using COBIT as the framework for discussion
to establish the terms of reference and seek a common understanding of COBIT
terminology. Follow-up interviews were conducted with IT Services, PMO and
outsourcing stakeholders to communicate and validate the vision. The deliverable was an
introductory COBIT familiarization presentation.
Assessment
Assessment took place through facilitated self-assessment workshops by IT Services &
PMO management at which the current state of maturity within the OPB organization and
future state was discussed, using each COBIT control objective. The purpose was to build
consensus on the gaps between the current state and future state of OPB services and how
they are delivered, keeping in mind the outsourcing relationship. Additional workshops
were held with staff members to identify their assessment of the current situation for
input to the overall assessment. The deliverable was a service assessment and gap
analysis document.
Recommendations
Using the outputs from the vision and assessment phases in conjunction with the inputs
provided by OPB, The Manta Group drew up recommendations aimed at bridging the
identified gaps. The deliverable was a final report, including control environment, service
assessment and gap analysis complete with recommendations.
Knowledge Transfer
In addition, part of the role provided by The Manta Group was to transfer relevant
knowledge to OPB’s IT organization, enabling the ongoing assessment of its IT
performance with use of consulting services limited to advisory type of engagements for
specific topics.
The goals for using COBIT for the assessment were to provide greater understanding of
best practice IT services and governance, for input to future IT outsourcing models,
service to business, and the alignment of roles and responsibilities. Specifically, OPB
sought to understand the impacts to its current outsourcing model and identify gaps to
allow identification of additional enhancements (people, processes, technology, etc.)
necessary to bridge any gaps that are identified.
CONCLUSION
The COBIT assessment findings were as follows:
Given the current organizational focus and changes at the time of assessment,
OPB IT management deemed that most COBIT control objectives were found to meet
OPB’s acceptable criteria, from both a process maturity and impact point of view.
OPB’s IT organization gained an insight into the COBIT framework and was able
to identify specific control objectives that relate to its current outsourcing relationship.
This knowledge will support further improvements of IT services in this area.
OPB’s IT management was able to identify potential areas for IT Services &
PMO roles and responsibility alignment.
The assessment of risk and impact by OPB IT management of the following
specific control objectives highlighted an additional need for further attention in these
areas:
1.
Assess and Manage IT Risks (PO9)
2.
Define Information Architecture (PO2)
3.
Manage Change (AI6)
4.
Enable Operations and Use (AI4)
5.
Service Levels (DS1)
6.
Continuous Service (DS4)
7.
Internal Controls (ME2)
OPB is currently working on implementing the recommendations from the selfassessment and will use COBIT to reassess the effectiveness of this continual
improvement event. The internal audit function at OPB reports to the Audit Committee of
the Board. A recent internal audit of the key OPB transformation project leveraged the
COBIT assessment report as part of its findings.
COBIT provided OPB with a greater understanding of a comprehensive framework for IT
governance. As part of OPB’s organizational changes to support the delivery of the
business goals, COBIT enabled focus on key areas, such as risk management, to be
brought out. The PMO is currently enhancing its project risk management and plans to
dovetail this into OPB’s enterprisewide framework, currently under development. COBIT
provided a means for greater understanding of what makes up a comprehensive IT
services function, with supporting controls. The self-evaluation process, using COBIT,
established a greater understanding with the IT branch, enabling development of a service
catalogue and better alignment with OPB’s outsource service provider.
Questions :
•
•
•
•
Please summarize the case
What’s generating all of the extra project requests?
What problems arise from over-commitment?
What’s your assessment of company’s IT Governance?
Sumber :
http://www.itgi.org/Template_ITGI.cfm?Section=Case_Studies1&CONTENTID=50158
&TEMPLATE=/ContentManagement/ContentDisplay.cfm
Related documents
60s Project Young or old, black or white, man or woman, Democrat
60s Project Young or old, black or white, man or woman, Democrat
v DESIGN IT GOVERNANCE FOR PLANNING AND ORGANIZING
v DESIGN IT GOVERNANCE FOR PLANNING AND ORGANIZING
IT Governance and The 4 Cobit Domain Processes
IT Governance and The 4 Cobit Domain Processes
How Do You Measure Up?: IT Metrics
How Do You Measure Up?: IT Metrics
1. State Revenue
1. State Revenue
Download
advertisement