canheit 2012
DESCRIPTION
Canheit 2012. IT Governance Principles and Practicals. Graham Mowbray, Memorial University of Newfoundland. What we’ll cover …. Who is MUN ? A brief history of time (1969 onwards) The dis-integrated university ….. What is Governance MUN’s Governance Structure - PowerPoint PPT PresentationTRANSCRIPT
Canheit 2012
Graham Mowbray, Memorial University of Newfoundland
IT GovernancePrinciples and Practicals
What we’ll cover ….
• Who is MUN ?• A brief history of time (1969 onwards)• The dis-integrated university …..• What is Governance• MUN’s Governance Structure• Turning Principles into practice
Memorial University of Newfoundland
Grenfell CampusCorner Brook
St. John’s Campus
Marine Institute
Labrador Institute Harlow
A brief history of time:
1969
1975
19922007
2009
Newfoundland & Labrador Computer Services
Grenfell CampusOpened
Marine InstituteJoins MUN
Repatriate PeopleRepatriate Hardware
2012Canheit
The “dis-integrated” university• Grenfell & the Marine Institute brought their own
cultures (academic, administration & I.T.)• Governance at all levels was largely independent• No appetite to combine I.T. services except at the ERP
level – Some integration around Banner Student and Finance– Everyone gets a paycheque
• IT largely in charge of IT• Not just IT but St. John’s Campus (saw itself and was
feared as) the main player
Purchased Telecommunications & Networking
Disintegration …
St. John’sPeople to operateBanner ERP/HR Telephone SystemsCampus NetworksExternal NetworksResearch NetworksE-mail & WebService Desk
Marine InstitutePeople to operateTelephone SystemsCampus NetworksExternal NetworksE-mailWebService Desk
GrenfellPeople to operateTelephone SystemsCampus NetworksExternal NetworksE-mailWebService Desk
Purchased Services & Support
Even within the St. John’s campus
• The outsourced contract created “administrative” relationships. – NLCS/NIS/xwave – really only understood “business
systems”– Budgets for services controlled by traditional units
(RO, Finance and H.R.)– The academic world largely had to fend for
themselves– Memorial was a card played in the privatization of
NLCS
Purchased Telecommunications & Networking
Where we could be
Integrated multi-campus IT Infrastructure & Operations
Purchased Services & Support
People to operateBanner ERP/HRTelephone SystemsCampus NetworksExternal NetworksResearch NetworksE-mail & WebCloud for StudentsService Desk
Why are we not there?
Governance!
Enter the Center for Information Systems ResearchMIT Sloane School of Management
What is IT Governance ?(Graham’s re-working of CISR definition)
Making decisions and assigning accountability to optimize IT resources (people, processes and technology) to align with the strategy and culture of an organization.
Formal Decision makingAccountabilityStrategic Alignment
11
12
What Decisions Need to be Made?(Domains)
There are five major decisions domains1. Principles2. Infrastructure strategies3. Applications Architecture4. Business application needs5. Investment and prioritization
Principles
Investment and Priority
Memorial’s Needs
Architecture
Infrastructure
Domains
We need a structure
VP Council
All campuses representedLed by the ProvostHistory is history!Change is coming – like it or not!
Campus Needs Functional Units
We need a structure
VP Council
Information Systems Advisory
council
Applications & DataArchitectureCommittee
Campus Technology Committee
PortalCommittee
Core Infrastructure&
Operations
Campus Needs Functional Units
We need some acronyms!
VP Council
Information Systems Advisory
council
Applications & DataArchitectureCommittee
Campus Technology Committee
PortalCommittee
Core Infrastructure&
Operations
ISAC
CTC ADAC
PSCCIOS
Principles
Investment and Priority
Memorial’s Needs
Data & ApplicationsArchitecture
Infrastructure
DomainsInfluence
IT and functional areas
Decision
ISAC
Vice President’s Council
Vice President’s Council
ADAC
CTCIndustry, IT & Community
Functional units, MUN’s Strategy CTC & ADAC
ISAC
ISAC
The Priority MechanismRelating Effort, Complexity & Risk to Benefits
The Principles
Principles for new IT investments• Initiatives that have an enterprise-wide impact will be
favoured over initiatives which simply benefit one campus or unit.
• Memorial will invest for excellence in those applications and technologies s which differentiate us from our peers and support Memorial’s Strategic Plan. Administrative and Regulatory systems, although required for stable operation, will only be built and maintained to a level appropriate for good management and conformance with appropriate laws.
Principles for new IT investments• All new software projects will be evaluated on a business
case (Return on Investment) and a non-IT owner will be responsible to deliver the benefits expected. A benefits audit will be conducted within 6 months of completion of each project.
• All constituents (Faculty, Staff and Students) should enjoy the same levels of service at all campuses and all campuses will receive the same level of service from technology and applications.
Principles for new IT investments
• Initiatives that extend the use of existing software or hardware will be given preference over the introduction of new technologies (all other considerations being equal).
• Where possible, Memorial will develop a set of standards for technology, data, and applications. Initiatives that conform to these agreed standards will be given preference over projects which do not.
Principles for new IT investments
• Applications which streamline processes, benefit the “end user” or are self service and reduce administrative overhead will be given preference.
• Purchased, commercially available or supported “open source” applications will be preferred over in-house developed applications. Customization of purchased applications will be avoided wherever possible.
Governing Principles for operations
• Where practical and beneficial to Memorial, common or core IT services will be provided by a centralized unit.
• Operations cost/benefit will be justified on a regular basis and the ISAC may recommend cancelling certain operations when they no longer add sufficient value to Memorial.
Six IT Decisions your IT People Shouldn’t make!
CISR – Weil and Ross again.
The Six!
1. How much should we spend on IT?2. Which processes/functions should receive
our IT dollars?3. Which IT capabilities need to be Memorial-
wide?4. How good do our IT services need to be ?5. What security and privacy risks will we
accept?6. Whom do we blame if an IT initiative fails?From CISR Sloan School of Management, MIT, Ross & Weill – October 2002
IT Governance, Principles and Practicals
with thanks to CISR’s:Peter Weil
Jeanne Ross
Lets leave discussion until after Terry’s part?
Demystifying COBIT: the UNB experience
Terry Nikkel / Janice El-BayoumiUniversity of New Brunswick
UNB’s IT Framework
Practical implementation of COBIT for process improvement
COBIT process overviewBusiness Goals
IT Goals
IT Processes
Process Objectiv
es
Objective Practices
Practices Value
and Risk
Example: AI6 manage change• 4 IT Goals • 6 Objectives
• Assessment, prioritization, authorization• 6 Value and Risk
Drivers• 4 Practices
Getting started
• Who should be involved• Decision drivers• Tools
Benchmark
Set Improvement Target
Develop Plan
Implement Plan
Review
Moving forward
Lessons Learned
Tips for Newbies
•To start - find something to keep them busy•Provide the framework to work within. Send them to COBIT training
•Find someone who has done it to give practical advice
Processes worked on in the last year
• Define the information architecture• Manage IT human resources• Manage change• Install and accredit solutions and changes• Ensure continuous services• Monitor and evaluate IT performance