establishing a framework for it governance by dave cunningham 2007
DESCRIPTION
TRANSCRIPT
© 2007 Baker Robbins & Company
Establishing a Framework for IT Governance
Perspective of Law Firm Business Leaders
Background on Published Frameworks
Lessons Learned from Law Firm Technology Scorecards
Dave Cunningham, Managing DirectorBaker Robbins & Company
© 2007 Baker Robbins & Company | 2
Basic Questions from Firm Management
What are other firms doing? Are we prepared for disasters? Are we spending the right amount of money for what we are getting? Is my CIO doing a good job? Should we outsource more? Why are people complaining about….
© 2007 Baker Robbins & Company | 3
Evolving Questions from Firm Management
What are the indicators of good performance? What are the critical success factors? What are the risks of not achieving our objectives? How do we measure and compare to others? What is the business case for this change? How much would alternative service models and levels cost? How can technology affect lawyer productivity? How do we define
lawyer productivity? How can IT use relevant information to deliver business intelligence?
© 2007 Baker Robbins & Company | 4
Using a Published Framework
For: Provides perspective Provides a common language Training available and consistent Most frameworks advocate “adopt
and adapt” not certification Frameworks promote short cuts and
combining best of other frameworks Increases ability to benchmark Software increasingly builds in ITIL
processes and measures Larger outsourcers use ITIL
Against: Too complex for a law firm; too
procedural; too much bureaucracy Hinders creativity and agility SLAs don’t work in a law firm Personal experience is more relevant Law firms deal with exceptions, not rules Too many standards to choose from I have good people so don’t need
someone telling me processes
© 2007 Baker Robbins & Company | 5
“All models are wrong, but some are useful.”
George Box, co-founder of the Center for Quality and Productivity Improvement
© 2007 Baker Robbins & Company | 6
Comparison of IT Frameworks
Source: CobiT Mapping, Overview of International IT Guidance, 2nd Edition
© 2007 Baker Robbins & Company | 7
Components of IT Governance (CObIT v4.1)
Strategic Alignment
Information technology must be in alignment with the evolving strategic objectives of the organization. As organizations evaluate their future strategies and new opportunities present themselves, it is critical that the IT function’s ability to address and deliver these opportunities is considered.
Value Proposition
IT must be able to respond to strategic objectives of adding value to the organization’s processes while at the same time maintaining fiscal responsibility and adhering to implementation time frames including measuring and achieving the expected return on the IT investment.
Risk Management
The IT function must effectively identify threats and vulnerabilities to the organization's IT infrastructure and then take steps to effectively mitigate the impact of those items.
Resource Management
One of the responsibilities of management is to ensure that the IT department has adequate resources to evaluate and implement new technologies as well as determining when to abandon obsolete technologies. This requires educating IT personnel and keeping their skills current to ensure they have the capabilities to do so.
Performance Measurement
To ensure that the previous four objectives can be managed, the organization must have a methodology to evaluate and track progress of the firm's IT governance. This includes the use of tools such as ROI measurement, IT performance benchmarks and balanced scorecards.
Source: Control Objectives for Information and related Technology (CObIT)
© 2007 Baker Robbins & Company | 8
IT Supporting Strategic Objectives
Source: Board Briefing on IT Governance, IT Governance Institute
© 2007 Baker Robbins & Company | 9From: Aligning COBIT®, ITIL® and ISO 17799 for Business Benefit
© 2007 Baker Robbins & Company | 10
Components of ITIL Service Management (v3)
Service Strategy Focuses on the identification of market opportunities for which services could be developed in order to meet a requirement on the part of internal or external customers. The output is a strategy for the design, implementation, maintenance and continual improvement of the service as an organizational capability and a strategic asset. Key areas of this volume are Service Portfolio Management and Financial Management.
Service Design
Focuses on the activities that take place in order to develop the strategy into a design document which addresses all aspects of the proposed service, as well as the processes intended to support it. Key areas of this volume are Availability Management, Capacity Management, Continuity Management and Security Management.
Service Transition
Focuses on the implementation of the output of the service design activities and the creation of a production service or modification of an existing service. There is an area of overlap between Service Transition and Service Operation. Key areas of this volume are Change Management, Release Management, Configuration Management and Service Knowledge Management.
Service Operation
Focuses on the activities required to operate the services and maintain their functionality as defined in the Service Level Agreements with the customers. Key areas of this volume are Incident Management, Problem Management and Request Fulfillment.
Continual Service Improvement
Focuses on the ability to deliver continual improvement to the quality of the services that the IT organization delivers to the business. Key areas of this volume are Service Reporting, Service Measurement and Service Level Management.
Source: OGC
© 2007 Baker Robbins & Company | 11
© 2007 Baker Robbins & Company | 12
Process Ratings on Spider Chart (example, 1 of 4)
© 2007 Baker Robbins & Company | 13
© 2007 Baker Robbins & Company | 14
© 2007 Baker Robbins & Company | 15
CONFLICTS & ETHICS Conflicts & Ethics and Securities
Transaction Committees Information Services and Records
Department Outside Counsel
EMPLOYMENT &PERSONNEL MATTERS
Professional Personnel and Admin HR Outside Counsel
PARTNERSHIP ELECTIONS Policy Committee Executive Group Finance Department IT
PARTNERSHIP ELECTIONS(Governance, Departures, Disputes) Executive Group Policy Committee Pension Committee Finance Department Professional Personnel Outside Counsel
LITIGATION & SUBPOENA MATTERS
Litigation Attorneys Managing Attorney’s Office Outside Counsel
DATA PRIVACY, SECURITY MATTERS
Finance Department IT Professional Personnel and Admin HR
MARKETING & COMMUNICATIONS (Website, Branding, Copyright, Reviewing Marketing Materials, etc.)
Marketing/Communications Department
PROFESSIONAL DEVELOPMENT Professional Development Department Professional Personnel
VENDOR CONTRACTS Applicable Departments (IT, Finance, HR,
M/C, etc.)
AUDIT Audit Committee Finance Department
INSURANCE
Professional Indemnity Professional Insurance Committee Executive Group Finance Department
Employment/Worker’s Compensation
Administrative HR Finance Department
Other Insurance Finance Department Executive Group
FIRM MANUALS AND GUIDANCE Executive Group (and delegates) Applicable Practice Groups & Departments
INFORMATION RETENTION IR Project Team Steering Group Outside Consultants All Practice Groups and Departments
FIRM INVESTMENTS Investment Committee
Areas of a Firm Addressing Risk (Example)
© 2007 Baker Robbins & Company | 16
Enterprise Risk Management: Business Impact
Gartner research shows that 60% of large enterprises without best practice risk management implemented consistently across the enterprise will significantly under-perform their peers.
Impact on insurable losses has not been measured. ERM helps you look better to the insurance company and establish a sense of awareness. - Lead of law firm insurance group, Aon
© 2007 Baker Robbins & Company | 17
Technology Scorecard Assessments - What Have We Learned?
Firms most often in 2+ range (scale of 5) for process and organizational maturity
Staffing and cost levels– When apples-to-apples, highest firms are double the lowest firms without
double the value
– Firms struggle to provide same service/risk level as outsourcers for the same cost
– IT Departments are largely still geared toward operational and support responsibilities
Wide penetration of ITIL programs and selective outsourcing Use of Service Level Objectives / Agreements still minimal External surveys not taken seriously Lack of transparency of IT’s cost, value and risks is one of the most
important drivers for IT governance
© 2007 Baker Robbins & Company | 18
Thank you.
Dave Cunningham
Managing Director, Strategic Technology Services
Baker Robbins & Company