SlideShare uma empresa Scribd logo

Strategic governance performance_management_systems

Ramsés Gallego
Ramsés Gallego

This presentation was given at GRC Conference in Boston (October 2010) and explains the importance of measuring performance for real value. It goes into the world of metrics and balanced scorecards

Negócios
1 de 35
Strategic Governance Performance Management Systems Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT(f), Six Sigma Black Belt General Manager Entel Security & Risk Management rgallego@entel.es
Program Cause-effect analysis IT investment Strategy KPIs Outcomes Processes Maturity models Reliability Alignment DMAIC Efficiency Data Business goals Normalization Real-time Portfolio Proactive Dashboards Govern Lean Management Mapping Indicators Balanced Scorecard KGIs Improvement Metrics Effectiveness 2
The need for IT to reinvent itself Despite the projections of renewed economic health, the business will continue to expect IT leadership to show strong financial competencies, that IT projects realize tangible business value, and that the IT organization demonstrates competitive effectiveness. “..IT organizations that rise to the challenge will be rewarded with substantial opportunities to develop a new type of service organization. Those that don’t will face a grimmer future” Gartner – CIO Update - 2009 4
We will be talking today about... Some quotes and definitions The myths on metrics The power of Performance Management Systems Metrics: characteristics & classification What are CSFs, KGIs and KPIs? Examples of governance indicators and KPIs Process and architectures for Performance Systems The SMART side of metrics & indicators 5
Let’s think about this • ‘Measure what is measurable and make measurable what is not so’ - Galileo Galilei (1564-1642) • ‘If you cannot measure it, you cannot improve it’ - William Thomson (Lord Kelvin), (1824-1907) • ‘You cannot control what you cannot measure’ - DeMarco, 1982 • ‘Even when it is not clear how we might measure an attribute, the act of proposing such measures will open a debate that leads to a greater understanding’ - Fenton and Pfleeger, 1997 5
Definitions Governance: “The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and veryfing that the enterprise’s resources are used responsibly” 6
Definitions: what is a performance management system? • Tools designed to facilitate decision-making and improve performance and accountability through collection, analysis and reporting of relevant performance-related data • Metrics are simply a standard or system of measurement. In this case, it is a standard for measuring the value driven by IT, an organization’s value delivery posture. Although there are some published standards for measuring the IT dimension, ideally measurements should be adjusted and tuned to fit a specific organization or situation 7
Goals of this effort Develop a strategic governance performance framework that allows management and other stakeholders to assess their business improvements (time-relevant), guide their governance thinking and aid in the assessment for their environments 8
Some myths • #1 - a little data goes a long way – Fact: you can only improve what you can measure • #2 - measurement is for punishing the guilty – Fact: metrics are for problem solving and identifying opportunity areas • #3 - we can’t measure what we cannot control – Fact: measure what you can influence • #4 - metrics are for measuring people – Fact: measure the team contribution. They are an organizational tool • #5 - we must measure everything – Fact: keep it simple so that everybody understands it 9
The power of metrics • It’s not in the details but in their clarity • Metrics allow executive management to: • Measure achievement • Drive performance • Improve and realign (towards goals) • Metrics should provide a holistic and balanced view of the business • Need to talk about RoI 10
Metrics: what is needed? • The 7 attributes of Information criteria (also known as the “IC Profile”) Key conditions before defining a framework: • Having a pre-defined business process • Having clear goals/performance requirements • Having quantitative/qualitative measures for the business process 11
Characteristics & classification • Process Secure coding standards in use • Objective/Subjective Avg. time to correct critical vulnerabilities • Quantitative/Qualitative • Vulnerability metrics By vulnerability type • Static/Dynamic By ocurrence within a software development life • Absolute/Relative cycle phase • Management • Direct/Indirect % of applications that are currently accepted by business partners Trending: critical unresolved, accepted risks 12
Let’s be specific • Name of the metric • Description of what is measured • How is the metric measured • How often is the measurement taken • Range of values considered normal for the metric • Best possible value of the metric • Units of measurement © Source: Vicente Aceituno’s presentation for the FIST conferences in Madrid, 2008 13
CSFs, KGIs, KPIs: what are they? • CSFs: Critical Success Factors or “vital elements” • KGIs: Key Goals Indicators or “what” has to be accomplished • KPIs: Key Performance Indicators or “how well” the process is performing 14
KPIs and KGIs reflect organizational goals 15
Example of metrics and KPIs • % reduction in repeat security incidents • Increased number of secure assets from risk analysis audits • % reduction of blank passwords on critical systems • % improvement on time-to-access applications • Improved bandwith use due to only-professional web surfing • % reduction in the unavailabilty of services and components (linked with corporate infrastructure management) • % efficiency improvement based on number of RFCs processed regarding vulnerabilities • % reduction in installed software not taken from DML 16
Where do we show metrics? Dashboards and BSCs • Single point of information for governance • Help to make decisions and provide real-time answers to managers • Talk about the business, not about figures! • Need the involvement of the business and operations to be developed/designed in order to provide value • Web and role-based so as to get the right data (becoming the tool that consolidates siloed information) 17
Some dashboards examples © Business Objects. Crystal Xcelsius dashboard from www.xcelsius.com © Business Objects. Crystal Xcelsius dashboard from www.xcelsius.com 18
Some dashboards examples (II) © Business Objects. Crystal Xcelsius dashboard from www.xcelsius.com 19
Monitor vs. Manage R A GE ITO Refine, observe, MA N MON analize and classify data provided by Value (and cost) Act with business systems knowledge, in a Centralize single place according to access to data Apply business business needs content and relevance to the applications information to determine business priorities DATA INFORMATION KNOWLEDGE ACTION Level 1 Level 1 Level 2 Level 2 Level 3 Level 4 21
The road to manage IT information Management Alarm Escalation, Invoke Management ACTION Response Console, Response Model Management/Alert ● email ● Pager ● Cell ● Presentation Event Manage/Report Event Display, Trend Analysis, Security Reports, Performance Reports, Security KNOWLEDGE Pattern Discovery System Health, Assigning Ownership Prioritization Event Correlation Event Prioritization, Event Associations, Security Modeling Event Aggregation Data Normalization and Log Data Reduction, Event Matching, Monitoring Reduction De-Duplicating Events INFORMATION Data Filtering Data Repository Event Monitoring, Third-Party Integration, Data Collection/Capture Protocol Support DATA ● Syslog ● SNMP ● API ● 21
Process & Architectures Query Policy Reporter Policies Events Manager Collector Management Portal ts er Al Router Load Balancer Router SunOS Mainframe Windows X.500 DB IDS/IPS Switch Directory AIX Proxy Network Identity Applications /Hosts Security Systems Systems Information systems Systems © 2006 CA - All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 22
Across Business Applications Division Customer Order Entry Customer Division Shared Invoicing & Service Marketing Receivables Supplier Vendor Managed Inventory Outsourced Shipping Collections 23
To understand the business performance 24
To understand the business performance
To understand the business performance
Using IT in the real world 27
From technology... 28
...to what really matters 29
The Business side 31
The IT Operations side 32
How we link them 33
What can be achieved • KPIs that are a measure of how well a process is performing • The capability of predicting the probability of success or failure in the future • KPIs that are business-focused, process-oriented but IT-driven • KPIs that are expressed in precisely measurable terms • KPIs that, when acted upon, will help to improve the process • FOCUS on what is really important and has impact 33
The SMART side of metrics • First business needs, then processes, then metrics, then tools • Keep them simple • Use “as is/to be” & “is/is not” lists • Metrics should be S-M-A-R-T 34
THANK YOU Strategic Governance Performance Management Systems Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT(f), Six Sigma Black Belt General Manager Entel Security & Risk Management rgallego@entel.es

Recomendados

Culture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programCulture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_program
Ramsés Gallego
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontier
Ramsés Gallego
 
The Perfect Storm
The Perfect StormThe Perfect Storm
The Perfect Storm
Ramsés Gallego
 
IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACA
Ramsés Gallego
 
Day 3 p3 - xs and ec
Day 3 p3 - xs and ecDay 3 p3 - xs and ec
Day 3 p3 - xs and ec
Lilian Schaffer
 
Industry solutions 2012 final
Industry solutions 2012 finalIndustry solutions 2012 final
Industry solutions 2012 final
akilakumar
 
MitKat Ad
MitKat AdMitKat Ad
MitKat Ad
manojajgaonkar
 
Mms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server InfrastructureMms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server Infrastructure
guestd9aa5
 

Recomendados

Culture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_programCulture structure strategy_for_a_grc_program
Culture structure strategy_for_a_grc_program
Ramsés Gallego
 
From technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontierFrom technology risk_to_enterprise_risk_the_new_frontier
From technology risk_to_enterprise_risk_the_new_frontier
Ramsés Gallego
 
The Perfect Storm
The Perfect StormThe Perfect Storm
The Perfect Storm
Ramsés Gallego
 
IT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACAIT Controls Cloud Webinar - ISACA
IT Controls Cloud Webinar - ISACA
Ramsés Gallego
 
Day 3 p3 - xs and ec
Day 3 p3 - xs and ecDay 3 p3 - xs and ec
Day 3 p3 - xs and ec
Lilian Schaffer
 
Industry solutions 2012 final
Industry solutions 2012 finalIndustry solutions 2012 final
Industry solutions 2012 final
akilakumar
 
MitKat Ad
MitKat AdMitKat Ad
MitKat Ad
manojajgaonkar
 
Mms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server InfrastructureMms201 Optimize Your Server Infrastructure
Mms201 Optimize Your Server Infrastructure
guestd9aa5
 
IDBI Intech Limited
IDBI Intech LimitedIDBI Intech Limited
IDBI Intech Limited
IDBI Intech
 
TripleTree eDiscovery
TripleTree eDiscoveryTripleTree eDiscovery
TripleTree eDiscovery
Chris Hoffmann
 
Indranil Guha - It transformation challenges & choices...
Indranil Guha - It transformation challenges & choices...Indranil Guha - It transformation challenges & choices...
Indranil Guha - It transformation challenges & choices...
Global Business Events
 
Ca partner day - qualità servizi - roma 1 di 2
Ca partner day - qualità servizi - roma 1 di 2Ca partner day - qualità servizi - roma 1 di 2
Ca partner day - qualità servizi - roma 1 di 2
CA Technologies Italia
 
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
IBM Sverige
 
High Level Intro
High Level IntroHigh Level Intro
High Level Intro
faisalsadaf
 
Stefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalStefan Pappe Making S O A Operational
Stefan Pappe Making S O A Operational
SOA Symposium
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
IBM Sverige
 
Bi Risk Services
Bi Risk ServicesBi Risk Services
Bi Risk Services
Rahul Bhan (CA, CIA, MBA)
 
ITIL and IT Security Architecture
ITIL and IT Security ArchitectureITIL and IT Security Architecture
ITIL and IT Security Architecture
Leo de Sousa
 
Bi risk services 2013
Bi risk services 2013Bi risk services 2013
Bi risk services 2013
Rahul Bhan (CA, CIA, MBA)
 
Bi risk services 2013
Bi risk services 2013Bi risk services 2013
Bi risk services 2013
Rahul Bhan (CA, CIA, MBA)
 
E-Business Suite 2 _ Ben Davis _ Achieving outstanding optim data management ...
E-Business Suite 2 _ Ben Davis _ Achieving outstanding optim data management ...E-Business Suite 2 _ Ben Davis _ Achieving outstanding optim data management ...
E-Business Suite 2 _ Ben Davis _ Achieving outstanding optim data management ...
InSync2011
 
SaaS ERP adoption intent: Explaining the South African SME perspective
SaaS ERP adoption intent: Explaining the South African SME perspectiveSaaS ERP adoption intent: Explaining the South African SME perspective
SaaS ERP adoption intent: Explaining the South African SME perspective
CONFENIS 2012
 
Kascade corporate profile
Kascade corporate profileKascade corporate profile
Kascade corporate profile
Mukund Ananda
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
Jorge Sebastiao
 
Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...
Global Business Events - the Heart of your Network.
 
Proyecto de quimica iii
Proyecto de quimica iiiProyecto de quimica iii
Proyecto de quimica iii
lauragalarza21
 
Prototipazione Elettronica – Aurelio Carella – lez. 2
Prototipazione Elettronica – Aurelio Carella – lez. 2Prototipazione Elettronica – Aurelio Carella – lez. 2
Prototipazione Elettronica – Aurelio Carella – lez. 2
La Scuola Open Source
 
ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011
Ramsés Gallego
 
Entel Service Management
Entel Service ManagementEntel Service Management
Entel Service Management
Ramsés Gallego
 
Malware mitigation
Malware mitigationMalware mitigation
Malware mitigation
Ramsés Gallego
 

Mais conteúdo relacionado

Mais procurados

Stefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalStefan Pappe Making S O A Operational
Stefan Pappe Making S O A Operational
SOA Symposium
 
Bi Risk Services
Bi Risk ServicesBi Risk Services
Bi Risk Services
Rahul Bhan (CA, CIA, MBA)
 
E-Business Suite 2 _ Ben Davis _ Achieving outstanding optim data management ...
E-Business Suite 2 _ Ben Davis _ Achieving outstanding optim data management ...E-Business Suite 2 _ Ben Davis _ Achieving outstanding optim data management ...
E-Business Suite 2 _ Ben Davis _ Achieving outstanding optim data management ...
InSync2011
 
Kascade corporate profile
Kascade corporate profileKascade corporate profile
Kascade corporate profile
Mukund Ananda
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
Jorge Sebastiao
 

Mais procurados (17)

IDBI Intech Limited
IDBI Intech LimitedIDBI Intech Limited
IDBI Intech Limited
 
TripleTree eDiscovery
TripleTree eDiscoveryTripleTree eDiscovery
TripleTree eDiscovery
 
Indranil Guha - It transformation challenges & choices...
Indranil Guha - It transformation challenges & choices...Indranil Guha - It transformation challenges & choices...
Indranil Guha - It transformation challenges & choices...
 
Ca partner day - qualità servizi - roma 1 di 2
Ca partner day - qualità servizi - roma 1 di 2Ca partner day - qualità servizi - roma 1 di 2
Ca partner day - qualità servizi - roma 1 di 2
 
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
Kostnadseffektiv implementation av IT-säkerhetsstrategi – Accenture - IBM Sma...
 
High Level Intro
High Level IntroHigh Level Intro
High Level Intro
 
Stefan Pappe Making S O A Operational
Stefan Pappe Making S O A OperationalStefan Pappe Making S O A Operational
Stefan Pappe Making S O A Operational
 
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
Kostnadseffektiv implementation av er IT-säkerhetsstrategi - PCTY 2011
 
Bi Risk Services
Bi Risk ServicesBi Risk Services
Bi Risk Services
 
ITIL and IT Security Architecture
ITIL and IT Security ArchitectureITIL and IT Security Architecture
ITIL and IT Security Architecture
 
Bi risk services 2013
Bi risk services 2013Bi risk services 2013
Bi risk services 2013
 
Bi risk services 2013
Bi risk services 2013Bi risk services 2013
Bi risk services 2013
 
E-Business Suite 2 _ Ben Davis _ Achieving outstanding optim data management ...
E-Business Suite 2 _ Ben Davis _ Achieving outstanding optim data management ...E-Business Suite 2 _ Ben Davis _ Achieving outstanding optim data management ...
E-Business Suite 2 _ Ben Davis _ Achieving outstanding optim data management ...
 
SaaS ERP adoption intent: Explaining the South African SME perspective
SaaS ERP adoption intent: Explaining the South African SME perspectiveSaaS ERP adoption intent: Explaining the South African SME perspective
SaaS ERP adoption intent: Explaining the South African SME perspective
 
Kascade corporate profile
Kascade corporate profileKascade corporate profile
Kascade corporate profile
 
Information Security Cost Effective Managed Services
Information Security Cost Effective Managed ServicesInformation Security Cost Effective Managed Services
Information Security Cost Effective Managed Services
 
Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...Why physical security just isn’t enough, Sending the heavies into virtualized...
Why physical security just isn’t enough, Sending the heavies into virtualized...
 

Destaque

Entel Service Management
Entel Service ManagementEntel Service Management
Entel Service Management
Ramsés Gallego
 
Metrics, measures & Myths
Metrics, measures & MythsMetrics, measures & Myths
Metrics, measures & Myths
Ramsés Gallego
 
6G Business Digital Inclusion
6G Business Digital Inclusion6G Business Digital Inclusion
6G Business Digital Inclusion
Steven Johns
 
34. evaluation q3
34. evaluation q334. evaluation q3
34. evaluation q3
Tom Ibbott
 

Destaque (15)

Proyecto de quimica iii
Proyecto de quimica iiiProyecto de quimica iii
Proyecto de quimica iii
 
Prototipazione Elettronica – Aurelio Carella – lez. 2
Prototipazione Elettronica – Aurelio Carella – lez. 2Prototipazione Elettronica – Aurelio Carella – lez. 2
Prototipazione Elettronica – Aurelio Carella – lez. 2
 
ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011ISACA Barcelona Chapter Congress - July 2011
ISACA Barcelona Chapter Congress - July 2011
 
Entel Service Management
Entel Service ManagementEntel Service Management
Entel Service Management
 
Malware mitigation
Malware mitigationMalware mitigation
Malware mitigation
 
Prototipazione Elettronica – Aurelio Carella – lez. 3
Prototipazione Elettronica – Aurelio Carella – lez. 3Prototipazione Elettronica – Aurelio Carella – lez. 3
Prototipazione Elettronica – Aurelio Carella – lez. 3
 
Modern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panelModern cyber threats_and_how_to_combat_them_panel
Modern cyber threats_and_how_to_combat_them_panel
 
Industrial growth (B.COM)
Industrial growth (B.COM)Industrial growth (B.COM)
Industrial growth (B.COM)
 
Metrics, measures & Myths
Metrics, measures & MythsMetrics, measures & Myths
Metrics, measures & Myths
 
6G Business Digital Inclusion
6G Business Digital Inclusion6G Business Digital Inclusion
6G Business Digital Inclusion
 
El reportaje
El reportajeEl reportaje
El reportaje
 
Meeting with Investors - February 2016
Meeting with Investors - February 2016Meeting with Investors - February 2016
Meeting with Investors - February 2016
 
Time Management expertise
Time Management expertise Time Management expertise
Time Management expertise
 
34. evaluation q3
34. evaluation q334. evaluation q3
34. evaluation q3
 
Disparity of access_quality_review_of_maternal_mortality_in_5_regions_in_indo...
Disparity of access_quality_review_of_maternal_mortality_in_5_regions_in_indo...Disparity of access_quality_review_of_maternal_mortality_in_5_regions_in_indo...
Disparity of access_quality_review_of_maternal_mortality_in_5_regions_in_indo...
 

Semelhante a Strategic governance performance_management_systems

Krzysztof pulkiewicz kpi
Krzysztof pulkiewicz kpiKrzysztof pulkiewicz kpi
Krzysztof pulkiewicz kpi
banqUP
 
How to implement measurements to drive value
How to implement measurements to drive valueHow to implement measurements to drive value
How to implement measurements to drive value
OMNINET USA
 
Introduction To KPIs
Introduction To KPIsIntroduction To KPIs
Introduction To KPIs
Alastairs1
 
OAUGNYC 2012, Product Spotlight: Oracle Hyperion Profitability & Cost Management
OAUGNYC 2012, Product Spotlight: Oracle Hyperion Profitability & Cost ManagementOAUGNYC 2012, Product Spotlight: Oracle Hyperion Profitability & Cost Management
OAUGNYC 2012, Product Spotlight: Oracle Hyperion Profitability & Cost Management
RJ Linehan
 
5 Employee Relations Metrics you Should be Tracking & Why
5 Employee Relations Metrics you Should be Tracking & Why5 Employee Relations Metrics you Should be Tracking & Why
5 Employee Relations Metrics you Should be Tracking & Why
Dovetail Software
 

Semelhante a Strategic governance performance_management_systems (20)

Infusing EPM in people and process
Infusing EPM in people and processInfusing EPM in people and process
Infusing EPM in people and process
 
So Smart Metrics And Business Intelligence For Itsm 20100809
So Smart Metrics And Business Intelligence For Itsm 20100809So Smart Metrics And Business Intelligence For Itsm 20100809
So Smart Metrics And Business Intelligence For Itsm 20100809
 
Krzysztof pulkiewicz kpi
Krzysztof pulkiewicz kpiKrzysztof pulkiewicz kpi
Krzysztof pulkiewicz kpi
 
ITSM Conference, Dubai, UAE 2009
ITSM Conference, Dubai, UAE 2009ITSM Conference, Dubai, UAE 2009
ITSM Conference, Dubai, UAE 2009
 
IT Governance Framework
IT Governance FrameworkIT Governance Framework
IT Governance Framework
 
Gregs BI Presentation
Gregs BI PresentationGregs BI Presentation
Gregs BI Presentation
 
How to implement measurements to drive value
How to implement measurements to drive valueHow to implement measurements to drive value
How to implement measurements to drive value
 
Microsoft Business Intelligence Performance Management Dan Bulos_2011
Microsoft Business Intelligence Performance Management Dan Bulos_2011Microsoft Business Intelligence Performance Management Dan Bulos_2011
Microsoft Business Intelligence Performance Management Dan Bulos_2011
 
Security Metrics Program
Security Metrics ProgramSecurity Metrics Program
Security Metrics Program
 
Measuring Success - Security KPIs
Measuring Success - Security KPIsMeasuring Success - Security KPIs
Measuring Success - Security KPIs
 
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAsAdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
AdvisorAssist Presentation: Cloud Computing and Compliance For RIAs
 
Clextra features benefits
Clextra features benefitsClextra features benefits
Clextra features benefits
 
Introduction To KPIs
Introduction To KPIsIntroduction To KPIs
Introduction To KPIs
 
OAUGNYC 2012, Product Spotlight: Oracle Hyperion Profitability & Cost Management
OAUGNYC 2012, Product Spotlight: Oracle Hyperion Profitability & Cost ManagementOAUGNYC 2012, Product Spotlight: Oracle Hyperion Profitability & Cost Management
OAUGNYC 2012, Product Spotlight: Oracle Hyperion Profitability & Cost Management
 
SharePoint MoneyBall: The Art of Winning the SharePoint Metrics Game by Susan...
SharePoint MoneyBall: The Art of Winning the SharePoint Metrics Game by Susan...SharePoint MoneyBall: The Art of Winning the SharePoint Metrics Game by Susan...
SharePoint MoneyBall: The Art of Winning the SharePoint Metrics Game by Susan...
 
Removing silos
Removing silosRemoving silos
Removing silos
 
5 Employee Relations Metrics you Should be Tracking & Why
5 Employee Relations Metrics you Should be Tracking & Why5 Employee Relations Metrics you Should be Tracking & Why
5 Employee Relations Metrics you Should be Tracking & Why
 
Data Governance: Description, Design, Delivery
Data Governance: Description, Design, DeliveryData Governance: Description, Design, Delivery
Data Governance: Description, Design, Delivery
 
IT Governance - COBIT Perspective
IT Governance - COBIT PerspectiveIT Governance - COBIT Perspective
IT Governance - COBIT Perspective
 
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
SilverStorm "Credibility and Collaboration to achieve excellence in IT Govern...
 

Último

Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
Abortion pills in Kuwait Cytotec pills in Kuwait
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
dlhescort
 

Último (20)

Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
Call Girls In Majnu Ka Tilla 959961~3876 Shot 2000 Night 8000
 

Strategic governance performance_management_systems

  • 1. Strategic Governance Performance Management Systems Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT(f), Six Sigma Black Belt General Manager Entel Security & Risk Management rgallego@entel.es
  • 2. Program Cause-effect analysis IT investment Strategy KPIs Outcomes Processes Maturity models Reliability Alignment DMAIC Efficiency Data Business goals Normalization Real-time Portfolio Proactive Dashboards Govern Lean Management Mapping Indicators Balanced Scorecard KGIs Improvement Metrics Effectiveness 2
  • 3. The need for IT to reinvent itself Despite the projections of renewed economic health, the business will continue to expect IT leadership to show strong financial competencies, that IT projects realize tangible business value, and that the IT organization demonstrates competitive effectiveness. “..IT organizations that rise to the challenge will be rewarded with substantial opportunities to develop a new type of service organization. Those that don’t will face a grimmer future” Gartner – CIO Update - 2009 4
  • 4. We will be talking today about... Some quotes and definitions The myths on metrics The power of Performance Management Systems Metrics: characteristics & classification What are CSFs, KGIs and KPIs? Examples of governance indicators and KPIs Process and architectures for Performance Systems The SMART side of metrics & indicators 5
  • 5. Let’s think about this • ‘Measure what is measurable and make measurable what is not so’ - Galileo Galilei (1564-1642) • ‘If you cannot measure it, you cannot improve it’ - William Thomson (Lord Kelvin), (1824-1907) • ‘You cannot control what you cannot measure’ - DeMarco, 1982 • ‘Even when it is not clear how we might measure an attribute, the act of proposing such measures will open a debate that leads to a greater understanding’ - Fenton and Pfleeger, 1997 5
  • 6. Definitions Governance: “The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and veryfing that the enterprise’s resources are used responsibly” 6
  • 7. Definitions: what is a performance management system? • Tools designed to facilitate decision-making and improve performance and accountability through collection, analysis and reporting of relevant performance-related data • Metrics are simply a standard or system of measurement. In this case, it is a standard for measuring the value driven by IT, an organization’s value delivery posture. Although there are some published standards for measuring the IT dimension, ideally measurements should be adjusted and tuned to fit a specific organization or situation 7
  • 8. Goals of this effort Develop a strategic governance performance framework that allows management and other stakeholders to assess their business improvements (time-relevant), guide their governance thinking and aid in the assessment for their environments 8
  • 9. Some myths • #1 - a little data goes a long way – Fact: you can only improve what you can measure • #2 - measurement is for punishing the guilty – Fact: metrics are for problem solving and identifying opportunity areas • #3 - we can’t measure what we cannot control – Fact: measure what you can influence • #4 - metrics are for measuring people – Fact: measure the team contribution. They are an organizational tool • #5 - we must measure everything – Fact: keep it simple so that everybody understands it 9
  • 10. The power of metrics • It’s not in the details but in their clarity • Metrics allow executive management to: • Measure achievement • Drive performance • Improve and realign (towards goals) • Metrics should provide a holistic and balanced view of the business • Need to talk about RoI 10
  • 11. Metrics: what is needed? • The 7 attributes of Information criteria (also known as the “IC Profile”) Key conditions before defining a framework: • Having a pre-defined business process • Having clear goals/performance requirements • Having quantitative/qualitative measures for the business process 11
  • 12. Characteristics & classification • Process Secure coding standards in use • Objective/Subjective Avg. time to correct critical vulnerabilities • Quantitative/Qualitative • Vulnerability metrics By vulnerability type • Static/Dynamic By ocurrence within a software development life • Absolute/Relative cycle phase • Management • Direct/Indirect % of applications that are currently accepted by business partners Trending: critical unresolved, accepted risks 12
  • 13. Let’s be specific • Name of the metric • Description of what is measured • How is the metric measured • How often is the measurement taken • Range of values considered normal for the metric • Best possible value of the metric • Units of measurement © Source: Vicente Aceituno’s presentation for the FIST conferences in Madrid, 2008 13
  • 14. CSFs, KGIs, KPIs: what are they? • CSFs: Critical Success Factors or “vital elements” • KGIs: Key Goals Indicators or “what” has to be accomplished • KPIs: Key Performance Indicators or “how well” the process is performing 14
  • 15. KPIs and KGIs reflect organizational goals 15
  • 16. Example of metrics and KPIs • % reduction in repeat security incidents • Increased number of secure assets from risk analysis audits • % reduction of blank passwords on critical systems • % improvement on time-to-access applications • Improved bandwith use due to only-professional web surfing • % reduction in the unavailabilty of services and components (linked with corporate infrastructure management) • % efficiency improvement based on number of RFCs processed regarding vulnerabilities • % reduction in installed software not taken from DML 16
  • 17. Where do we show metrics? Dashboards and BSCs • Single point of information for governance • Help to make decisions and provide real-time answers to managers • Talk about the business, not about figures! • Need the involvement of the business and operations to be developed/designed in order to provide value • Web and role-based so as to get the right data (becoming the tool that consolidates siloed information) 17
  • 18. Some dashboards examples © Business Objects. Crystal Xcelsius dashboard from www.xcelsius.com © Business Objects. Crystal Xcelsius dashboard from www.xcelsius.com 18
  • 19. Some dashboards examples (II) © Business Objects. Crystal Xcelsius dashboard from www.xcelsius.com 19
  • 20. Monitor vs. Manage R A GE ITO Refine, observe, MA N MON analize and classify data provided by Value (and cost) Act with business systems knowledge, in a Centralize single place according to access to data Apply business business needs content and relevance to the applications information to determine business priorities DATA INFORMATION KNOWLEDGE ACTION Level 1 Level 1 Level 2 Level 2 Level 3 Level 4 21
  • 21. The road to manage IT information Management Alarm Escalation, Invoke Management ACTION Response Console, Response Model Management/Alert ● email ● Pager ● Cell ● Presentation Event Manage/Report Event Display, Trend Analysis, Security Reports, Performance Reports, Security KNOWLEDGE Pattern Discovery System Health, Assigning Ownership Prioritization Event Correlation Event Prioritization, Event Associations, Security Modeling Event Aggregation Data Normalization and Log Data Reduction, Event Matching, Monitoring Reduction De-Duplicating Events INFORMATION Data Filtering Data Repository Event Monitoring, Third-Party Integration, Data Collection/Capture Protocol Support DATA ● Syslog ● SNMP ● API ● 21
  • 22. Process & Architectures Query Policy Reporter Policies Events Manager Collector Management Portal ts er Al Router Load Balancer Router SunOS Mainframe Windows X.500 DB IDS/IPS Switch Directory AIX Proxy Network Identity Applications /Hosts Security Systems Systems Information systems Systems © 2006 CA - All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 22
  • 23. Across Business Applications Division Customer Order Entry Customer Division Shared Invoicing & Service Marketing Receivables Supplier Vendor Managed Inventory Outsourced Shipping Collections 23
  • 24. To understand the business performance 24
  • 25. To understand the business performance
  • 26. To understand the business performance
  • 27. Using IT in the real world 27
  • 29. ...to what really matters 29
  • 31. The IT Operations side 32
  • 32. How we link them 33
  • 33. What can be achieved • KPIs that are a measure of how well a process is performing • The capability of predicting the probability of success or failure in the future • KPIs that are business-focused, process-oriented but IT-driven • KPIs that are expressed in precisely measurable terms • KPIs that, when acted upon, will help to improve the process • FOCUS on what is really important and has impact 33
  • 34. The SMART side of metrics • First business needs, then processes, then metrics, then tools • Keep them simple • Use “as is/to be” & “is/is not” lists • Metrics should be S-M-A-R-T 34
  • 35. THANK YOU Strategic Governance Performance Management Systems Ramsés Gallego CISM, CGEIT, CISSP, SCPM, CCSK, ITIL, COBIT(f), Six Sigma Black Belt General Manager Entel Security & Risk Management rgallego@entel.es