Common Risk Determinants for an IT Architecture – Part I

An entity’s control environment (CE) can provide discipline and structure to processes ensuring operational, financial, and compliance requirements are adequately addressed. As an integrated component, technology has and will continue to influence the CE as well as assume activity change agent responsibility. Nevertheless, technological development and deployment is inextricably connected to the economic, social, political, and informational factors that prevail in the entity’s CE.

Managements’ interest in, and awareness of, IT capabilities (including those performed for the entity by Third Party Providers (TPPs)) is important in establishing an entity-wide consciousness of control issues. To determine appropriate IT control issues, an entity’s CE normally requires management define control emphasis through ‘assessments of importance’ between IT domain criteria and entity objectives.

An Overview of IT Service Delivery and Support – Part VIII

Aligned with the generally accepted IT value definition; IT service basic principles should deliver appropriate quality, on-time and within-budget, while achieving promised benefits. Where these basic principles are earnestly harmonized, IT service delivery and support benefits usually translate into attainment of: competitive advantage, reduced elapsed time for service request fulfillment, customer satisfaction, reduced customer wait time, as well as increased employee productivity and profitability.

To enable beneficial IT service delivery and support (as with all processes) appropriate objectives, goals, policies, procedures, standards and rules are required. Specifically, utilizing standards for ITSM usually generates benefits the moment an entity decides to outsource a business process.

“View Part I of the An Overview of IT Service Delivery and Support series here“

An Overview of IT Service Delivery and Support – Part VII

Once the ITG stage is reached, IT processes are fully integrated with business processes; thus potentially improving service quality and business agility for achieving entity objectives. Governance focusing on IT service delivery and support should address strategy, design, transition, operation, and continual improvement. Towards this end, entity oversight committee members, particularly non-executive directors, should ensure they are satisfied that adequate processes are deployed for each previously mentioned IT service delivery and support governance issue. In particular, if an effective ITSM framework is deployed internally and externally, IT units manage accepted service-level agreements (SLAs) to meet agreed-upon quality and cost targets.

“View Part I of the An Overview of IT Service Delivery and Support series here“

An Overview of IT Service Delivery and Support – Part VI

As discussed in IT Service Management and IT Governance: Review, Comparative Analysis and their Impact on Utility Computing, when evolving from technology providers into strategic partners, IT organizational units generally fellow a three stage systematic approach: IT infrastructure management (ITIM), IT service management (ITSM), then IT Governance (ITG). Starting with ITIM, each subsequent evolutionary stage builds upon previously established constructs.

During the first deployment stage, an entity’s IT units primarily focus on improving ITIM with effectiveness measurements — usually based on maximizing return on computing assets as well as infrastructure control. Thereafter, the second deployment stage, ITSM, promotes entity IT units actively identifying services customers need; then focusing on planning and delivering defined services to meet availability, performance, as well as security requirements. When IT units evolve to the third deployment stage, ITG, there is a transformation into true business partners enabling new business opportunities for the entity.

“View Part I of the An Overview of IT Service Delivery and Support series here“

An Overview of IT Service Delivery and Support – Part V

With IT applications attempting to support every possible organizational structure and business process, operational simplicity can proportionally diminish or vanish for users. Despite transparency provisions through graphical user interfaces, color diversity and help messages; IT complexity can introduce malfunctions or imperfections that may stymie objective achievement. Consequently, incident or problem conditions must be addressed by competent employees if IT is to sustain perceptions as an effective tool for accomplishing entity-centric functionality and reliability objectives. Therefore, management should consider IT service delivery a foundational component for effective IT governance as well as entity governance that requires periodic IT audit or review assurance.

“View Part I of the An Overview of IT Service Delivery and Support series here“

An Overview of IT Service Delivery and Support – Part IV

Considering information systems are generally critical to enhancing productivity, it is imperative deployed IT provide availability with service responsiveness meeting user utilization demands. Entity intricacies and IT operational complexities can result in issues that may necessitate speedy and systematic redress to fulfill availability requirements. Furthermore, neither business nor IT resides within static environments. Thus, environmental dynamics can generate changes altering system interfaces that require timely response and resolution to ensure continuous service delivery. When concluded, IT service delivery normally is assessed based on satisfying user configuration item (CI) functionality expectations.

“View Part I of the An Overview of IT Service Delivery and Support series here“

An Overview of IT Service Delivery and Support – Part III

IT management should pursue satisfactorily serving its customers to enhance information asset value perceptions. For most entity users, IT is a tool to perform routine business processes. As examples, potential IT usage can encompass: transferring or collecting financial instruments, receiving goods or services, selling goods or services as well as recruiting employees. Managerially, IT usually pervades all entity organizational structures, thus enabling communication through e-mail and instant messaging, enhancing teamwork through collaboration techniques, facilitating better decision making through various information delivery mechanisms as well as offering opportunities for business model development that may lead to value creation and competitive advantages.

“View Part I of the An Overview of IT Service Delivery and Support series here“

An Overview of IT Service Delivery and Support – Part II

In order to deliver adequate IT services, the necessary support processes must be established and functioning consistent with entity-centric service requirements. Abstractively; asset management, configuration management as well as change management should be considered the primary IT service support processes enabling IT service delivery control objectives achievement. If these processes are properly deployed, exceptional secondary service support can be provided through: release management, problem management, incident management, supplier management, and customer relationship management. Typically, within the IT service support domain, the IT service desk function is a primary sub-process for ensuring a responsive organizational structure.

“View Part I of the An Overview of IT Service Delivery and Support series here“

An Overview of IT Service Delivery and Support – Part I

IT service delivery and support is an activity hive requiring appropriate resource allocations to satisfy managerial agreements and expectations. Within this context, the success of IT commonly depends upon the extent to which its services satisfy customer initial requirements and requested modifications. Thus, to sustain this relationship, delivery of services needs to occur through the implementation of programs, systems, and processes. Whereby, responsibility for satisfying customers must reside with each member of the entity’s IT operational units.

Aligning with the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 20000 process areas, IT service delivery should focus on providing the best possible service levels to meet entity-centric business needs with ‘pervasive controls’ that encompass service level management, availability management, capacity management, financial management, continuity management, information security management and service reporting.

Post Note: An Overview of IT Service Delivery and Support is a redacted article based on the subject matter introduction presented in IT Auditing: IT Service Delivery and Support training material.

Business Continuity and IT Availability – Part VIII

Directly, an entity’s DRP has a significant affect on the viability of IT and information security governance programs. Indirectly, IT and information security governance programs may impact stakeholder assessed entity value. Regardless of organizational formation — corporation, partnership, co-operative, or agency — management has a generally accepted duty to plan and enact strategies permitting the entity’s survival under less than idealistic conditions. Literally, adequate business continuity management (BCM) requires securing assets that offset catastrophic events. Therefore, management should ensure ‘best practices’ DRP is deployed within the IT and information security governance frameworks as well as visibly communicate commitment expectations for sustaining a sound and effective continuity program.

“View Part I of the Business Continuity and IT Availability series here“