FACULTEIT ECONOMIE EN
BEDRIJFSWETENSCHAPPEN
CAMPUS BRUSSEL
Notities:
ICT Governance & Operational
management
Matthias Peeters
Master in de Handelswetenschappen (Avondschool)
Prof: I. Vanderfeesten
Academiejaar: 2023–2024
FACULTEIT ECONOMIE EN BEDRIJFSWETENSCHAPPEN CAMPUS BRUSSEL
WARMOESBERG 26 1000 BRUSSEL BELGIË
,
,Inhoudsopgave
1. PART I – INFORMATION TECHNOLOGY IN A BUSINESS ENVIRONMENT.........................................6
1.1 WHAT IS AN ORGANIZATION?...........................................................................................................6
1.1.1 THE VALUE CHAIN (MICHAEL PORTER)...................................................................................................6
1.1.2 SUPPLY CHAIN OPERATIONS REFERENCE-MODEL (SCOR)..........................................................................6
1.2 COMPUTER SYSTEMS & INFORMATION SYSTEMS....................................................................................6
1.3 INFORMATION TECHNOLOGY IN BUSINESS............................................................................................7
1.4 IT AND COMPETITIVE ADVANTAGE......................................................................................................8
1.5 TOWARDS A DIGITAL TRANSFORMATION..............................................................................................8
1.5.1 CLOUD COMPUTING............................................................................................................................8
1.5.2 ROBOTIC PROCESS AUTOMATION...........................................................................................................9
1.5.3 BLOCKCHAIN......................................................................................................................................9
1.5.4 DIGITAL TWINS...................................................................................................................................9
1.5.5 GENERATIVE ARTIFICIAL INTELLIGENCE (AI).............................................................................................9
2 PART II: GLOBAL FRAMEWORK.....................................................................................................11
2.1 THE INFORMATION SYSTEM............................................................................................................11
2.2 INFORMATION SYSTEM LIFE CYCLE....................................................................................................11
2.3 IT MANAGEMENT........................................................................................................................12
2.4 IT GOVERNANCE..........................................................................................................................12
2.5 CONCERNS..................................................................................................................................12
2.5.1 BUSINESS CONCERNS:.......................................................................................................................12
2.5.2 SYSTEM CONCERNS...........................................................................................................................13
2.5.3 STAKEHOLDERS.................................................................................................................................13
3 PART III: IT SERVICES DELIVERY.....................................................................................................14
3.1.1 SERVICE: DEFINITION.........................................................................................................................14
3.1.2 THREE TYPES OF SERVICES..................................................................................................................14
3.1.3 SERVICE CLASSES: WHAT IT IS OFFERED?...............................................................................................14
3.1.4 SERVICE: PRICING MODEL..................................................................................................................14
3.2 IT SERVICES SOURCING..................................................................................................................15
1
,3.2.1 AN EXTERNAL PARTNER PROVIDES IT SERVICES, WHY?.............................................................................15
3.3 IT MANAGEMENT STANDARDS AND FRAMEWORKS...............................................................................16
3.3.1 ITIL – INFORMATION TECHNOLOGY INFRASTRUCTURE LIBRARY.................................................................16
3.3.2 ISO/IEC 20000..............................................................................................................................16
3.3.3 COBIT...........................................................................................................................................16
3.3.4 ITIL VS COBIT VS ISO/IEC 20000.....................................................................................................17
3.3.5 CMMI-SVC....................................................................................................................................17
4 PART IV: BUSINESS AND IT ALIGNMENT........................................................................................19
4.1 WHAT IS BUSINESS AND IT ALIGNMENT?...........................................................................................19
4.1.1 A STATE OR A PROCESS? FORMAL OR INFORMAL?..................................................................................19
4.1.2 THERE IS BUSINESS-IT ALIGNMENT WHEN…? (LUFTMAN).........................................................................19
4.1.3 THERE IS BUSINESS-IT ALIGNMENT WHEN…? (CUMPS)............................................................................19
4.1.4 SUMMARIZING…..............................................................................................................................20
4.2 BUSINESS AND IT ALIGNMENT MODELS..............................................................................................20
4.2.1 STRATEGIC ALIGNMENT MODEL (HENDERSON & VENKATRAMAN).............................................................20
4.2.2 GENERIC FRAMEWORK FOR INFORMATION MANAGEMENT (MAES)............................................................21
4.2.3 ‘TRADITIONAL’ ALIGNMENT MODEL (WEIL & BROADBENT).......................................................................21
4.2.4 STRATEGIC IMPACT GRID (NOLAN & MCFARLAN)...................................................................................21
4.3 A THREE-LEVEL BUSINESS-IT ALIGNMENT FRAMEWORK..........................................................................22
4.3.1 STRATEGIC INFLUENCES BUSINESS – IT.................................................................................................22
4.3.2 TACTICAL BUSINESS-IT ALIGNMENT......................................................................................................23
4.3.3 OPERATIONAL BUSINESS-IT ALIGNMENT...............................................................................................24
4.4 MEASURING BUSINESS-IT ALIGNMENT..............................................................................................24
4.4.1 38 CRITERIA....................................................................................................................................25
4.4.2 5 MATURITY LEVEL...........................................................................................................................25
4.4.3 4-STEP APPROACH............................................................................................................................25
5 PART V: IT GOVERNANCE..............................................................................................................26
5.1 IT GOVERNANCE FRAMEWORKS: INTRODUCTION.................................................................................26
5.1.1 COBIT............................................................................................................................................26
5.1.2 ISO/IEC 38500..............................................................................................................................26
5.1.3 VAN GREMBERGEN & DE HAES..........................................................................................................26
2
,5.1.4 SUMMARY......................................................................................................................................26
5.2 IT GOVERNANCE STANDARDS: ISO/IEC 38500...................................................................................26
5.2.1 KEY GOVERNANCE CONCEPTS..............................................................................................................27
5.2.2 THE FRAMEWORK.............................................................................................................................27
5.3 FRAMEWORK: COBIT...................................................................................................................28
5.3.1 1. MEETING STAKEHOLDER NEEDS.......................................................................................................28
5.3.2 2. COVERING THE ENTERPRISE END-TO-END...........................................................................................28
5.3.3 3. APPLYING A SINGLE INTEGRATED FRAMEWORK...................................................................................28
5.3.4 4. ENABLING A HOLISTIC APPROACH.....................................................................................................30
5.3.5 5. SEPARATING GOVERNANCE FROM MANAGEMENT...............................................................................30
5.3.6 5 GOVERNANCE PROCESSES: EVALUATE, DIRECT AND MONITOR (EDM).....................................................30
5.4 IT DECISION MAKING....................................................................................................................31
5.5 IT SPENDING AND FUNDING..........................................................................................................31
6 PART VI: IT MANAGEMENT...........................................................................................................32
6.1 IT SERVICES MANAGEMENT WITH COBIT AND ITIL.............................................................................32
6.1.1 IT SERVICE MANAGEMENT.................................................................................................................32
6.2 COBIT......................................................................................................................................32
6.3 ITIL..........................................................................................................................................32
6.3.1 STARTING POINT: THE CUSTOMER WANTS VALUE!...................................................................................32
6.3.2 SERVICES DELIVER VALUE....................................................................................................................33
6.3.3 IT SERVICE MANAGEMENT PROVIDES SERVICES AND VALUE.......................................................................33
6.3.4 IT SERVICE PROVIDERS SUPPLY IT SERVICES...........................................................................................33
6.3.5 THE STAKEHOLDERS IN SERVICE MANAGEMENT.......................................................................................34
6.3.6 HOW TO DELIVER SERVICES: RESOURCES, CAPABILITIES AND ASSETS............................................................34
6.3.7 ORGANIZE FOR SERVICE MANAGEMENT.................................................................................................34
6.3.8 MONITORING AND CONTROL: CONCEPTS...............................................................................................36
6.4 STRATEGY AND PLANNING PROCESSES...............................................................................................37
6.4.1 APO01: MANAGE THE IT MANAGEMENT FRAMEWORK..........................................................................37
6.4.2 APO02: MANAGE STRATEGY.............................................................................................................37
6.4.3 ITIL: STRATEGY MANAGEMENT FOR IT SERVICES....................................................................................38
6.4.4 APO03: MANAGE ENTERPRISE ARCHITECTURE.......................................................................................38
6.4.5 APO04: MANAGE INNOVATION.........................................................................................................38
3
,6.4.6 APO05: MANAGE PORTFOLIO............................................................................................................38
6.4.7 ITIL: SERVICE PORTFOLIO MANAGEMENT..............................................................................................39
6.4.8 APO06: MANAGE BUDGET AND COSTS................................................................................................39
6.4.9 ITIL: FINANCIAL MANAGEMENT FOR IT SERVICES....................................................................................39
6.4.10 APO07: MANAGE HUMAN RESOURCES..............................................................................................39
6.4.11 APO08: MANAGE RELATIONSHIPS (WITH STAKEHOLDERS).....................................................................39
6.4.12 ITIL: DEMAND MANAGEMENT...........................................................................................................40
6.4.13 ITIL: BUSINESS RELATIONSHIP MANAGEMENT (TRUE EQUIVALENT OF APO08)..........................................40
6.4.14 APO09: MANAGE SERVICE AGREEMENTS............................................................................................40
6.4.15 ITIL: SERVICE CATALOG MANAGEMENT...............................................................................................41
6.4.16 ITIL: SERVICE LEVEL MANAGEMENT..................................................................................................41
6.4.17 APO10: MANAGE SUPPLIERS...........................................................................................................41
6.4.18 ITIL: SUPPLIER MANAGEMENT..........................................................................................................42
6.4.19 APO11: MANAGE QUALITY.............................................................................................................42
6.4.20 APO12: MANAGE RISKS.................................................................................................................42
6.4.21 APO13: MANAGE SECURITY............................................................................................................43
6.5 DEVELOPMENT AND ROLL-OUT PROCESSES.........................................................................................43
6.5.1 BAI01: MANAGE PROGRAMS AND PROJECTS.........................................................................................43
6.5.2 BIA02: MANAGE REQUIREMENTS DEFINITION.......................................................................................43
6.5.3 BIA03: MANAGE SOLUTIONS IDENTIFICATION AND BUILD........................................................................44
6.5.4 ITIL: DESIGN COORDINATION..............................................................................................................44
6.5.5 BIA04: MANAGE AVAILABILITY AND CAPACITY.......................................................................................44
6.5.6 ITIL: AVAILABILITY MANAGEMENT.......................................................................................................44
6.5.7 ITIL: CAPACITY MANAGEMENT............................................................................................................45
6.5.8 BIA05: MANAGE ORGANIZATIONAL CHANGE ENABLEMENT......................................................................45
6.5.9 BIA06: MANAGE CHANGES...............................................................................................................45
6.5.10 ITIL: CHANGE MANAGEMENT...........................................................................................................45
6.5.11 BIA07: MANAGE CHANGE ACCEPTANCE AND TRANSITIONING.................................................................46
6.5.12 ITIL: TRANSITION PLANNING AND SUPPORT.........................................................................................46
6.5.13 ITIL: SERVICE VALIDATION AND TESTING.............................................................................................47
6.5.14 ITIL: CHANGE EVALUATION..............................................................................................................47
6.5.15 BIA08: MANAGE KNOWLEDGE.........................................................................................................47
6.5.16 ITIL: KNOWLEDGE MANAGEMENT......................................................................................................47
4
,6.5.17 BIA09: MANAGE ASSETS.................................................................................................................48
6.5.18 BIA10: MANAGE CONFIGURATION....................................................................................................48
6.5.19 ITIL: SERVICE ASSET AND CONFIGURATION MANAGEMENT......................................................................48
6.6 OPERATIONS AND SUPPORT PROCESSES.............................................................................................48
6.6.1 DSS01: MANAGE OPERATIONS...........................................................................................................49
6.6.2 ITIL: EVENT MANAGEMENT................................................................................................................49
6.6.3 DSS02: MANAGE SERVICE REQUESTS AND INCIDENT...............................................................................49
6.6.4 ITIL: INCIDENT MANAGEMENT (VERY IMPORTANT)..................................................................................49
6.6.5 ITIL: REQUEST FULFILLMENT...............................................................................................................50
6.6.6 DSS03: MANAGE PROBLEMS.............................................................................................................50
6.6.7 ITIL: PROBLEM MANAGEMENT............................................................................................................50
6.6.8 DSS04: MANAGE CONTINUITY...........................................................................................................50
6.6.9 ITIL: IT SERVICE CONTINUITY MANAGEMENT.........................................................................................50
6.6.10 DSS05: MANAGE SECURITY SERVICES................................................................................................51
6.6.11 ITIL: ACCESS MANAGEMENT.............................................................................................................51
6.6.12 DSS06: MANAGE BUSINESS PROCESS CONTROLS..................................................................................51
6.7 IMPROVEMENT PROCESSES.............................................................................................................51
7 NOTITIES INTERACTIEVE SESSIE 21/03..........................................................................................53
8 GASTCOLLEGE COLRUYT GROUP...................................................................................................54
9 DELOITTE – CYBERSECURITY & INTERNATIONAL STANDARDS.......................................................58
9.1 CLIENT CASE................................................................................................................................58
9.2 HOW ATTACKS PROCEED................................................................................................................58
9.3 FRAMEWORKS.............................................................................................................................59
9.4 REGULATIONS..............................................................................................................................59
5
,1. PART I – INFORMATION TECHNOLOGY IN A BUSINESS ENVIRONMENT
Most organizations are using IT strategically. Has changed! IT used to be an unavoidable cost, now it is seen as
a profit center! Digitalization affects every organization and business!
Nowadays IT can be a business model: Uber, Airbnb…
1.1 WHAT IS AN ORGANIZATION?
An organization is a system. Takes some input and creates output. Output has value.
Business Function = Vb. Marketing, Sales, HR, R&D, production…
Business Process = set of activities within Business Function
Structured
Needs time, space & resources
Activity = specific tasks/ steps that have to be done, to complete Business Processes
1.1.1 THE VALUE CHAIN (MICHAEL PORTER)
Beschrijft hoe verschillende Business Functions samenwerken en waarde creëren.
Primary Activities: Inbound & outbound Logistics, Operations…
Supporting Activities: HR, Technology development…
IT can give you competitive advantages… But not for commodities.
=> Analyze activities => improve efficiency => use information systems
We can connect value chains in value systems = value chains van verschillende organisaties aan elkaar
verbinden en zo een value system maken. => Outbound logistics van de ene is gelinkt aan de inbound van de
andere!
Utopie is fully interconnected supply chain! Theoretisch moet je internationaal je supply chains aan elkaar
verbinden! Wordt dan global supply chain management. Maar… Is heel gecompliceerd!
Er is enerzijds een productflow die downstream gaat. En anderzijds een information flow die upstream gaat!
Zo kunnen er automatische order punten zijn, die dan orders triggeren etc.
1.1.2 SUPPLY CHAIN OPERATIONS REFERENCE-MODEL (SCOR)
Als iedereen dezelfde taal spreekt, kan je communiceren.
Plan: processes that balance resources and requirements, leading to an optimal Supply Chain.
Source: procurement of materials and services.
Make: conversion of raw materials into products.
Deliver: order management, distribution and logistics.
Return: Products are again included in the Supply Chain, vb: repair.
1.2 COMPUTER SYSTEMS & INFORMATION SYSTEMS
A computer system = a “single unit”. Vb. PC, game computer, smartphone, mainframe…
An Information System = a composite system, contains:
Equipment (computer systems)
6
, Human effort
Services
Definitie: “An information system (IS) is a formal, sociotechnical, organizational system designed to collect,
process, store, and distribute information.”
Informatiesystemen bestaan al eeuwenlang… Kleitabletten en rotstekeningen… Wordt pas waardevol bij
gebruik.
History of Information Technology in business:
1. First Era: Mainframe computing
2. Second Era: Personal computers
3. Third Era: Client/ server networks
4. Fourth Era: Enterprise computing
5. Fifth Era: Cloud computing
1.3 INFORMATION TECHNOLOGY IN BUSINESS
Three ways to use IT in business:
1) Data processing (…supports isolated processes)
2) Task automation (… supports groups of processes)
3) Integrated Information Systems (… supply chain!)
= complex, want alles moet juist samenwerken!
Integrated Information Systems are complex to implement, you must:
A structured approach (methodology)
Have a vision
Consider the whole organization (activities, customers, products…)
Make an architecture (overall design)
Manage change
Phased and planned approach
Involve users (not only IT!)
Information systems in business context:
Operational level:
o Transaction processing systems, Enterprise resource planning systems…
o Benefits: daily business processes are more efficient. Lagere kosten of hogere output.
Tactical level:
o Decision support systems, management information systems…
o Benefits: organization can better realize it’s goals.
Strategic level:
o Executive support systems
o Benefits: business develops a better strategy
=> Not all can be expressed in terms of money
Quantifiable benefits:
o Represent amount of money
o Can be estimated in advance.
o Can be compared to the cost.
Non-quantifiable benefits:
o Cannot (or hardly) be expressed in money.
o May however be important!
7
, o Should also be weighed against cost.
1.4 IT AND COMPETITIVE ADVANTAGE
Vb. UPS aggressively uses IT in all stages of its package distribution. Gives competitive advantage, of dat kan
toch…
Nicolas Carr challenges the market and says IT is a commodity. Says companies should spend less…
=> niet minder uitgeven, maar slimmer uitgeven!
Verschil tussen IT Resources & IT Capablities:
IT resources: available op de markt (hardware, software, people…)
IT Capabilities: take years to develop, make a difference!
1.5 TOWARDS A DIGITAL TRANSFORMATION
Digital transformation can refer to anything from IT modernization (for example, cloud computing), to digital
optimization, to the invention of new digital business models. The term is widely used in public-sector
organizations to refer to modest initiatives such as putting services online or legacy modernization. Thus, the
term is more like “digitization” than “digital business transformation.”
Digitization is the process of changing from analog to digital form, also known as digital enablement. Said
another way, digitization takes an analog process and changes it to a digital form without any different-in-kind
changes to the process itself.
Digitalization is the use of digital technologies to change a business model and provide new revenue and value-
producing opportunities; it is the process of moving to a digital business.
Digital business transformation is the process of exploiting digital technologies and supporting capabilities to
create a robust new digital business model.
= disruptive for organizations!
Er zijn heel wat emerging technologies: Cloud Computing, Robotic Process Automation, Blockchain, Digital
Twins…
1.5.1 CLOUD COMPUTING
Je hebt toegang tot iemand anders zijn infrastructuur. Geeft veel meer flexibiliteit, mogelijkheden…
Flexible: rapidly acquire more capacity
Metered use: pay for what you use
Universal access: pc, tablet, smartphone…
Three service models:
Infrastructure as a service
Platform as a service
Software as a service
=> hoe meer de provider voorziet: IaaS < PaaS < SaaS
Offered in four ways:
Public cloud: everyone on same
Private cloud: only you
Community cloud: shared with community
Hybrid cloud: mix
8