Agenda Gobierno de TI Outsourcing Estrategia de Gobierno de TI Rational para Gobierno de TI.

Presentación del tema: "Agenda Gobierno de TI Outsourcing Estrategia de Gobierno de TI Rational para Gobierno de TI."— Transcripción de la presentación:

1

2

3 Agenda Gobierno de TI Outsourcing Estrategia de Gobierno de TI
Rational para Gobierno de TI

4 ¿Gobierno? Gobierno Gobierno de TI
El establecimiento de cadenas de responsabilidad para otorgar poderes a personas, mediciones para evaluar la efectividad, políticas para guiar a la organización a encontrar sus metas, mecanismos de control para asegurar algun cumplimiento. From the SGMM plug-in in Rational Method Composer. We start by defining governance. Governance Establishing chains of responsibility, authority, and communication to empower people (decision rights) Establishing measurement, policy, and control mechanisms to enable people to carry out their roles and responsibilities Governance, then, is assigning the rights to make the decisions, and deciding what measures to use and policies to follow to make those decisions. The decision rights are assigned to roles in the organizations, not to individuals. So an aspect of governance is determining organization roles. Management, on the other hand, includes assigning staff to the roles and monitoring the execution of the policies. Part of any governance solution is meeting the organization's compliance requirements. Compliance is documenting and proving that governance is in place and is being executed: the decisions are documented and the decision policies are followed. The compliance specifics depends on clients' needs. In the US, they are likely to include Sarbanes-Oxley, but may also include domain-specific standards such as CFR-11 for the pharmaceutical industry, or Basel II for banking. The compliance requirements should be determined in the plan phase, and addressed throughout the lifecycle. IT Governance IT Governance refers to the aspects of governance that pertain to an organization's information technology processes and the way those processes support the goals of the business. IT governance may be characterized by assigning decision rights and measures to processes, including, but not limited to, those defined by CoBIT or ITIL. The text, IT Governance: How Top Performers Manage IT Decision Rights for Superior Results by Peter Weill, Jeanne Ross, (Harvard Business School Press, June 2004) provides a framework for setting decision rights in IT organizations. SOA Governance SOA Governance is an extension of IT governance specifically focused on the lifecycle of services, metadata, and composite applications in an organization's Service Oriented Architecture. SOA governance extends IT governance by assigning decision rights, policies, and measures around the services processes and lifecycle to address such concerns as: Service Registration, Service Versioning, Service ownership, Service discovery and access, Deployment of services and composite applications, Security for services. The agility provided by SOA also provides a set of challenges to the IT organization. Undisciplined development and deployment of services can do more harm than good. Hence, organizations must address a set of key questions if they are to obtain value from SOA: How do organizations regulate the deployment of composite applications? What organization change is required?  What new organizational roles and structures facilitate service identification, design, and sharing? How do you organize the IT function to build and leverage service-oriented capabilities? What metrics support investment, maintenance, vitality, and sharing of services? How do businesses decide to invest in service creation and maintenance? As a specialization of IT governance, SOA Governance addresses how an organization's IT Governance decision rights, policies, and measures need to be modified and augmented for a successful adoption of SOA. SOA Governance is an extension of IT Governance, these IT Governance materials provide a sound basis for understanding and analyzing the modifications required to establish SOA Governance: ITIL® is an internationally recognized and constantly evolving collection of IT best practices designed to help organizations overcome current and future technology challenges. Originally created by the UK government, ITIL® is the result of years of experience contributed by major IT organizations and companies, including IBM. IT departments around the world use ITIL® as a roadmap to help guide efficient and effective implementation of current technology, including the realization of an IT service management strategy. ITIL® is owned by the UK government's Office of Government Commerce. For more information, see the OGC ITIL® site. The IT Governance Institute® (ITGI) version 4.0 of Control Objectives for Information and related Technology (CobiT®). CobiT is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues, and business risks. CobiT enables clear policy development and good practice for IT control throughout organizations.  CobiT is managed by the IT Governance Institute and the Information Systems Audit and Control Association® (ISACA).  For more information about CobiT, see The IBM® Tivoli® Unified Process (ITUP) provides detailed documentation of IT Service Management processes based on industry best practices, enabling users to significantly improve their organization's efficiency and effectiveness.  The processes described within ITUP are strongly aligned with the IT Information Library (ITIL®).  ITUP is designed to enable users to easily understand processes, the relationships between processes, and the roles and tools involved in an efficient process implementation. In addition, IBM Tivoli has a web site that contains details on these materials and the IBM Tivoli Unified Process (ITUP), and references to the organizations that provide them.  Due to its cross-functional aspects, SOA Governance also provides a framework to examine several items necessary to manage and govern services and other SOA artifacts as additional types of IT assets, including: Maturity of service-orientation within the enterprise Infrastructure enhancements for managing the usage of services in areas of security, monitoring, performance, versioning, and shared usage Enhancements to IT processes to address funding, sharing, incentives for sharing and reuse of services, and for the identification, design, and specification of services Education and Training Roles and Responsibilities Organization Changes Gobierno de TI La aplicación del gobierno a las organizaciones de TI, las personas, los procesos y la información para guiar la manera en que los productos y servicios del área soportan las necesidades del negocio.

5 Gobierno de TI Con el objetivo de asegurar que la administración cumpla con los objetivos de negocio, se deben dirigir y administrar las actividades de TI para alcanzar un balance efectivo entre la administración de riesgos y entregar beneficios. Para lograrlo, la administración debe identificar las actividades mas importantes a desempeñar, medir el progreso en busca de alcanzar las metas y determinar qué tan bien se están ejecutando los procesos de TI, adicionalmente a esto, se requiere la habilidad de evaluar el nivel de madurez de la organización contra las mejores prácticas de las industria y estándares internacionales.

6 Agenda Gobierno de TI Outsourcing Estrategia de Gobierno de TI
Rational para Gobierno de TI

7 Razones para subcontratar
Insuficiencia de recursos internos Especialización técnica Desarrollar software no es el negocio de la organización Decreto de Austeridad ¿Cuales serían algunas razones por las que buscaríamos a terceros? Frecuentemente no hay gente suficiente dentro de nuestra organizacion. O tal vez, si tenemos gente, pero no con los conocimientos técnicos requeridos. Además, estamos hablando de organizaciones cuyo negocio principal no es desarrollar sistemas. Por que vamos nosotros como empresa, a dedicar tanto tiempo y esfuerzo a algo que ni siquiera es nuestro negocio. Es cierto que los sistemas cada vez son más críticos para la competitividad de las empresas, pero puede que sea mejor que se lo dejemos a quienes se dedican a eso. Por último, es posible que nosotros preferamos manejar esto como un costo variable.

8 Escenarios de fracaso Proyectos desviados en tiempo y/o costo
Productos que no satisfacen las necesidades reales del cliente Realizar lo que pedimos pero tal vez no es lo que necesitamos Sistemas difíciles de soportar, mantener, extender Proyectos barridos en tiempo y/o costo. Sabemos que esta es una situacion que se da tanto en proyectos desarrollados internamente como con terceros. Sin embargo, las causas son diferentes en cada caso. El proveedor se limita a hacer lo que le pedimos, pero tal vez eso no sea lo que necesitamos. También puede suceder que tenemos un producto que salio en tiempo, en costo, cubre la funcionalidad deseada. Pero es una caja negra, que no tenemos idea de cómo esté por dentro. Y cuando tenemos que cambiar o extender su funcionalidad ... que miedo!! Muchas veces terminamos rehaciendolas. Antes de continuar, quiero aclarar que cada uno de estos escenarios tienen responsabilidad compartida. Cada uno de ellos puede darce ya sea por fallas de parte del cliente, del tercero o ambos. Y de la misma manera, ambas partes pierden cuando esto sucede.

9 Fallas comunes en la Subcontratación
Diferencias en la manera de trabajo entre contratante y subcontratados Sistema que se pidió vs Sistema Útil Falta de precisión y claridad en la definición de requerimientos, criterios de calidad y aceptación Terminar el Sistema lo antes posible vs Sistema que Funcione Monitoreo y control insuficiente Falta de visibilidad de los diferentes proyectos con diferentes proveedores Visión: El contratado se enfoca en entregar lo que le pidieron, el contratante quiere algo que le sea útil. Interes: El contratado lo único que quiere es terminar el sistema, el contratante quiere un sistema que le funcione. Muchas organizaciones manejan una manera de trabajo donde “piden y se olvidan”. Los proyectos de sistemas requieren que el cliente este activamente involucrado durante todo el ciclo de vida.

10 Esquema común de administración
Solicitudes del cliente Proceso del Proveedor Desarrollo de SW Aplicaciones Gestión de proyectos Servicios Mantenimiento Requerimientos Mesa de ayuda Problemáticas No existen procesos estandarizados Sin arquitectura de TI Estándar Planeación y control heterogéneo Complejidad para controlar las horas consumidas y alinearlas a las prioridades del negocio Baja visibilidad sobre la calidad de los productos y servicios Desarrollo Operación de Sistemas Pruebas PMBOK RUP CMM5 6σ :

11 Agenda Gobierno de TI Outsourcing Estrategia de Gobierno de TI
Rational para Gobierno de TI

12 Estructuración de la contratación basada en un modelo operativo de procesos
Cliente Modelo de Operación Proveedor I Proveedor II :

13 Modelo de Operación : - ACQ Gestión de las Adquisiciones y Proveedores
MEASUREMENT PERFORMANCE RISK MANAGEMENT Modelo de Operación STRATEGIC ALIGNMENT MANAGEMENT RESOURCE DELIVERY VALUE Gestión de las Adquisiciones y Proveedores Administración de los Proveedores Administración de las Adquisiciones Solución Técnica de la Adquisición Validación de la Adquisición Planeación Organizacional Estrategia de Servicios Planeación Financiera Planeación Estratégica Análisis Estratégico de Procesos de Negocio Administración de la Arquitectura Tecnológica Diseño de Portafolios de Servicios Operación de las Estrategias Administración de la PMO Administración del Portafolio de Proyectos Análisis de Toma de decisiones Desarrollo Organizacional Administración del Desempeño de los Servicios de TI Definición de la Adquisición Modelado de Procesos de Negocio Definición de Requerimientos Gestión de la Calidad Verificación de la Adquisición Aseguramiento de la Calidad de Procesos y Productos Gestión de Procesos Evaluación, Definición y Mejora continua de Procesos Gestión de Entornos Administración de la Configuración Administración del Ambiente Capacitación Organizacional Administración del Cambio Organizacional Ejecución de Proyectos Gestión Integrada de Proyectos Monitoreo y Control de Proyectos Administración de Riesgos Planeación de Proyectos Administración del Alcance Medición y Análisis Organizacional Ingeniería Solución Técnica Implementación Análisis y Diseño Soporte a la Operación Transición del Servicio Operación del Servicio y Trabajo Desarrollo de Servicios :

14 Capacidades estratégicas de Gestión de Terceros
:

15 Modelos de Referencia

16 Agenda Gobierno de TI Outsourcing Estrategia de Gobierno de TI
Rational para Gobierno de TI

17 De la Estrategia a la Operación
Motivadores Desempeño (performance) Apego Normativo (conformance) Gobernanza Empresarial BSC COSO Gobernanza de TI COBIT Mejores Prácticas ISO 9001/2000 CMMI ISO 20000 PMBOK ISO 17799 Procesos/ Procedimientos Security Principles QA(M) RUP ITIL OPM3 SixSigma Herramientas :

18 Gobernando el desarrollo de software
Negocio In-house Outsourced Packaged Gobierno de TI A service-centric approach requires coordination across the full IT service lifecycle. Organizations need to integrate around the IT service lifecycle to help drive efficiency, agility, and growth for our customers. Until recently, you rarely saw development connected with operations … nor did you see either side connected with the “business side of IT” (IT staffing, planning, governance). Nor is IT aligned with the business objectives. A service centric approach is one that connects all 3 of these organizations together and allows you to manage services from initial thought conception to development, to deployment into operations and eventually into the retirement of that service. The emphasis must be on end-to-end services that are enabled across application lifecycles and runtime operations. Governance of IT sits on top of this service lifecycle and should be an integral part of corporate governance. According to ITGI, “IT governance is an integral part of enterprise [corporate] governance and consists of the leadership and organizational structures and processes that ensure that the organization's IT sustains and extends the organization's strategies and objectives.” Let’s take a look at the relationship between governance and service management in a bit more detail. Desarrollo Operaciones

19 Rational Software

20 Administración de Procesos
Guia de procesos End to End “cómo debe trabajar la gente”. Uso repetible y consistente de prácticas probadas para el desarrollo de software Administración del Ciclo de Vida del Producto Rational Method Composer Autoría de procesos – definición de WBS, roles, responsabilidades, actividades, productos de trabajo, hitos, etc. Librería de Mejores Prácticas: RUP, SOA y mas…

21 Administración de Requerimientos
This is the same document the CEO originally started with. Libertad de Documentar y Administrar Requerimientos

22 Administración de cambios
Proveer a los administradores de proyecto mayor visibilidad de las actividades de desarrollo. Facilitar la recopilación de métricas de calidad de producto y progreso de las actividades derivadas de cambios. Administración del Ciclo de Vida del Producto Rational ClearQuest Estado en tiempo real de productos de trabajo Administración de los cambios Creación de reportes de métricas de calidad, esfuerzo en re-trabajo, etc.

23 Administración Unificada de Cambios y Configuraciones
Actividades en Rational ClearQuest rastrean productos en Rational ClearCase Desarrolladores, Testers e Integradores trabajan con actividades asociados a artefactos Rational ClearQuest Administrar Actividades Asuntos Flujo de Trabajo Rational ClearQuest: Actividades Organizadas Request Priority Owner Implement Request Credit UC Alex Bug Add GUI button Kim Rational ClearCase Administrar productos Versionamiento: código, modelos, XML, HTML Desarrollo en paralelo Set de Cambios Implement Request Credit CreditCheck.Java V5 JKE_Logo1. jpg V3 JKE_Logo2.jpg V8

24 Administración de Arquitectura
Reducción de costos de desarrollo facilitando la reutilización de componentes con IBM Rational Asset Manager Models, designs, and rapidly builds resilient architectures for SOA, systems, and applications Link Business Processes with development for complete lifecycle manageability Accelerate delivery and ensure architectural integrity with reuse Achieve resilient application architectures as SOA, with framework automation Accelerate delivery with design specification to code transforms Unify teams and ensure compliance with processes, patterns & profiles Stay in control and communicate architectural evolution & reconciliation Linkage between BPM & SOA Model Business Modeler integrations with RSA and RequisitePro Requirements traceability Integration into multiple runtime environments Transform architecture into code Generate high-level code from model Reconciliation and architecture evolution Reverse transform code into RSA Model compare, trace and reporting Accelerate SOA Adoption Process guidance, patterns and profiles SOA composite application testing Simplify linkage between SOA and data In General Business-driven development begins with an understanding of how your business operates today. WBM is used to create an "as-is" model. The business process can be improved by evolving the as-is model into a "to-be" model using WBM as well. Certain aspects of the to-be model will require new or modified software development. Those portions of the model are exported out of WBM and imported into RSA and represent business-driven requirements models. RequisitePro is used to flesh out the textual details of those requirements models, as well as to establish requirements traceability and linkages to related artifacts in RSA. Integration between ReqPro and WBM allows for a more direct form of information transformation and linkage. RSA is used to create an architecture that maps to and satisfies the business requirements. Model-to-model transforms in RSA are used to create a detailed design model that takes platform-specific technology into consideration (Java, Web servers .NET, etc.). Model-to-code transforms in RSA are used to generate high-level code in RAD. RAD is used to evolve the design into executable code. Before moving the code to the operations environment, RSA is used to reverse transform the code into models that are compared to the original design models to govern architectural changes that have crept into the code during implementation. RAD integrations with WAS and other runtimes automate the transforms to the operational environment Tivoli tools monitor the execution of the applications and identify functional and performance issues. Entender la arquitectura existente y guiar su evolución, utilizando las capacidades de analisis, modelado y transformación de IBM Rational Software Architect

25 Aseguramiento de Calidad de Software
Automatización de Pruebas Funcionales con IBM Rational Functional Tester Automatización de Pruebas de Desempeño con IBM Rational Performance Tester Models, designs, and rapidly builds resilient architectures for SOA, systems, and applications Link Business Processes with development for complete lifecycle manageability Accelerate delivery and ensure architectural integrity with reuse Achieve resilient application architectures as SOA, with framework automation Accelerate delivery with design specification to code transforms Unify teams and ensure compliance with processes, patterns & profiles Stay in control and communicate architectural evolution & reconciliation Linkage between BPM & SOA Model Business Modeler integrations with RSA and RequisitePro Requirements traceability Integration into multiple runtime environments Transform architecture into code Generate high-level code from model Reconciliation and architecture evolution Reverse transform code into RSA Model compare, trace and reporting Accelerate SOA Adoption Process guidance, patterns and profiles SOA composite application testing Simplify linkage between SOA and data In General Business-driven development begins with an understanding of how your business operates today. WBM is used to create an "as-is" model. The business process can be improved by evolving the as-is model into a "to-be" model using WBM as well. Certain aspects of the to-be model will require new or modified software development. Those portions of the model are exported out of WBM and imported into RSA and represent business-driven requirements models. RequisitePro is used to flesh out the textual details of those requirements models, as well as to establish requirements traceability and linkages to related artifacts in RSA. Integration between ReqPro and WBM allows for a more direct form of information transformation and linkage. RSA is used to create an architecture that maps to and satisfies the business requirements. Model-to-model transforms in RSA are used to create a detailed design model that takes platform-specific technology into consideration (Java, Web servers .NET, etc.). Model-to-code transforms in RSA are used to generate high-level code in RAD. RAD is used to evolve the design into executable code. Before moving the code to the operations environment, RSA is used to reverse transform the code into models that are compared to the original design models to govern architectural changes that have crept into the code during implementation. RAD integrations with WAS and other runtimes automate the transforms to the operational environment Tivoli tools monitor the execution of the applications and identify functional and performance issues. Planeación y Administración de pruebas con IBM Rational Clear Quest – Test Management

26 Integrar equipos: negocio, desarrollo y operaciones
Modelar el negocio Definir requerimientos Analizar y diseñar Implementar Test Distribuir Administrar Optimizar Gobernar Ejecutivo de negocio Marketing y Ventas Analistas Gerente de operaciones Arquitecto Soporte Product/Project Manager Desarrolladores Distribución Testers Operaciones Desarrollo

27 ¿Preguntas? Models, designs, and rapidly builds resilient architectures for SOA, systems, and applications Link Business Processes with development for complete lifecycle manageability Accelerate delivery and ensure architectural integrity with reuse Achieve resilient application architectures as SOA, with framework automation Accelerate delivery with design specification to code transforms Unify teams and ensure compliance with processes, patterns & profiles Stay in control and communicate architectural evolution & reconciliation Linkage between BPM & SOA Model Business Modeler integrations with RSA and RequisitePro Requirements traceability Integration into multiple runtime environments Transform architecture into code Generate high-level code from model Reconciliation and architecture evolution Reverse transform code into RSA Model compare, trace and reporting Accelerate SOA Adoption Process guidance, patterns and profiles SOA composite application testing Simplify linkage between SOA and data In General Business-driven development begins with an understanding of how your business operates today. WBM is used to create an "as-is" model. The business process can be improved by evolving the as-is model into a "to-be" model using WBM as well. Certain aspects of the to-be model will require new or modified software development. Those portions of the model are exported out of WBM and imported into RSA and represent business-driven requirements models. RequisitePro is used to flesh out the textual details of those requirements models, as well as to establish requirements traceability and linkages to related artifacts in RSA. Integration between ReqPro and WBM allows for a more direct form of information transformation and linkage. RSA is used to create an architecture that maps to and satisfies the business requirements. Model-to-model transforms in RSA are used to create a detailed design model that takes platform-specific technology into consideration (Java, Web servers .NET, etc.). Model-to-code transforms in RSA are used to generate high-level code in RAD. RAD is used to evolve the design into executable code. Before moving the code to the operations environment, RSA is used to reverse transform the code into models that are compared to the original design models to govern architectural changes that have crept into the code during implementation. RAD integrations with WAS and other runtimes automate the transforms to the operational environment Tivoli tools monitor the execution of the applications and identify functional and performance issues.

28 Eduardo Mejia Almaguer RUP Consulting Manager - It Era
Gracias Models, designs, and rapidly builds resilient architectures for SOA, systems, and applications Link Business Processes with development for complete lifecycle manageability Accelerate delivery and ensure architectural integrity with reuse Achieve resilient application architectures as SOA, with framework automation Accelerate delivery with design specification to code transforms Unify teams and ensure compliance with processes, patterns & profiles Stay in control and communicate architectural evolution & reconciliation Linkage between BPM & SOA Model Business Modeler integrations with RSA and RequisitePro Requirements traceability Integration into multiple runtime environments Transform architecture into code Generate high-level code from model Reconciliation and architecture evolution Reverse transform code into RSA Model compare, trace and reporting Accelerate SOA Adoption Process guidance, patterns and profiles SOA composite application testing Simplify linkage between SOA and data In General Business-driven development begins with an understanding of how your business operates today. WBM is used to create an "as-is" model. The business process can be improved by evolving the as-is model into a "to-be" model using WBM as well. Certain aspects of the to-be model will require new or modified software development. Those portions of the model are exported out of WBM and imported into RSA and represent business-driven requirements models. RequisitePro is used to flesh out the textual details of those requirements models, as well as to establish requirements traceability and linkages to related artifacts in RSA. Integration between ReqPro and WBM allows for a more direct form of information transformation and linkage. RSA is used to create an architecture that maps to and satisfies the business requirements. Model-to-model transforms in RSA are used to create a detailed design model that takes platform-specific technology into consideration (Java, Web servers .NET, etc.). Model-to-code transforms in RSA are used to generate high-level code in RAD. RAD is used to evolve the design into executable code. Before moving the code to the operations environment, RSA is used to reverse transform the code into models that are compared to the original design models to govern architectural changes that have crept into the code during implementation. RAD integrations with WAS and other runtimes automate the transforms to the operational environment Tivoli tools monitor the execution of the applications and identify functional and performance issues. Eduardo Mejia Almaguer RUP Consulting Manager - It Era