Export (0) Print
Expand All

Objectives, Risks, and Controls

Published: April 25, 2008

 

The following table provides examples of how management objectives for this phase can be related to risk and then to controls that help manage those risks. By clearly linking objectives, risks, and controls, an IT organization will be more effective and compliant. It will also be more efficient in gathering and maintaining documented evidence of its control environment and risk management. Management reviews (MRs) introduce the appropriate level of control to Plan Phase activities. Every company needs to evaluate laws and regulations to determine its own policies and thus its own compliance controls. However, the management reviews still provide management controls so that compliance can be evaluated at these points of the lifecycle.

Table 8. Plan Phase Objectives, Risks, and Controls

Objective

Risk

Control

Ensure that the desired services are delivered with the desired quality at the desired cost

  • Services do not meet business needs
  • Cost of services is not predictable

 

Service Alignment MR

Portfolio MR

Ensure that IT services are reliable and trustworthy

  • IT services waste resources and are more expensive than necessary
  • IT services are poorly designed and hard to support
  • Service delivery improvement is ineffective
  • IT services fail, causing business loss

 

Service Alignment MR

Portfolio MR

Important MR control considerations:

  • Include the reconciliation of planned-to-actual spending
  • Service reviews performed at least annually or semi-annually and when there are major service breaks

Ensure that IT services are compelling to the business

  • IT services fail to provide significant value to the business
  • IT services are under-used or over-used, resulting in misallocation of resources

 

Service Alignment MR

Portfolio MR

Important MR control considerations:

  • IT service planning based on business strategy, with documented relationship between strategy and service
  • Recurring service reviews with business stakeholders
  • Usage rates of service capacity tracked and incorporated into service planning

Ensure that IT services are predictable and can adapt to new business requirements

  • Unpredictable service performance
  • Unplanned changes to IT environment
  • The process of changing IT services is cumbersome and contains unnecessary bureaucracy 
  • IT has conflicting or inadequate workflow

 

Service Alignment MR

Portfolio MR

Important MR control considerations:

  • Feedback from service performance monitoring contributes to service design
  • Change control procedures are in place and evidence of control operation is documented
  • Appropriate business stakeholders are available for change reviews when needed
  • Change methodology supports different levels of analysis and approval that result in consistently documented results

Ensure that the IT organization partners with the business for the planning and delivery of services

  • Business unable to efficiently understand available IT services
  • Service levels not appropriate for business needs
  • Business requirements not well understood or translated into IT designs

 

Service Alignment MR

Portfolio MR

Important MR control considerations:

  • Business and IT partnership roles defined with clear accountabilities
  • IT understands how levels of service criticality relate to different business functions
  • Service requirements are vetted with business and demonstrated functionality is reviewed

Ensure that the IT organization  proactively manages risk

IT services repeatedly negatively affected by unplanned events

 

Service Alignment MR

Portfolio MR

Important MR control considerations:

  • Process of identifying risk starts at beginning of planning
  • Risk management continues throughout an IT service’s lifecycle

This accelerator is part of a larger series of tools and guidance from Solution Accelerators.

Download

Get the Microsoft Operations Framework 4.0

Solution Accelerators Notifications

Sign up to learn about updates and new releases

Feedback

Send us your comments or suggestions

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft