Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Founded in 1807, John Wiley & Sons is the oldest independent publishing company in
the United States. With offices in North America, Europe, Asia, and Australia, Wiley
is globally committed to developing and marketing print and electronic products and
services for our customers professional and personal knowledge and understanding.
The Wiley Corporate F&A series provides information, tools, and insights to corpo-
rate professionals responsible for issues affecting the profitability of their company, from
accounting and finance to internal controls and performance management.
Executives Guide to
IT Governance
Improving Systems Processes with
Service Management, COBIT, and ITIL
ROBERT R. MOELLER
Copyright 2013 by John Wiley & Sons, Inc. All rights reserved.
No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by
any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted
under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permis-
sion of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright
Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600,
or on the Web at www.copyright.com. Requests to the Publisher for permission should be addressed to the
Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011,
fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.
Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in pre-
paring this book, they make no representations or warranties with respect to the accuracy or completeness
of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness
for a particular purpose. No warranty may be created or extended by sales representatives or written sales
materials. The advice and strategies contained herein may not be suitable for your situation. You should
consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss
of profit or any other commercial damages, including but not limited to special, incidental, consequential,
or other damages.
For general information on our other products and services or for technical support, please contact our
Customer Care Department within the United States at (800) 762-2974, outside the United States at (317)
572-3993 or fax (317) 572-4002.
Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included
with standard print versions of this book may not be included in e-books or in print-on-demand. If this book
refers to media such as a CD or DVD that is not included in the version you purchased, you may download this
material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.
Moeller, Robert R.
Executives guide to IT governance : improving systems processes with service management, COBIT, and
ITIL / Robert R. Moeller.
1 online resource. (Wiley corporate F&A series)
Includes bibliographical references and index.
Description based on print version record and CIP data provided by publisher; resource not viewed.
ISBN 978-1-118-22495-3 (pdf) ISBN 978-1-118-23893-6 (epub) ISBN 978-1-118-26354-9
(mobipocket) ISBN 978-1-118-13861-8 (o-book) ISBN 978-1-118-54017-6 (cloth)
1. Information technologyManagement. 2. Information technologyAuditing.
3. Electronic data processing departmentsAuditing. I. Title.
HD30.2
004.0684dc23
2012050404
10 9 8 7 6 5 4 3 2 1
Dedicated to my best friend and wife, Lois Moeller.
Lois has been my companion and partner for over 40 years,
whether we are on our Lake Michigan sailboat,
skiing in Utah or elsewhere,
visiting museums and traveling to interesting places in the world,
vegetable gardening in the backyard,
or jointly cooking its produce.
Contents
Preface xiii
vii
viii Contents
ITIL Fundamentals 88
ITIL Service Strategy Components 91
ITIL Service Design 94
ITIL Service Transition Management Processes 99
ITIL Service Operation Processes 102
IT Governance and ITIL Service Delivery Best Practices 106
Note 107
Chapter 11: PCI DSS Standards and Other IT Governance Rules 195
Index 379
Preface
I
N TO DAY S W O R L D O F E V ER- C H A N GI N G ECO N O M I C CO N D I T I O NS and
increased regulatory activities, governance is becoming an increasingly important
issue for all sizes of enterprises, whether public corporations, not-for-profits, or private
businesses. Enterprise governance concepts consist of a series of broad areas of enter-
prise activity, starting first with managements accountability and fiduciary responsi-
bilities to its customers, employees, regulators, and all other stakeholders. This requires
the implementation of guidelines and programs to ensure that management acts in good
faith and that the overall enterprise is protected from wrongdoing or fraud. In addition,
enterprise governance includes management processes and policies to promote strate-
gic and economic efficiency. The management of economic efficiency involves how the
corporate governance system intends to optimize results and meet its objectives. This
promotion of strategic efficiency also calls for an enterprise to promote and establish
public policy objectives that are not always directly measurable in economic terms but
include such things as a strong ethics program, the promotion of quality, and employee
welfare.
Effective enterprise governance, of course, requires strong management skills to
make important decisions and provide leadership. There is also a very strong require-
ment for information technology (IT) systems and processes in particular. This impor-
tant area, IT governance, is the overall topic of this executive guide.
In the earlier days of IT systems and processes, senior operations management often
delegated many aspects of IT operations to specialists responsible for building, operat-
ing, and maintaining an enterprises IT resources. While there was frequent talk about
engaging the management and users of IT systems with the specialists and developers of
their IT resources, operations management often experienced disappointments. New IT
initiatives often did not meet their planned objectives, were delivered late, had security
and internal control vulnerabilities, or too soon became obsolete due to poor planning
or assessments of management needs. To improve matters today, there is a need for bet-
ter processes to manage and coordinate all aspects of an enterprises IT resourcesthe
need for IT governance.
This book is an executives guide to this important concept of IT governance. Our
focus is not on the IT specialist installing IT hardware, software, and network con-
nections, nor on such important resources as internal auditors who test and review IT
processes. Rather, this guide is directed to the enterprise executive who has some under-
standing of IT processes but is interested in learning more about the issues and processes
xiii