| Section Links | |
 |
|
 |
|
|
|
Additional resources found in the Toolbox |
|
|
Training (member only) |
|
Review and Update my controls in FCM |
|
How to implement a risk watch program: RiskWatch |
|
Change Management - process vs. product and automate or die |
|
Visio and Process Automation - It Works |
|
|
Announcements
and Meetings |
update May 2007 | ||
OCEG LAUNCHES THIRD STUDY IN THE
See more at: http://www.oceg.org/view/obsmeasure About the Open Compliance and Ethics Group (OCEG) For more information on OCEG and the OCEG Framework, visit: www.oceg.org For more information, please contact Kelly Ray, VP, Core Knowledge at the Open Compliance and Ethics Group at 940-648-2760 (kelly.ray@oceg.org). |
Phoenix, AZ – May 1, 2007 - Today, the Open Compliance and Ethics Group (OCEG) launched its third study in the 2007 OCEG Benchmarking Series. Sponsored by Ernst & Young LLP, the “Proving the Value of GRC” study will help organizations of all sizes and types (for-profit, nonprofit, higher education and governmental agencies) understand how their measurement programs compare with peers and other leading organizations around the globe. “We see a lot of organizations measuring the things that are easy to measure rather than the things that demonstrate that the compliance and ethics program is contributing to business objectives.” said Scott Mitchell, CEO of OCEG. “OCEG offers this benchmark study as a tool to make sure that GRC programs are driving principled performance – showing that operating with integrity and within the organization’s mandated and voluntary boundaries enhances the value of the organization. “ “Our clients are placing increasing emphasis on measuring both the effectiveness of their compliance infrastructure, and the return on their compliance investments,” said Jack Holleran, Senior Manager in Ernst & Young’s Fraud Investigation and Dispute Services practice and a former Chief Compliance Officer with a Fortune 100 company. “Companies often look at “effectiveness” in two ways – effectiveness in preventing non-compliance, and effectiveness in detecting non-compliance. Many companies have developed measures for effective detection, however effective prevention and return on compliance investment have proven more difficult to quantify. This benchmark study will provide important insights into how leading organizations are measuring return on the compliance dollars they invest.”
See more at: http://www.oceg.org/view/obsmeasure “In each of our studies, we strive to either deliver or create something of value to the participants,” said Kelly Ray, OCEG’s VP of Core Knowledge. “In this third study, we’re making sure participants have direct access to the OCEG Metrics Analysis Tool. Although we recognize that in this current year many organizations may not yet have their baseline measures in place, by offering a comprehensive and standardized set of metrics, OCEG helps organizations reduce their own development costs, and enable intra-industry and cross-industry benchmarking in the years to come.” The study is part of the larger OCEG Benchmarking Series which covers a number of related topics including:
You can find out more about the OCEG Benchmarking Series at http://www.oceg.org/obs |
||
Boston SPIN Roundtables 2006 - 2007 Discuss latest guidance in documenting application development for the purpose of regulatory compliance. Based on the paper "Controls Evidence Specific to Software Development and Product Development Lifecycle" Published September 2006, ITGI. Facilitated by the author, Robin Basham President and Founder, Phoenix Business & Systems Process, Inc. Abstract: Teams preparing their annual audit work papers (controls evidence) will often ask, "What about SDLC related artifacts like VSS/ CVS, test events and source code libraries? Software Development work products have particular control requirements satisfied through the appropriate use of workflow and event management tools, integrated development environments or IDE's and storage libraries for the purpose of source control Project Culture Affects Productivity - And I Can Prove It! Facilitated by Bruce Taylor, principal of WorkingInUnison Abstract: A survey of 212 programmers from a variety of companies and countries shows that the culture of the team and company has a large effect on the productivity of software development projects. I'll explain the notion of "culture" used in the survey, review the responses, and show the statistical analysis that demonstrates the effect. Then we'll open the discussion to "What does this mean for your organization?"
|
 |
||
The Open Compliance & Ethics Group Integrating Governance, Risk Management, Compliance and Culture
 About the Presenter Michael Johnson is Co-CEO of Brightline Compliance. Mr. Johnson is a former civil rights attorney in the U.S. Department of Justice, where he brought one of the Justice Department's first "pattern or practice" sexual harassment cases. The United Nations selected Mr. Johnson to consult on revisions to the UN's sexual harassment policy and to train UN staff on how to properly investigate harassment complaints. The Equal Employment Opportunity Commission has asked Mr. Johnson to speak on harassment topics at several conferences held around the country. Mr. Johnson is a graduate of Duke University and Harvard Law School. |
Dates: October 26, 2006 | November 16, 2006 | December 5, 2006 Time: 2:00 PM - 3:00 PM EST (11:00 AM - 12:00 PM PST) Cost: Complimentary To register for this webinar, please click here. On October 2, 2006, the California Fair Employment and Housing Commission (FEHC) published its latest draft of proposed regulations regarding California Law AB 1825. When the proposed regulations are finalized, they will detail how employers should provide harassment prevention training courses to supervisors to comply with AB 1825. The regulations, which may be modified further, are expected to be finalized at the FEHC’s next meeting on November 14, 2006. OCEG and Brightline Compliance will be presenting a complimentary webinar which registrants may attend on any one of the three dates listed. Participants will learn about the content of the new draft regulations and the steps that employers should take now. Webinar Title New Regulations on California Harassment Training Law AB 1825 Dates and Time Thursday, October 26, 2006 Thursday, November 16, 2006 Tuesday, December 5, 2006 2:00 PM - 3:00 PM EST (11:00 AM - 12:00 PM PST) Dial-in number and web site will be provided upon registering. Presenter Michael Johnson, Esq. Co-CEO, Brightline Compliance Webinar Content Among other things, the webinar will address the following questions:
|
||
Teleconference
Enterprise Risk Agility – How Technology Will Change Risk Management In The Next 5 YearsAir Date: October 4, 2006 Presented By:
Michael Rasmussen Vice President Forrester Research, Inc. |
Governance, risk, and compliance are major issues that have caught organizations by surprise. A fragmented and uncontrolled response to risk is prone to failure, is not effective at identifying risk, and costs an organization when it is caught off guard. The continuing growth in the complexity of business, internal processes, relationships, and external market forces will require new paradigms of technology to monitor and manage risk. Technology is and will further change businesses, and entire industries, by taking them from a state of risk ignorance to risk agility. This teleconference explores how technology will change risk management over the next five years and become a risk central nervous system to achieve risk agility within business. Agenda
Related Research |
||
Webinar-Watch October 26th "Auditing IT Initiatives: Assessing Implementation "Preparedness" and Reducing IT Risk"
|
Dan Swanson has recently partnered with ComplianceOnline http://www.complian ceonline. com/ <http://www.complianceonline.com/> to deliver a comprehensive October 26th webinar "Auditing IT Initiatives: Assessing Implementation "Preparedness" and Reducing IT Risk" where he will provide extensive guidance, resources, and other best practice information; as well as his "insight" on this important topic (note - it also includes a short Q&A session). <http://www.complianceonline.com> | ||
Contact: Stephanie Covert Object Management Group +1-843-225 8419 pr@omg.org About The OMG With well-established standards covering systems and software from design and development, through deployment and maintenance, and extending to evolution to future platforms, the Object Management Group (OMG) supports a full-lifecycle approach to enterprise integration which maximizes ROI, the key to successful IT and system development. OMG's Modeling standards, the basis for the MDA®, include the Unified Modeling Language™ (UML®), the Common Warehouse Metamodel (CWM™) and other enterprise modeling standards. CORBA®, the Common Object Request Broker Architecture, is OMG's standard open platform with hundreds of millions of deployments running today. Headquartered in Needham, MA, USA, the Object Management Group is an international, open membership, not-for-profit computer industry specifications consortium. More information about OMG can be found at www.omg.org. Note to editors: MDA, Model Driven Architecture, OMG Logo, UML, UML logo and CORBA are registered trademarks, and OMG, Object Management Group, MOF, MDA Logos, OMG SysML and Unified Modeling Language are trademarks, of Object Management Group. All other trademarks are the property of their respective owners. |
OMG Announces Two New Sponsors of Compliance GRID Project
Inferware and Phoenix to contribute to development of project to address global regulatory compliance management challenges Needham, MA, USA - July 25, 2006 - The Object Management Group™ (OMG™), a software consortium responsible for establishing distributed computing specifications, and ORCA™, the OMG Regulatory Compliance Alliance, today announced that Inferware (www.inferware.com) and Phoenix Business and Systems Process (PB&SP) (www.pbandsp.com) have become sponsors of the Compliance Global Regulatory Information Database (C-GRID™) project. Both companies will also be represented on the ORCA Advisory Council. ORCA is a working group of OMG Members who are committed to codifying, and promoting IT best practices for regulatory compliance, and developing resources for IT professionals dealing with regulatory compliance requirements. ORCA is currently developing C-GRID as an open repository of information on regulations, rules, frameworks and guidance documents from around the world. The goal of this project is to provide the de facto compliance reference guide for global IT managers. Contributions from the community to the database are being accepted and vetted by a team of regulatory compliance experts on an ongoing basis. See http://www.omg.org/orca-pr to add your submission. "I see ORCA as the perfect opportunity to realize a uniform open source ontology for any framework or standard. The C-GRID will enable any industry vertical to easily and dynamically align their current and unique regulatory profile to the industries' validated and best compliance resources," said Robin Basham, CEO, Phoenix Business and Systems Process. "I am thrilled to have the opportunity to work with industry leaders in creating solutions to simplify regulatory complexity and to be contributing to the development of the C-GRID by providing data and meta-data about a variety of U.S. and international statutes and regulations." "Inferware is pleased to support the development of the C-GRID: our clients need a reliable global regulatory resource, and the C-GRID enables us to build new policy management services on a robust open platform. I am looking forward to serving on the Advisory Council and helping to shape this important resource," said Said Tabet, CEO, Inferware. "PB&SP and Inferware are innovators in governance, risk management, and policy automation. Their unique perspectives and contributed intellectual property will be invaluable to the C-GRID project, and I welcome their support," said Dr. Adrian Bowles, program director, Regulatory Compliance, OMG. "I am also pleased to have Robin and Said participate on our Advisory Council. Their individual insights have already helped shape our plans and their continued participation will assure a high quality product." Inferware and Phoenix join IBM (www.ibm.com) as C-GRID sponsors. For more information about ORCA, visit http://orca.omg.org. About Phoenix Phoenix Business and Systems Process (PB&SP) implements CobiT and ITIL compliant programs resulting in improved client controls and greater capacity for business growth. Through collaboration and training, PB&SP ensures documented authentic business controls, designed to satisfy ongoing regulatory compliance, business value alignment and cost effective administration. Aligning information system metrics to their specific key control requirements PB&SP translates enterprise information overload to the executive vernacular, and transforms key business objectives to an achievable IT framework. PB&SP compliance projects consistently result in rapid non- qualified audit findings and increased operational efficiencies. With a partner network spanning four continents and the Unites States, PB&SP information systems and security analysts possess technology and audit certifications, networking credentials, compliance and regulatory training, and advanced degrees in such areas as Business, IT, Assessment, and Engineering. PB&SP people know standards and the real world problem of making the standards work. Common to all employees is ITIL certification and either CISSP, CISM or CISA certifications. Simple solutions to complex problems http://www.pbandsp.com. About Inferware Founded in 2004 and headquartered in Natick Massachusetts, USA, Inferware Corp provides methodologies and tools for translating corporate executive goals to actionable business rules. Inferware products and services are based on current and emerging industry standards including MDA, SOA, RuleML, SBVR, CDL, BPM, BAM, and Business Motivation Model. Inferware's Policy Management Process (PMP™) is a proven methodology helping our clients define well-formed policies, and track their implementation and performance within the enterprise. Inferware helps global clients implement enterprise compliance management solutions, offering a framework that integrates business and IT requirements and facilitates service-oriented compliance automation. For more information, visit www.inferware.com.
|
||
Phoenix Business and Systems Process is proud to be among sponsors to the ITGI Media Contacts Kristen Bertholomey, +1.847.590.7455, kbertholomey@itgi.org Deborah Vohasek, +1.847.590.7466, dvohasek@itgi.org IT Governance Institute 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USAMedia Contacts Kristen Bertholomey, +1.847.590.7455, kbertholomey@itgi.org Deborah Vohasek, +1.847.590.7466, dvohasek@itgi.org IT Governance Institute 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA |
FOR IMMEDIATE RELEASE -New Sponsors and Affiliates Support IT Governance Institute Activities Rolling Meadows, IL, USA (18 May 2006)—As organizations recognize that strong IT governance can lead to increased stakeholder confidence and competitive advantage, they are giving increasing support to the nonprofit, independent IT Governance Institute (ITGI). ITGI was established in 1998 to advance international thinking and standards in directing and controlling information technology (IT). In addition, ITGI developed the globally recognized IT governance framework Control Objectives for Information and related Technology (COBIT), now in its fourth edition, and offers original research and case studies to assist enterprise leaders and boards of directors in their IT governance responsibilities. Organizations can support ITGI’s research, publications and other work by becoming an affiliate or a sponsor. Affiliates are nonprofit organizations that endorse ITGI’s purpose and wish to be publicly counted among the institute’s supporters. New affiliates include:
ITGI sponsors are primarily for-profit corporations that support ITGI’s work. New sponsors of ITGI include:
“IBM and ITGI share a common goal and vision in furthering the adoption of the COBIT standards and framework,” said Larry Bowden, IBM, vice president, software products. “IBM is increasing the adoption in the market by including the COBIT family of products in IBM software products beginning with the immediate use in IBM Workplace for Business Controls and Reporting, shipping this month. IBM will also align future IT governance software offerings from Rational and Tivoli with the COBIT standards. IBM's objective is to help reduce a company’s time to implement COBIT-based controls for better corporate and IT governance.” Results of the recent IT Governance Global Status Report survey of 695 C-level executives from around the world found that recognition of COBIT increased by 50 percent and awareness of ITGI nearly tripled from 2003 to 2005. “We believe this increasing recognition of IT governance is causing enterprises to seek ways to become more informed about and active in IT governance concepts. The ITGI sponsorship is a great option for them, and we are proud to count these organizations among our growing list of supporters,” said Everett Johnson, CPA, international president of ITGI. “IT governance can truly transform an enterprise. It is a positive trend to see these and other prominent organizations give it the priority it deserves.” Additional information on ITGI’s supporter programs is available at www.itgi.org.
|
||
OCEG ANNOUNCES INTERNAL AUDIT GUIDE FOR USE IN COMPLIANCE AND ETHICS PROGRAMS
The Open Compliance & Ethics Group Integrating Governance, Risk Management, Compliance and Culture About the Open Compliance and Ethics Group (OCEG)OCEG is a nonprofit organization that provides a framework (the OCEG Framework) for integrating governance, compliance, risk management, and integrity into the tangible practice of everyday business; drives adoption of the Framework through a multi-industry, multi-disciplinary coalition; and provides a community of practice for the exchange of information, tools, benchmarking and feedback for continual improvement of the Framework. For more information on OCEG and the OCEG Framework, visit www.oceg.org. View the official Press Release
|
The Open Compliance and Ethics Group (OCEG - www.oceg.org) has just released a new internal audit guide for use in auditing compliance and ethics programs The Internal Audit Guide will help directors, executives and other senior managers charged with governance responsibilities to better understand the issues and processes involved in an internal audit of a compliance and ethics program, and is designed primarily for the internal auditor. The Guide describes:
“This new Guide provides further guidance by OCEG to support the continued improvement of an organization’s compliance and ethics program,” says Scott Mitchell, OCEG's President and CEO. The Guide’s development was overseen by OCEG’s senior management and leadership council, and was written principally by Dan Swanson, former Director, Professional Practices, The Institute of Internal Auditors (IIA) and member of the OCEG Steering Committee. Mr. Swanson’s internal audit guide advisory group consisted of 50 professionals in the auditing, compliance, "Internal audit's assurance and monitoring roles are key to effective corporate governance. Having a guide that outlines a comprehensive approach to auditing a compliance and ethics program will be of great value to boards, management and auditors alike." - Paul J. Sobel , Vice President, Internal Audit, Mirant Corporation.ethics, forensics, finance and legal fields. “Keeping up with critical information is very difficult today. This comprehensive guide is extremely well done, and will save your team from significant research time before their next audit of governance or ethics. It is a ‘how to’ guide and a must read for anyone involved in governance and ethics.” - Larry Harrington, Vice President, Internal Audit, Raytheon Company. OCEG ANNOUNCES INTERNAL AUDIT GUIDE FOR USE IN COMPLIANCE AND ETHICS PROGRAMS "The OCEG Internal Audit Guide will be a major contribution to how we understand the ethical heath of an organization." -- Paul Moxey, Head of Corporate Governance and Risk Management, The Association of Chartered Certified Accountants ."A must read for anybody preparing to audit the compliance and ethics program of the organization.” Roger L. McDaniel, President, Audit Services
|
||
OMG TECHNICAL MEETING Boston, MA USA June 26-30, 2006 Hyatt Harborside 101 Harborside Drive Boston, MA USA
|
The OMG hosts five Technical Meetings approximately every eight to ten weeks per year in various locations around the world. Typically, three are located within the US and two are held at international venues. At these meetings, technical experts from member companies and organizations meet to discuss OMG technologies and work on new specifications. OMG Technical Meetings attract up to 600 technology representatives and industry leaders from member organizations. Participants include: Chief Operating Executives, Chief Information Officers, Chief Technology Officers, Software Architects, System Architects, Enterprise Architects, Research Scientists, Software Engineers, Software Developers, IT Managers, IT Executives, Consultants |
||
SML (Service Modeling Language)
Important news on our horizon! |
SML (Service Modeling Language)The specificationSML version 0.5 was released on July 31st 2006. You can read the specification and the XSD schema. For more information about SML, please visit the sites of some of the SML authors:
Providing feedbackThe Service Modeling Language (“SML”) Workgroup welcomes feedback from the community on the SML Specification, provided that any feedback is provided pursuant to the terms and conditions of the SML Feedback Agreement. If you would like to provide feedback on the SML Specification, please download, review and execute the SML Feedback Agreement, and return it to Microsoft prior to submitting your feedback. Feedback submitted other than pursuant to a fully executed and returned SML Feedback Agreement will not be accepted or reviewed. In accordance with the SML Feedback Agreement, any feedback will be deemed non-confidential information and will be licensed to the WG on a royalty free basis. You may download a copy of the SML Feedback Agreement at the following http://serviceml.org/SMLFeedbackLicenseAgreement.pdf. Once you have executed and returned the SML Feedback Agreement you may submit your feedback in writing to sml-feedback@external.cisco.com or present it at the SML Feedback Workshop. The SML Feedback Workshop will take place in the Silicon Valley area on 12 September 2006. Please contact sml-feedback@external.cisco.com for details if you are interested in participating in this workshop. |
||
 |
Announcing new partnership: Phoenix Business and Systems Process, Inc., Needham Massachusetts and IP Services LLC Eugene, Oregon Combining world class IT Service Management and IT audit and Compliance Services, PB&SP and IP Services formerly align to provide end to end IT compliance and service support. <more...> |
||
 |
Combining the wisdom of effective training methodology and the best in IT compliance framework, PB&SP enters into formal accreditation and sponsor agreement with ISACA® of Rolling Hills, Illinois. Celebrating this partnership, PB&SP extends free study assistance for persons becoming familar with the newly enhanced CobiT® 4.0 model.
|
||
Reprinted/ this week's email from Carol TO: OASIS Members, public announce lists The OASIS Web Services for Remote Portlets TC recently has approved the following specification as Committee a Draft and approved the package for public review. Web Services for Remote Portlets Specification v2.0 The public review starts today, 14 June 2006, and ends 13 August 2006. This is an open invitation to comment. We strongly encourage feedback from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of OASIS work. More non-normative information about the specification and the technical committee may be found at the public home page of the TC at http://www.oasis-open.org Comments may be submitted to the TC by any person, by a web-form that can be reached either on that page, via the button marked "Send A Comment" at the top of that page, or directly at http://www.oasis-open.org/ Submitted comments (for this work as well as other works of that TC) are publicly archived and can be viewed at http://lists.oasis-open.org/archives/wsrp-comment/. All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. The specification document and related files are available here: OASIS and the WSRP Technical Committee welcome your comments.
|
From Mary P McRae Manager of TC Administration, OASIS email: mary.mcrae@oasis-open.org web: www.oasis-open.org We are pleased to announce that the Web Services Distributed Management v1.1 Specification has been approved as an OASIS Standard. The submission of the approved standard can be found at [1]. Congratulations to the OASIS WSDM TC, and the community of implementers, developers and users who have brought the work successfully to culmination. http://lists.oasis-open.org/archives/tc-announce/200607/msg00000.html (member only link) --------------------------------------------------- OASIS Launches DITA XML.org Focus Area The latest addition to the XML.org Focus Areas provides a community gathering place for the Darwin Information Typing Architecture. It is the first in a series of XML.org Focus Areas devoted to supporting communities-of-interest for OASIS Standards. The site serves as a knowledge base, bulletin board, and directory where readers share news, events, product listings, services, case studies, testimonials, and recommendations. The site also feature wiki-style linking that enables the public to dynamically collaborate on documents and add new pages. Based on the Drupal open source platform, the Focus Area was designed by members of the OASIS DITA Technical Committee: Don Day and Michael Priestly of IBM; Bruce Esrig of Lucent; Kay Ethier; JoAnn Hackos and Jen Linton of Comtech; Scott Prentice of Leximation; and Jerry Silver of Blast Radius. Funding is provided by Focus Area sponsors, Adobe, Blast Radius, Comtech, Innodata Isogen, PTC, and Vasont. Additional sponsors are welcome; contact peter.roden@oasis-open.org for details. http://dita.xml.org ---------------------------------------------------------------------- Public Review of WSDM-MUWS and WSDM-MOWS Begins The OASIS Web Services Distributed Management (WSDM) TC approved the WSDM Management Using Web Services (MUWS) and WSDM Management of Web Services (MOWS) specifications as Committee Drafts and submitted them for public review. All interested parties are encouraged to submit comments on these specifications, which define Web services architecture to manage distributed resources. Comments should be received by 19 May. http://lists.oasis-open.org/archives/members/200603/msg00005.html ---------------------------------------------------------------------- OASIS Opens Board of Directors Meeting to Members All Consortium members are invited to attend an open session of the quarterly meeting of the OASIS Board of Directors, which will be held on 11-12 May, in conjunction with the OASIS Symposium in San Francisco. To ensure adequate space is allocated, members should indicate their intentions to attend the Board meeting on the Symposium registration form. http://www.oasis-open.org/events/symposium_2006/related_events.php#board meeting ---------------------------------------------------------------------- OASIS Symposium Offers Additional Opportunities for Participation The Symposium Book Table will showcase the growing body of publications that feature technical and executive-level information on OASIS Standards and specifications. This is not a sale, but a display, with sample books being raffled off at the Symposium reception. Authors, publishers, or collectors interested in donating books should contact events@oasis-open.org by 10 April 2006. The Symposium will also feature Birds-of-a-Feather sessions, which may be organized by any attendee. BoFs can be used to discuss issues (in any language of choice) that apply to OASIS Committees, standards, specifications or ideas for new work. BoF signup may be done in advance or onsite. Register for the Symposium before 31 March and save 50 USD. Reserve your hotel room before 15 April to receive the special rate of 199 USD per night. http://www.oasis-open.org/events/symposium_2006/index.php ---------------------------------- Consortium Welcomes New Members Vasont Systems, the newest OASIS Sponsor-level member, provides content management software and data service. Its content management system enables organizations of all sizes to create, manage and store their multilingual content once for multi-channel delivery to print, PDF, CD-ROM and Web formats. Vasont (http://www.vasont.com) is also a sponsor of the DITA XML.org Focus Area. OASIS welcomes new Contributor-level members, Mekon Limited, the Pennsylvania Association of Notaries, Stitching SURF, CGI Group, Inc, the National Informatics Centre, Changfeng Open Standards Platform Software Alliance, and the Property Records Industry Association. http://www.oasis-open.org/about/index.php -----------------
|
||
Software Process Improvement Network (SPIN) and ASQ Boston Joint Meeting Announcement
About the Roundtables: Roundtables are focused group or "birds-of-a-feather" discussions, with a Facilitator to stimulate and moderate discussion. These discussions are held during the Networking portion of the SPIN meeting, before the speaker. Roundtable topics will be announced in the reminder notice. Boston-SPIN needs roundtable facilitators who are interested in professional networking opportunities to exchange their experiences, and ideas with area software professionals. SPIN roundtables provide fresh perspectives on technical, management and career issues. The roundtable sessions are a great opportunity to get to know your peers at other companies. Each month, SPIN offers small roundtable discussions on up to four topics. The roundtables run from 6:00 to 6:45 pm preceding our main speaker. Facilitators are invited to suggest a topic or select from a list of roundtable topics requested by SPIN members at http://www.boston-spin.org/roundtables.html. We have openings for facilitators at upcoming meetings in December, January and beyond. For more information, please contact our roundtable coordinator Chuck.Anastasia@abaqus.com to request a copy of our facilitator guidelines. |
Software Process Improvement Network (SPIN) Meeting Announcement We will meet in our regular location at MITRE - Building S) Topic: Update on the Unified Process: Something Old, Something New, Something Borrowed, and Definitely Something Blue <http://www.boston-spin.org/topic.html#abstract> Speaker: Scott Ambler <http://www.boston-spin.org/topic.html#bio> When: Tuesday, September 12, 2006 6:00pm-8:30pm 6:00-6:45 Networking and Round Tables 7:00-7:10 Announcements 7:10-8:10 Presentation 8:10-8:30 Questions and Answers Who: Everyone (Industry, Government, Academia) Location: The MITRE Corporation, 202 Burlington Rd. (Rt. 62), Building S, Bedford, MA 01730 NOTE: Because of security concerns, you'll need a Picture ID and any large items you bring will be opened and inspected when you arrive. The earliest arrival time is 5:15pm. No one will be admitted prior to that time. The building is secured at 8:30pm. All attendees must have left the building by that time. Info: See our web page for information and directions. http://www.boston-spin.org/directions.html Boston SPIN meetings are free. No RSVP is necessary. Abstract: Update on the Unified Process: Something Old, Something New, Something Borrowed, and Definitely Something Blue <http://www.boston-spin.org/topic.html#abstract> The Unified Process (UP) framework, and in particular the Rational Unified Process (RUP), was publicly release in 1998. Since then the UP has evolved in several directions, new players have entered the field, and the UP has been adopted by thousands of organizations world wide. This presentation explores the history of the UP, the current state of the UP, and discusses the potential future directions of the UP. We'll discuss the relationship between the RUP and IBM's Rational Method Composer (RMC), IBM Rational's current offerings. We'll explore the Basic Unified Process (BUP) and the Eclipse Process Framework (EPF), two open source offerings. Finally, we'll look at the Agile Unified Process (AUP), an agile tailoring of the UP and the Enterprise Unified Process (EUP), an extension to the RUP which addresses cross system issues such as enterprise architecture, software reuse, and operations. About the Speaker: Scott W. Ambler Scott W. Ambler is Practice Leader Agile Development with IBM's Methods Group. He is original developer of the Agile Modeling (AM), Agile Data (AD), Agile Unified Process (AUP), and Enterprise Unified Process (EUP) methodologies. Scott is the (co-)author of several books, including Refactoring Databases (Prentice Hall), Agile Modeling (John Wiley & Sons), Agile Database Techniques (John Wiley & Sons), The Object Primer 3rd Edition (Cambridge University Press), and The Enterprise Unified Process (Prentice Hall). Scott is a contributing editor with Software Development magazine. His personal home page is www.ambysoft.com/scottAmbler.html. <http://www.ambysoft.com/scottAmbler.html> |
||
(we trust TW links, and these are active at their site. Tripwire knows how to handle privacy, advertising and data!) Simplifying Security Compliance, Phase 2 Build on your knowledge of the Visible Ops methodology, and learn how to integrate security early in the IT lifecycle to help achieve regulatory compliance. Using Tripwire to Achieve PCI Compliance Learn from the experts how the PCI Data Security standard impacts your business and how Tripwire software can help you reach compliance. Creating a Culture of Change Management Learn how creating a culture of change management can transform your IT group into a high performing IT organization. Tripwire Enterprise Named Network Security Management Product of the Year Tripwire Enterprise has been judged by Information Security magazine and SearchSecurity.com as the best network security management product released in 2005. Tripwire received the 2006 "Product of the Year" award top honor for its dedication to security, superior quality, consistent performance, support, and ability to deliver business benefit to customers. Read More How much unplanned work do you have in your organization? (VISIT TRIPWIRE ON LINE TO LEARN MORE) |
Quantifying Unplanned Work In this series of articles on unplanned work, we've moved from defining unplanned work to revealing its top causes. This month, we'll examine how to quantify the business costs of unplanned IT work. Now that we've examined the two goals of an IT organization - delivering new projects and operating and maintaining IT assets - we can recognize how unplanned work detracts from these goals by pulling IT professionals away from activities that achieve them. But, can we quantify the costs of unplanned work to justify the ROI of putting in controls to reduce it? We sometimes hear the question, "How can you justify the cost of implementing IT controls? Show me a business case for us to buy testing servers and the tools to enforce our change management process." It's a fair question, and one that can be addressed with a simple example. Suppose someone changes an IT asset, but the change fails catastrophically due to lack of preproduction testing and change management authorization. The failed change results in an "all hands on deck" situation for the IT operational staff; IT drops planned work to remedy the results of the changes. The service disruption causes an incident that takes 4 hours to repair and involves 25 IT staff from all functional roles: application developers, QA staff, database administrators, network and system administrators, and security. Lost IT staff productivity is the first cost of this episode of unplanned work. Unplanned work also comes at the cost of planned project work. In this case, the application developers and QA staff are taken from the critical path of an important sales support project, and the project ship date slips one week. Additionally, to address this project delay, IT has to employ a team of contractors longer. The costs continue to mount. While the IT staff works to restore service, external customers call the service desk to find out why they can't access their billing information. Because of the large customer base, thousands of customers call the service center. The excess calls require the service center to activate the overflow call center, which costs tens of thousands of dollars. Revenue is also disrupted because the service center staff cannot take orders while processing the customer incidents. Downtime and IT project resource costs run in the thousands of dollars; service center costs, lost revenue, and the delayed IT project costs are in the tens of thousands. Let's take it one step further. Maybe customers become so unhappy that 2% of them leave. The business now has to spend hundreds or thousands of dollars to recapture each of those customers. Now that your single rogue change impacts customers, costs increase almost exponentially. With unhappy customers, you now have marketing and public relations problems. Your marketing department has to both gain new customers and win customers back - a feat more difficult and more expensive than gaining brand new customers. With any business process that is close to the customer, unplanned work can quickly and easily rack up huge costs. After looking at our scenario, how can you justify not implementing change controls and testing? Try the following exercise: Look at your top ten unplanned outages in the last quarter or year and determine which ones were caused by failed changes. Of the failed changes, which ones were untested or unauthorized? Calculate the cost of unplanned work for each of those episodes. If any of those failed changes resulted in disruption similar to our scenario, there's your business case for IT controls. It's easy to see how one failed change can quickly add up to hundreds of thousands of dollars - and how implementing IT change control processes can easily pay off tenfold. Next month, we'll look at ways to reduce unplanned work and start realizing the benefits of an effective,
|
||
Click Here For the Complete Agenda Description AND RSVP FOR ALL LOCATIONS OR WEBEX
DIRECTIONS TO February MRO Software: MESDA Technology Center: The Hartford, Hartford, CT: |
PAST Meeting May 16, 2006 For building security registration and attendee count <mailto:RSVP@itsmf-ne.org?subject=RSVP%20to%20May%202006%20Meeting%20(Please specify location: Bedford,MA/Hartford,CT/Westbrook,ME/Web Conference)> May 16, 2006 Meeting 4:00 - 6:00 PM Locations:
ISO 20000 - What's It All About? Mike Lachance, VP, The Hartford Valerie Arraj, Global ITSM Practice Manager, InteQ You've heard that ITIL is now an ISO standard via the December 2005 vote of ISO 20000, but do you know what it means? Learn how the standard aligns with ITIL, what it means now that it is an ISO standard and who will be paying attention to it. Contribute your own experiences and network with your peers in Bedford, Hartford and Westbrook, Maine, or on the Web and participate in the LIG Board election process. About the Presenters Mike Lachance Michael B. LaChance, AVP, The Hartford Financial Services Group, is champion for process and performance management responsible for ITIL Service Management and Six Sigma adoption across a Fortune 100 infrastructure support organization. He is responsible for identification and definition of common service delivery taxonomy, establishing standards for process development, management, alignment and optimization across IT service management and service delivery offerings. He is also responsible for all ITSM automation including the BMC/Remedy ITSM suite, application mapping discovery tools, the organization's federated CMDB strategy, performance/event management and SLM platforms. Michael has been Foundations Certified and a member of itSMF since 2003. He co-founded the itSMF New England LIG and has served on its board since inception. |
||
MORE FROM: The New England LIG is made up of a number of IT Service Management practitioners and vendors who do business in the New England area. The group exists to promote best practices in the New England geography by providing a forum to educate and share information about operational processes and achieving operational excellence. Our interest group includes individuals from the following organizations: Accenture Aimnet Aprisma APC Autodesk Boehringer Ingelheim Pharmaceuticals, Inc Commonwealth of Massachusetts Computer Associates Concord Communication Court Square Data Group Enterasys Networks EMC Corporation EXIN USA Inc Glasshouse Hannaford Bros. Co. HPHGB Consulting Inc InteQ Corporation InterSystems Corporation JPC Group L. L. Bean Liberty Mutual Manulife Financial Marsanne Link, Inc. Mass High Tech Millennium Pharmaceuticals MITRE Corp. MRO Software, Inc Millennium Pharmaceuticals MITRE Corp. MRO Software, Inc Perot Systems Pitney Bowes Progress Software Corp Protivity Redtree Consulting, L.L.C. Relicore Siemens Business Services SolidWorks Corporation Staples Starwood Hotels and Resorts Stratus Technologies Sun Microsystems, Inc. The Hartford TJX Unisys University of Massachusetts Presidents Office Verizon IT Westbury USA, Inc. |
Measuring Costs and Demonstrating ROI
Mark Hernon, VP of IT and Operations Millennium Pharmaceuticals shares highlights of Millennium’s two year journey to adopt a services-oriented approach to defining and delivering IT value. Mr. Hernon will provide insights into how and why adopting a services-oriented approach can help you gain C-level credibility and acceptance of your budget. Mark Hernon, VP of IT and Operations at Millennium Pharmaceuticals is responsible for IT, Facilities, Sourcing, Environmental Health and Safety, Laboratory Operations, and Meeting and Convention Planning. Prior to joining Millennium in 2001, Mark spent almost 15 years in consulting as a Partner with Braxton Associates, the strategy practice of Deloitte Consulting. In late 1999 he left Deloitte to join a young e-business strategy consulting firm called Mainspring. Mark was VP & General Manager of the Manufacturing & Life Sciences practice at Mainspring and continued on as a Managing Principal with IBM Global Services following IBM's acquisition of Mainspring in 2001. Mark holds a B.S. and an M.S. in Industrial Engineering and an MBA, all from Rensselaer Polytechnic Institute. What Makes IT Leaders Effective in the Eyes of Business Executives? Dr. George Westerman of MIT Sloan’s Center for Information Systems Research (CISR) discusses “What Makes IT Leaders Effective in the Eyes of Business Executives?” Drawn upon research with more than 300 non-IT executives, Dr. Westerman will discuss what functions high-performing IT units do better than their lower-performing peers. Dr. George Westerman is a Research Scientist at MIT Sloan’s Center for Information Systems Research (CISR) and faculty chair for the course IT for the Non-IT Executive. His research and teaching explore how executives can align and govern their strategy, technology, and organizational structures. His latest study on IT leadership (with colleague Peter Weill) describes mechanisms IT leaders can use to enhance their IT organizations’ agility and business value. Prior to earning his doctorate from Harvard Business School, George gained more than 15 years of experience in engineering and IT management. He advises a variety of IT and business executives on issues of improving information technology capabilities and value. |
||
itSMF New England LIG (WE WERE HERE)
|
April
19th Meeting - Sarbanes-Oxley and ITIL LOCATION: Sun Microsystems, Herman Melville Conf. Room MEETING AGENDA Sarbanes-Oxley and ITIL Seems that everywhere you look someone is selling a software program, standard or framework as the silver bullet for Sarbanes-Oxley. No Silver bullet, but the facts: good governance is the road to providing evidence of controls, regardless of regulation. This session will present: > An overview of Sarbanes-Oxley (SOX) as the law applies to IT > The need for Key Controls and the part IT plays in their design > How ITIL process models support test and evidence of control practice > How an ITIL Functions support SOX 404 compliance Robin Basham M.Ed, M.IT, CISA (pending) is Founder and CEO of Phoenix Business & Systems Process, Inc. She has extensive experience in business process, staff development, and technology leadership across multiple industries including Financial Services, Insurance, Telecommunications, Major Media, Medical and Retail. Ms. Basham helps companies implement CobiT®.and ITIL-compliant programs resulting in improved client controls and greater capacity for business growth. FROM THE FIELD: Real experiences on this topic from practitioners in the audience. It's here. It's live. Check it out!!! This site contains information on previous and upcoming meetings, presentations and other LIG and ITSM/ITIL-related info. |
||
 |
To: OMG Technical Committees, OMG Government Domain Task Force Participants of 13-July-2006 Office of Management & Budgets Industry Day Subj:; Office of Management and Budget Brings Federal Transition Framework work to Object Management Group This memo describes the collaborative work that has begun between the OMG and the President's Office of Management and Budget. A brief background is provided followed by a specific Call to Action. Please consider participation. Background During an "Industry Day" of the Office of Management and Budget (OMB) on 13-July-2006, Dick Burk, OMB Chief Architect announced that the OMB and the Object Management Group's (OMG) Government Domain Task Force (GovDTF) have agreed to work together using OMG's community consensus process to define an industry consensus specification for the OMB's new Federal Transition Framework (FTF). GovDTF will be forming a "Federal Transition Framework Metamodel Working Group" under its US Government Working Group (USWG) to address this work item. This work item will dove-tail with another work item on the USWG Roadmap, "A UML Profile for the Federal Enterprise Architecture" which was launched last June during the GovDTF's meeting in Boston. Initially a white paper will be issued by the GovDTF in its upcoming meeting in Anaheim CA during the last week of September 2006, reflecting work done to-date and outlining the joint OMB/OMG FTF program. Among the work done to-date, the OMB has published: * FTF Release Memo * FTF Usage Guide * FTF Catalog * FTF Metamodel Reference The metamodel document presents a UML model of the FTF catalog and will represent a starting point in the OMG to produce a standard FTF specification as a Platform Independent Model that will be realized as one or more Platform Specific Models, e.g., XML Documents, Data Interchange Formats, Web Service Access... In the interim a strawman XML schema has recently been completed. Call to Action We would like you to participate in a conference call on Monday, 7 August 2006, 0800-0930 EDT. In this conference call we will outline
|
||
Open Compliance and Ethics Group Succeeds in its OCEG IT Forum 2006! Click here to download the Spring OCEG IT Forum Brochure
|
Bravo OCEG on your Great Success! Gathered for two days at the elegant and prestiguous Harvard Club of Boston Massachusetts, world experts pondered, compared and propose solutions to the complex and ethical requirements of modern day "compliance". Brilliant presentations by all. Given the limit of being one attendee, special kudos to Bob Frelinger and Jonathan Fox (Sun Microsystems), Michael Rasmussen (Forester), Steve Mar (Microsoft Corporation), Marios Damianides (Earnst and Young) and Al Schmidt (Arch) for their added constructive advice regarding pragmatic steps with positive business impact towards meeting regulatory compliance. Also noteworthy was their shared personal reach to the member audience, providing attention to their unique requirements. All presentors were excellent. Great efforts on the part of all OCEG board members made this conference a fanstastic two days experience. Many thanks! With the next gathering scheduled in Califonia, PB&SP will certainly be there in both spirit and contriubtion. Some highlights: Dan Swanson's released Interal Audit Guide Evaluating a Compiance Ethics Program What people are saying about the OCEG IT Forum: "As a founding member of OCEG, we support OCEG’s mission to provide resources to help accomplish governance, compliance and risk management activities in a manner that protects and enhances business performance,” said Lee Dittmar, Deloitte Consulting, LLP. “The OCEG IT Forum is an important part of this mission, as information technology plays a critical role in enabling efficient and effective governance, compliance and risk management." “OCEG has emerged as an invaluable resource for organizations looking for practical and objective information and guidance,” said Michael Rasmussen, VP of Risk Management, Forrester Research. “The OCEG IT Forum is a welcome addition to their already impressive collection of activities. Whether you manage, use, sell or add value to technology, the OCEG IT Forum should serve as a valuable resource.” “Technology and the operational advantages it can facilitate will clearly play a material role in any organization’s successful adoption of effective governance, risk and compliance practices, said Scott Mitchell, CEO of OCEG. “The OCEG IT Forum will serve as a lightening rod for companies, technology suppliers and regulators seeking to benchmark themselves and perfect their practices and policies.” “Qwest understands better than anyone that technology plays a central role in every facet of an effective business. We will be looking to the OCEG IT Forum as one more trusted source of information on this strategic topic” said Dave Heller, Chief Ethics & Compliance Officer and VP, Risk Management at Qwest OCEG IT Forum 2006: Events, conferences and publications
|
||
SPIN (PB&SP roundtable) December 8, 2005
Sorry we missed you: here's the handout
|
Special Advisory: Due to a construction project, the Crosby Drive entrance to MITRE might be closed on the night of our meeting. Please use the Route 62 entrance. For directions, go to http://www.boston-spin.org/directions.html Software Process Improvement Network (SPIN) Meeting Announcement Topic: The Economics of Software Process Improvement Speaker: Capers Jones Successful process improvement is of necessity a multi-year activity. It is not inexpensive, and costs of more than $15,000 per capita have been observed in large software organizations. However when done well, process improvements yield a positive Return on Investment by means of improvements in quality, schedules, costs, and customer satisfaction at the same time. This talk discusses the specific costs and schedules of undertaking a process improvement program, and the specific kinds of benefits observed. The talk is based on empirical observations within companies that have undergone process improvement programs. About the Speaker: Capers Jones Capers’ has been in software engineering and management since 1965. His background includes 12 years of technical and management work at IBM in San Jose, California where we won an award for his work in improving software quality. He was also Assistant Director of Programming at the ITT Programming Technology Center in Stratford, Connecticut. Throughout his career Capers has focused on the need for accurate measurement of software productivity and quality as a precursor for improving software processes. Accurate measurements are also critical for accurate planning and estimation. For his contributions to software measurement technology, he was awarded a lifetime membership in the International Function Point Users Group (IFPUG). In 1973 Capers designed IBM’s first software cost estimation tool. He also designed software cost estimation tools at ITT. In 1984 he founded Software Productivity Research. SPR is one of the pioneering companies in both software cost estimation and also software assessments and benchmarking. SPR’s commercial estimation tools include SPQR/20© in 1985, Checkpoint™ in 1990, and KnowledgePlan© in 1995 all of which were designed by Capers Jones. About the Roundtables: Roundtables are focused group or "birds-of-a-feather" discussions, with a Facilitator to stimulate and moderate discussion. These discussions are held during the Networking portion of the SPIN meeting, before the speaker. 1) "Defect Triage Techniques facilitator.": Erik Hemdal 2) "The importance of capturing IT controls in a process map." facilitator: Robin Basham, Phoenix Business & Systems Process, Inc. 3) "Project Management Professional (PMP) designation ... and how does that fit with CMM?" facilitator: Steve Hannigan 4) "Key Legal Issues Facing Application Service Providers." facilitator: Maria Recalde, Sheehan, Phinney, Bass + Green, will highlight legal issues faced by an ASP. Issues include scope of services, service levels, fees and payment terms, express and implied performance warranties, intellectual property and other proprietary rights, termination rights, operational issues, warranty and liability limitations, and dealing with confidential information. Please join us for these discussions and share your experiences and challenges with other software professionals from New England. We look forward to seeing you on Tuesday, December 13, 2005. Boston-SPIN needs roundtable facilitators who are interested in professional networking opportunities to exchange their experiences, and ideas with area software professionals. SPIN roundtables provide fresh perspectives on technical, management and career issues. The roundtable sessions are a great opportunity to get to know your peers at other companies. Each month, SPIN offers small roundtable discussions on up to four topics. The roundtables run from 6:00 to 6:45 pm preceding our main speaker. Facilitators are invited to suggest a topic or select from a list of roundtable topics requested by SPIN members at http://www.boston-spin.org/roundtables.html. We have openings for facilitators at upcoming meetings in December, January and beyond. For more information, please contact our roundtable coordinator Chuck.Anastasia@abaqus.com to request a copy of our facilitator guidelines. |
||
FENG / TENG Here's the presentation
|
Our next TENG Boston meeting will be held on Thursday, September 23, 2004, from 6:00 PM to 8:00 PM at the offices of Winter Wyman & Company, 950 Winter Street, Waltham, MA. See directions below. Documenting IT Controls Compliance: Where Do We Begin? IT Control Process Documentation may sound easy, but it is really very complex. Strategies that reduce complexity include:
Focus on Reporting Robin Basham, our presenter for the evening, is Founder and CEO of Phoenix Business & Systems Process, Inc. (PBSP). She has extensive experience in business process, staff development, and technology leadership across multiple industries including Financial Services, Insurance, Telecommunications, Major Media, Medical and Retail. She is now recognized as a leading authority and thought leader on IT governance, CobiT®. Sarbanes-Oxley 404 and it’s implications of IT organizations. Her experience also includes Process Engineering and IT leadership at CTC Communications and State Street Bank. |
||
Boston Business Journal Announcement: Making Process Real |
|||
