A Report on the IT Security governance In Microsoft, USA

Prepared For: The CEO Mr. John Smith.

Page 1 of 20

Executive Summary

The IT Governance of Microsoft is discussed in the forth coming topics. The implementation of IT Governance in the IT environment to attain maximum efficiency with least resources and complying with the governance regulations by the government. The exposure of CobiT is discussed with relevance to the domains with the existing infrastructure at Microsoft. Microsoft IT Governance which is most structured on the MOF process and team model, the MSF model which is the core to structuring the IT Governance. The BPIO and APIO models define the Infrastructure Optimization to run the business at low total cost of ownership (TCO).

Page 2 of 20

TABLE OF CONTENTS

Page

Executive Summary i 1. 2. Introduction.1 Process Assessment1 2.1) 2.2) 2.3) 2.4) 3. Plan & Organize1 Acquire & Implement2 Deliver & Support..3 Monitor & Evaluate....4

Process Relevance...4 3.1 3.2 3.3 3.4 Plan & Organize.4 Acquire & Implement.6 Deliver & Support...7 Monitor & Evaluate8

4. 5. 6. 7.

Conclusion9. Recommendations10. References.11 Appendix..12 A- Figures..................12 B Journal.14 C Tables..16

Page 3 of 20

1. INTRODUCTION
Microsoft Corporation is a 44,282 million revenue generating company which is number one and most important software company in the world well known for its variety of products and services, which include its Windows operating systems and Office software suite, video game consoles, interactive television, and Internet access. It was first founded on 4 April 1975 in Albuquerque, NewMexico, USA. The chairman William H. (Bill) GatesIII, CEO and Director Steven A (Steve) Ballmer and COO B.Kevin Turner. It has a diversified employee force of 71,172 maintaining a diversified corporate culture and making space for every individual thinking. The business model adapted by Microsoft is a low cost high volume business model which supports local economic development. From beginning they have been developing easy-touse softwares to enable even non technical users to implement the resource with out extensive training. Its Graphic User Interface model of Windows had revolutionized the market of software to enable the most of the markets to make use of this technology and penetrate into the technology further and realize their full potential. Bill Gates has said our success comes from our passion for creating value.. The main competitors for Microsoft are Google, IBM and Oracle. Microsoft's software and the combination of Intel's hardware outraged the computer industry. The company became a leader in microcomputer programming languages, Microsoft gained more recognition with the introduction of DOS in the IBM PCs and MS DOS in the nonIBM PCs in 1981 later with the version release of the windows operating system was a success.

2. PROCESS ASSESSMENT
2.1 Domain PO- Plan & Organize Microsoft uses its IT infrastructure as its strategic asset and the critical foundation upon which it can deliver it services uninterruptedly with effectiveness and succeed. Microsoft categorizes itself in between the standardized and rationalized model of the IO model. This is intentionally to show how the medium scaled can upgrade and maintain them with such an environment which is a challenging environment of threats and work load. The products developed by Microsoft is first released as the beta version and tested internally within the IT infrastructure and check for the feedbacks from the employees and also implemented in the external client environment. These feedbacks are then analyzed and then rectified this process is an ongoing process till the stability of the original product which is ready for release after all modification. Microsoft considers its feedbacks as positive comments as the deficiency is inevitable. IT investment is considered as an asset rather than an expense. This is proven with the total cost of asset which is very low as 13.7% approximately. Microsoft develops its own required tools for development of its products. Like it has developed the visual studio 2005 for their development of their software products by their OEM IT centre group. The Entertainment and device division was automated with the SAP R/3 ERP system to seamlessly make transactions of documents between the internal and external sources and its partners. The deployed the Microsoft BizTalk server2006 and the Microsoft BizTalk adapter

Page 4 of 20

v2.0 with the MYSAP Business suite. This extensively made their process of handling data and document transfer more efficient and flexible. 2 The MOF risk management system defines in six core process of identifying, analyzing, prioritize, plan and schedule, track the report, controlling and learning. Managing the projects at Microsoft is the same as the common traditional way used in the other organizations. The Microsoft defines its information architecture for its employees for the availability of the information in the internal processes like the RSS feeds and the IT Web, Web vista and the Technet to search require contents for the developing the new products and better services. The Microsoft content management server (MCMS) which is dedicated for the internal processes for information. Later the IT Web was later migrated to the sharepoint server2010. For the quality management the Microsoft has implement few build in programs developed by their own software programmers. The Microsoft SQL Server2000 along with the self developed reporting programs were implemented for the sales reporting system but there was problem with the time taking with this system. So later on the software department developed and implemented the centralized reporting system (CRS) application which uses the SQL Server 2005 integrated with the (SSIS). The Dash Boards and the Score cards provide business performance evaluation and analysis which was developed for the Microsoft by their own software programmers. 2.2 Domain AI- Acquire & Implement MOF process model defines the structured architecture, rapid life cycle and iterative improvement, Review driven management, embedded risk management. The MOF Team model defines the model in seven distinct role clusters the recognize as the functional roles where IT operations are performed with particular staff members or the groups are performing the activities with a common goal or vision of service. The Microsoft acquires the technology of its own product software which mostly runs on the beta version that is to product in the market. The Microsoft visual studio2005 was developed by the OEM IT center division to have the system tracking, defect tracking, version tracking and test case management. Microsoft uses the web, mobile applications for using throughout the organization. This software integration develops the clients and server communication that helps the project management coding source control and the building and testing of its implementation and software integration also helps in saving the time and efforts and the money in developing new software application and its projects. This software developed is widely used in the development of all the software development. Microsoft has provided an application platform that needs the different requirements for different developers and the different development teams. Microsoft Company has a huge list of its application, one of these applications, Microsoft ASP.NET that use for the web development project as add-in features. So these applications come under as Microsoft .NET framework. Microsoft.NET is also widely used for the development of the Web based designing. These technologies are also used widely in the market for the developing of Web site. Microsoft has procured the SAP R/3 application for integrating its data storage and retrieval For the Entertainment and Device division for the transfer of business documents from its external partners and has developed the BizTalk server and BizTalk Adapter to the SAP R/3 business suite. The SAP R/3 along with the Microsoft Biztalk Adapter developed by the Microsoft OEM Division for integrating the system for data retrieval and coordinating with

Page 5 of 20

the business process. This adapter is a Microsoft self developed server which integrates the business process and automatically update the business process and relate them with similar 3 business document. The advantage of this server does not require any development code to transfer the intermediate documents and business application program etc. It also works for both the incoming and out going documents in BizTalk. As Microsoft were using the Share point portal server to implement in its applications for the business growth, so since it was not getting enough benefits from its business. Then Microsoft implemented the Infoweb team to give better solution and efficient way to control and automization of the process. So the Microsoft implemented a really simple syndication (RSS) to support its user and the basic performance of business. 2.3 Domain DS-Delivery & Support Microsoft has categorized its products into three main categories as the Windows Client, MSN and Server and Tool groups as the Microsoft Platform Products & Services Division; the Information Worker and Microsoft Business Solutions groups as the Microsoft Business Division; and the Mobile and Embedded Devices and Home and Entertainment groups as the Microsoft Entertainment and Devices Division. Microsoft implemented the SQL sever 2005 for data mining, extraction, analytical applications, online analytical processing (OLAP) transformation and loading the ETL and data warehousing. This was later integrated to a share point server for centralized operation. Microsoft is very particular of its codes and practices. Integrity, honesty, openness, personal excellence, constructive self-criticism, continual self improvement, and mutual respect and are accountable to the customers, shareholders, partners, and employees by honoring their commitments, providing results, and striving for the highest quality are the values realized by Microsoft commitment to deliver the best and reliable products and services globally for easy to use concept and penetrating into the market. MSF is a framework for the process of delivering high quality business driven technology solutions. BPIO model defines how the people can work together to increase the business insight by providing the required information and secure and manage the data. Microsoft plans for providing innovative products and services for the world at an affordable cost. The APIO is a managerial aspect of to provide directions to develop infrastructure, technologies to develop adaptable and connected systems with a more flexible and scalable application platform. The MOF service management functions (SMF) to attain mission critical systems reliability, availability, supportability, and manageability of IT solutions by guiding to the courses, services, guides, and other media that enables the organization. Microsoft has to backup its data which is estimated up to 1.8 million giga bytes and has an annual increase by at least 30%. Microsoft has planned to centralize its data storage backup to reduce the costs of storage. Their was more complaints of data loss as the storage was done traditionally on tape media which was then planned then to chose the disk type storage media for better results. Microsoft provides higher level of security to its clients and consumers. It has high level of automated security applications which developed in Visual Basic programming. Here, its client and consumer do not need bother for the security risk because Microsoft applications automatically update the security application of windows vista and in other applications.

Page 6 of 20

Microsoft has also developed application programs that can prevent the virus attack during the development stage of programming. This application program helps the organization widely as there is an increasing risk of virus attacks. 4 2.4 Domain ME- Monitor & Evaluate The MOF Operations Management Reviews (OMRs) are formal review processes about the appropriate stakeholders. They are performed to check the performance and maintain quality in the IT services. It is used as a tool for assisting the IT managers for improving their services. Microsoft has implemented its own monitoring and evaluation server to improve its process. Microsoft Operations Manager (MOM) server monitors the event management, software distribution and the data. This server does not only search for the data but also monitor the compliance, security and its policies. It also provides a ticketing system. After updating System Management Server (SMS) 2003, The Microsoft was more efficient in compiling the process for its new network request process and able to update the Network computers. It has an advantage of making a log of the un-updated systems on the network and which make them update when the next time, server runs and completes the remaining updating of the systems connected to the network. This whole process keeps the work flow in a non hierarchy and high service levels. The management and the IT Division needed a dedicated software tools which would give them the metrics and performance of the business. For this they have developed the centralized share point server to generate and collect data for the reports and the survey of their products and services. The specially developed tools like the Dashboard and the Scorecard is a very effective tool for the managers to analyse the performance and investment scope. How far the investment can be made and how beneficial the business would make to the organization. The Human Resource is also a competitive challenge to be updated with the performance of the employees. Monitoring the employees compliance with the organization codes and framework. The Infoweb is a dedicated server where the clients, customers, the partners and others can be observed with the statistics of the visiting websites and the value comments on the product and service. The other site IT web is the other site maintained by the employees search for the technology problems and purchasing of the equipment. The request of the employee for the requirement is used for statistical data for the determining of the requirements and investment deployment for which scope of area. Microsoft implemented the client side content management system since it was becoming difficult for the archiving of data. Continuous monitoring of the data flow and storage of the data. The infoweb is a self interactive website were customers, partners and the employees could post their content. Hence the provision of client side data content management tools were provided so that the publisher could decide weather the content has to be achieved or to be erased. The publisher is given the choice to select the date of expiry of the content. After the date of expiry the content would be achieved or could be deleted automatically.

3. PROCESS RELEVANCE
3.1 Domain PO- Plan & Organize

Page 7 of 20

Microsoft is a very well defined and organized with its IT plan and strategy. The IT scenario from the figure [Appendix A 1,2] shows the complete task of the IT environment and the IT Performance figure gives a clear picture of how well the IT infrastructure and strategy has 5 proven very good results. The financial figures Appendix [C] also show very low Total Cost of Ownership which shows substantial evidence of the output of using IT in the right direction and the right way. A detailed survey is carried over before the project is taken up regarding the time required, the financial expenditure on the implementation and the development of the product. Detail surveys regarding the requirement of the product are made with their existing users. In fact most of the products are developed with the necessity when raised and when required. Well planned so that there is very little deviation from its expected output. Many of the internal requirements were developed for their internal requirements. Which were marketed later. Educating the current technology to the employees is their foremost priority of the Human Resource to keep updated with the current knowledge. They have their internal sites which give the employees of the recent issues internal mailing, webcast, podcast, training sessions, RSS, TechNet which keep them well in touch with the current situations. This is a way the Human Resource maintains and retains their employee by creating Competence and constant training. For assessment of the current situation and performance of the business and their products and services they have internally developed software. Dashboard, the Scorecards and other such automated reporting system which analysis the performance of the business, sales and financial performances and the products and services. Generally Microsoft does not face much problem with the acquiring and implementation of the softwares and licensing or financing for the softwares since it runs mostly on the beta version which is in testing. Microsoft classifies its IT Governance as per the infrastructure optimization as in between the standardized and the rationalized models. Though being such a big organization it chooses to run its infrastructure on this model since the situation is more challenging and realistic in the outer world which is striving to develop a better IT environment for other organizations. Hence it motivates the organizations with its performance to be motivated to get IT in its environment and channelize and its IT infrastructure and IT Governance. Microsofts IT infrastructure optimization is by itself a tactical plan which is well designed model. The MOF process and team model, the MSF and the IO model is a well built complete portfolio management. [For MOF Team model refer Appendix A figure 9] Microsoft has introduced the ITWeb which is the first stop internal website where a good resource for the employees to search for the technical data problem or for purchasing an equipment. Infoweb is another resource for all the internal and the external visitors to the site regarding its products and services, partners, programs and other issues. Microsoft is planning to concentrate more on web based and Internet television which capturing the market gradually. It is the long term goal and invested as an asset for future returns. Microsoft since uses its own developed software beta version it hardly faces problems. Microsoft has established an OEM Division IT Center of Excellence to manage and develop, deploy and guide to the IT requirements and compliances. [For IT project life cycle refer Appendix A figure 6] The following figures give the brief idea of the IT structure at Microsoft and the roles and responsibilities. [For IT structure model refer Appendix A figure 4, 5]

Page 8 of 20

The PO6 under the plan and organize Domain, communicate management aims and direction is covered by the MOF Team model which describes as the CobiT structure.

6 The Human Resource at Microsoft has clear practices stating the recruitment process, the contract period of hiring, the renewal of contract in hiring, and the code of ethics, the termination policies, the remuneration package, training and other such practices. Risk management in the Microsoft is lively as the risk is managed at every level. Infact the system is proactive that it hardly gets to encounter any risk in its environment. [For risk management model refer Appendix A figure 8] The Manage projects are mostly covered in the Operations Management Review (OMR) of the MOF process and team model. 3.2 Domain AI- Acquire & Implement Microsoft least faced problems with updates to its systems which is maintained by a dedicated server. The communication server which is dedicated for internal communication and external interaction is dedicated with the use of single layer spam control, the implementation of malicious code like the viruses, worms etc. which are detected and eliminated. Microsoft uses a third party anti spam and anti virus which was filtering out the virus and spam. But later on it was upgraded to the Exchange server 2003.which eliminates all the spam and virus. The security level is enhanced with this system for only to the user and the sender of the file or mail since it is encrypted. To analyze the risk events are logged into the servers which are consistently monitored and reports are generated for analysis. But potentially Microsoft is facing fewer problems towards this. In the Microsoft systems management server (SMS) can recognize up to 5 images. In the event of problem it simply removes of the image and loads with another image which saves time from recovery. An automated solution was obtained for the entertainment and Device division for exchanging business documents between the external parties and the internal groups. For which the SAP R/3 ERP was introduced with the custom Microsoft BizTalk Adapter V2.0 which can communicate and also has the ability to relate business documents. Never the less Microsoft uses software for its operations but it mostly runs its entire IT on the Beta versions. The Microsoft OEM Divisions OEM IT Center of Excellence came up with the Microsoft Visual Studio which is single fully automated platform developed for programming purpose, managing the software, testing, bug tracking and code source control. Application Platform Infrastructure Optimization model of Microsoft describes the concepts within the CobiT AI03 Acquire and Maintain Technology Infrastructure of the Domain Acquire and Implement. The Microsoft Solutions Framework (MSF) and the Services Management functions (SMF) describe the concepts of the CobiT AI4 Enable Operations and Use of the Domain Acquire and Implement. The CobiT AI5 Procure IT Resources from the Acquire and the Implement is defined the same fashion of the Microsoft Operations Framework process model And also covered partially in the Application Platform infrastructure optimization model. The CobiT AI6 Manage Changes of the Domain Acquire and Implement describes the following Change Standards and Procedures, Impact Assessment, Prioritization and Authorization, Emergency Changes, Change Status Tracking and Reporting, Change Closure

Page 9 of 20

and Documentation in the Microsoft Operations Framework of process and team and the Business Productivity Infrastructure Optimizations model. <www.isaca.org/cobit, viewed on date/month> 7 The Services SMF of the MOF, Operations Management Review (OMR) and the software development cycle overview explains the framework approach towards Change Closure and Documentation, Test, Plan Implementation Plan, Test Environment, System and Data Conversion, Testing of Changes, Final Acceptance Test, Promotion to Production, Software Release, System Distribution, Recording and Tracking of Changes, Post-implementation Review. CobiT AI7 Install and accredit solutions and changes of Domain Acquire and Implement. [For SMF model refer Appendix A figure 7] 3.3 Domain DS-Delivery & Support The Service Management Functions of the Microsoft Operations Framework (MOF) and the Microsoft Solutions Framework (MSF) describes the service levels and the structure, policies to be defined for developing and providing services. Which covers widely service level management framework, defining the services, service level agreements, operating level agreements, monitoring and reporting of the service level achievements and the review of service levels agreements and contracts. Microsoft keeps track of its suppliers in the aspect of its identification of its supplier relationships, supplier relationship management, supplier risk management, and the supplier performance monitoring by the Microsoft Operations Framework Process model. The Manage performance and capacity DS3 of Delivery and Support Domain is covered in the APIO and BPIO model frameworks where the performance and capacity planning, current capacity and performance, Future capacity and performance, IT resource availability monitoring and reporting of the capacity and performance. The OEM IT Governance Division as established by Microsoft for being responsible for these activities. Ensuring of continuous of services is defined in the Services Management Functions of the Microsoft operations Framework (MOF) process and team model. [For MOF team model refer Appendix A figure 9] IP security was well used for long but with the problems of time consumption of the password and logging in made it less used later the cross domain server was introduced with the Microsoft server2003 and ADFS. The MOM was automated with the MBSA and the SMS to reduce the ticketing alerts with omission of the duplicate or multiple alerts from the same device by unifying the source of alert and rectifiers concentrating on the problem. Microsoft developed automated reporting and performance measurement tools which are specific for generating business reports and performance which give the metrics and statistics of the performance. The sales finance and accounts have automated softwares which generate reports and key indicators like the Scorecard, Dashboard and other customized formatted report structure for the analysis of the performance. Microsoft trains its product users in various methods like publish of books, guidance by web cast, podcast and seminars, by employing training partners for educating the people. It introduced even certified examinations which valuable for the software industry in the process of hiring criteria. It also arranges training for implementing and deploying of its softwares on the client site. Microsoft has a customer service division where it takes the queries of the customers and logs the data into its database and is evaluated and problem of the client is rectified. Even a web

Page 10 of 20

based communication site called the infoweb is provided by Microsoft to interact with the clients, customers, partners and others interested in the company. Microsoft introduced its network with the MOM 2005 connector framework which is dedicated to locate and rectify the problems emerging from the network 8 The data was stored traditionally on the tape media but which has more reports of data loss so the Microsoft plans for a new concept of centralized data storage on disk based systems, which is more cost efficient by reducing the offshore offices. The data integrity is well classified for data such as for the information dedicated servers and webs and application development servers for the programming. For the web based data archiving tools were provided at the client end side for the infoweb as the complete content management system. 3.4 Domain ME- Monitor & Evaluate The Domain Monitor and Evaluate with the process Monitor and Evaluate IT performance covers the topics, Performance Assessment, Remedial Actions, Board and Executive Reporting, Definition and Collection of Monitoring Data, Monitoring Method, Monitoring Approach. The process Monitor and Evaluate Internal Control covers Monitoring of Internal Control Framework, Supervisory Review, Control Exceptions, Control Self-assessment, Assurance of Internal Control, Internal Control at Third Parties, Remedial Actions. The process Ensure Regulatory Compliance covers Identification of Laws and Regulations Having Potential Impact on IT, Optimization of Response to Regulatory Requirements, Evaluation of Compliance with Regulatory Requirements, Positive Assurance of Compliance, Integrated Reporting. The process Provide IT Governance covers Establishment of an IT Governance Framework, Strategic Alignment, Value Delivery, Resource Management, Risk Management, Performance Measurement, and Independent Assurance All the above processes and its elements are well defined in the Microsoft Operations Framework process and Team model and the Service Management Framework within the MOF model, The Microsoft Solutions Framework, The Application platform infrastructure optimization model and the Business Productivity infrastructure model. The SMS 2003 server monitors and updates all the systems with the current images and logs in the systems which have not updated and will get updated automatically in the next round of the updates. Updates includes the asset management, policy settings, compliance monitoring. Monitoring of the spam viruses, blocking list, phishing filter within the Exchange server 2003 SP2. The managers are equipped with the automated softwares which feeds them with the report catalogs, the key process indicators like the Dashboards and the Scorecards. The tools provided in the Share point Server acts as a centralized managing system for all report bases. Monitoring of the employees by the Human resource is carried out so that a required set of intellectual capabilities are achieved. Monitoring periodically the performance of the employees, attitude code of conduct and the code of ethics is maintained by the employees. The policies and the regulations monitoring is carried out with an automated dedicated server of the clients, customers, partners and products and services. The regulatory compliance is carried out with an automated server which checks for the updation and validation of its softwares and updated. The IT Governance is closely monitored for any changes and future up gradations for further planning of the resources and requirements. [For IT progress report refer Appendix A figure 3] A network of the communication dedicated for the customers, employees, partners, clients, stakeholders and others to feed their comments regarding the services and the products, their requirements. These reports are utilized for monitoring its performance and interest of the

Page 11 of 20

external parties in their organization and evaluating for a better process and products and services.

4. CONCLUSION
The analysis of the findings and the reports show that there is a great deal of pressure in the implementation and realization of IT governance. With the growth of the company the IT infrastructure has to grow with the introduction of new technologies and changing environments compel to cope with the demand of requirements of the employees for better working environment such as the availability, access of information, person, partners, groups, resources at any time and place, with taking every risk into consideration of doing the process in the right way and maintaining confidentiality. The introduction of a proper and justified IT Governance framework would satisfy the needs and demand rising eventually. The organization has to well comply with the government governance policies when and ever released. The view of having the risk management at the top priority. The IT Governance at Microsoft is described in five basic divisions that are the Microsoft Operations Framework (MOF) process and team model, The Microsoft Solutions Framework (MSF) and the Business productivity infrastructure optimization model (BPIO) and the Application platform infrastructure optimization (APIO). These frameworks and models fully satisfy the CobiT model of framework. Which is a well justified and optimized model for IT Governance at Microsoft Corporation.

Page 12 of 20

10

5. RECOMMENDATION
The basic IT Governance is being satisfied widely but there is also a need to implement of the necessity of the requirement of the product or services. Being a proactive IT Governance and initiative organization the need to actually survey and find out weather a product is really necessary. Taking an opinion from the windowsitpro website hey windows blog. As in the case of Windows vista though the product is innovative and has very good features it does not seem to have been launched in the right time. Since the market is seeing for a stability in the product. Else the solution of add-ins or plug-ins for the previous could have been introduced so that there would have not been an unexpected outcome. Though the product is good the market is not in a situation to use. Hence it must also be seen that the right time and feedback also has to be monitored by the management.

Page 13 of 20

11

6. REFERENCES
http://www.answers.com/topic/microsoft http://en.wikipedia.org/wiki/Microsoft http://www.microsoft.com/technet/solutionaccelerators/cits/mo/mof/default.mspx http://www.microsoft.com/technet/solutionaccelerators/cits/mo/mof/moftml.mspx http://www.microsoft.com/technet/solutionaccelerators/cits/mo/mof/mofpm.mspx http://www.microsoft.com/technet/solutionaccelerators/cits/mo/mof/mofrisk.mspx http://www.microsoft.com/technet/solutionaccelerators/cits/mo/smf/default.mspx http://www.microsoft.com/technet/solutionaccelerators/cits/mo/mof/omr/default.mspx http://www.microsoft.com/technet/infrastructure/default.mspx http://www.microsoft.com/technet/itshowcase/content/iotsb.mspx http://www.microsoft.com/technet/solutionaccelerators/cits/mo/default.mspx http://viewer.bitpipe.com/viewer/viewer.do http://www.windowsitpro.com/Blog/index.cfm?Action=BlogIndex&StartRow=11&MaxRow sPerPage=10&Total=23&DepartmentID=1054 http://www.microsoft.com/mba/facts.mspx John Willey and sons publication management challenges in successful strategies and appropriate action.

Page 14 of 20

12

APPENDIX A. Figures

Microsoft IT Environment
300,000+ PCs and devices 108,000+ e-mail server accounts 1.9 Tb Db Single Instance SAP

Dublin Dublin Redmond Redmond Tokyo Tokyo

92,000 end users 96 countries 9.5M+ remote connections/month

Singapore Singapore

3M+ e- mail messages per day internally

99.99% availability

466 buildings

Figure 1

Microsoft IT Environment
Apps Single Instance SAP 2,000+LOB apps Incident Mgmt 90K help desk calls/month 7K infrastructure Service Requests/month 6K changes/month Phones 11M campus calls/month 6.3 M PSS calls / month Locations 400+ sites 25% Internet only connect

Monthly Remote Access 45K RAS 49K OWA 18K RPC over http

E-mail 8.5M inbound mails/day 7.5M inbound mails filtered / day

Figure 2

Page 15 of 20

Microsoft IT Progress Report Consolidation Manageability

30% reduction in infrastructure servers 51% reduction in Exchange Servers 7 sites with Exchange servers (was 74) MOF asse ssment average 4.2 (was 1.5) MOM 2005 for monitoring Alert to ticket ratio = 87% 200:1 server to site servi ces person ratio

Network
IPSec require mode across network ISA Proxy based quarantine 108 office s connected via Internet IP PBX

Applications
Re sponse Management ManagePoint Customer Explorer Busine ss Intelligence

figure3

Organizational Structure
Regional Functions
SiteManagement Data Center Ops

Central Functions
Datacenter Messaging Netw ork 3 TierSupport

Helpdesk

Operations strategic
Service Management
Solid to CIO Dotted to CIO

Program Management
Account Management Engineering

SRC

Figure 4

Business Unit IT Model

Corporate groups Sales and Marketing Business Segments

Finance, HR, LCA

Operations

Sales and Marketing

Services

Server & Tools

OEM

Ad min Ad min IT IT

OPS IT

XIT XIT

Services ServicesSales IT IT IT

MBS IT

Server & Tools IT

H&E IT

OEM IT

MSN IT

Enterprise Apps Planning, Architecture, and Governance IT Infrastructure Information Security & Privacy

Figure 5

Page 16 of 20

MSN

MBS

H&E

IT

Figure 6

13

Figure 7

Figure 8 Page 17 of 20

Figure 9 14 B. JOURNAL This report is based on the search for the IT Governance process at Microsoft Corporation. The search I have begun with the insight of the company details which I could find at these web sites was very helpful for my findings. I got extensive background of the company which I read from the website of wikipedia http://en.wikipedia.org/wiki/Microsoft on the 10 April 2010 where I had to spend two hours to read and get more details and history of the organization. There after the following day on 11 April 2010 I spent more time around two hours reading more about Microsoft at the web site of Answers http://www.answers.com/topic/microsoft where I could get a detailed history of the Microsoft corporation and its leaders. The journey of their business and the stock market. On 13 April 2010 I revisited the website of Answers.com and spent one hour concentrated on the products and investment and financial background. The findings were interesting. The Microsoft corporation website www.microsoft.com was a good help for find out more details of the assignment where from I could get the major content and findings of the assignment of IT Governance process assessment and relevance with CobiT. I spent time on the 15 April to download the CobiT PDF file from the website of www.isaca.org/cobit. It took me four hours time to understand the concept of IT Governance. I could get to know the exact structure of the Organization Goals, Business strategies, the process of performing their job, their Human Resource and Their relationship with the partners, stakeholders, employees, customers and clients. The great deal of information which I read at their website was informative. I had to spend nearly twenty two hours for the information from the 16 April 2010 till 20 April 2010. The topic of IT Governance raised many doubts like weather the organization needs to have implemented CobiT or it was not necessary for the organization to have implemented the

Page 18 of 20

CobiT Governance model. With the Guidance from the usqconnect website discussion board I could get enough guidance which was posted on it and to the solutions provided by Prof. Aileen Carter Steel. Mrs. Preeti Kesavan our module faculty had been very helpful for guiding in the assignment in understanding the right direction since the topic is too wide to understand the concept. On the 22, 23 April 2010 I spent eight hours reading the Microsoft Governance models from their websites. The Microsoft operations Frame work which defines the IT Governance at Microsoft described as five basic divisions which I had read in the later part and spent time for the Microsoft Operations Framework (MOF) process and team model, the following day I spent two hours reading the Team model of the Microsoft Operations Framework. I kept searching and reading in depth of the other models like the Operations management Review (OMR), The Service Management Functions SMF, The Risk Management system of the MOF. The following are the brief of the findings. I spent 34 hours from 24 till 30 April 2010. MOF process model defines the structured architecture, rapid life cycle and iterative improvement, Review driven management, Embedded risk management. The MOF Team

15 model defines the model in seven distinct role clusters recognize as the functional roles where IT operations are performed with particular staff members or the groups are performing the activities with a common goal or vision of service. The MOF risk management system defines in six core process of identifying, analyzing, prioritize, plan and schedule, track the report, controlling and learning. The MOF service management functions (SMF) to attain mission critical systems reliability ,availability, supportability, and manageability of IT solutions by guiding to the courses, services, guides, and other media that enables the organization. The MOF Operations Management Reviews (OMRs) are formal review processes about the appropriate stakeholders. They are performed to check the performance and maintain quality in the IT services. It is used as a tool for assisting the IT managers for improving their services. From the following links of the Microsoft web site http://www.microsoft.com/technet/solutionaccelerators/cits/mo/mof/default.mspx http://www.microsoft.com/technet/solutionaccelerators/cits/mo/mof/moftml.mspx http://www.microsoft.com/technet/solutionaccelerators/cits/mo/mof/mofpm.mspx http://www.microsoft.com/technet/solutionaccelerators/cits/mo/mof/mofrisk.mspx http://www.microsoft.com/technet/solutionaccelerators/cits/mo/smf/default.mspx http://www.microsoft.com/technet/solutionaccelerators/cits/mo/mof/omr/default.mspx On the 1 April 2010 I spent four hours reading about the Microsoft Solutions Framework (MSF) and on the following days 2, 3 April 2010 I spent my time 7 hours in reading the book John Willey and sons publication management challenges in successful strategies and appropriate action. I spent fourteen hours reading and understanding on 4, 5 and May 2010, I gathered material on the infrastructure Optimization which is the Business productivity infrastructure optimization model (BPIO) and the Application platform infrastructure optimization (APIO). It took me to understand and analyze the models and their implementation which can be summarized as The APIO is the infrastructure optimization model which defines how to deliver a more flexible, scalable application platform. It can guide to develop the

Page 19 of 20

infrastructure, technologies and tools needed to build connected and adaptable systems. And about the BPIO model BPIO model defines how people can work together, provides directions for securing and managing content and enables workers to find information easily and improve the business insight. http://www.microsoft.com/technet/infrastructure/default.mspx http://www.microsoft.com/technet/itshowcase/content/iotsb.mspx http://www.microsoft.com/technet/solutionaccelerators/cits/mo/default.mspx http://viewer.bitpipe.com/viewer/viewer.do I spent 10 hours on 6, 7 May 2010 to check the wall street journal website www.wsj.com for the journals and important articles published on Microsoft and its competitors and partners, the bitpipe website www.bitpipe.com journal, the tech republic website www.Techrepublic.com for the whitepapers and journals for more details of the IT Governance. This website on the windowsitpro which provides a blog on the Microsoft drawback posted by various persons who have faced problems with the Microsoft products and services. 16 http://www.windowsitpro.com/Blog/index.cfm?Action=BlogIndex&StartRow=11&MaxRow sPerPage=10&Total=23&DepartmentID=1054 Though I could not get much information about IT Governance out of the journals posted. But it led me to more idea of the drawbacks and lacking of the organization. C. Table

Page 20 of 20