文章摘要:如果一个企业的实践经验,能够成为全行业的指导规范,这势必是值得分享的事情。中化集团实施的IT治理就是如此。作为中化集团IT治理的主导者,信息技术部总经理彭劲松告诉记者:“过去几年,中化集团不断通过IT审计完善企业内部控制机制,在IT治理。数字化转型网szhzxw.cn
如果一个企业的实践经验,能够成为全行业的指导规范,这势必是值得分享的事情。数字化转型网szhzxw.cn
中化集团实施的IT治理就是如此。作为中化集团IT治理的主导者,信息技术部总经理彭劲松告诉记者:“过去几年,中化集团不断通过IT审计完善企业内部控制机制,在IT治理上逐渐摸索出了自己的经验,现在我们正配合审计署把这些经验进一步总结提炼。”数字化转型网szhzxw.cn
2009年年底,审计署把中化集团确定为企业IT审计的试点单位,通过把中化集团在IT审计方面的成功经验总结提炼,最终融入审计署的相关指导规范中。
其实早在2008年上半年,审计署曾组织中国烟草总公司、中国石油化工集团、中化集团开展了信息系统审计调查。2008年下半年,审计署又组织中化集团及天津公司开展了信息系统审计项目,这是审计署第一次独立组织的信息系统审计项目。如今,中化集团凭借其信息系统审计实践,成为审计署的典型案例之一。
一、救火?救火!数字化转型网szhzxw.cn
作为国内最重要的国有骨干企业之一,中化集团业务包括石油、化工、化肥、金融以及房地产等多元化业务,下属有超过100家各种类型的大小公司,在海外还有四大集团。因为这样,支撑其运营的IT系统变得异常复杂。为了确保IT系统安全运行并使业务发展更加顺畅,相应的IT审计势在必行。数字化转型网szhzxw.cn
目前,中化集团已经建立起一套完备的承担全球各个公司业务的信息系统,其中以ERP系统为核心,包括内部办公自动化系统、分销管理系统、内部门户等系统在内的企业信息化平台,可以进行有效的业务管理和流程控制。但是要监控这些系统对信息技术部来说是一个极大的挑战。数字化转型网szhzxw.cn
过去发生技术故障,彭劲松总是要等事故发生后才从业务人员的反馈中得到信息,而且涉及大量人员,要进行电话逐一排查,不仅耗费大量的工作时间,还给相关部门造成了很大的被动,就像救火队员,火势最终是可以扑灭的,但是其带来的损失却难以估量。客观环境要求信息部门人员总是要守在电话旁边,寸步也不能离开,因为不知道什么时候业务人员或者财务人员就会打来电话。不管是业务人员下单发生问题,还是财务部报表生成不了,或者出现更严重的账目问题,都有可能造成全集团的重大损失。数字化转型网szhzxw.cn
二、用COBIT分析决策数字化转型网szhzxw.cn
在审计署计算机中心辅助审计处陈剑看来,企业实施IT审计的必要性通常来源于两点。其一,信息化进程的迅速推进,信息系统成为许多被审单位内部管理与控制的关键工具,因此,信息系统的可靠性、安全性已经直接影响审计工作的效率和质量。《审计署2006至2010年审计工作发展规划》提出“逐步开展对关系国计民生的重大行业、部门的联网审计,全面提高计算机应用水平”的要求。数字化转型网szhzxw.cn
其二,信息技术作为企业发展的重要支撑,投资额度不断加大,投资失败的风险日渐成了企业难以承受之重。为了有效控制IT运营成本,更好地提升企业价值,势必需要对相关IT活动加以控制。数字化转型网szhzxw.cn
对于中化集团这样规模庞大的集团企业而言,遍布全球的信息系统可能处处隐藏着一些盲点,它们随时都有可能成为企业的隐性漏洞而发生些许意外,如果发生大的意外,将可能造成无法挽回的损失。而企业的属性又决定了业务不允许被中断,并希望故障时间越短越好,越能提前预防越好。因此,如何在业务人员发现问题之前,对系统实施实时监控并预先对事故进行处理和解决,控制风险并治理好 IT,是中化集团需要解决的战略问题。数字化转型网szhzxw.cn
“IT治理的确有必要,它是一种完整的世界观和思维范式,它引导了企业正确的IT决策。”彭劲松说,“IT治理如同ERP一样是业界最佳实践的结晶,当然最终都需要落在具体的方法论和工具上,就像ERP最终会落在SAP/Oracle等厂商的系统产品上一样。IT治理的落脚点是通过COBIT进行表现与实施的。”数字化转型网szhzxw.cn
作为一个全面的内部控制框架,COBIT是一个在国际上公认的先进、权威的安全与信息技术管理和控制的标准。中化集团CIO彭劲松在此方面无疑是走在前列的。彭劲松告诉记者,他是最早一批参加了由ITGov(中国IT治理研究中心)主办的“基于COBIT的IT治理”培训,并获得由ISACA颁发的COBIT国际资格认证的人。数字化转型网szhzxw.cn
正是基于这些对IT治理的认识,彭劲松对传统信息化建设的思维范式也产生了突破性的转变。用他的话说,就是摆脱选产品、询价格、找解决方案的传统信息化建设方法,避免被供应商牵着鼻子走的局面,取而代之的是按照科学的方法,运用COBIT工具进行分析,来帮助中化集团信息技术部做项目决策。
三、流程分解 井然有序数字化转型网szhzxw.cn
然而,当彭劲松把COBIT引入中化集团后,情况的确有了改观。基于COBIT标准,中化集团把IT目标总共定义为 24个流程,然后对照自身企业需要达到的效果,从中确定其中4个流程的管理为实现目标,即确保连续性服务、管理服务台和事件、管理性能与容量、管理数据。数字化转型网szhzxw.cn
在整个分析和准备的过程中,每一份调研文档、每一次会议记录、每一个工作流程都严格按照COBIT的方法备案或执行。中化集团经过一段时间的“自我诊治”,将以上4个流程的管理转化成了中化集团在IT系统管理方面最重要和紧迫的具体需求:其一是支持业务连续性的基本容灾能力;其二是应对日益复杂IT环境的基本治理能力,其中包括可靠的数据备份与恢复能力,初步的网络、系统和存储监控能力,初步的企业级IT综合监控台。归根结底是要保障中化集团全球各个公司网络系统基础设施无障碍运行。数字化转型网szhzxw.cn
曾经新加坡合资公司通过中化国际的一个专网账号,登录中化集团的邮件系统,随即中化集团北京总部监控图上立刻出现了一个红点。工作人员随即在监控屏幕右侧找到了发生异常的具体地点,迅速将问题锁定在新加坡公司,并确认了异常信息的性质。因为该公司具有独立的Internet出口,工作人员登录后在中化集团出现了一个新的登录端口地址,所以系统即认为是异常。换句话说,改善后的系统可以完整地处理突发的跟踪流程,即感知、隔离、诊断、采取行动、评估。
“以前系统没有统一管理,比如像九江断网这样的异常情况基本上不可能被发现,一旦问题不能及时发现,就很有可能变成一个网络漏洞,进一步甚至会发生黑客攻击等未知的事件。”中化集团的一位IT工程师感叹道。数字化转型网szhzxw.cn
如今,彭劲松很少再有以前那样“四处救火”的状态。因为引入了COBIT这个IT治理工具,同时又按照ITIL的指导建立起了IT服务流程,中化集团的 IT服务管理变得井然有序。
翻译:数字化转型网szhzxw.cn
Abstract: If an enterprise’s practical experience, can become the industry’s guidance norm, this is bound to be worth sharing things. This is true of the IT governance implemented by Sinochem Group. As the leader of IT governance of Sinochem Group, Peng Jinsong, general manager of Information Technology Department, told reporters: “In the past few years, Sinochem Group has continuously improved its internal control mechanism through IT audit, and gradually found out its own experience in IT governance. Now we are cooperating with the Audit Office to further summarize these experiences.数字化转型网szhzxw.cn
If the practical experience of one company can become a guideline for the whole industry, this is surely something worth sharing.数字化转型网szhzxw.cn
This is true of the IT governance implemented by Sinochem Group. As the leader of IT governance of Sinochem Group, Peng Jinsong, general manager of Information Technology Department, told reporters: “In the past few years, Sinochem Group has continuously improved its internal control mechanism through IT audit, and gradually explored its own experience in IT governance. Now we are cooperating with the Audit Office to further summarize and refine these experiences.”数字化转型网szhzxw.cn
At the end of 2009, the National Audit Office identified Sinochem Group as the pilot unit of enterprise IT audit. Through summarizing and refining the successful experience of Sinochem Group in IT audit. It was finally incorporated into the relevant guidelines of the National Audit Office.数字化转型网szhzxw.cn
In fact, as early as the first half of 2008, the National Audit Office organized China National Tobacco Corporation. China Petroleum and Chemical Corporation, and Sinochem Group to carry out an information system audit investigation. In the second half of 2008, the National Audit Office organized Sinochem Group and Tianjin Company to carry out the information system audit project. Which was the first information system audit project independently organized by the National Audit Office. Today, Sinochem has become one of the typical cases of the National Audit Office by virtue of its information system auditing practices.数字化转型网szhzxw.cn
Fighting a fire? Put out the fire!
As one of the most important state-owned backbone enterprises in China, Sinochem Group has diversified businesses including petroleum, chemical, fertilizer, finance and real estate. It has more than 100 subordinate companies of various types and four overseas groups. Because of this, the IT systems that underpin their operations become extremely complex. In order to ensure the safe operation of IT system and make the business development more smooth, the corresponding IT audit is imperative.
At present, Sinochem Group has established a complete set of information system to undertake the business of all companies in the world, among which ERP system as the core, including internal office automation system, distribution management system, internal portal and other systems of enterprise information platform, which can carry out effective business management and process control. But monitoring these systems is a big challenge for the IT department.
Technical failure in the past, Peng Jinsong always have to wait for the accident after the feedback from the business personnel to get information. And involves a large number of people, to telephone investigation, not only a large amount of working time. But also caused a great deal of passive related departments, like fire fighters, the fire can be extinguished eventually, but its loss is difficult to measure. Circumstances require that people in the information department always stay by the phone and never leave, because you never know when business or finance people will call. Whether there is a problem with the orders placed by the business staff. Or the financial statements cannot be produced. Or the more serious accounting problems may cause significant losses for the whole group.数字化转型网szhzxw.cn
Using COBIT analysis decision数字化转型网szhzxw.cn
In the opinion of Chen Jian, Assistant audit Office of the Computer Center of the National Audit Office, the necessity for enterprises to implement IT audit usually comes from two points. 数字化转型网szhzxw.cn
First, with the rapid advancement of the information process. Information system has become a key tool for the internal management and control of many audited units. Therefore, the reliability and security of information system have directly affected the efficiency and quality of audit work. The Development Plan of Audit Work of National Audit Office from 2006 to 2010 put forward the requirements of “gradually carrying out network audit of major industries and departments related to the national economy and people’s livelihood, and comprehensively improving the level of computer application”.数字化转型网szhzxw.cn
Second, as an important support for the development of enterprises, information technology has increased the amount of investment. And the risk of investment failure has become increasingly unbearable for enterprises. In order to effectively control IT operating costs and enhance enterprise value, IT is necessary to control related IT activities.数字化转型网szhzxw.cn
For a large group enterprise such as Sinochem Group, the information system all over the world may hide some blind spots everywhere.数字化转型网szhzxw.cn
For a large group enterprise such as Sinochem Group, the information system all over the world may hide some blind spots everywhere. Which may become the hidden loopholes of the enterprise at any time and cause some accidents. If a big accident occurs, it may cause irreparable losses. The nature of the enterprise determines that services are not allowed to be interrupted. And it is hoped that the shorter the fault time is, the better the prevention in advance. Therefore, how to implement real-time monitoring of the system, handle and solve accidents in advance, control risks and manage IT well before business personnel find problems is a strategic issue that Sinochem Group needs to solve.
“IT governance is really necessary. IT is a complete world view and thinking paradigm that guides the right IT decisions for enterprises.” Peng Jinsong said, “IT governance, like ERP, is the crystallization of industry best practices. Of course, it ultimately needs to fall on the specific methodology and tools. Just like ERP will eventually fall on the system products of SAP/Oracle and other manufacturers. The foothold of IT governance is expressed and implemented through COBIT.”数字化转型网szhzxw.cn
As a comprehensive internal control framework, COBIT is an internationally recognized standard for advanced, authoritative security and information technology management and control.
As a comprehensive internal control framework, COBIT is an internationally recognized standard for advanced, authoritative security and information technology management and control. Peng Jinsong, CIO of Sinochem Group, is undoubtedly in the forefront in this respect. Peng Jinsong told reporters that he was one of the first group to participate in the “Cobit-based IT Governance” training sponsored by ITGov (China IT Governance Research Center) and obtained the COBIT international qualification certificate issued by ISACA.
IT is based on these understanding of IT governance that Peng Jinsong’s thinking paradigm of traditional information construction has also produced a breakthrough change. In his words, it is to get rid of the traditional information construction method of selecting products, inquiring prices and finding solutions, and avoid being led by the nose of suppliers. Instead, it is to follow the scientific method and use COBIT tool for analysis to help the information technology Department of Sinochemical Group to make project decisions.
Orderly process decomposition数字化转型网szhzxw.cn
Things did change, however, when Peng Jinsong brought COBIT into Sinochem. Based on the COBIT standard, Sinochem Group defines the IT goal as 24 processes in total. And then determines the management of 4 processes to achieve the goal according to the results that the enterprise needs to achieve, namely, ensuring continuous service, managing service desk and events, managing performance and capacity, and managing data.
During the entire process of analysis and preparation, every research document, every meeting minutes. And every workflow are recorded or executed in strict accordance with COBIT methods. After a period of “self-diagnosis and treatment”, Sinochem transformed the management of the above four processes into the most important and urgent specific needs of Sinochem in IT system management:. One is the basic disaster recovery capability to support business continuity. The second is the basic governance capability to cope with the increasingly complex IT environment. Including reliable data backup and recovery capabilities, initial network, system and storage monitoring capabilities. And initial enterprise-level IT integrated monitoring console. In the final analysis, it is to ensure the barrier-free operation of the network system infrastructure of Sinochem Group’s global companies.数字化转型网szhzxw.cn
The improved system can fully handle the burst tracking process: sense, isolate, diagnose, take action, and evaluate.
Once, the Singapore joint venture logged in to the email system of Sinochem Group through a private network account of Sinochem International. And a red dot appeared immediately on the monitoring map of Sinochem’s Beijing headquarters. The staff immediately found the specific location of the anomaly on the right side of the monitoring screen. Quickly identified the problem to the Singapore company. And confirmed the nature of the abnormal information. Because the company has an independent Internet outlet, a new login port address appeared in Sinochem Group after the staff logged in. So the system regarded it as an anomaly. In other words, the improved system can fully handle the burst tracking process: sense, isolate, diagnose, take action, and evaluate.
“Before the system did not have unified management. Such as Jiujiang network disconnection such abnormal situation is basically impossible to be found. Once the problem can not be found in time, it is likely to become a network vulnerability. And further even hacker attacks and other unknown events.” “Sighs an IT engineer at Sinochem.数字化转型网szhzxw.cn
Today, Peng Jinsong is rarely as before “fighting fires around” state. Thanks to the introduction of COBIT, an IT governance tool. And the establishment of IT service process in accordance with the guidance of ITIL, Sinochem Group’s IT service management becomes orderly.数字化转型网szhzxw.cn
本文由数字化转型网(www.szhzxw.cn)转载而成,来源:T媒体;编辑/翻译:数字化转型网宁檬树。
免责声明: 本网站(https://www.szhzxw.cn/)内容主要来自原创、合作媒体供稿和第三方投稿,凡在本网站出现的信息,均仅供参考。本网站将尽力确保所提供信息的准确性及可靠性,但不保证有关资料的准确性及可靠性,读者在使用前请进一步核实,并对任何自主决定的行为负责。本网站对有关资料所引致的错误、不确或遗漏,概不负任何法律责任。
本网站刊载的所有内容(包括但不仅限文字、图片、LOGO、音频、视频、软件、程序等) 版权归原作者所有。任何单位或个人认为本网站中的内容可能涉嫌侵犯其知识产权或存在不实内容时,请及时通知本站,予以删除。
