Difference between revisions of "Strategy and Governance"

From EITBOK
Jump to: navigation, search
 
(101 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<p style="color: red">'''Note: This wiki is a work in progress, and may contain missing content, errors, or duplication.'''</p>
+
<table border="3">
----
+
<tr><td>
 +
<table>
 +
<tr>
 +
<td width="60%"><font color="#246196">'''Welcome to the initial version of the EITBOK wiki. Like all wikis, it is a work in progress and may contain errors. We welcome feedback, edits, and real-world examples. [[Main_Page#How to Make Comments and Suggestions|Click here]] for instructions about how to send us feedback.''' </font></td>
 +
<td width="20%">[[File:Ieee logo 1.png|100px|center]]</td>
 +
<td width="20%"> [[File:Acm_logo_3.png|175px|center]]</td>
 +
</tr></table>
 +
</td></tr></table>
 +
<p>&nbsp;</p>
 
<h2>Introduction</h2>
 
<h2>Introduction</h2>
<p>'''[http://eitbokwiki.org/Glossary#eit Enterprise information technology (EIT)]''' strategic planning defines the goals of the EIT organization and communicates those goals --and how they support the enterprise's goals, while EIT governance assesses their impact on the organization, and drives change to achieve those goals. Taking into account various perspectives (financial, historical, environmental, future projections), a ''strategic plan'' is a framework for action and change, both vertically and horizontally, across the EIT organization. EIT governance is based on the EIT and enterprise strategic plans and acts as a control framework to achieve and sustain strategic goals and objectives. Thus, EIT governance is completely interdependent with the EIT strategy.
+
<p>'''[http://eitbokwiki.org/Glossary#eit Enterprise information technology (EIT)]''' governance is the established process of defining the strategy for the EIT organization and overseeing its execution to achieve enterprise goals. ''Strategic planning'' defines the goals of the EIT organization and communicates those goals as well as how they support the enterprise's goals. ''EIT governance'' drives change to achieve those goals, while maintaining agreed levels of operation. Taking into account various perspectives (such as financial, historical, environmental, and future projections), a ''strategic plan'' is a roadmap for action and change, both vertically and horizontally, across the EIT organization. The EIT organization's strategic plans are based on the enterprise's strategic plans, focusing on EIT's role in them; EIT governance provides a monitoring and control framework to achieve strategic goals and objectives. Thus, EIT governance is essential for achieving the EIT strategy and goals.</p>
</p>The nature of the enterprise's and EIT's goals and objectives depends on the type, status, and size of the enterprise. For example, the main goal of EIT development for a trading company might be to support the rate of turnover of the warehouse, but for a consulting company the important goal might be assuring full utilization of all consultants on client engagements.</p>
+
<p>The nature of the enterprise's and EIT's goals and objectives depends on the type, status, and size of the enterprise. For example, the main goal of EIT development for a trading company might be to support the rate of turnover of the warehouse, but for a consulting company the important goal might be ensuring full utilization of all consultants on client engagements.</p>
<p>This chapter provides an overview of EIT strategic planning and governance including the approaches to create an EIT strategic plan based on enterprise strategy, and the role of the EIT architecture. The strategic planning and governance context diagram is shown in [[#Fig1|Figure&nbsp;1]].</p>
+
<p>This chapter provides an overview of EIT strategic planning and governance including the approaches to create an EIT strategic plan based on enterprise strategy, and the role of the EIT architecture.</p>
 
<h2>Goals and Principles</h2>
 
<h2>Goals and Principles</h2>
<ol>
+
<p>'''Goals'''</p>
<li>'''EIT strategy''' &mdash; To achieve a common understanding of EIT and enterprise intent:<br />
+
 
<ul>
 
<ul>
<li>Recognize that enterprise strategy drives EIT strategy.</li>
+
<li>Achieve a shared EIT and enterprise strategy.</li>
<li>Understand your purpose for creating an EIT strategy.</li>
+
<li>Achieve a shared roadmap of activities for achieving the shared strategic objectives.</li>
<li>Understand current EIT operations.</li>
+
<li>Monitor and direct activities in order to execute the strategy.</li>
<li>Plan for working on the things that matter to enterprise.</li>
+
</ul>
<li>Take a multi-year perspective, and revisit the plan on a periodic basis for confirmation or changes. </li>
+
<p>'''Principles'''</p>  
<li>Enable reliable, nimble, and efficient response to strategic objectives.</li>
+
<li>Sustain EIT capability. </li>
+
</ul> </li>
+
<li>'''EIT governance''' &mdash; The goal of governance is to direct activities in a way that fulfills the EIT strategy. These are critical activities required to achieve this goal:<br />
+
 
<ul>
 
<ul>
<li>Plan for flexibility and change in governance structure, accountability, and priorities.</li>
+
<li>Strategy planning selects the right things to do; good governance is doing the right things right.</li>
<li>Measure progress and performance against the strategic roadmap as well as on a project and operations basis.</li>
+
<li>A strategy is only as good as its execution.</li>
<li>Enable change, even to the plan itself, as required.</li>
+
<li>Successful execution requires on-going consistent use of metrics.</li>
<li>Advise and align other EIT discipline strategic plans into an overall framework for delivery.</li>
+
<li>What you measure is what you get.</li>
<li>Foster communications and understanding between EIT and enterprise.</li>
+
</ul>
<li>Set expectations within a code of ethics framework.</li>
+
<li>Foster a continuous learning organization.</li>
+
<li>Look ahead for continuity planning as part of risk management planning. </li>
+
</ul></li>
+
</ol>
+
 
+
 
<h2>Context Diagram</h2>
 
<h2>Context Diagram</h2>
[[File:02 Strategy and Governance CD.png|700px]]
+
<p>[[File:02 Strategy and Governance CD.png|700px]]<br /><div id="Fig1"></div>'''Figure 1. Strategy and Governance Context Diagram'''</p>
<div id="Fig1"></div><p>'''Figure 1. Strategy and Governance Context Diagram'''</p>
+
<p>EIT strategy is the component of an enterprise strategy that addresses activities designing, building, and managing information and information technology for business change.&nbsp;[[#One|[1]]] </p>
 
+
<p>While strategic planning occurs at different organization levels, as well as horizontally in many departments, the activity must be coordinated so that there is a hierarchy of strategic plans for each unit of the enterprise that defines how each unit supports the next higher level and coordinates with peers. Although EIT strategy is developed by senior management, it needs to be supported by EIT strategy and goals, standards, frameworks, and guides to facilitate EIT self-governance activities. </p>
<p>The inputs to strategy and governance include various enterprise planning and strategy inputs, financials (budgets, plans, and performance), as well as
+
<p>Deliverables from the strategic planning process include the strategic plan, the execution requirements, the communication plan, and the socialization plan. They inform a governance framework necessary to deploy those plans in EIT. These deliverables are consumed by [http://eitbokwiki.org/Glossary#clevel C-level] executives, and used by business and EIT management and staff to formulate execution plans.</p>
enterprise architecture and enterprise governance artifacts including policies. </p>
+
The roles involved in supplying input to and drafting EIT strategy and governance include C-level executives, senior management, and certain specialists such as communications personnel and architects.
+
<p>While strategic planning occurs at different organization levels, and horizontally as well, it must be coordinated so that there is a hierarchy of strategic plans for each unit of the enterprise that defines how each unit supports the next higher level. Although EIT strategy is developed by senior management, it needs to be supported by EIT standards, frameworks, and guides to facilitate EIT self-governance activities. </p>
+
 
+
<p>Deliverables from the strategic planning process include the strategic plan, the communication plan, and the socialization plan. They inform a governance framework necessary to deploy those plans in EIT. These deliverables are consumed by C-level executives and business and EIT management and staff.</p>
+
 
<div id="strategic_planning"></div><h2>EIT Strategic Planning</h2>
 
<div id="strategic_planning"></div><h2>EIT Strategic Planning</h2>
<h3>Introduction: EIT Strategy is a Business Strategy</h3>
+
<p>EIT strategy is a key component of business strategy.</p>
<p>EIT is a business unit within the enterprise. The enterprise's business strategy document is the most significant single input to the EIT strategy document. The business strategy frames the scope and expectations for the EIT strategy. Any supply chain, outsourcing, onboarding, or other EIT practiceshould be driven out of this strategy. For example, if the business chooses to add vendor relationships, the focus would be on a value stream called an ''onboard supplier'', and capabilities that would include partner management, asset management, agreement management, and related capabilities that are supported by associated EIT capabilities in these areas.</p>
+
<p>EIT is a business unit within the enterprise. The enterprise's business strategy document is the most significant single input to the EIT strategy document. The business strategy frames the scope and expectations for the EIT strategy. Any supply chain, outsourcing, onboarding, or other EIT practice should be driven out of this strategy. For example, if the business chooses to add vendor relationships, the focus would be on a value stream called an ''onboard supplier'', and capabilities that would include partner management, asset management, agreement management, and related capabilities that are supported by associated EIT capabilities in these areas.</p>
 
+
<p>The resulting activities could involve consolidating and improving automation around this value stream and capabilities, as well as numerous other non-technical business activities that may or may not involve systems and technology. Specific topics may include: </p>
<p>The resulting activities could involve consolidating and improving automation around this value stream and capabilities, as well as numerous other non-technical activities that do not involve systems and technology. Specific topics may include best practices on: </p>
+
 
<ul>
 
<ul>
<li>Outsourcing of systems, process, maintenance, technical risk management and transition approaches, cloud contracting advice, mobile strategies, data and information management and integration strategies, [http://eitbokwiki.org/Glossary#sla SLA] framework strategies, logistical and business cultural [http://eitbokwiki.org/Glossary#constraint constraints], and resource optimization options.</li>
+
<li>Outsourcing of systems, process, maintenance, technical risk management and transition approaches </li>
<li>EIT strategy is a component of an enterprise strategy when considering activities that include designing, building, and managing information and information technology for business change.&nbsp;[[#One|[1]]] </li>
+
<li>Cloud contracting advice</li>
 +
<li>Mobile strategies </li>
 +
<li>Data and information management and integration strategies</li>
 +
<li>[http://eitbokwiki.org/Glossary#sla SLA] framework strategies </li>
 +
<li>Logistical and business cultural [http://eitbokwiki.org/Glossary#constraint constraints]</li>
 +
<li>Resource optimization options</li>
 
</ul>
 
</ul>
<h3>Perform Environmental Scan</h3>
+
<h3>Strategy Mapping</h3>
<p>There are multiple ways to leverage the concepts portrayed in [[#Fig1|Figure&nbsp;1]]. However, the process begins with strategy mapping. </p>
+
<p>Successful strategy determination and execution needs to be based on a clear picture of the current state and capabilities of the organization as well as a 360-degree view of the environment it operates within. Strategy mapping provides a method for gaining this picture and then articulates a strategy in such a way that it can be readily interpreted and acted on.</p>
<li>Strategy mapping articulates a strategy in such a way that it can be readily interpreted and acted on. </li><li>Strategy maps vary, but are essentially graphical depictions of goals, objectives, and related courses of action, often aligned against an organizational and broader environmental backdrop. </li>
+
<ul>
<li>Shifts in technology in the marketplace, regulatory change for transparency, corporate marketing channels, and competitor’s enterprise models are a few environmental considerations when building an EIT strategy. </li>
+
<li>Strategy maps vary, but are essentially graphical depictions of goals, objectives, and related courses of action, often aligned against an organizational and broader environmental backdrop. </li>
<p>A current assessment of EIT systems, capabilities, and resources is necessary to complete the full 360 degree scan. </p>
+
<li>Strategy mapping of the environment looks at shifts in technology in the marketplace, regulatory change for transparency, corporate marketing channels, and competitors' enterprise models. </li></ul>
<p>EIT maturity assessment results are input to strategy mapping and desired outcomes. See [[#MaturityManagement|EIT Maturity Management]] for an overview of the assessment process. </p>
+
<p>Strategy mapping depends on a current assessment of EIT systems, capabilities, resources, and EIT maturity. </p>
 
<p>Strategy mapping has existed in one form or another for some time. Sample strategy mapping approaches that apply to enterprise and EIT strategies are listed below: </p>
 
<p>Strategy mapping has existed in one form or another for some time. Sample strategy mapping approaches that apply to enterprise and EIT strategies are listed below: </p>
 
<ul>
 
<ul>
 
<li>Strength/weakness/opportunity/threat ([http://eitbokwiki.org/Glossary#swot SWOT]) analysis</li>
 
<li>Strength/weakness/opportunity/threat ([http://eitbokwiki.org/Glossary#swot SWOT]) analysis</li>
<li>SWOT surfaces internal and external perspectives that should be capitalized on or otherwise addressed. SWOT findings are one input to strategy formulation providing possible focal points in strategy development. </li>
+
<ul>
 +
<li>SWOT surfaces internal and external perspectives that should be capitalized on or otherwise addressed. </li>
 +
<li>SWOT findings are one input to strategy formulation providing possible focal points in strategy development.</li> </ul>
 
<li>The Norton Kaplan Strategy Map&nbsp;[[#Two|[2]]] links actions to value creation along four dimensions: financial, customer, internal (employees), and learning and growth. The strategy map offers a complete, in-context perspective on the strategy. </li>
 
<li>The Norton Kaplan Strategy Map&nbsp;[[#Two|[2]]] links actions to value creation along four dimensions: financial, customer, internal (employees), and learning and growth. The strategy map offers a complete, in-context perspective on the strategy. </li>
 
<li>Hoshin Kanri&nbsp;[[#Three|[3]]] provides similar cross-mapping concepts include tying mission, goals, and objectives with action items, and [http://eitbokwiki.org/Glossary#kpi key performance indicators (KPIs)].</li>
 
<li>Hoshin Kanri&nbsp;[[#Three|[3]]] provides similar cross-mapping concepts include tying mission, goals, and objectives with action items, and [http://eitbokwiki.org/Glossary#kpi key performance indicators (KPIs)].</li>
 
<li>The [http://eitbokwiki.org/Glossary#bmm business motivation model (BMM)]&nbsp;[[#Four|[4]]] provides a mapping between the ''ends'' to be achieved (i.e., goals and objectives) and the ''means'' (i.e., strategies and tactics) needed to achieve those ends.</li>
 
<li>The [http://eitbokwiki.org/Glossary#bmm business motivation model (BMM)]&nbsp;[[#Four|[4]]] provides a mapping between the ''ends'' to be achieved (i.e., goals and objectives) and the ''means'' (i.e., strategies and tactics) needed to achieve those ends.</li>
 
</ul>
 
</ul>
<p>Generally only one approach is selected for a strategy map. Regardless of the approach taken, the end result of any strategic EIT planning process is a clear set of measurable objectives, priorities, and action items that management can act on to deliver change leading to improved EIT performance.</p>
+
<p>Generally, only one approach is selected for a strategy map. Regardless of the approach taken, the end result of any strategic EIT planning process is a clear set of measurable objectives, priorities, and action items that management can act on to deliver change leading to improved EIT performance.</p>
<h3>Establish an EIT Strategic Planning Framework</h3>
+
<h3>Blueprints and Models for Strategy Formulation</h3>
<p>The strategic planning context diagram shown in [[#Fig1|Figure&nbsp;1]] provides a good focal point for strategic planning from a business, process, and EIT perspective. In practice, EIT strategy formulation incorporates business strategy as a fundamental driver. </p>
+
<p>Blueprints and models provide valuable input to the EIT strategic plan. Typically, few artifacts exist when initiating a strategic planning effort, which means that they must be developed together with business input. The EIT strategy document becomes an extrapolation from the enterprise strategy with an EIT lens.</p>
<p>EIT strategy is deployed by leveraging the best architecture, design practices, and technologies. The tension between delivering systems that meet business objectives, particularly from a tactical perspective, must deliver solutions in a delicate balance between forward-looking tools and techniques, current practices, and pressures to implement quickly. </p>
+
<p>Enterprise architecture (EA) includes business architecture, which supplies "a blueprint of the enterprise that provides a common understanding of the organization and is used to align strategic objectives and tactical demands."&nbsp;[[#Five|[5]]] The blueprint includes such artifacts as capability maps, information maps, value maps, and organization maps. </p>
 +
<p>Some other artifacts include operating models, product maps, stakeholder maps, process models, dynamic rules-based routing maps, data models, network models, systems models, vitality and renewal plans, and a wide range of hybrid blueprints and models that have specialty uses based on the challenge at hand. </p>
 +
<p>Blueprints and models require consistent, standardized components. These components draw from the abstract representations of the business shown in [[#Fig2|Figure&nbsp;2]]. In the figure, the center circle represents concepts and includes capability, value, organization, and information. These concepts are considered core, because they are very stable business and EIT perspectives that remain relatively constant. Changes occur as required to accommodate business and EIT as they evolve. EIT inherits some of these blueprints from the business and transforms them into aligned, EIT-focused forms. </p>
 +
<p>The yellow circle in the figure shows influencing perspectives. For example, strategies continue to evolve in real time while new business and EIT products and services are introduced routinely. These examples show how the outer circle of business abstractions are more dynamic than the stable core. Collectively, when mapped and presented appropriately, the core and extended views provide a complete and holistic planning view.</p>
 +
<p>[[File:Figure2.2_BusinessArchitectureEcosystem.JPG]]<br /><div id="Fig2"></div>'''Figure 2. Business Architecture Ecosystem'''&nbsp;[[#Eight|[8]]]</p>
 +
<p>Sophisticated blueprint mappings can emerge from the collection of components shown in [[#Fig2|Figure&nbsp;2]], which represents the business ecosystem. Even simple concepts, like value stream or capability cross-mapping, serve as a basis for business-driven roadmaps and investment planning. Collectively, all of these perspectives answer important questions such as why take action, what is impacted, or how to accomplish a particular task. </p>
 
<h3>EIT Strategy Formulation</h3>
 
<h3>EIT Strategy Formulation</h3>
<p>Drafting an EIT strategy requires alignment with enterprise and business strategies, measured adherence and compliance to EIT best practices, and governance. While enterprise and business strategies come from business, adherence to best practices falls within the EIT [http://eitbokwiki.org/Glossary#domain domain]. Of course, best practices continue to evolve and differ from organization to organization and even project to project. Therefore, EIT faces the challenge of satisfying strategic business objectives through the application of evolving and situational best practices. </p>
+
<p>When management has the ability to view the impact of change using these abstractions, everyone from the executives and planning teams to the deployment teams can have a shared perspective of the context and scope of these changes.</p>
<p>Best practice conformance can be difficult when EIT owns numerous systems that were designed and developed in a prior era. Sometimes we call these ''legacy'' or ''heritage'' systems, and, in most cases, these older systems come with challenges. These systems were typically developed using older technologies and their architecture often does not conform to modern design principles (e.g., [http://eitbokwiki.org/Glossary#soa SOA]) or to the current business needs. In addition, changing business architecture and rules can, over time, lead to data- and information-quality issues. Lack of business alignment and data-quality issues are some of the more difficult and time-consuming issues to address. </p>
+
<p>For example, consider the goal to provide more customer and transactional transparency throughout the product sales cycle; where "transparency" across the sales cycle means visibility into transaction history and sales potential. Business architects would determine that this strategy targets the acquire product value stream and account file management, customer management, and account routing capabilities. Other enterprise and solution architects would then look at the goal from their delivery perspectives. These perspectives are likely implemented today using a cross-section of technologies and processes, some of which are well understood and adaptive, while others are not. The EIT strategy provides a framework for assessing current state implementations, defining the desired target state, and outlining a series of change initiatives for moving from current to target state.</p>
<p>EIT organizations typically address technical debt through legacy modernization (upgrade or replacement), but often do not tie these projects to strategic business objectives. Additionally, the costs are often high and the business benefits for continuing to deliver the same functionality as before upon completion of the project can be a hard sell to the business. </p>
+
<p>Drafting an EIT strategy requires alignment with enterprise and business strategies, a good fit with the existing enterprise and EIT culture, a good understanding of EIT capability (including standard practices), and steady governance. While enterprise and business strategies come from business, adherence to agreed upon practices falls within the EIT [http://eitbokwiki.org/Glossary#domain domain].</p>
 +
<p>The use of standard practices can be difficult when EIT owns numerous systems that were designed and developed in a prior era. These ''legacy'' or ''heritage'' systems often have associated challenges or issues. These systems are typically developed using older technologies and their architectures often do not conform to modern design principles (e.g., [http://eitbokwiki.org/Glossary#soa SOA]) or to current business needs. Adherence to recommended EIT architecture practices is difficult when architecturally inelegant legacy systems must be updated to accommodate the current business strategy, or when time-to-implement constraints override quality or feature requirements. When such a conflict occurs, the organization begins to build technical debt. (''Technical debt'' is defined as "the negative effects of applying ill-advised or problematic changes or additions to software systems and their data, negatively impacting the delivery of future business value."&nbsp;[[#Six|[6]]]) In addition, changing business architecture and rules can, over time, lead to data- and information-quality issues. Lack of business alignment and data-quality issues are some of the more difficult and time-consuming issues to address. </p>
 +
<p>EIT proposals for legacy modernization (upgrade or replacement) often neglect to tie these projects to strategic business objectives. Since their costs are often high, these projects can be a hard sell to the business. Any attempt to sell such projects must include the business benefits for continuing to deliver the same functionality as before upon completion of the project. Benefits can include increased speed of transactions, increased reliability, increased interoperability and integration, among others.</p>
 
<p>The following six-stage framework for EIT strategic planning ensures that the business strategy is integrated into the planning process and that EIT strategy is not driven solely by technological upgrades: </p>
 
<p>The following six-stage framework for EIT strategic planning ensures that the business strategy is integrated into the planning process and that EIT strategy is not driven solely by technological upgrades: </p>
 
<ol>
 
<ol>
Line 76: Line 81:
 
<li>Leverage EA to feed the strategy. Vet various perspectives.</li>
 
<li>Leverage EA to feed the strategy. Vet various perspectives.</li>
 
<li>Highlight EIT focal points for each objective. </li>
 
<li>Highlight EIT focal points for each objective. </li>
<li>Establish [http://eitbokwiki.org/Glossary#kpi KPIs] for each strategic enterprise objective and related action item.</li>
+
<li>Establish [http://eitbokwiki.org/Glossary#kpi key performance indicators (KPIs)] for each strategic enterprise objective and related action item.</li>
 
<li>Establish a plan timeline roadmap including a review plan. </li>
 
<li>Establish a plan timeline roadmap including a review plan. </li>
 
<li>Establish or leverage EIT governance to ensure that business strategy is realized.</li>
 
<li>Establish or leverage EIT governance to ensure that business strategy is realized.</li>
 
</ol>
 
</ol>
<p>Each of these stages presents a unique challenge and occasionally can be in conflict with another stage. For example, adherence to best EIT architecture practices is difficult when architecturally inelegant legacy systems must be updated to accommodate the current business strategy, or when time-to-implement constraints override preferred plans. When a conflict occurs, the organization begins to build technical debt. ''Technical debt'' is defined as “the negative effects of applying ill-advised or problematic changes or additions to software systems and their data, negatively impacting the delivery of future business value.”&nbsp;[[#Five|[5]]] </p>
+
<p>The steps in the planning process outlined above should work for most organizations as they embark upon their business and EIT strategy planning efforts. Most of what is needed in strategic planning within EIT is a reflection of the broader context of business planning. Thus, planning for EIT and business scenarios that are essentially the same scenario, such as outsourcing a capability or managing suppliers, should take an integrated, holistic, and enterprise viewpoint. </p>
<p>As depicted in the context diagram in [[#Fig1|Figure&nbsp;1]], the steps in the planning process should work for most organizations as they embark upon their business and EIT planning efforts, keeping in mind that the framework provides a guide into what should specifically be addressed at each stage of the planning process. Finally, much of what is considered as strategic planning within EIT is just a portion of the broader context for business planning. Therefore, planning for EIT and business scenarios that are essentially the same scenario, such as outsourcing a capability or managing suppliers, should take an integrated, holistic, and enterprise view of the planning process. </p>
+
<h3>Strategic Focus for Change Initiatives </h3>
<h3>Establish Planning Approach</h3>
+
<p>A well-defined EIT strategy provides the roadmap needed for getting from where the enterprise is at present to where it needs to be. The strategy identifies how and where the enterprise needs to change. Strategic planning must determine effective ways to take the enterprise strategy and transform it into EIT strategic change initiatives. </p>
<p>A defined EIT strategy provides the roadmap needed for getting from where the enterprise is at present to where it needs to be. The strategy identifies how the enterprise needs to change. EIT must determine effective ways to take the enterprise strategy and transform it into EIT strategic change. </p>
+
<p>Strategic change employs a wide array of disciplines and techniques to enable change on a large scale as well as on an incremental basis. Change initiatives are frequently defined in the context of types of focuses, such as:&nbsp;[[#Seven|[7]]]</p>
<p>Strategic change employs a wide array of disciplines and techniques to enable change on a large scale and on an incremental basis. These techniques are often discussed in the context of types of focuses, such as:&nbsp;[[#Six|[6]]]</p>
+
 
<ul>
 
<ul>
 
<li>Governance</li>
 
<li>Governance</li>
Line 92: Line 96:
 
<li>Security</li>
 
<li>Security</li>
 
</ul>
 
</ul>
<p>Each focus has [http://eitbokwiki.org/Glossary#constraint constraints] that must be understood and reflected explicitly in the strategy. These typically include time, quality, and cost. The focus may also include organizational scope such as Western Hemisphere operations only, or a timeframe such as a 2-year horizon, as well as constraints from the environmental scan such as regulatory requirements for the industry. An EIT strategy also acknowledges existing EIT constraints through [http://eitbokwiki.org/Glossary#ea enterprise architecture (EA)], human resources, legacy systems, staff capability, and capacity to deliver.</p>
+
<p>Each focus has [http://eitbokwiki.org/Glossary#constraint constraints] that must be understood and reflected explicitly in the strategy. Constraints almost always include time, quality, and cost. Each focus may also be bounded by organizational scope (such as Western Hemisphere operations only), or by a timeframe (such as a 2-year horizon).The environmental scan may also have recognized other constraints, such as regulatory requirements for the industry. An EIT strategy also acknowledges existing EIT constraints imposed by [http://eitbokwiki.org/Glossary#ea enterprise architecture (EA)], human resources, legacy systems, staff capability, and capacity to deliver.</p>
<p>The strategic planning team takes [http://eitbokwiki.org/Glossary#risk risk] into account within the plan. They recognize the risk appetite of the organization as a potential constraint in the plan. They also suggest risk responses that require vetting and approval as part of overall strategy adoption.</p>
+
<p>The organization's appetite for risk may also introduce constraints. The strategic planning effort must take [http://eitbokwiki.org/Glossary#risk risk] into account within the plan. Therefore, the strategic planning effort must also suggest risk responses so as to minimize risk-based constraints. The suggested responses require vetting and approval as part of overall strategy adoption.</p>
<h3>Role of Architecture in Strategy Planning</h3>
+
<p>[[File:Figure2.4_BusinessArch_ContinuousITAlignment.JPG|250px]]<br /><div id="Fig3"></div>'''Figure 3. Business Architecture and Continuous Business/EIT Alignment'''</p>
<p>[http://eitbokwiki.org/Glossary#ea Enterprise architecture (EA)] informs the EIT strategic plan in a number of ways. EA supplies “a blueprint of the enterprise that provides a common understanding of the organization and is used to align strategic objectives and tactical demands.”&nbsp;[[#Seven|[7]]]</p>
+
<p>In defining change initiatives, it is crucial to recognize that there is a two-way relationship between business architecture and solution, information, and technology architecture, as depicted in [[#Fig3|Figure&nbsp;3]]. A change in either of these aligned layers should be transparent, duly assessed to determine reciprocal impacts, clearly linked to a specific business objective, and addressed through a funded change initiative. [http://eitbokwiki.org/Change_Initiatives Change Initiatives] explains how change initiatives are carried out. </p>
<p>Standard methods include strategy maps, capability maps, information maps, value maps, and organization maps. </p>
+
<p>When business needs are mapped appropriately to current and future EIT plans, it ensures that business objectives are known, quantified, clearly articulated, and linked to business value. Thus, any EIT investment must show a demonstrable link back to business value. For example, an application change may require significant funding. Architects should be able to trace the planned application changes back to the business capabilities, value streams, and information that the change addresses, and thus back to the business objectives for the proposed change, thus linking the change to business value. In this way, all EIT activities can be tied back to measurable business impacts and business strategy. </p>
<p>Some other artifacts include operating models, product maps, stakeholder maps, process models, dynamic rules-based routing maps, data models, network models, systems models, vitality and renewal plans, and a wide range of hybrid blueprints and models that have specialty uses based on the challenge at hand. </p>
+
<p>The change approval process &nbsp;[[#Nine|[9]]] exercises the authority to introduce change into the EIT environment. It is the responsibility of both the business and EIT. The governance of change management occurs at varying levels of authority depending on the nature of the change. Any proposed change, whether a commissioning of a new system, an application enhancement, a sustainment activity, or corrective action to repair a defect, moves through governance processes. </p>
<p>Blueprints and models provide valuable input to the EIT strategic plan. Typically, few artifacts exist when initiating a strategic planning effort and they must be developed together with business input. The EIT strategy document then becomes an extrapolation from the enterprise strategy with an EIT lens.</p>
+
<h4>Blueprints and Models &mdash; Business and EIT</h4>
+
<p>Blueprints and models require consistent, standardized components. These components draw from the abstract representations of the business shown in [[#Fig2|Figure&nbsp;2]]. In the figure, the center circle represents concepts and includes capability, value, organization, and information. These concepts are considered core, because they are very stable business and EIT perspectives that remain relatively constant. Changes occur as required to accommodate business and EIT as they evolve. EIT inherits some of these blueprints from the business and transforms them into aligned, EIT-focused forms. </p>
+
<p>The yellow circle in the figure shows influencing perspectives. For example, strategies continue to evolve in real time while new business and EIT products and services are introduced routinely. These examples show how the outer circle of business abstractions are more dynamic than the stable core. Collectively, when mapped and presented appropriately, the core and extended views provide a complete and holistic planning view.</p>
+
[[File:Figure2.2_BusinessArchitectureEcosystem.JPG]]
+
<div id="Fig2"></div><p>'''Figure 2. Business Architecture Ecosystem'''&nbsp;[[#Eight|[8]]]</p>
+
<p>Sophisticated blueprint mappings can emerge from the collection of components shown in [[#Fig2|Figure&nbsp;2]], which represents the business ecosystem. Even simple concepts, like value stream or capability cross-mapping, serve as a basis for business-driven roadmaps and investment planning. Collectively, all of these perspectives answer important questions such as why take action, what is impacted, or how to accomplish a particular task. </p>
+
<h3>Turn Business Strategy into Actionable Results</h3>
+
<h4>Using Blueprints and Models</h4>
+
<p>The reason for developing the various blueprints and models is to use them in some way to achieve strategic and tactical needs. Strategy drives changes that can be collectively represented by abstractions depicted in [[#Fig2|Figure&nbsp;2]]. When management has the ability to view the impact of change using these abstractions, everyone from the executives and planning teams to the deployment teams can have a shared perspective of the context and scope of these changes.</p>
+
<p>For example, consider the goal to provide more customer and transactional transparency throughout the product sales cycle; where “transparency” across the sales cycle means visibility into transaction history and sales potential. Business architects would determine that this strategy targets the acquire product value stream and account file management, customer management, and account routing capabilities. Other enterprise and solution architects would then look at the goal from their delivery perspectives. These perspectives are likely implemented today using a cross-section of technologies and processes, some of which are well understood and adaptive, while others are not. Together with EA, the EIT strategy provides a framework for assessing current state implementations, crafting target-state solutions, and establishing a transition strategy for moving from current to target state solutions.</p>
+
<p>There are many strategic planning approaches. Regardless of the approach selected, turning strategies into actionable results requires identifying the EIT delivery impacts on the current state and current future state plans. </p>
+
[[File:Figure2.3_TurningStrategyIntoResults.JPG|700px]]
+
<div id="Fig3"></div><p>'''Figure 3. Turning Strategy into Actionable Results via Enterprise Architecture'''</p>
+
<p>[[#Fig3|Figure&nbsp;3]] represents the ability to leverage perspectives to identify specific areas of EIT that require initiative investment. In turn, these investments result in projects that incorporate business and EIT transformations.</p>
+
 
<ul>
 
<ul>
<li>'''Business strategy''' represents all motivational factors including policy, regulation, goals and objectives, product and [http://eitbokwiki.org/Glossary#stakeholder stakeholder] considerations, and the resulting action items required to achieve various goals and objectives. </li>
+
<li>'''Changes may be at the strategic re-alignment level''' as plans and architecture responses move to adjust projects and programs that are prioritized or in flight, including the possibility of activity shutdown. </li>
<li>'''EIT strategy''' represents the EIT perspective of the enterprise business strategy and includes capability, capacity, [http://eitbokwiki.org/Glossary#roi ROI], information, organizations, responsibilities, funding plan, stakeholders, initiatives, products, and decisions. </li>
+
<li>'''Changes may be at the operational level''' where a change control board or change advisory board approves code or systems, or data changes into the production environments and can include planned and unplanned (emergency) changes, projects, and releases. Still, such changes should be evaluated in terms of the organization's strategic priorities. Otherwise, there is a risk of wasting resources on asked for, but non-strategic enhancements to less important systems.</li>
<li>'''Enterprise architecture''' identifies actionable items as inputs to design concepts, EIT business priorities, business-driven roadmaps, fundable initiatives, and business-driven EIT architecture transformation. </li>
+
<li>'''Incidents occurring from change handling activities are reported to EIT governance''' for possible response particularly if additional funding is required for corrective action. Other incident handling occurs at a more local response level. </li>
 +
<li>'''Change patterns are monitored''' and advice on adjustments to programs and procedures are generated for EIT governance consideration. </li>
 
</ul>
 
</ul>
<h4>Using Enterprise Architecture to Interpret Business Strategy&nbsp;[[#Nine|[9]]]</h4>
+
<h2>EIT Strategy Execution</h2>
<p>EA is both an input to the strategy by supplying methods and ''as-is'' architectures, and a follow-on activity that interprets, performs gap analysis, and supports execution the strategic plan and adjusts the ''to-be'' architectures to new or changed direction from the plan.</p>
+
<p>Poor strategy execution is the most significant management challenge facing public and private organizations in the 21st century according to Gartner.&nbsp;[[#Twelve|[12]]] </p>
<p>A brilliant business design can be too costly and take too long to satisfy executive demands, or can be technologically infeasible. This is where enterprise architecture can help ensure that selected business designs and innovation options are not only desirable, but cost effective and implementable. </p>
+
<p>As described in the previous section, any EIT investment must show a demonstrable link back to business value. The link should be tied to a metric that shows the business impact of changes to EIT systems. By establishing a set of essential metrics for assessing the impact of each change initiative, EIT and the business are setting up a valuable mechanism for monitoring the execution of the change initiative, and, thereby, for monitoring strategy execution.</p>
<p>We stated earlier that EA includes business, solution, information, and technology architectures. Business architecture has a direct relationship to and reciprocal impact on the remaining aspects of EA, particularly solution and information architectures. For example, information architecture leverages the information aspects of business architecture to craft a wide range of technology options for maximizing accessibility and usage to a various information categories. These range from “big data” to more traditional relational database architectures. Information architecture establishes the critical underpinnings for business automation solutions. </p>
+
<p>What you measure is what you get. When navigating to a destination, you use a variety of measurements to make sure you're on track to your destination. These include things like estimated time to arrival, distance covered, and signposts encountered along the way. The same holds true when executing EIT performance to achieve strategic goals.</p>
<p>The solution architecture is the implementation perspective of the business architecture and includes business design concepts such as case management and process management. Business capabilities drive the evolution of applications and [http://eitbokwiki.org/Glossary#soa service-oriented architecture (SOA)] service deployments. Value streams provide the framework for service orchestration, business design options, and stakeholder interface requirements. </p>
+
<h3>Effective Governance of Strategy Execution</h3>
<p>The technology architecture plays two important roles. First, it enables the delivery of business solutions as articulated through the blueprints and models. Second, it ensures that the required degree of technological innovation is in place to maximize business solutions while ensuring stability, security, and business continuity. </p>
+
<p>EIT governance of strategy execution is effective only if cultural and management buy-in are deeply established and consistently demonstrated and communicated. However, that is not enough to ensure success. Reasons for '''ineffective''' execution include:</p>
[[File:Figure2.4_BusinessArch_ContinuousITAlignment.JPG]]
+
<div id="Fig4"></div><p>'''Figure 4. Business Architecture and Continuous Business/EIT Alignment'''</p>
+
<p>The two-way relationship between business architecture and solution, information, and technology architecture is depicted in [[#Fig4|Figure&nbsp;4]]. Continuous business/EIT alignment reflects the value of maintaining these interdependent relationships across business and EIT. A change in either of these aligned layers should be transparent, duly assessed to determine reciprocal impacts, clearly linked to a specific business objective, and addressed through a funded initiative. </p>
+
<p>When business needs are mapped appropriately to current and future EIT plans, it ensures that business objectives are known, quantified, clearly articulated, and linked to business value. Any EIT investment must also demonstrate a link back to business value. For example, an application change may require significant funding. Architects should be able to trace the planned application process changes back to the business capabilities, value streams, and information that the change implements, and back to business objectives and link the change to value. A network planning team, for example, should be able to trace the usability of that network up the chain, through the solution architecture, and directly into the business architecture. In this way, all EIT activities can be tied back to business impacts and business strategy. </p>
+
<p>Business architecture not only helps identify change impacts and investment focal points derived from a given business strategy, but also provides a basis for business design and innovation analysis. </p>
+
<p>[http://eitbokwiki.org/Glossary#cp Consolidated platforms (CP)] are emerging as multi-vendor pre-packaged solutions that can efficiently use resources in operations and release management activities with the providers in an oversight role; however, evaluating the detailed solution for suitability and viable exit planning becomes more complex. CP can be seen as a mid-way solution between complete solution insourcing and complete outsourcing.</p>
+
<h3>EIT Strategy Execution</h3>
+
<p>Poor strategy execution is the most significant management challenge facing public and private organizations in the 21st century according to Gartner (Lapkin & Young, 2011).&nbsp;[[#Ten|[10]]] </p>
+
<div id="Fig5"></div><p>'''Figure 5. Change Initiative Flow Chart''' ***need images</p>
+
<p>All strategies must be grounded with the following rigorous practices: </p>
+
 
<ul>
 
<ul>
<li>Outline the means for achieving desired outcomes: <br />
+
<li>Performing compliance activities and reporting them without any follow-up review, action, or consequences</li>
 +
<li>Poorly designed engagement model</li>
 +
<li>Uneven authority in governance oversight </li>
 +
<li>Ineffective delegation of authority</li>
 +
<li>Untimely actioning of governance issues</li>
 +
<li>Poorly thought out governance metrics (measuring the wrong thing, or encouraging the wrong activities)</li>
 +
<li>Inaccurate data collection and spotty reporting</li>
 +
<li>Drifting from the enterprise and business strategies over time so that governance is poorly focused</li>
 +
</ul>
 +
<p>On the other hand, there are known precepts for successful execution. No matter what EIT strategy an organization decides to adopt, the organization should: </p>
 +
<p>1. Outline the means for achieving desired outcomes, such as: </p>
 
<ul>
 
<ul>
<li>Specify timeframes and business scope that reflect needs and priorities.</li>
+
<li>Link all EIT strategies to business goals and objectives.</li>
<li> Link all EIT strategies to business goals and objectives.</li>
+
<li>Specify realistic timeframes and targets that reflect the organizations needs and priorities.</li>
<li>Create and support a means to generate and capture ideas for innovation and change, and their evaluation. </li>
+
<li>Create and support a means to generate, capture, evaluate, and implement ideas for improving execution in progress. </li>
<li>Support change-management processes with top-down and bottom-up validation.</li>
+
<li>Acknowledge and propose change within known constraints and risks including budgets, staffing capability, and EA plans. </li>
<li>Provide properly scaled strategies for business problems.</li>
+
<li>Implement the strategy into portfolios and projects via change initiatives. </li>
<li>Acknowledge and propose change within known constraints and risks including staffing capability and EA plans. </li>
+
<li>Create or refer to control processes in organizations that can give oversight to strategy execution. (Are we doing the right things and are things being done right?) </li>
<li>Refer to existing funding and planning engagement processes to move the strategy into portfolios and projects. </li>
+
<li>Create and live a culture of collaboration between the core business and EIT through shared metrics, communications, training plans, and change management support.</li>
<li>Create or refer to control processes in organizations that can give oversight to strategy execution. (Are we doing the right things and are the right things being done well?) </li>
+
<li>Ensure that the EIT strategy is captured in a living document as a ''game plan'' that states measures and targets for strategy achievement and specifies accountabilities.</li>
</ul></li>
+
<li>Actively monitor and adjust the EIT strategic plan to meet changing business priorities.</li>
<li>Ensure that the strategy is a living document and ''game plan'':<br />
+
<ul>
+
<li>Give targets for strategy achievement and specify reporting to an oversight body.</li></ul></li>
+
<li>Create and live a culture of collaboration between business and EIT through the specification of communications and training plans and change management support.</li>
+
<li>Provide adequate and sustained funding.</li>
+
<li>Propose active monitoring and adjustment of the strategic plan with renewal cycles.</li>
+
 
</ul>
 
</ul>
<h2>Governance</h2>
+
<p>2. Ensure full engagement across the business/EIT boundary, by using an enterprise and local interaction model for monitoring, guiding, and reporting. The interaction model seeks to:</p>
<p>EIT governance establishes a conformance process and authority to make sure the strategic plan is executed. EIT governance accomplishes this by setting into place policies that mandate the instigation of controls in all areas of EIT, including cost controls reporting, project oversight, service management, risk assessment and management, ethical behaviors, and change control. All of these controls fit within a framework of overall organization controls and policies, and are aligned to them.</p>
+
<p>To ensure full engagement across the business/EIT boundary, business and EIT executive sponsors provide oversight for EIT governance. EIT governance must set expectations at all levels in EIT for compliance using an enterprise and local interaction model for monitoring, guiding, and reporting. The following guidelines can help in this process:</p>
+
 
<ul>
 
<ul>
 
<li>Understand and work through the people side and the organizational side of proposed change and existing culture impacts. This is critical to the long-term success of strategy implementation and oversight (governance) efforts.</li>
 
<li>Understand and work through the people side and the organizational side of proposed change and existing culture impacts. This is critical to the long-term success of strategy implementation and oversight (governance) efforts.</li>
<li>Establish business/EIT collaboration and a communication governance model.</li>
+
<li>Establish business/EIT collaboration and a communication governance model to ensure open communication and collaboration for business-to-business, business-to-EIT, and cross-EIT perspectives.</li>
<li>Ensure that open communication and collaboration for business-to-business, business-to-EIT, and cross-EIT perspectives.</li>
+
 
<li>Establish collaborative principles, measurements, and escalation procedures as required.</li>
 
<li>Establish collaborative principles, measurements, and escalation procedures as required.</li>
 
<li>Ensure that external regulations and laws, market perspectives, and external perspectives are included. </li>
 
<li>Ensure that external regulations and laws, market perspectives, and external perspectives are included. </li>
 
</ul>
 
</ul>
<p>Lines-of-EIT business have their own special concerns that align to overall governance objectives, such as:</p>
+
<h3>Measurement: The Key to Strategy Execution</h3>
<ul>
+
<p>EIT managers and staff should jointly participate in selecting meaningful metrics to monitor and thus direct internal effort to those activities that provide the "most bang for the buck" in reaching their strategic objectives. The measures and metrics should extend from the lowest hands-on level to the level reported to the board of directors. All of these controls should fit within a hierarchy of goals and their measures.</p>
<li>Security &mdash; for example, local objectives and measures for blocking threats</li>
+
<p>What this means in simple terms is that you must define discrete goals that can be measured in order to know whether or not an enterprise strategy is being achieved. The measures used to determine if the goals are being met are high-level metrics that are built from lower-level, more detailed metrics. The result is a cross-functional hierarchy of measures. For example, "increase customer satisfaction" is a common goal. How do you know if it is happening? First, determine the components (the attributes) of customer satisfaction. They may range from sales order accuracy to length of time to reach customer support to billing accuracy. All of these can have a technology component as well as a business component. The hierarchy of goals and measures will thus need to include both business unit goals as well as EIT goals, with corresponding metrics. </p>
<li>Data &mdash; for example, prioritizing key financial data for accuracy in transactions </li>
+
<p>COBIT 5 describes this hierarchy as a cascade of goals and provides examples of 17 generic enterprise goals related to corresponding EIT goals. The 17 goals are grouped in the Balanced Scorecard categories of Financial, Customer, Internal and Learning, and Growth dimensions Each of these 17 requires further breakdown into attributes of each goal and how to measure the presence of those attributes. For example, one goal is service continuity and availability. Often, these goals have finer goals like allowable mean time before failure (MTBF) and required up-time, and these goals are documented in service level agreements (SLAs) or operations level agreements (OLAs) that specify corresponding metrics, like a 100 hours MTBF or 99% up-time.</p>
<li>Application &mdash; for example goals for availability</li>
+
<h2>EIT Operational Governance</h2>
<li>Enterprise architecture &mdash; for example, overall EIT strategy realization</li>
+
<p>EIT governance extends beyond strategy formulation and execution. It must of necessity guide and monitor all the day-to-day activities that serve the enterprise. EIT organizations that are constantly fighting fires, giving them no time to carry out change initiatives, are poorly governed. Governance of day-to-day operations must be well-governed and run smoothly to provide time and expertise to carry out new work. </p>
</ul>
+
<p>Businesses with superior EIT governance record 25 percent higher profits than those with poor governance.&nbsp;[[#Ten|[10]]] This type of positive value assessment for EIT governance is well established and clearly maps to EIT governance objectives of a reliable, trusted, responsive, and evolving EIT synced to business plans and needs. </p>
[[File: Figure2.6_BusinessGovernanceEngagementModel.jpg|700px]]
+
<p>Superior governance leads to superior performance. Superior performance is about doing the right things; it's not about putting in more hours, it's about prioritizing, planning, and executing the most impactful work. Good leadership provides clear direction on where the business is going and how to overcome the challenges that arise. Setting a clear direction not only gets people on board but also builds confidence in the organization's abilities to get results.</p>
<div id="Fig6"></div><p>'''Figure 6. Example of a Business and Governance Engagement Model'''</p>
+
<p>EIT governance includes the processes through which the organization's objectives are set and pursued in the context of the enterprise's social, regulatory, and market environment. Governance mechanisms include monitoring the actions, policies, practices, and decisions of EIT personnel, and affected stakeholders. EIT management must make sure that EIT processes, mechanisms, and accountabilities provide the organization with the capability to carry out all its areas of responsibility, such as reporting against budgets, project performance, service management, and risk assessment and management. </p>
<p>Business staff participate at all levels as stewards or subject-matter experts in areas such as legal, marketing, and manufacturing, requiring the EIT services as they set priorities locally that in turn set targets and thresholds for EIT performance. </p>
+
<p>Good leadership makes sure that the processes used to get things done are effective in facilitating work, not impeding it. Such processes are transparent and well-understood, so they help people get their jobs done. They are the foundation of EIT governance. </p>
<p>Enterprise architecture domain experts in application, data/information, infrastructure, and business provide coaching to work teams on an as-needed basis and are the front-line representatives for EIT governance. </p>
+
<p>Good leadership and good governance also depend on well-communicated policies whose values and purposes are understood. Policies often reflect an organization's culture. A policy can let people know it's OK to bring their dogs to work, or that people are entitled to a day off with pay for their birthdays. They let people know what sorts of behavior are expected and what the organization values.</p>
<h3>Governance Benefits Assessment Realization</h3>
+
<h3> Operational Assessment </h3>
<p>Businesses with superior EIT governance record 25 percent higher profits than those with poor governance.&nbsp;[[#Eleven|[11]]] This type of positive value assessment for EIT governance is well established and clearly maps to EIT governance objectives of reliable, trusted, responsive, and evolving EIT synced to business plans and needs. </p>
+
<p>Good governance depends on a thorough understanding of the organization's operational status. There are two basic ways to accomplish this. A well-run organization will have a good metrics definition and collection process in place so that managers can monitor their functions' performance in real-time. Less mature organizations often have to depend on point-in-time assessments to know the true state of affairs.</p>
<p>EIT audits are a specialized type of monitoring that challenge the self-reporting on governance metrics by performing direct assessment.&nbsp;[[#Twelve|[12]]] Some topics that an audit may cover include:</p>
+
<p>EIT assessments are a point-in-time type of monitoring that supplement the regular monitoring and reporting process. Maturing organizations often do self-assessments. When done by people outside the organization, they are often seen as audits. Some topics that an audit may cover include:</p>
 
<ul>
 
<ul>
 
<li>[http://eitbokwiki.org/Glossary#roi Return on investment (ROI)] </li>
 
<li>[http://eitbokwiki.org/Glossary#roi Return on investment (ROI)] </li>
 
<li>Data quality</li>
 
<li>Data quality</li>
<li>Inventory of licenses, hardware in use/owned</li>
+
<li>Inventory accuracy (licenses, software, hardware in use/owned)</li>
<li>Process performance assurance, rationalization, adherence as required from asserted levels of organization maturity</li>
+
<li>Process performance, rationalization, adherence to policies</li>
<li>Security assurance</li>
+
<li>Security effectiveness</li>
<li>Maturity assessment/reassessment </li>
+
<li>Maturity assessment and reassessment </li>
<li>Regulatory requirements adherence self-assessment of EIT governance </li>
+
<li>Regulatory requirements adherence </li>
<li>Overall assessment of EIT</li>
+
 
</ul>
 
</ul>
 
<p>The resulting reports include gaps found and remediation recommendations. </p>
 
<p>The resulting reports include gaps found and remediation recommendations. </p>
<p>As a line management and also a virtual organization, the costs to establish and operate EIT governance can be scaled to meet the strategically sensitive areas for the overall organization. Business and EIT share the EIT governance responsibility. Good governance requires exceptional leaders who can communicate across business and EIT subject domains. </p>
+
<p>The effort and cost to establish and operate EIT governance can be scaled to meet the strategically sensitive areas for the overall organization. Business and EIT share the EIT governance responsibility, because the business must communicate its needs to EIT and its satisfaction with EIT services. Good governance requires exceptional leaders who can communicate across business and EIT subject domains. </p>
<p>The value of EIT assets may not be regularly included on balance sheets. However, EIT governance is asked to participate in a valuation at a time of mergers, acquisitions, and liquidations.</p>
+
<h3>Financial Management</h3>
<h3>Ethics&nbsp;[[#Thirteen|[13]]]</h3>
+
<p>EIT management must plan for all needed EIT resources in its budgeting, including on-going operations, change initiatives, and growth plans. These resources to be budgeted for include salaries and overhead for personnel, training and professional development, licenses and leases, as well as new acquisition of outside services and material assets, [http://eitbokwiki.org/Glossary#contract contract] management with vendors including outsourcing, licensing, SLA, [http://eitbokwiki.org/Glossary#ola OLA], and cloud computing. Project resourcing also need to be taken into account. (See the [http://eitbokwiki.org/Acquisition Acquisition chapter]).</p>
<p>Ethical behaviors in an organization are judged relative to their cultural and regulatory framework. In some countries, money paid to gain business advantage is neither unethical nor illegal. </p>
+
<p>Assets represent value, not just cost, to the organization. That value should be tracked and reported for tax purposes, such as depreciation reporting. While assets are not always included on balance sheets, they must be considered at the time of an acquisition, merger, or liquidation.</p>  
<ul>
+
<p>Sometimes cost control can be an important, overriding priority that limits EA visions and plans for the overall EIT system evolution. However, such short-term thinking can be at the risk of mounting technical debt or even stand in the way of strategic projects. A better approach is cost management.</p>
<li>Ethical assertions should be expressed in EIT, tied to the overall business code of ethics, and signed off by all staff so that violations can be cause for reprimand or dismissal. </li>
+
<p>Cost management includes careful application of strategies, such as:</p>
<li>Vendors should be held to similar ethical standards.</li>
+
<li>A code of EIT ethics is created, and socialized.</li>
+
<li>Lists of employees who have signed off on the code are maintained by EIT governance.</li>
+
</ul>
+
<p>EIT ethical topics include those that may also be illegal, such as: </p>
+
<ul>
+
<li>Consideration of the social impact of the work at hand &mdash; if it will cause harm</li>
+
<li>Alignment of business and EIT strategies and policies to an ethical standard</li>
+
<li>Incorporation of the ideals of professionalism </li>
+
<li>Adherence to applicable regulatory intent</li>
+
<li>Protection for whistle blowers</li>
+
</ul>
+
<p>Call out these things specifically:</p>
+
<ul>
+
<li>Activities that interfere with or corrupt the proper function of computers, applications and systems</li>
+
<li>Activities that interfere with digital privacy or intellectual rights of others</li>
+
<li>Respect for confidentiality, privacy, permissions, and access rights </li>
+
<li>Inappropriate bias (skewing) of analysis and reporting</li>
+
<li>Inaction in the face of likely ethics violations</li>
+
</ul>
+
<h3>Policy and Process</h3>
+
<p>EIT governance can create numerous policies and processes to establish overall control, or can establish only a few policies that drive action in various delivery areas to create and maintain their own local aligned policies and processes. Determination of the right fit for control should be based on risk assessment by EIT governance and the resulting level of oversight that should be maintained. For example, security policies and processes should typically be set centrally so that all areas of the company are measured on exactly the same basis and changes are uniformly applied. Decentralization and therefore more coordinated information management policies and processes may be acceptable in a business that is more product oriented than service (data) oriented. </p>
+
<p>Even at the initial phase, an overall EIT governance policy, driven from an enterprise policy, is required to establish its authority.</p>
+
<h3>Cost Control</h3>
+
<p>Cost control is a central activity in EIT governance. EIT products and services are bundled into operations sustainment, major projects, and small changes. Business cases for the work are budgeted, prioritized, and funded. See also [http://eitbokwiki.org/Change_Initiatives Change Initiatives]. </p>
+
<p>The business sets priorities for development and operations. Those priorities must include the factors in the strategic environmental scan. For example, to ensure the rapid expansion of business geography plans, methods and designs may be adopted that diverge from the formal EIT strategies realizing cost savings. The cost control priority can be the important overriding priority that guides the possible easing of EA visions and plans for controlling the overall EIT system evolution, but at the risk of mounting technical debt.</p>
+
<p>[http://eitbokwiki.org/Glossary#tco Total cost of ownership (TCO)] improvements can be addressed by careful application of strategies, such as:</p>
+
 
<ul>
 
<ul>
 
<li>Infrastructure allocation/management</li>
 
<li>Infrastructure allocation/management</li>
Line 232: Line 185:
 
<li>Various outsourcing initiatives</li>
 
<li>Various outsourcing initiatives</li>
 
</ul>
 
</ul>
<h3>Investment Concept/Business Case Management</h3>
+
<h3>Quality Management</h3>
<p>Outside all operations and sustainment work, all activities are proposed through a standard funding process as shown in [[#Fig7|Figure&nbsp;7]].</p>
+
<p>Quality management&nbsp;[[#Twelve|[12]]] is a key control in EIT governance. The importance of high levels of quality throughout the EIT organization's actions, services, and products is manifested across all policies, processes, and procedures. There are two basic ways of approaching quality. The first is to take a passive approach; in effect, to adhere to the idea that quality is "baked in" to the organization through the policies, processes, and procedures, and where quality controls are established as an output measurement, much like in manufacturing environments. The second approach is more active, setting out a separate responsibility for quality that establishes responsibility and accountability, checks adherence, and advises and reports on quality risks and failures at many points along work streams.</p>
[[File:Figure2.5.JPG|700px]]
+
<p>The adoption of accepted practices given in standards and frameworks is an indication of a more mature organization requiring active quality management as part of overall EIT governance. For example, [http://eitbokwiki.org/Glossary#iso ISO] Standard 9001 applies to any organization that:</p>
<div id="Fig7"></div><p>'''Figure 7. Steps in Business Case Development'''</p>
+
<p>Work is prioritized and moved forward into the realization phase based on the business and EIT strategic plans within the [http://eitbokwiki.org/Change_Initiatives Change Initiatives chapter]. The process is monitored for continuing business alignment and need, feasibility factors, stakeholder interest, resourcing opportunities, competitor activity, new EIT tools and approaches, and government requirements in the industry. All of these factors influence the speed at which concepts move through the process or even get dropped entirely from the plan.</p>
+
<p>[http://eitbokwiki.org/Glossary#contract Contract] management with vendors including outsourcing, licensing, SLA, [http://eitbokwiki.org/Glossary#ola OLA], cloud computing, and project resourcing is also the responsibility of EIT governance (see also the [http://eitbokwiki.org/Acquisition Acquisition chapter]).</p>
+
<h3>Quality&nbsp;[[#Fourteen|[14]]]</h3>
+
<p>Quality is a key control in EIT governance that is manifested across all policies, processes, and procedures. There are two basic ways of approaching quality. The first is to take a passive approach; in effect to adhere to the idea that quality is “baked in” to the organization through the policies, processes, and procedures, and where quality controls are established as an output measurement much like in manufacturing environments. The second approach is more active, setting out a separate responsibility for quality that establishes responsibility, checks adherence, and advises and reports on quality risk and failures along at many points along work streams.</p>
+
<p>The adoption of best practices is an indication of a more mature organization requiring active quality-assurance management as part of overall EIT governance. For example, Quality standard [http://eitbokwiki.org/Glossary#iso ISO] 9001 applies when an organization:</p>
+
 
<ul>
 
<ul>
 
<li>Needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements.</li>
 
<li>Needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements.</li>
 
<li>Aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.</li>
 
<li>Aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.</li>
 
</ul>
 
</ul>
<p>Monitoring and performing impact analysis of regulatory and changes in industry standards is also a quality assurance activity shared with legal and enterprise architecture.</p>
+
<p>Several other ISO and IEEE standards provide guidelines for quality management within an EIT organization. See the [http://eitbokwiki.org/Quality Quality chapter] for information on these.</p>
 +
<p>Monitoring and performing impact analysis of regulatory and changes in industry standards is also a quality management activity shared with legal departments and enterprise architecture.</p>
 
<p>An organization can address the risk of damage to its reputation and potential fines due to information leakage and misinterpretation by adopting strong data quality-assurance practices within a data-governance program.&nbsp;[[#Fifteen|[15]]]</p>
 
<p>An organization can address the risk of damage to its reputation and potential fines due to information leakage and misinterpretation by adopting strong data quality-assurance practices within a data-governance program.&nbsp;[[#Fifteen|[15]]]</p>
<p>The EIT functions described below all have quality dimensions to their activities. See also the [http://eitbokwiki.org/Quality Quality chapter].</p>
+
<h3>EIT Risk Management </h3>
<h3>EIT Risk Management and Regulatory Compliance&nbsp;[[#Sixteen|[16]]]</h3>
+
<p>EIT policies, standards, and processes should include explicit sections on [http://eitbokwiki.org/Glossary#risk risk] tolerance and EIT's approaches to risk management including EIT security policy, EIT governance policy, EIT financial management policy, data privacy and classification policy, disaster preparedness policy, supply chain management, vendor management, employee ethics, and regulation adherence policy.</p>
<p>EIT policies, standards, and processes all deal with [http://eitbokwiki.org/Glossary#risk risk] to some degree. Policies typically include explicit sections on risk approaches that the organization wants to adopt including EIT security policy, EIT governance policy, EIT financial management policy, data privacy and classification policy, disaster preparedness policy, supply chain management, vendor management, employee ethics, and regulation adherence policy.</p>
+
<p>Risk management&nbsp;[[#Sixteen|[16]]] in EIT involves the following activities:</p>
<p>Risk management in EIT involves the following activities:</p>
+
 
<ul>
 
<ul>
<li>'''Risk identification''' &mdash; Relevant EIT risk profiles on systems are specified. Types of risks are financial, reputational, regulatory (projected and current), security, EIT disaster, market innovation speed, and supplier performance. </li>
+
<li>'''Risk identification'''—Relevant EIT risk profiles on systems are specified. Types of risks are financial, reputational, regulatory (projected and current), security, EIT disaster, market innovation speed, and supplier performance. </li>
<li>'''Risk evaluation''' &mdash; All identified risks are evaluated for their severity and likelihood. </li>
+
<li>'''Risk evaluation'''—All identified risks are evaluated for their severity and likelihood. </li>
<li>'''Risk response''' &mdash; Response plans are generated for the most severe and likely risks. Generally, the response is either to accept the risk and do nothing because likelihood or organization concern is low, to accept the risk and plan contingencies for the occurrence, or to transfer the risk to a third party via insurance. </li>
+
<li>'''Risk response'''—Response plans are generated for the most severe and likely risks. Generally, the response is either to accept the risk and do nothing because likelihood or organization concern is low, to accept the risk and plan contingencies for the occurrence, or to transfer the risk to a third party via insurance. </li>
 
</ul>
 
</ul>
<div id="MaturityManagement"></div><h3>EIT Maturity Management&nbsp;[[#Seventeen|[17]]]</h3>
+
<div id="MaturityManagement"></div><h3>EIT Maturity Management</h3>
<p>The maturity of EIT functions directly relates to the ability to execute the EIT strategy. Therefore, there is a need to assess maturity as an input to a realistic plan and as a guide to maturing EIT to desired levels. In other words, unless the EIT organization understands its own needs and abilities, it can’t make plans to do more or to improve. The adoption of lessons learned is a key improvement strategy. </p>
+
<p>The maturity of EIT functions&nbsp;[[#Seventeen|[17]]] directly relates to the ability to provide a consistent level of business support as well as to execute the EIT strategy. Therefore, there is a need to assess maturity as an input to a realistic plan and as a guide to maturing EIT to desired levels. In other words, unless the EIT organization understands its own capabilities and its own shortcomings, it can't make effective plans to take on more work or to otherwise improve. </p>
 
<p>Some principles in mounting and actioning maturity assessments are:</p>
 
<p>Some principles in mounting and actioning maturity assessments are:</p>
 
<ul>
 
<ul>
 
<li>Business and EIT culture and interaction are key elements to capability and performance and cannot be ignored in an evaluation. </li>
 
<li>Business and EIT culture and interaction are key elements to capability and performance and cannot be ignored in an evaluation. </li>
 
<li>Outputs of the maturity analysis are direct inputs to planning and the strategy plan execution roadmap. </li>
 
<li>Outputs of the maturity analysis are direct inputs to planning and the strategy plan execution roadmap. </li>
 +
<li>The adoption of lessons learned is a key improvement strategy.</li>
 
</ul>
 
</ul>
<p>Maturity assessment involves scoring against criteria and a ranking scheme. This assessment is generally organized in ascending steps with strategies on how to move up the maturity scale. Scales are often 1-5 and indicate increasing levels of maturity. Some schemes allow for scoring that includes decimal points (e.g., 2.5).</p>
+
<p>Improvements will necessarily require changes, so change initiatives should be defined for these activities and executed and monitored as projects. Projectizing such efforts also enables ''reality checks'' on the goals and timing to the desired objectives as materialized through EIT change initiatives. (See also [http://eitbokwiki.org/Change_Initiatives Change Initiatives]). </p>
<ol>
+
<h3>Service Management</h3>
<li>'''Performed:''' Activities are performed in an ad hoc manner.</li>
+
<p>Service management&nbsp;[[#Nineteen|[19]]] in EIT encompasses the full system lifecycle support from concept to deployment and retirement. The most widely known "recommended practices" for service management are described in the ITIL framework and reflected in ISO/IEC/IEEE standard 20000. These references provide guidance for designing and implementing control structures within the EIT governance framework including: </p>
<li>'''Managed:''' Activities are performed with managed processes.</li>
+
<li>'''Defined:''' Activities are defined so the organization can performed them in a uniformed manner.</li>
+
<li>'''Measured:''' Oversight is given to the performed activities to ensure performance and uniformity.</li>
+
<li>'''Optimized:''' Continuous improvement processes are in place on the defined and measured processes.</li>
+
</ol>
+
<p>Periodic reassessments are performed to gauge progress against the baseline assessment and prior periods. Adjustments to the efforts to maintain and improve maturity can then be made against possible strategic priority changes, governance initiatives, and roadmap resets. </p>
+
<p>Maturity assessments on internationally recognized frameworks generally involve external auditors with certification and recertification requirements. Engagement in the maturity assessment and improvement process requires a minimum level of organization self-awareness to the issues and commitment to the improvements necessary. A cultural readiness, resistance, and capability assessment may be built into a maturity assessment. </p>
+
<p>Bodies of knowledge guides exist as capability and light maturity assessment frameworks many of which are referenced by EITBOK. </p>
+
<p>[http://eitbokwiki.org/Glossary#cmmi Capability Maturity Model Integration (CMMI)]&nbsp;[[#Eighteen|[18]]] is a standard reference model for process improvement with cross-sector applicability with special focuses:</p>
+
<ol>
+
<li>Product and service development &mdash; [http://eitbokwiki.org/Glossary#cmmi_dev CMMI for Development (CMMI-DEV)]</li>
+
<li>Service establishment, management, &mdash; [http://eitbokwiki.org/Glossary#cmmi_svc CMMI for Services (CMMI-SVC)]</li>
+
<li>Product and service [http://eitbokwiki.org/Glossary#acquisition acquisition] &mdash; [http://eitbokwiki.org/Glossary#cmmi_acq CMMI for Acquisition (CMMI-ACQ)]</li>
+
<li>Data management &mdash; [http://eitbokwiki.org/Glossary#cmmi_dmm CMMI for Data (CMMI-DMM)]</li>
+
</ol>
+
<p>When reviewed and areas prioritized by management, a maturity assessment is an input to the EIT roadmap development for change.</p>
+
<p>Organizing and communicating for change in order to move up the maturity scale is managed by EIT governance. </p>
+
<p>EIT governance also provides ''reality checks'' on the goals and timing to the desired objectives as materialized through EIT change initiatives. (See also [http://eitbokwiki.org/Change_Initiatives Change Initiatives]). </p>
+
<h3>Service Management&nbsp;[[#Nineteen|[19]]]</h3>
+
<p>Service management in EIT has its own strategic plan encompassing the full system life cycle support from concept to deployment and retirement. It is the EIT function that designs and implements control structures within the EIT governance framework including: </p>
+
 
<ul>
 
<ul>
<li>Service strategy &mdash; demand and financial management for service portfolio management; see [[#strategic_planning|EIT Strategic Planning]] </li>
+
<li>'''Service strategy'''—see the [[#strategic_planning|EIT Strategic Planning]] section</li>
<li>Service design &mdash; [http://eitbokwiki.org/Enterprise_Architecture Enterprise Architecture], [http://eitbokwiki.org/Requirements Requirements], and [http://eitbokwiki.org/Construction Construction] chapters </li>
+
<li>'''Service design'''—see the [http://eitbokwiki.org/Enterprise_Architecture Enterprise Architecture], [http://eitbokwiki.org/Requirements Requirements], and [http://eitbokwiki.org/Construction Construction] chapters </li>
<li>Service transition &mdash; [http://eitbokwiki.org/Transition_into_Operation Transition into Operation] chapter</li>
+
<li>'''Service transition'''—see the [http://eitbokwiki.org/Transition_into_Operation Transition into Operation] chapter</li>
<li>Service operations &mdash; [http://eitbokwiki.org/Operations_and_Support Operations] chapter</li>
+
<li>'''Service operations'''—see the [http://eitbokwiki.org/Operations_and_Support Operations] chapter</li>
<li>Continual service improvement &mdash; measurement, monitoring, reporting including monitoring for compliance, financial performance, monitoring customer and employee satisfaction</li>
+
<li>'''Continual service improvement'''—measurement, monitoring, reporting including monitoring for compliance, financial performance, monitoring customer, and employee satisfaction</li>
 
</ul>
 
</ul>
<h3>Project Management Oversight&nbsp;[[#Twenty|[20]]]</h3>
+
<h3>Project Management</h3>
<p>Project management is an integral part of EIT governance, and a requirement for all change initiatives in EIT including new projects, enhancements, upgrades, and significant operations changes. These include traditional EIT activities as well as supporting activities such as communications and human resources. </p>
+
<p>Project management&nbsp;[[#Twenty|[20]]] is required for all change initiatives in EIT including new services or equipment deployment, enhancements/upgrades to existing services, and significant operations changes. These include traditional EIT activities as well as supporting activities such as communications and human resources. </p>
<p>EIT governance mandates that project-level controls are initiated and sustained at a level appropriate for the scale of the work that satisfies EIT governance reporting requirements. Required project-level controls include quality, cost, risk, schedule, deliverables, process, and authority.</p>
+
<p>The PMI/IEEE Software Extension to the Project Management Body of Knowledge (PMBOK) is an extensive reference that addresses both agile and plan-driven projects. It describes project-level controls that can be adjusted to the level appropriate for the scale of the work. Required project-level controls include defining quality, cost, deliverables, risk, and schedule expectations, as well as process to be used, and authorities for decision-making.</p>
 
<ul>
 
<ul>
<li>All EIT activities require a planning horizon and it is EIT governance that ensures that the adequate resources (including staff, material, and funding) are available to approved activities in a timely manner. In this way, EIT governance at the CIO-level works closely with vendors, project managers, financial management staff, and suppliers to achieve these aims.</li>
+
<li>Good EIT governance ensures that the adequate resources (including staff, training, equipment, and funding) are available when needed. EIT governance works closely with vendors, project managers, financial management staff, and suppliers to achieve these aims.</li>
<li>The [http://eitbokwiki.org/Glossary#pmo project management office (PMO)] supports a subset of all projects. This formal oversight body is setup to instantiate best repeatable practices in project management and to assist in reporting status. PMO scope is usually limited to those projects holding significant risk to the organization, and significant cost.</li>
+
<li>Medium-sized and large EIT organizations typically establish a [http://eitbokwiki.org/Glossary#pmo project management office (PMO)] to support projects, provide management guidance, and assist in reporting status. This formal oversight body is set up to instantiate common project management practices and reporting consistency across projects. In some organizations, PMO scope is limited to "large projects" (those projects holding significant risk to the organization, and significant cost). This approach usually ends up with the same pitfall: more and more projects are defined as "small" and more and more of them fail to meet cost or feature or schedule expectations.</li>
 
</ul>
 
</ul>
<h3>EIT Portfolio and Program Management</h3>
+
<h3>Portfolio and Program Management </h3>
<p>Reporting and oversight is also applied to aggregates of projects into portfolios and programs. EIT portfolios are a set of scoped applications and systems that are closely interrelated; for example, the accounts payable, accounts receivable, and ledger production in an organization. Programs may span portfolios as multi-phase, multi-year initiatives. Project and portfolio grouping allows for more holistic views on change, impact analysis and synergies, business case development, upgrading, operations problem identification, communication and recovery, vendor and business relationship management, and multi-project oversight. </p>
+
<p>EIT portfolio management is the application of systematic management to the investments, projects, and activities of Enterprise information technology (EIT) departments.</p>
<p>Portfolio managers work closely with project managers, architects, operations managers, and business users to make sure that the relationships and the understanding between the business and EIT are strong and transparent. </p>
+
<p>Portfolio management enables high-level views of all capabilities provided by EIT so that new work proposals can be evaluated against the portfolio as a whole. EIT portfolios may have defined aggregate subsets. An aggregate subset is a set of scoped applications and systems that are closely interrelated; for example, the accounts payable, accounts receivable, and ledger production in an organization. In some instances, the organization creates the role of portfolio manager. Portfolio managers work closely with project managers, architects, operations managers, and business users to make sure that the relationships and the understanding between the business and EIT are strong and transparent.</p>
<p>Programs can affect multiple portfolios and often have their own multi-year separate organization structure and board-level interest and oversight. In this way, activities are:</p>
+
<p>Programs can span portfolios as multi-phase, multi-year initiatives. Project and portfolio grouping allows for more holistic views on change, impact analysis and synergies, business case development, upgrading, operations problem identification, communication and recovery, vendor and business relationship management, and multi-project oversight. Programs can span multiple systems and often have their own multi-year separate organization structure and board-level oversight. </p>
 +
<p>In budgeting for all EIT activities, their value to the enterprise must be evaluated. So called "support activities" are no exception. All proposed efforts should be evaluated through a common lens and should use a standard funding process, as shown in [[#Fig4|Figure&nbsp;4]]. This approach enables the EIT organization to escape the problem of 80% of its resources being allocated to "maintenance," because it forces business and EIT management to examine the cost-effectiveness of sustaining all old systems—regardless of value to the business strategy—rather than adding new services.</p>
 +
<p>Two types of discipline are required: (1) using business cases to evaluate proposed new work, and (2) ceasing to treat enhancement requests on a piecemeal basis, because they are "too small" to worry about. (For details see the section about managing change requests in the [http://eitbokwiki.org/Operations_and_Support Operations] chapter).</p>
 +
<p>[[File:Figure2.5.JPG|700px]]<br /><div id="Fig4"></div>'''Figure 4. Steps in Business Case Development'''</p>
 +
<p>Work is prioritized and moved forward into the realization phase based on the business and EIT strategic plans. The [http://eitbokwiki.org/Change_Initiatives Change Initiatives chapter] describes how new projects are treated as change initiatives in order to be successful. The process is monitored for continuing business alignment and need, and considers feasibility factors, stakeholder interest, resourcing opportunities, competitor activity, new EIT tools and approaches, and government requirements in the industry in evaluating proposals for both enhancements and new services. </p>
 +
<h2>EIT Governance Reporting</h2>
 +
<p>Governance reporting is meant to help managers keep an eye on strategic themes, identify potential areas for improving processes, and recognize early on when projects are at risk. It can help managers determine when to offer opportunities for supported learning and improvement in underperforming areas. </p>
 +
<p>However, governance reporting is only useful when it is reporting progress against goals and milestones, and when the consumers of the reports have the necessary authority to take appropriate action and are accountable to do so. Appropriate accountability can ensure that active oversight is in place to handle possible performance issues, including penalties to third parties. (With regard to third parties, also see the [http://eitbokwiki.org/Acquisition Acquisition chapter].)</p>
 +
<p>Effective reporting has the following characteristics:</p>
 
<ul>
 
<ul>
<li>A new layer of activity that introduces broader change impacting large parts of existing EIT through replacement, incremental improvements, and significant new approaches, such as mobile application, CP, and cloud computing. </li>
+
<li>A hierarchy of goals (including SLAs and OLAs) and measures is defined for monitoring achievement of strategic goals at all levels of management, including team leaders. </li>
<li>Geared tightly to high business priorities and strategies. Every program is directly linked to achieving specific business (and by inheritance EIT strategy) goals and objectives. </li>
+
<li>Weekly reports provide current results for goal measurement. Weekly reports do NOT consist of "this is what we did this week," without reference to what goals are supposed to be tracked. </li>
 +
<li>Weekly reports include issues (actual and potential) that have arisen. Leaders use a feedback or action model to ensure that issues are addressed quickly. Review and remediation actions are authorized at the appropriate level.</li>
 +
<li>Typical EIT governance reporting consists of reports up the chain to C-level officers or to the top-level leaders of the accountable steering committee, oversight committee, or operations committee.</li>
 
</ul>
 
</ul>
<h3>EIT Change Management&nbsp;[[#Twentyone|[21]]]</h3>
+
<p>Metrics and measures standardize the reports to allow the tracking of progress over time. (A measure quantifies something, such as miles. A metric is a derivative of measures, such as miles per hour.) Some metrics can be characterized as [http://eitbokwiki.org/Glossary#kpi key performance indicators (KPIs)], which are of special significance to EIT and business as they are considered to best support the highest priorities. KPIs are financial and nonfinancial measures of the results of a business' strategic plans. A KPI is a reflection of the degree to which an outcome is achieved. A KPI may be directly measured/assessed, or it may be derived from a metric, other KPIs, or combination of metrics and KPIs. For example:</p>
<p>The change management function exercises the authority to introduce change into the EIT environment and is the responsibility of both the business and EIT. The governing of change management activities occurs at varying levels of detail depending on the nature of the change. Any change, whether a commissioning of a new system, an application enhancement, a sustainment activity to maintain operations, or corrective action to repair a defect, is approved through governance processes. </p>
+
<ul>
 +
<li>Error rate is a quantitative KPI composed of two metrics, an error count and a time interval.</li>
 +
<li>Customer satisfaction is a qualitative KPI that may be composed of a number of metrics and KPIs, such as return purchases and the results of surveys.</li> </ul>
 +
<p>Generally, effective reporting includes: </p>
 
<ul>
 
<ul>
<li>'''Changes may be at the strategic re-alignment level''' as plans and architecture responses move to adjust projects and programs that are prioritized or in flight, including the possibility of activity shutdown. </li>
+
<li>Progress reporting:
<li>'''Changes may be at the operational level''' where a change control board or change advisory board approves code or systems, or data changes into the production environments and can include planned and unplanned (emergency) changes, projects, and releases.</li>
+
<li>'''Incidents occurring from change handling activities are reported to EIT governance''' for possible response particularly if additional funding is required for corrective action. Other incident handling occurs at a more local response level. </li>
+
<li>'''Change patterns are monitored''' and advice on adjustments to programs and procedures are generated for EIT governance consideration. </li>
+
</ul>
+
<p>The [http://eitbokwiki.org/Transition_into_Operation Transition into Operation chapter] discusses both project and release management including the preparation of the environment prior promotions into production operations. </p>
+
<h3>EIT Governance Reporting</h3>
+
<p>Governance reporting keeps an eye on strategic themes, potentials for intervention on processes, and projects that are at risk, and offers opportunities for supported learning and improvement in underperforming areas. Appropriate accountability drives change and control authority and can ensure that active oversight is in place to handle possible performance penalties to third parties. Also see the [http://eitbokwiki.org/Acquisition Acquisition chapter].</p>
+
 
<ul>
 
<ul>
<li>Build a feedback or action model to ensure that issues are addressed quickly. Review and remediation actions are authorized at the appropriate level.</li>
+
<li>Adherence to action plan (activities) and funding (budget versus actuals) </li>
<li>Typical EIT governance reporting consists of interval reports to C-level officers in a steering committee, oversight committee, or operations committee with measures of performance and issues from the governance management streams described in brief. Reporting at a board of directors level integrates a smaller set of measures from EIT governance.</li>
+
<li>Goal achievement measures (for example, to show progress against the balanced scorecard)</li>
 +
<li>Execution plan achievement </li>
 +
</ul></li>
 +
<li>Organization changes and their effect</li>
 +
<li>Financial position trending and forecast</li>
 +
<li>Problem tracking, such as outstanding trouble tickets</li>
 +
<li>Emergency preparedness/disaster drills results</li>
 +
<li>Quality scorecard for SLAs and OLAs, and for development projects</li>
 +
<li>Metrics that are well-defined and used consistently so that trends can be detected over time</li>
 +
<li>A clearly defined purpose of each metric, defined in terms of what insights it reports; that is, what is being measured and why</li>
 
</ul>
 
</ul>
<p>Metrics&nbsp;[[#Twentytwo|[22]]] standardize the reports and allow the tracking of progress over time. Some metrics can be characterized as [http://eitbokwiki.org/Glossary#kpi KPI] that are of special significance to EIT and business as they are considered to best support the highest priorities.</p>
+
<h2>Summary</h2>
 +
<p>According to Michael Porter[[#Eleven|[11]]], more than 80% of organizations do not successfully execute their business strategies. He estimates that in over 70% of these cases, the reason was not the strategy itself, but ineffective execution. Poor strategy execution is the most significant management challenge facing public and private organizations in the 21st century according to Gartner[[#Twelve|[12]]]. What good does it do for an organization to have a well-considered strategy that it cannot execute? Such a scenario, which is all too common according to Porter, has a dual downside. The organization will fall further behind the competition and sub-optimize resources and revenue opportunities. But that same organization will spend significant capital on failed projects that can undermine confidence with customers and investors in the management team and the organization as a whole. This is not a good position to be in and, therefore, organizations must determine effective ways to take business strategy and make it actionable. </p>
 +
<p>Important idea to take away from this chapter are:</p>
 
<ul>
 
<ul>
<li>General themes are based on strategic plan, project, and operations demands:<br />
+
<li>Recognize that enterprise strategy drives EIT strategy.</li>
<ul>
+
<li>Understand your purpose for creating an EIT strategy.</li>
<li>Adherence to action plan and funding </li>
+
<li>Understand current EIT operations.</li>
<li>Goal achievement measures (e.g., balanced scorecard)</li>
+
<li>Plan for working on the things that matter to enterprise.</li>
<li>Plan execution achievement </li>
+
<li>Take a multi-year perspective, and revisit the plan on a periodic basis for confirmation or changes. </li>
<li>Organization change</li>
+
<li>Enable reliable, nimble, and efficient response to changes in strategic objectives.</li>
<li>Financial position trending, demand forecast</li>
+
<li>Plan for flexibility and change in governance structure, accountability, and priorities.</li>
<li>Outstanding work tickets</li>  
+
<li>Measure progress and performance against the strategic roadmap as well as on a project and operations basis.</li>
<li>Emergency preparedness/disaster drills results</li>
+
<li>Enable change, even to the plan itself, as required.</li>
<li>Quality scorecard</li>
+
<li>Advise and align subordinate EIT strategic plans into an overall framework for delivery.</li>
</ul></li>
+
<li>Continually foster communications and understanding between EIT and enterprise.</li>
<li>All metrics should have measurable targets. There are a number of reporting approaches, with the scorecard approach being the most common.&nbsp;[[#Twentythree|[23]]]</li>
+
<li>Set expectations within a code of ethics framework.</li>
<li>Participant reporting from EIT areas often have more stringent targets set to ensure higher-level aggregate successful target achievement overall. Participant reporting may also combine with other lateral participant reporting metrics in an additive or algorithmic manner to construct higher-level metrics and measures.</li>
+
<li>Foster a continuous learning organization.</li>
 +
<li>Look ahead for continuity planning as part of risk management planning. </li>
 
</ul>
 
</ul>
<p>It is becoming common for senior managers to have compensation partially or entirely driven by these performance measurement results. </p>
+
<p>Good governance consists of good processes and actions in making and implementing decisions. Strategy and its clear goals provide the yardstick for making decisions. Good governance has several characteristics that underpin all the governance areas described above. These characteristics include well-understood meeting procedures, service quality protocols, management conduct, role clarification, and good working relationships, all of which contribute to the hallmarks of effective EIT governance: accountability, transparency, participation, and ethical behavior. </p>
<h2>Effective Strategy and Governance</h2>
+
<h2> Key Maturity Frameworks</h2>
<p>EIT governance is effective only if cultural and management buy in are deeply established and carried on in a continuous manner to the appropriate level of management with a communication plan. However, that is not enough to ensure governance success. Reasons for ineffective governance include:</p>
+
<p>Capability maturity for EIT refers to its ability to reliably perform. Maturity is measured by an organization's readiness and capability expressed through its people, processes, data, and technologies and the consistent measurement practices that are in place. See [http://eitbokwiki.org/Enterprise_IT_Maturity_Assessments Appendix F] for additional information about maturity frameworks.</p>
 +
<p>Many specialized frameworks have been developed since the original Capability Maturity Model (CMM) that was developed by the Software Engineering Institute in the late 1980s. This section describes how some of those apply to the activities described in this chapter. </p>
 +
<h3> IT-Capability Maturity Framework (IT-CMF) </h3>
 +
<p>The IT-CMF was developed by the Innovation Value Institute in Ireland. This framework helps organizations to measure, develop, and monitor their EIT capability maturity progression. It consists of 35 EIT management capabilities that are organized into four macro capabilities: </p>
 
<ul>
 
<ul>
<li>Compliance activities and reporting without any review, action, or consequences</li>
+
<li>Managing EIT like a business</li>
<li>Poorly designed engagement model</li>
+
<li>Managing the EIT budget</li>
<li>Uneven authority in governance oversight </li>
+
<li>Managing the EIT capability</li>
<li>Ineffective delegation of authority</li>
+
<li>Managing EIT for business value</li>
<li>Untimely actioning of governance issues</li>
+
<li>Poorly thought out governance metrics (measuring the wrong thing, or encouraging the wrong activities)</li>
+
<li>Inaccurate data collection and spotty reporting</li>
+
<li>Drifting from the enterprise and business strategies over time so that governance is misfocused</li>
+
 
</ul>
 
</ul>
 
+
<p>Each has five different levels of maturity starting from ''initial'' to ''optimizing''. The three most relevant critical capabilities are IT leadership and governance (ITG), strategic planning (SP), and benefits assessment and realization (BAR).</p>
 
+
<h4>Leadership and Governance Maturity</h4>
<h2>Summary</h2>
+
<p>The following statements provide a high-level overview of the IT leadership and governance (ITG) capability at successive levels of maturity.</p>
<p>According to Michael Porter (Porter, M.E. (2008). The Five Competitive Forces That Shape Strategy. Harvard Business Review, January 2008, pp. 79–93), more than 80% of organizations do not successfully execute their business strategies. He estimates that in over 70% of these cases, the reason was not the strategy itself, but ineffective execution. Poor strategy execution is the most significant management challenge facing public and private organizations in the 21st century according to Gartner (Lapkin, Anne, & Young, Colleen M. (2011). The Management Nexus: Closing the Gap Between Strategy and Execution. Gartner).
+
<table>  
What good does it do for an organization to have a well-considered strategy that it cannot execute? Such a scenario, which is all too common according to Porter, has a dual downside. The organization will fall further behind the competition and sub-optimize resources and revenue opportunities. But that same organization will spend significant capital on failed projects that can undermine confidence with customers and investors in the management team and the organization as a whole. This is not a good position to be in and, therefore, organizations must determine effective ways to take business strategy and make it actionable. </p>
+
<tr valign="top">
<p>EIT strategy determines the basic long-term goals of an enterprise. Effective EIT governance is the key to executing that EIT strategy.</p>
+
<td width="10%">Level 1</td>
<p>Good governance is good processes and actions in making and implementing decisions. Strategy  and its clear goals  provide the yardstick for making decisions.  Good governance has several characterisitics that underpin all of the governance areas described above. These characteristics include well-understood meeting procedures, service quality protocols, management conduct, role clarification and good working relationships, all of which contribute to the hallmarks of effective EIT governance: accountability, transparency, participation and ethical behavior.
+
<td>IT leadership and governance are non-existent or are carried out in an ad hoc manner.</td>
</p>
+
 
+
<h2> Key Competence Frameworks</h2>
+
<p>While many large companies have defined their own sets of skills for purposes of talent management  (to recruit, retain, and further develop the highest quality staff members that they can find, afford and hire), the advancement of EIT professionalism will require common definitions of EIT skills that can be used not just across enterprises, but also across countries. We have selected 3 major sources of skill definitions. While none of them is used universally, they provide a good cross-section of options. </p>
+
 
+
<p>Creating mappings between these frameworks and our chapters is challenging, because they come from different perspectives and have different goals. There is rarely a 100% correspondence between the frameworks and our chapters, and, despite careful consideration some subjectivity was used to create the mappings.  Please take that in consideration as you review them.</p>
+
 
+
<h3>Skills Framework for the Information Age</h3>
+
<p> The Skills Framework for the Information Age (SFIA) has defined nearly 100 skills. SFIA describes 7 levels of competency which can be applied to each skill. Not all skills, however, cover all seven levels. Some reach only partially up the seven step ladder. Others are based on mastering foundational skills, and start at the fourth or fifth level of competency.  It is used in nearly 200 countries, from Britain to South Africa, South America, to the Pacific Rim, to the United States. (http://www.sfia-online.org)</p>
+
 
+
 
+
<table cellpadding="5"  border="1">
+
<tr>
+
<th>Skill</th>
+
<th>Skill Description</th>
+
<th width="10%">Competency Levels</th>
+
 
</tr>
 
</tr>
 
+
<tr valign="top">
<tr>
+
<td>Level 2</td>
<td valign="top">IT governance</td>
+
<td>Leadership with respect to a unifying purpose and direction for EIT is beginning to emerge. Some decision rules and governance bodies are in place, but these are typically not applied or considered in a consistent manner.</td>
<td>The establishment and oversight of an organisation's approach to the use of information, digital services and associated technology. Includes responsibility for provision of digital services; levels of service and service quality which meet current and future business requirements; policies and practices for conformance with mandatory legislation and regulations; strategic plans for technology to enable the organisation's business strategy; transparent decision making, leading to justification for investment, with appropriate balance between stakeholder benefits, opportunities, costs, and risks.</td>
+
<td valign="top" >5-7</td>
+
 
</tr>
 
</tr>
<tr>
+
<tr valign="top">
<td valign="top">Enterprise and business architecture</td>
+
<td>Level 3</td>
<td>The creation, iteration, and maintenance of structures such as enterprise and business architectures embodying the key principles, methods and models that describe the organisation's future state, and that enable its evolution. This typically involves the interpretation of business goals and drivers; the translation of business strategy and objectives into an “operating model”; the strategic assessment of current capabilities; the identification of required changes in capabilities; and the description of inter-relationships between  people, organisation, service, process, data, information, technology and the external environment.
+
<td>Leadership instills commitment to a common purpose and direction for EIT across the EIT function and some other business units. EIT decision-making forums collectively oversee key EIT decisions and monitor performance of the EIT function.</td>
 
+
The architecture development process supports the formation of the constraints, standards and guiding principles necessary to define, assure and govern the required evolution; this facilitates change in the organisation's structure, business processes, systems and infrastructure in order to achieve predictable transition to the intended state.</td>
+
<td valign="top" >6-7</td>
+
 
</tr>
 
</tr>
 
+
<tr valign="top">
<tr>
+
<td>Level 4</td>
<td valign="top">IT strategy and planning</td>
+
<td>Leadership instills commitment to a common purpose and direction for EIT across the organization. Both the EIT function and other business units are held accountable for the outcomes from EIT.</td>
<td>The creation, iteration and maintenance of a strategy in order to align IT plans with business objectives and the development of plans to drive forward and execute that strategy. Working with stakeholders to communicate and embed strategic management via objectives, accountabilities and monitoring of progress.</td>
+
<td valign="top" >5-7</td>
+
 
</tr>
 
</tr>
 
+
<tr valign="top">
<tr>
+
<td>Level 5</td>
<td valign="top">Information management</td>
+
<td>EIT governance is fully integrated into the corporate governance model, and governance approaches are continually reviewed for improvement, regularly including insights from relevant business ecosystem partners.</td>
<td>The overall governance of how all types of information, structured and unstructured, whether produced internally or externally, are used to support decision-making, business processes and digital services. Encompasses development and promotion of the strategy and policies covering the design of information structures and taxonomies, the setting of policies for the sourcing and maintenance of the data content, and the development of policies, procedures, working practices and training to promote compliance with legislation regulating all aspects of holding, use and disclosure of data.</td>
+
<td valign="top" >6-7</td>
+
 
</tr>
 
</tr>
 
+
</table>
<tr>
+
<h4>Strategic Planning Maturity</h4>
<td valign="top">Information systems coordination</td>
+
<p>The following statements provide a high-level overview of the strategic planning (SP) capability at successive levels of maturity:</p>
<td>Typically within a large organisation in which the information strategy function is devolved to autonomous units, or within a collaborative enterprise of otherwise independent organisations, the coordination of information strategy matters where the adoption of a common approach (such as shared services) would benefit the organisation.</td>
+
<table>
<td valign="top" >6-7</td>
+
<tr valign="top">
 +
<td width="10%">Level 1</td>
 +
<td>Any EIT strategic planning that exists or resources allocated to it are informal, and opportunities and challenges are identified only in an ad hoc or informal way.</td>
 +
<tr valign="top">
 +
<td>Level 2</td>
 +
<td>An EIT strategic planning approach is emerging. Limited resources are made available for EIT planning purposes. An EIT strategy is beginning to be formalized, but may not yet be adequately aligned with basic business needs.</td>
 +
<tr valign="top">
 +
<td>Level 3</td>
 +
<td>The EIT strategic planning approach is standardized. Sufficient EIT resources are allocated to EIT strategic planning activities. The EIT strategy is developed increasingly in consultation with planners from other business units to satisfy a wider array of business needs.</td>
 +
<tr valign="top">
 +
<td>Level 4</td>
 +
<td>The EIT strategic planning approach is an integral part of a wider organizational planning processes. Dedicated resources from the EIT function and other business units are allocated to EIT strategic planning, enabling the EIT strategy to comprehensively support and influence the business strategy.</td>
 +
<tr valign="top">
 +
<td>Level 5</td>
 +
<td>The EIT strategic planning approach is reviewed and improved using process improvement methods and tools. A strong symbiotic relationship exists between the EIT and business strategic plans to such an extent that it can be difficult to distinguish between them.</td>
 +
</table>
 +
<h4>Benefits Assessment and Realization Maturity</h4>
 +
<p>The following statements provide a high-level overview of the benefits assessment and realization (BAR) capability at successive levels of maturity.</p>
 +
<table>
 +
<tr valign="top">
 +
<td width="10%">Level 1</td>
 +
<td>The organization typically focuses on delivering to technical project criteria, such as delivering on time, to budget, and to specification, rather than on realizing business benefits. Post-implementation reviews to evaluate the organizational benefit are rarely conducted. </td>
 
</tr>
 
</tr>
 
+
<tr valign="top">
<tr>
+
<td>Level 2</td>
<td valign="top">IT management</td>
+
<td>Some larger EIT-enabled change programs are beginning to use limited forms of benefits management methods. Post-implementation reviews are occasionally conducted, mainly to evaluate technology deployment efficiency. </td>
<td>The management of the IT infrastructure and resources required to plan for, develop, deliver and support IT services and products to meet the needs of a business. The preparation for new or changed services, management of the change process and the maintenance of regulatory, legal and professional standards. The management of performance of systems and services in terms of their contribution to business performance and their financial costs and sustainability. The management of bought-in services. The development of continual service improvement plans to ensure the IT infrastructure adequately supports business needs.</td>
+
<td valign="top" >7</td>
+
 
</tr>
 
</tr>
 
+
<tr valign="top">
<tr>
+
<td>Level 3</td>
<td valign="top">Financial management</td>
+
<td>Most programs are described in terms of business value and consistently use benefits management methods. Post-implementation reviews are conducted on most programs, including an evaluation of the organizational changes needed to realize the value of technology deployment. </td>
<td>The overall financial management, control and stewardship of the IT assets and resources used in the provision of IT services, including the identification of materials and energy costs, ensuring compliance with all governance, legal and regulatory requirements.</td>
+
<td valign="top" >6</td>
+
 
</tr>
 
</tr>
 
+
<tr valign="top">
<tr>
+
<td>Level 4</td>
<td valign="top">Portfolio management</td>
+
<td>The organization has developed deep expertise in applying benefits management methods, and responsibility for realizing value is spread across the organization. Business value reviews are conducted throughout the investment lifecycle, from conceptualizing to deployment to eventual retirement. </td>
<td>The development and application of a systematic management framework to define and deliver a portfolio of programmes, projects and/or ongoing services, in support of specific business strategies and objectives. Includes the implementation of a strategic investment appraisal and decision making process based on a clear understanding of cost, risk, inter-dependencies, and impact on existing business activities, enabling measurement and objective evaluation of potential changes and the benefits to be realised. The prioritisation of resource utilisation and changes to be implemented. The regular review of portfolios. The management of the service pipeline (proposed or in development), service catalogue (live or available for deployment) and retired services.</td>
+
<td valign="top" >7</td>
+
 
</tr>
 
</tr>
 
+
<tr valign="top">
<tr>
+
<td>Level 5</td>
<td valign="top">Programme management</td>
+
<td>Management continually monitors, reviews, and improves benefits management methods across the organization, and exchanges insights with relevant business ecosystem partners. Post-implementation reviews of EIT-enabled change consistently contribute to better subsequent use of resources. </td>
<td>The identification, planning and coordination of a set of related projects within a programme of business change, to manage their interdependencies in support of specific business strategies and objectives. The maintenance of a strategic view over the set of projects, providing the framework for implementing business initiatives, or large-scale change, by conceiving, maintaining and communicating a vision of the outcome of the programme and associated benefits. (The vision, and the means of achieving it, may change as the programme progresses). Agreement of business requirements, and translation of requirements into operational plans. Determination, monitoring, and review of programme scope, costs, and schedule, programme resources, inter-dependencies and programme risk.</td>
+
<td valign="top" >7</td>
+
 
</tr>
 
</tr>
 
+
</table>
<tr>
+
<h2> Key Competence Frameworks</h2>
<td valign="top">Project management</td>
+
<p>While many large companies have defined their own sets of skills for the purposes of talent management (to recruit, retain, and further develop the highest quality staff members that they can find, afford, and hire), the advancement of EIT professionalism require common definitions of EIT skills that can be used not just across enterprises, but also across countries. We have selected three major sources of skill definitions. While none of them is used universally, they provide a good cross-section of options. </p>
<td>The management of projects, typically (but not exclusively) involving the development and implementation of business processes to meet identified business needs, acquiring and utilising the necessary resources and skills, within agreed parameters of cost, timescales, and quality.</td>
+
<p>Creating mappings between these frameworks and our chapters is challenging, because they come from different perspectives and have different goals. There is rarely a 100 percent correspondence between the frameworks and this Guide, and despite careful consideration, some subjectivity was used to create the mappings. Please take that in consideration as you review them.</p>
<td valign="top" >7</td>
+
<h3>Skills Framework for the Information Age</h3>
</tr>
+
<p>The Skills Framework for the Information Age (SFIA) has defined nearly 100 skills. SFIA describes seven levels of competency that can be applied to each skill. Not all skills, however, cover all seven levels. Some reach only partially up the seven step ladder. Others are based on mastering foundational skills, and start at the fourth or fifth level of competency. It is used in nearly 200 countries, from Britain to South Africa, South America, to the Pacific Rim, to the United States. (http://www.sfia-online.org)</p>
 
+
<table cellpadding="5" border="1">
<tr>
+
<tr><th style="background-color: #58ACFA;"><font color="white">Skill</font></th>
<td valign="top">Systems development management</td>
+
<th style="background-color: #58ACFA;"><font color="white">Skill Description</font></th>
<td>The management of resources in order to plan, estimate and carry out programmes of solution development work to time, budget and quality targets and in accordance with appropriate standards, methods and procedures (including secure software development). The facilitation of improvements by changing approaches and working practices, typically using recognised models, best practices, standards and methodologies. The provision of advice, assistance and leadership in improving the quality of software development, by focusing on process definition, management, repeatability and measurement.</td>
+
<th width="10%" style="background-color: #58ACFA;"><font color="white">Competency Levels</font></th></tr>
<td valign="top" >7</td>
+
<tr><td valign="top">EIT governance</td><td>The establishment and oversight of an organization's approach to the use of information, digital services and associated technology. Includes responsibility for provision of digital services; levels of service, and service quality that meet current and future business requirements; policies and practices for conformance with mandatory legislation and regulations; strategic plans for technology to enable the organization's business strategy; transparent decision making, leading to justification for investment, with appropriate balance between stakeholder benefits, opportunities, costs, and risks.</td><td valign="top">5-7</td></tr>
</tr>
+
<tr><td valign="top">Enterprise and business architecture</td><td>The creation, iteration, and maintenance of structures such as enterprise and business architectures embodying the key principles, methods, and models that describe the organization's future state, and that enable its evolution. This typically involves the interpretation of business goals and drivers; the translation of business strategy and objectives into an "operating model"; the strategic assessment of current capabilities; the identification of required changes in capabilities; and the description of inter-relationships between people, organization, service, process, data, information, technology, and the external environment.
 
+
<p>The architecture development process supports the formation of the constraints, standards, and guiding principles necessary to define, ensure, and govern the required evolution; this facilitates change in the organization's structure, business processes, systems, and infrastructure in order to achieve predictable transition to the intended state.</p></td><td valign="top">6-7</td></tr>
<tr>
+
<tr><td valign="top">EIT strategy and planning</td><td>The creation, iteration, and maintenance of a strategy in order to align EIT plans with business objectives and the development of plans to drive forward and execute that strategy. Working with stakeholders to communicate and embed strategic management via objectives, accountabilities, and monitoring of progress.</td><td valign="top">5-7</td></tr>
<td valign="top">Relationship management</td>
+
<tr><td valign="top">Information management</td><td>The overall governance of how all types of information, structured and unstructured, whether produced internally or externally, are used to support decision-making, business processes, and digital services. Encompasses development and promotion of the strategy and policies covering the design of information structures and taxonomies, the setting of policies for the sourcing and maintenance of the data content, and the development of policies, procedures, working practices, and training to promote compliance with legislation regulating all aspects of holding, use, and disclosure of data.</td><td valign="top">6-7</td></tr>
<td>The identification, analysis, management and monitoring of relationships with and between stakeholders. (Stakeholders are individuals, groups, or organisations who may affect, be affected by, or perceive themselves to be affected by decisions, activities and outcomes related to products, services or changes to products and services). The clarification of mutual needs and commitments through consultation and consideration of impacts. For example, the coordination of all promotional activities to one or more clients to achieve satisfaction for the client and an acceptable return for the supplier; assistance to the client to ensure that maximum benefit is gained from products and services supplied.</td>
+
<tr><td valign="top">Information systems coordination</td><td>Typically within a large organization in which the information strategy function is devolved to autonomous units, or within a collaborative enterprise of otherwise independent organizations, the coordination of information strategy matters where the adoption of a common approach (such as shared services) would benefit the organization.</td><td valign="top">6-7</td></tr>
<td valign="top" >7</td>
+
<tr><td valign="top">EIT management</td><td>The management of the EIT infrastructure and resources required to plan for, develop, deliver, and support EIT services and products to meet the needs of a business. The preparation for new or changed services, management of the change process, and the maintenance of regulatory, legal, and professional standards. The management of performance of systems and services in terms of their contribution to business performance and their financial costs and sustainability. The management of bought-in services. The development of continual service improvement plans to ensure the EIT infrastructure adequately supports business needs.</td><td valign="top">7</td></tr>
</tr>
+
<tr><td valign="top">Financial management</td><td>The overall financial management, control, and stewardship of the EIT assets and resources used in the provision of EIT services, including the identification of materials and energy costs, ensuring compliance with all governance, legal, and regulatory requirements.</td><td valign="top">6</td></tr>
 
+
<tr><td valign="top">Portfolio management</td><td>The development and application of a systematic management framework to define and deliver a portfolio of programs, projects, and ongoing services, in support of specific business strategies and objectives. Includes the implementation of a strategic investment appraisal and decision-making process based on a clear understanding of cost, risk, inter-dependencies, and impact on existing business activities, enabling measurement and objective evaluation of potential changes and the benefits to be realized. The prioritization of resource utilization and changes to be implemented. The regular review of portfolios. The management of the service pipeline (proposed or in development), service catalog (live or available for deployment), and retired services.</td><td valign="top">7</td></tr>
<tr>
+
<tr><td valign="top">Program management</td><td>The identification, planning, and coordination of a set of related projects within a program of business change, to manage their interdependencies in support of specific business strategies and objectives. The maintenance of a strategic view over the set of projects, providing the framework for implementing business initiatives, or large-scale change, by conceiving, maintaining, and communicating a vision of the outcome of the program and associated benefits. (The vision, and the means of achieving it, may change as the program progresses). Agreement of business requirements, and translation of requirements into operational plans. Determination, monitoring, and review of program scope, costs, and schedule, program resources, inter-dependencies, and program risk.</td><td valign="top">7</td></tr>
<td valign="top">Sourcing</td>
+
<tr><td valign="top">Project management</td><td>The management of projects, typically (but not exclusively) involving the development and implementation of business processes to meet identified business needs, acquiring and utilizing the necessary resources and skills, within agreed parameters of cost, timescales, and quality.</td><td valign="top">7</td></tr>
<td>The provision of policy, internal standards and advice on the procurement or commissioning of externally supplied and internally developed products and services. The provision of commercial governance, conformance to legislation and assurance of information security. The implementation of compliant procurement processes, taking full account of the issues and imperatives of both the commissioning and supplier sides. The identification and management of suppliers to ensure successful delivery of products and services required by the business.</td>
+
<tr><td valign="top">Systems development management</td><td>The management of resources in order to plan, estimate, and carry out programs of solution development work to time, budget, and quality targets and in accordance with appropriate standards, methods, and procedures (including secure software development). The facilitation of improvements by changing approaches and working practices, typically using recognized models, recommended practices, standards, and methodologies. The provision of advice, assistance, and leadership in improving the quality of software development, by focusing on process definition, management, repeatability, and measurement.</td><td valign="top">7</td></tr>
<td valign="top" >7</td>
+
<tr><td valign="top">Relationship management</td><td>The identification, analysis, management, and monitoring of relationships with and between stakeholders. (Stakeholders are individuals, groups, or organizations who may affect, be affected by, or perceive themselves to be affected by decisions, activities, and outcomes related to products, services, or changes to products and services). The clarification of mutual needs and commitments through consultation and consideration of impacts. For example, the coordination of all promotional activities to one or more clients to achieve satisfaction for the client and an acceptable return for the supplier; assistance to the client to ensure that maximum benefit is gained from products and services supplied.</td><td valign="top">7</td></tr>
</tr>
+
<tr><td valign="top">Sourcing</td><td>The provision of policy, internal standards, and advice on the procurement or commissioning of externally supplied and internally developed products and services. The provision of commercial governance, conformance to legislation, and assurance of information security. The implementation of compliant procurement processes, taking full account of the issues and imperatives of both the commissioning and supplier sides. The identification and management of suppliers to ensure successful delivery of products and services required by the business.</td><td valign="top">7</td></tr>
 
+
<tr><td valign="top">Quality management</td><td>The application of techniques for monitoring and improvement of quality to any aspect of a function or process. The achievement of, and maintenance of compliance to, national and international standards, as appropriate, and to internal policies, including those relating to sustainability and security.</td><td valign="top">7</td></tr>
<tr>
+
<tr><td valign="top">Service level management</td><td>The planning, implementation, control, review, and audit of service provision, to meet customer business requirements. This includes negotiation, implementation, and monitoring of service level agreements, and the ongoing management of operational facilities to provide the agreed levels of service, seeking continually and proactively to improve service delivery and sustainability targets.</td><td valign="top">7</td></tr>
<td valign="top">Quality management</td>
+
<tr><td valign="top">Information assurance</td><td>The protection of integrity, availability, authenticity, non-repudiation, and confidentiality of information and data in storage and in transit. The management of risk in a pragmatic and cost-effective manner to ensure stakeholder confidence.</td><td valign="top">6-7</td></tr>
<td>The application of techniques for monitoring and improvement of quality to any aspect of a function or process. The achievement of, and maintenance of compliance to, national and international standards, as appropriate, and to internal policies, including those relating to sustainability and security.</td>
+
<tr><td valign="top">Information security</td><td>The selection, design, justification, implementation, and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability, and relevant compliance of information systems with legislation, regulation, and relevant standards.</td><td valign="top">6-7</td></tr>
<td valign="top" >7</td>
+
<tr><td valign="top">Business risk management</td><td>The planning and implementation of organization-wide processes and procedures for the management of risk to the success or integrity of the business, especially those arising from the use of information technology, reduction or non-availability of energy supply, or inappropriate disposal of materials, hardware, or data.</td><td valign="top">7</td></tr>
</tr>
+
 
+
<tr>
+
<td valign="top">Service level management</td>
+
<td>The planning, implementation, control, review and audit of service provision, to meet customer business requirements. This includes negotiation, implementation and monitoring of service level agreements, and the ongoing management of operational facilities to provide the agreed levels of service, seeking continually and proactively to improve service delivery and sustainability targets.</td>
+
<td valign="top" >7</td>
+
</tr>
+
 
+
<tr>
+
<td valign="top">Information assurance</td>
+
<td>The protection of integrity, availability, authenticity, non-repudiation and confidentiality of information and data in storage and in transit. The management of risk in a pragmatic and cost effective manner to ensure stakeholder confidence.</td>
+
<td valign="top" >6-7</td>
+
</tr>
+
 
+
<tr>
+
<td valign="top">Information security</td>
+
<td>The selection, design, justification, implementation and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability and relevant compliance of information systems with legislation, regulation and relevant standards.</td>
+
<td valign="top" >6-7</td>
+
</tr>
+
 
+
<tr>
+
<td valign="top">Business risk management</td>
+
<td>The planning and implementation of organisation-wide processes and procedures for the management of risk to the success or integrity of the business, especially those arising from the use of information technology, reduction or non-availability of energy supply or inappropriate disposal of materials, hardware or data.</td>
+
<td valign="top" >7</td>
+
</tr>
+
 
+
 
</table>  
 
</table>  
 
 
 
<h3>European Competency Framework</h3>
 
<h3>European Competency Framework</h3>
<p> The European Union’s European e-Competence Framework (e-CF) has 40 competences and is used by a large number of companies, qualification providers and others in public and private sectors across the EU. It uses five levels of competence proficiency (e-1 to e-5). No competence is subject to all five levels.</p>
+
<p>The European Union's European e-Competence Framework (e-CF) has 40 competences and is used by a large number of companies, qualification providers, and others in public and private sectors across the EU. It uses five levels of competence proficiency (e-1 to e-5). No competence is subject to all five levels.</p>
<p>The e-CF is published and legally owned by CEN, the European Committee for Standardization, and its National Member Bodies (www.cen.eu). Its creation and maintenance has been co-financed and politically supported by the European Commission, in particular, DG (Directorate General) Enterprise and Industry, with contributions from the EU ICT multi-stakeholder community, to support competitiveness, innovation, and job creation in European industry. The Commission works on a number of initiatives to boost ICT skills in the workforce.
+
<p>The e-CF is published and legally owned by CEN, the European Committee for Standardization, and its National Member Bodies (www.cen.eu). Its creation and maintenance has been co-financed and politically supported by the European Commission, in particular, DG (Directorate General) Enterprise and Industry, with contributions from the EU ICT multi-stakeholder community, to support competitiveness, innovation, and job creation in European industry. The Commission works on a number of initiatives to boost ICT skills in the workforce. Version 1.0 to 3.0 were published as CEN Workshop Agreements (CWA). The e-CF 3.0 CWA 16234-1 was published as an official European Norm (EN), EN 16234-1. For complete information, see http://www.ecompetences.eu. </p>
 
+
<table cellpadding="5" border="1">
Version 1.0 to 3.0 were published as CEN Workshop Agreements (CWA).  
+
The e-CF 3.0 CWA 16234-1 was published as an official European Norm (EN), EN 16234-1.
+
For complete information, please see http://www.ecompetences.eu. </p>
+
 
+
<table cellpadding="5" border="1">
+
 
<tr>
 
<tr>
<th width="85%">e-CF Dimension 2</th>
+
<th width="85%" style="background-color: #58ACFA;"><font color="white">e-CF Dimension 2</font></th>
<th width="15%">e-CF Dimension 3</th>
+
<th width="15%" style="background-color: #58ACFA;"><font color="white">e-CF Dimension 3</font></th></tr>
</tr>
+
<tr><td valign="top"><strong>A.1. IS and business Strategy Alignment (PLAN)</strong><br />Anticipates long-term business requirements, and influences the improvement of organizational process efficiency and effectiveness. Determines the IS model and the enterprise architecture in line with the organization's policy and ensures a secure environment. Makes strategic IS policy decisions for the enterprise, including sourcing strategies.</td><td valign="top">Level 4-5</td></tr>
 
+
<tr><td valign="top"><strong>A.3. Business Plan Development (PLAN)</strong><br />Addresses the design and structure of a business or product plan including the identification of alternative approaches as well as return on investment propositions. Considers the possible and applicable sourcing models. Presents cost-benefit analysis and reasoned arguments in support of the selected strategy. Ensures compliance with business and technology strategies. Communicates and sells business plan to relevant stakeholders and addresses political, financial, and organizational interests.</td><td valign="top">Level 3-5</td></tr>
<tr>
+
<tr><td valign="top"><strong>A.4. Product/Service Planning (PLAN)</strong><br />Analyzes and defines current and target status. Estimates cost effectiveness, points of risk, opportunities, strengths, and weaknesses, with a critical approach. Creates structured plans; establishes time scales and milestones, ensuring optimization of activities and resources. Manages change requests. Defines delivery quantity and provides an overview of additional documentation requirements. Specifies correct handling of products, including legal issues, in accordance with current regulations.</td><td valign="top">Level 2-4</td></tr>
<td valign="top"><strong>A.1. IS and Business Strategy Alignment (PLAN)</strong><br />
+
<tr><td valign="top"><strong>D.3. Education and Training Provision (ENABLE)</strong><br />Defines and implements ICT training policy to address organizational skill needs and gaps. Structures, organizes, and schedules training programs and evaluates training quality through a feedback process and implements continuous improvement. Adapts training plans to address changing demand.</td><td valign="top">Level 2-3</td></tr>
<strong>Anticipates long term business requirements, influences improvement of organisational process efficiency and effectiveness. Determines the IS model and the enterprise architecture in line with the organisation’s policy and ensures a secure environment. Makes strategic IS policy decisions for the enterprise, including sourcing strategies.</strong></td>
+
<tr><td valign="top"><strong>E.1. Forecast Development (MANAGE)</strong><br />Interprets market needs and evaluates market acceptance of products or services. Assesses the organization's potential to meet future production and quality requirements. Applies relevant metrics to enable accurate decision making in support of production, marketing, sales, and distribution functions.</td><td valign="top">Level 3-4</td></tr>
<td valign="top">Level 4-5</td>
+
<tr><td valign="top"><strong>E.2. Project and Portfolio Management (MANAGE)</strong><br />Implements plans for a program of change. Plans and directs a single or portfolio of ICT projects to ensure coordination and management of interdependencies. Orchestrates projects to develop or implement new, internal or externally defined processes to meet identified business needs. Defines activities, responsibilities, critical milestones, resources, skills needs, interfaces, and budget, optimizes costs and time utilization, minimizes waste, and strives for high quality. Develops contingency plans to address potential implementation issues. Delivers project on time, on budget and in accordance with original requirements. Creates and maintains documents to facilitate monitoring of project progress.</td><td valign="top">Level 2-5</td></tr>
</tr>
+
<tr><td valign="top"><strong>E.7. Business Change Management (MANAGE)</strong><br />Assesses the implications of new digital solutions. Defines the requirements and quantifies the business benefits. Manages the deployment of change taking into account structural and cultural issues. Maintains business and process continuity throughout change, monitoring the impact, taking any required remedial action and refining approach.</td><td valign="top">Level 3-5</td></tr>
 
+
<tr><td valign="top"><strong>E.9. IS Governance (MANAGE)</strong><br />Defines, deploys, and controls the management of information systems in line with business imperatives. Takes into account all internal and external parameters such as legislation and industry standard compliance to influence risk management and resource deployment to achieve balanced business benefit.</td><td valign="top">Level 4-5</td></tr>
<tr>
+
<td valign="top"><strong>A.3. Business Plan Development (PLAN)</strong><br />
+
<strong>Addresses the design and structure of a business or product plan including the identification of alternative approaches as well as return on investment propositions. Considers the possible and applicable sourcing models. Presents cost benefit analysis and reasoned arguments in support of the selected strategy. Ensures compliance with business and technology strategies. Communicates and sells business plan to relevant stakeholders and addresses political, financial, and organizational interests.</strong></td>
+
<td valign="top">Level 3-5</td>
+
</tr>
+
 
+
<tr>
+
<td valign="top"><strong>A.4. Product / Service Planning (PLAN)</strong><br />
+
<strong>Analyses and defines current and target status. Estimates cost effectiveness, points of risk, opportunities, strengths and weaknesses, with a critical approach. Creates structured plans; establishes time scales and milestones, ensuring optimisation of activities and resources. Manages change requests. Defines delivery quantity and provides an overview of additional documentation requirements. Specifies correct handling of products, including legal issues, in accordance with current regulations.</strong></td>
+
<td valign="top">Level 2-4 </td>
+
</tr>
+
 
+
<tr>
+
<td valign="top"><strong>D.3. Education and Training Provision (ENABLE)</strong><br />
+
<strong>Defines and implements ICT training policy to address organisational skill needs and gaps. Structures, organises and schedules training programmes and evaluates training quality through a feedback process and implements continuous improvement. Adapts training plans to address changing demand.</strong></td>
+
<td valign="top">Level 2-3</td>
+
</tr>
+
 
+
<tr>
+
<td valign="top"><strong>E.1. Forecast Development (MANAGE)</strong><br />
+
Interprets market needs and evaluates market acceptance of products or services. <strong>Assesses the organisation’s potential to meet future production and quality requirements. Applies relevant metrics to enable accurate decision making in support of production, </strong>marketing, sales and distribution functions.</td>
+
<td valign="top">Level 3-4</td>
+
</tr>
+
<tr>
+
<td valign="top"><strong>E.2. Project and Portfolio Management (MANAGE)</strong><br />
+
<strong>Implements plans for a programme of change. Plans and directs a single or portfolio of ICT projects to ensure co-ordination and management of interdependencies. Orchestrates projects to develop or implement new, internal or externally defined processes to meet identified business needs. Defines activities, responsibilities, critical milestones, resources, skills needs, interfaces and budget, optimizes costs and time utilisation, minimises waste and strives for high quality. Develops contingency plans to address potential implementation issues. </strong>Delivers project on time, on budget and in accordance with original requirements. Creates and maintains documents to facilitate monitoring of project progress.</td>
+
<td valign="top">Level 2-5</td>
+
</tr>
+
 
+
<tr>
+
<td valign="top"><strong>E.7. Business Change Management (MANAGE)</strong><br />
+
<strong>Assesses the implications of new digital solutions. Defines the requirements and quantifies the business benefits. Manages the deployment of change taking into account structural and cultural issues. </strong>Maintains business and process continuity throughout change, monitoring the impact, taking any required remedial action and refining approach.</td>
+
<td valign="top">Level 3-5</td>
+
</tr>
+
<tr>
+
<td valign="top"><strong>E.9. IS Governance (MANAGE)</strong><br />
+
Defines, deploys and controls the management of information systems in line with business imperatives. Takes into account all internal and external parameters such as legislation and industry standard compliance to influence risk management and resource deployment to achieve balanced business benefit.</td>
+
<td valign="top">Level 4-5</td>
+
</tr>
+
 
</table>
 
</table>
 
+
<h3>i&nbsp;Competency Dictionary </h3>
 
+
<p>The Information Technology Promotion Agency (IPA) of Japan has developed the i&nbsp;Competency Dictionary (iCD), translated it into English, and describes it at https://www.ipa.go.jp/english/humandev/icd.html. It is an extensive skills and tasks database, used in Japan and southeast Asian countries. It establishes a taxonomy of tasks and the skills required to perform the tasks. The IPA is also responsible for the Information Technology Engineers Examination (ITEE), which has grown into one of the largest scale national examinations in Japan, with approximately 600,000 applicants each year. </p>
<h3>i Competency Dictionary </h3>
+
<p>The iCD consists of a Task Dictionary and a Skill Dictionary. Skills for a specific task are identified via a "Task x Skill" table. (See [http://eitbokwiki.org/Glossary Appendix A] for the task layer and skill layer structures.) EITBOK activities in each chapter require several tasks in the Task Dictionary. </p>
<p>The Information Technology Promotion Agency (IPA) of Japan has developed the i Competency Dictionary (iCD), translated it into English, and describes it at https://www.ipa.go.jp/english/humandev/icd.html. It is an extensive skills and tasks database, used in Japan and southeast Asian countries. It establishes a taxonomy of tasks and the skills required to perform the tasks. The IPA is also responsible for the Information Technology Engineers Examination (ITEE), which has grown into one of the largest scale national examinations in Japan, with approximately 600,000 applicants each year. </p>
+
 
+
<p>The iCD consists of a Task Dictionary and a Skill Dictionary. Skills for a specific task are identified via a “Task x Skill” table. (Please see Appendix A for the task layer and skill layer structures.) EITBOK activities in each chapter require several tasks in the Task Dictionary. </p>
+
 
+
 
<p>The table below shows a sample task from iCD Task Dictionary Layer 2 (with Layer 1 in parentheses) that correspond to activities in this chapter. It also shows the Layer 2 (Skill Classification), Layer 3 (Skill Item), and Layer 4 (knowledge item from the IPA Body of Knowledge) prerequisite skills associated with the sample task, as identified by the Task x Skill Table of the iCD Skill Dictionary. The complete iCD Task Dictionary (Layer 1-4) and Skill Dictionary (Layer 1-4) can be obtained by returning the request form provided at http://www.ipa.go.jp/english/humandev/icd.html. </p>
 
<p>The table below shows a sample task from iCD Task Dictionary Layer 2 (with Layer 1 in parentheses) that correspond to activities in this chapter. It also shows the Layer 2 (Skill Classification), Layer 3 (Skill Item), and Layer 4 (knowledge item from the IPA Body of Knowledge) prerequisite skills associated with the sample task, as identified by the Task x Skill Table of the iCD Skill Dictionary. The complete iCD Task Dictionary (Layer 1-4) and Skill Dictionary (Layer 1-4) can be obtained by returning the request form provided at http://www.ipa.go.jp/english/humandev/icd.html. </p>
 
 
<table cellpadding="5" border="1">
 
<table cellpadding="5" border="1">
<tr>
+
<tr><th width="15%" style="background-color: #58ACFA;" font-size="14pt"><font color="white">Task Dictionary</font></th><th colspan="3" style="background-color: #58ACFA;" font-size="14pt"><font color="white">Skill Dictionary</font></th></tr>
<th font-size="14pt">Task Dictionary</th><th colspan="3">Skill Dictionary</th>
+
<tr><th width="30%" style="background-color: #58ACFA;"><font color="white">Task Layer 1 (Task Layer 2)</font></th><th width="15%" style="background-color: #58ACFA;"><font color="white">Skill Classification</font></th><th width="15%" style="background-color: #58ACFA;"><font color="white">Skill Item</font></th><th width="40%" style="background-color: #58ACFA;"><font color="white">Associated Knowledge Items</font></th></tr>
</tr>
+
<tr><td valign="top"><em><strong>Formulation of basic policies<br />(EIT strategy formulation and execution promotion)</strong></em></td>
<tr>
+
<th width="30%">Task Layer (Task Area)</th><th width="15%">Skill Classification</th><th width="15%">Skill Item</th><th width="40%">Associated Knowledge Items</th>
+
</tr>
+
 
+
<tr>
+
<td valign="top"><em><strong>Formulation of basic policies<br />(IT strategy formulation and execution promotion)</strong></em></td>
+
 
<td valign="top">System strategy planning methods</td>
 
<td valign="top">System strategy planning methods</td>
 
<td valign="top">Computerization strategy methods </td>
 
<td valign="top">Computerization strategy methods </td>
 
<td><ul>
 
<td><ul>
 
<li>CRUD analysis</li>
 
<li>CRUD analysis</li>
<li>CSF (Critical Success Factor)</li>
+
<li>Critical success factor (CSF)</li>
 
<li>ER diagram</li>
 
<li>ER diagram</li>
<li>IT portfolio model</li>
+
<li>EIT portfolio model</li>
<li>KGI (Key Goal Indicator)</li>
+
<li>Key goal indicator (KGI)</li>
<li>KPI (Key Performance Indicator)</li>
+
<li>Key performance indicator (KPI)</li>
<li>EA (Enterprise Architecture)</li>
+
<li>Enterprise architecture (EA)</li>
 
<li>System lifecycle</li>
 
<li>System lifecycle</li>
 
<li>Formulation of computerization strategy</li>
 
<li>Formulation of computerization strategy</li>
<li>Data Flow Diagram (DFD)</li>
+
<li>Data flow diagram (DFD)</li>
 
<li>Balance score card</li>
 
<li>Balance score card</li>
 
<li>Business process modeling</li>
 
<li>Business process modeling</li>
Line 587: Line 437:
 
<li>Program management</li>
 
<li>Program management</li>
 
<li>Modeling</li>
 
<li>Modeling</li>
<li>Understanding of user vision, goal and business strategy</li>
+
<li>Understanding of user vision, goal, and business strategy</li>
 
<li>Risk analysis techniques</li>
 
<li>Risk analysis techniques</li>
 
<li>Computerization strategy formulation using application package</li>
 
<li>Computerization strategy formulation using application package</li>
Line 598: Line 448:
 
</tr>
 
</tr>
 
</table>
 
</table>
 
<p align="right"><strong>(More)</strong></p>
 
 
 
 
<h2>Key Roles </h2>
 
<h2>Key Roles </h2>
These roles are common to ITSM.
+
<p>Both SFIA and the e-CF have described profiles (similar to roles) for providing examples of skill sets (skill combinations) for various roles. The iCD has described tasks performed in EIT and associated those with skills in the IPA database.</p>
 +
<p>These roles are common to ITSM:</p>
 
<ul>
 
<ul>
 +
<li>Availability Manager</li>
 +
<li>Business Relationship Manager</li>
 +
<li>Capacity Manager</li>
 
<li>Enterprise Architect </li>
 
<li>Enterprise Architect </li>
 +
<li>Financial Manager</li>
 +
<li>Risk Manager </li>
 +
<li>Service Catalog Manager</li>
 
<li>Service Portfolio Manager</li>
 
<li>Service Portfolio Manager</li>
<li>Service Catalog Manager</li>
 
<li>Business Relationship Manager</li>
 
<li>Financial Manager</li>
 
<li>Availability Manager</li>
 
<li>Capacity Manager</li>
 
 
<li>Service Continuity Manager </li>
 
<li>Service Continuity Manager </li>
<li>Risk Manager </li>
 
 
<li>Supplier Manager </li>
 
<li>Supplier Manager </li>
 
</ul>
 
</ul>
 
+
<p>Other roles can include:</p>
Other roles can include:
+
 
<ul>
 
<ul>
 +
<li>Architect </li>
 
<li>Board of directors </li>
 
<li>Board of directors </li>
<li>C-level officer</li>
+
<li>Business management team</li>
<li>Business partner</li>
+
<li>Business partners</li>
<li>Architect </li>
+
<li>C-level officers</li>
 
<li>Governance body</li>
 
<li>Governance body</li>
 
<li>Regulatory authority</li>
 
<li>Regulatory authority</li>
 
<li>Stockholder</li>
 
<li>Stockholder</li>
<li>Vendor </li>
+
<li>Vendor</li>
 
</ul>
 
</ul>
 
 
<h2>Standards</h2>
 
<h2>Standards</h2>
 
 
<p>Commonly used formal risk standards include:</p>
 
<p>Commonly used formal risk standards include:</p>
 
<ul>
 
<ul>
<li>ISO 31000 2009 &mdash; Risk Management Principles and Guidelines</li>
+
<li>ISO 31000 2009—Risk Management Principles and Guidelines</li>
 
+
<li>ISO/IEC 31010:2009—Risk Management—Risk Assessment Techniques</li>
<li>ISO/IEC 31010:2009 &mdash; Risk Management &mdash; Risk Assessment Techniques</li>
+
<li>ISO/IEC 16085:2006, System and Software Engineering—Lifecycle Management—Risk Management</li>
 
+
<li>ISO/IEC 38500:2015, Information technology—Governance of EIT for the organization</li>
<li>ISO/IEC 16085:2006, System and Software Engineering — Life Cycle Management — Risk Management</li>
+
<li>ISO/IEC 38500:2015, Information technology -- Governance of IT for the organization</li>
+
 
+
 
</ul>
 
</ul>
 
<h2>References</h2>
 
<h2>References</h2>
<div id="One"></div><p>[1] See also [http://eitbokwiki.org/Glossary#cobit Control Objectives for Information and related Technology (COBIT)].</p>
+
<div id="One"></div><p>[1] http://searchcio.techtarget.com/definition/IT-strategic-plan-information-technology-strategic-plan, accessed 1/19/2017.</p>
 
<div id="Two"></div><p>[2] R. S. Kaplan and D. P. Norton, ''Strategy Maps: Converting Intangible Assets into Tangible Outcomes'' (Boston: Harvard Business School Press, 2004).</p>
 
<div id="Two"></div><p>[2] R. S. Kaplan and D. P. Norton, ''Strategy Maps: Converting Intangible Assets into Tangible Outcomes'' (Boston: Harvard Business School Press, 2004).</p>
 
<div id="Three"></div><p>[3] www.hoshinkanripro.com.</p>
 
<div id="Three"></div><p>[3] www.hoshinkanripro.com.</p>
 
<div id="Four"></div><p>[4] Business Motivation Model ([http://eitbokwiki.org/Glossary#bmm BMM]), www.omg.org/spec/BMM.</p>
 
<div id="Four"></div><p>[4] Business Motivation Model ([http://eitbokwiki.org/Glossary#bmm BMM]), www.omg.org/spec/BMM.</p>
<div id="Five"></div><p>[5] ''A Guide to the Business Architecture Body of Knowledge'' (BIZBOK® Guide), Release 4.1, Glossary, Business Architecture Guild, www.businessarchitectureguild.org.</p>
+
<div id="Five"></div><p>[5] OMG Business Architecture Special Interest Group, http://bawg.omg.org, and Business Architecture Institute, www.businessarchitectureinstitute.org.</p>
<div id="Six"></div><p>[6] Adapted in part from ''A Common Perspective on Enterprise Architecture'', The Federation of Enterprise Architecture Professional Organizations (FEAPO), 2013, www.feapo.org.</p>
+
<div id="Six"></div><p>[6] ''A Guide to the Business Architecture Body of Knowledge'' (BIZBOK® Guide), Release 4.1, Glossary, Business Architecture Guild, www.businessarchitectureguild.org (download at http://www.businessarchitectureguild.org/resource/resmgr/BIZBOK_5_5publicDocs/BIZBOK_v5.5_Glossary_FINAL.pdf.)</p>
<div id="Seven"></div><p>[7] OMG Business Architecture Special Interest Group, http://bawg.omg.org, and Business Architecture Institute, www.businessarchitectureinstitute.org.</p>
+
<div id="Seven"></div><p>[7] ''A Common Perspective on Enterprise Architecture'', The Federation of Enterprise Architecture Professional Organizations (FEAPO), 2013, www.feapo.org.</p>
 
<div id="Eight"></div><p>[8] ''A Guide to the Business Architecture Body of Knowledge'' (BIZBOK® Guide), Release 4.1, Section 1, Introduction, Business Architecture Guild, www.businessarchitectureguild.org.</p>
 
<div id="Eight"></div><p>[8] ''A Guide to the Business Architecture Body of Knowledge'' (BIZBOK® Guide), Release 4.1, Section 1, Introduction, Business Architecture Guild, www.businessarchitectureguild.org.</p>
<div id="Nine"></div><p>[9] ''Enterprise Architecture as Strategy: Creating a Foundation for Business Execution'', Peter Weill and Jeanne Ross, Harvard Business School Press, 2006.</p>
+
<div id="Nine"></div><p>[9] For change management guidance—''Project Management Body of Knowledge'', Chapter 4 Version 5 December 31, 2012.</p>
<div id="Ten"></div><p>[10] ''A Common Perspective on Enterprise Architecture'', The Federation of Enterprise Architecture Professional Organizations (FEAPO), 2013, www.feapo.org.</p>
+
<div id="Ten"></div><p>[10] ''IT Governance: How Top Performers Manage IT Decision Rights for Superior Results'', Peter Weill and Jeanne Ross, Harvard Business School Press, 2004.</p>
<div id="Eleven"></div><p>[11] ''IT Governance: How Top Performers Manage IT Decision Rights for Superior Results'', Peter Weill and Jeanne Ross, Harvard Business School Press, 2004.</p>
+
<div id="Eleven"></div><p>[11] Porter, M.E. (2008). ''The Five Competitive Forces That Shape Strategy'', Harvard Business Review, January 2008, pp. 79–93.</p>
<div id="Twelve"></div><p>[12] See also ''ITGC &mdash; EIT Global Controls - Global Technology Audit Guide (GTAG)'', Institute of Internal Auditors.</p>
+
<div id="Twelve"></div><p>[12] Lapkin, Anne, & Young, Colleen M. (2011). ''The Management Nexus: Closing the Gap Between Strategy and Execution'', Gartner.</p>
<div id="Thirteen"></div><p>[13] See also ''IEEE Code of Ethics'' and ''ACM Code of Ethics and Professional Conduct'' as examples.</p>
+
<h2> Additional Useful Sources</h2>
<div id="Fourteen"></div><p>[14] See also Control Objectives for Information and related Technology (COBIT).</p>
+
<ul>
<div id="Fifteen"></div><p>[15] See also ''DAMA-DMBOK Guide to the Data Management Body of Knowledge (DAMA-DMBOK)'', Chapter 4 Data Governance.</p>
+
<li>''Enterprise Architecture as Strategy: Creating a Foundation for Business Execution'', Peter Weill and Jeanne Ross, Harvard Business School Press, 2006.</li>
<div id="Sixteen"></div><p>[16] See also ''EIT Risk Management guidance - ISACA''.</p>
+
<li>''ITGC—EIT Global Controls—Global Technology Audit Guide (GTAG)'', Institute of Internal Auditors.</li>
<div id="Seventeen"></div><p>[17] See also Capability Maturity Model (CMM) and Capability Maturity Model Integration (CMMI) for assessing primarily software development processes, but can be applied to other processes.</p>
+
<li>''IEEE Code of Ethics'' and ''ACM Code of Ethics and Professional Conduct'' as examples.</li>
<div id="Eighteen"></div><p>[18] Capability and Maturity Model Integration.</p>
+
<li>Control Objectives for Information and related Technology (COBIT).</li>
<div id="Nineteen"></div><p>[19] See also Information Technology Infrastructure Library ([http://eitbokwiki.org/Glossary#itil ITIL]).</p>
+
<li>''DAMA-DMBOK Guide to the Data Management Body of Knowledge (DAMA-DMBOK)'', Chapter 4 Data Governance.</li>
<div id="Twenty"></div><p>[20] See also Project Management Institute, Project Management Body of Knowledge guide (PMBOK).</p>
+
<li>''EIT Risk Management guidance—ISACA''.</li>
<div id="Twentyone"></div><p>[21] For change management guidance &mdash; ''Project Management Body of Knowledge'', Chapter 4 Version 5 December 31, 2012.</p>
+
<li>The SEI Capability Maturity Model Integration (CMMI) for software development and for EIT services.</li>
<div id="Twentytwo"></div><p>[22] Metric is the algorithm or mathematical and logical description of how measurement are to be taken. A measurement or measure is a score given at a point in time on that metric.</p>
+
<li>Project Management Institute, Project Management Body of Knowledge (PMBOK) guide.</li>
<div id="Twentythree"></div><p>[23] R. Kaplan and D. Norton, ''Using the Balanced Scorecard as a Strategic Management System'', July 10, 2015, https://hbr.org/2007/07/using-the-balanced-scorecard-as-a-strategic-management-system.</p>
+
<li>R. Kaplan and D. Norton, ''Using the Balanced Scorecard as a Strategic Management System'', July 10, 2015, https://hbr.org/2007/07/using-the-balanced-scorecard-as-a-strategic-management-system.</li>
<p> Also to be considered are:
+
<li>COSO2004—Enterprise Risk Management—Integrated Framework</li>
<ul><li>COSO 2004 &mdash; Enterprise Risk Management &mdash; Integrated Framework</li>
+
<li>OCEG "Red Book" 2.0: 2009—a Governance, Risk, and Compliance Capability Model</li>
<li>OCEG “Red Book” 2.0: 2009 &mdash; a Governance, Risk, and Compliance Capability Model</li>
+
<li>A Risk Management Standard—IRM/Alarm/AIRMIC 2002—developed in 2002 by the UK's 3 main risk organizations</li>
<li>A Risk Management Standard &mdash; IRM/Alarm/AIRMIC 2002 &mdash; developed in 2002 by the UK’s 3 main risk organizations</li>
+
 
</ul>
 
</ul>

Latest revision as of 00:23, 23 December 2017

Welcome to the initial version of the EITBOK wiki. Like all wikis, it is a work in progress and may contain errors. We welcome feedback, edits, and real-world examples. Click here for instructions about how to send us feedback.
Ieee logo 1.png
Acm logo 3.png

 

1 Introduction

Enterprise information technology (EIT) governance is the established process of defining the strategy for the EIT organization and overseeing its execution to achieve enterprise goals. Strategic planning defines the goals of the EIT organization and communicates those goals as well as how they support the enterprise's goals. EIT governance drives change to achieve those goals, while maintaining agreed levels of operation. Taking into account various perspectives (such as financial, historical, environmental, and future projections), a strategic plan is a roadmap for action and change, both vertically and horizontally, across the EIT organization. The EIT organization's strategic plans are based on the enterprise's strategic plans, focusing on EIT's role in them; EIT governance provides a monitoring and control framework to achieve strategic goals and objectives. Thus, EIT governance is essential for achieving the EIT strategy and goals.

The nature of the enterprise's and EIT's goals and objectives depends on the type, status, and size of the enterprise. For example, the main goal of EIT development for a trading company might be to support the rate of turnover of the warehouse, but for a consulting company the important goal might be ensuring full utilization of all consultants on client engagements.

This chapter provides an overview of EIT strategic planning and governance including the approaches to create an EIT strategic plan based on enterprise strategy, and the role of the EIT architecture.

2 Goals and Principles

Goals

  • Achieve a shared EIT and enterprise strategy.
  • Achieve a shared roadmap of activities for achieving the shared strategic objectives.
  • Monitor and direct activities in order to execute the strategy.

Principles

  • Strategy planning selects the right things to do; good governance is doing the right things right.
  • A strategy is only as good as its execution.
  • Successful execution requires on-going consistent use of metrics.
  • What you measure is what you get.

3 Context Diagram

02 Strategy and Governance CD.png

Figure 1. Strategy and Governance Context Diagram

EIT strategy is the component of an enterprise strategy that addresses activities designing, building, and managing information and information technology for business change. [1]

While strategic planning occurs at different organization levels, as well as horizontally in many departments, the activity must be coordinated so that there is a hierarchy of strategic plans for each unit of the enterprise that defines how each unit supports the next higher level and coordinates with peers. Although EIT strategy is developed by senior management, it needs to be supported by EIT strategy and goals, standards, frameworks, and guides to facilitate EIT self-governance activities.

Deliverables from the strategic planning process include the strategic plan, the execution requirements, the communication plan, and the socialization plan. They inform a governance framework necessary to deploy those plans in EIT. These deliverables are consumed by C-level executives, and used by business and EIT management and staff to formulate execution plans.

4 EIT Strategic Planning

EIT strategy is a key component of business strategy.

EIT is a business unit within the enterprise. The enterprise's business strategy document is the most significant single input to the EIT strategy document. The business strategy frames the scope and expectations for the EIT strategy. Any supply chain, outsourcing, onboarding, or other EIT practice should be driven out of this strategy. For example, if the business chooses to add vendor relationships, the focus would be on a value stream called an onboard supplier, and capabilities that would include partner management, asset management, agreement management, and related capabilities that are supported by associated EIT capabilities in these areas.

The resulting activities could involve consolidating and improving automation around this value stream and capabilities, as well as numerous other non-technical business activities that may or may not involve systems and technology. Specific topics may include:

  • Outsourcing of systems, process, maintenance, technical risk management and transition approaches
  • Cloud contracting advice
  • Mobile strategies
  • Data and information management and integration strategies
  • SLA framework strategies
  • Logistical and business cultural constraints
  • Resource optimization options

4.1 Strategy Mapping

Successful strategy determination and execution needs to be based on a clear picture of the current state and capabilities of the organization as well as a 360-degree view of the environment it operates within. Strategy mapping provides a method for gaining this picture and then articulates a strategy in such a way that it can be readily interpreted and acted on.

  • Strategy maps vary, but are essentially graphical depictions of goals, objectives, and related courses of action, often aligned against an organizational and broader environmental backdrop.
  • Strategy mapping of the environment looks at shifts in technology in the marketplace, regulatory change for transparency, corporate marketing channels, and competitors' enterprise models.

Strategy mapping depends on a current assessment of EIT systems, capabilities, resources, and EIT maturity.

Strategy mapping has existed in one form or another for some time. Sample strategy mapping approaches that apply to enterprise and EIT strategies are listed below:

  • Strength/weakness/opportunity/threat (SWOT) analysis
    • SWOT surfaces internal and external perspectives that should be capitalized on or otherwise addressed.
    • SWOT findings are one input to strategy formulation providing possible focal points in strategy development.
  • The Norton Kaplan Strategy Map [2] links actions to value creation along four dimensions: financial, customer, internal (employees), and learning and growth. The strategy map offers a complete, in-context perspective on the strategy.
  • Hoshin Kanri [3] provides similar cross-mapping concepts include tying mission, goals, and objectives with action items, and key performance indicators (KPIs).
  • The business motivation model (BMM) [4] provides a mapping between the ends to be achieved (i.e., goals and objectives) and the means (i.e., strategies and tactics) needed to achieve those ends.

Generally, only one approach is selected for a strategy map. Regardless of the approach taken, the end result of any strategic EIT planning process is a clear set of measurable objectives, priorities, and action items that management can act on to deliver change leading to improved EIT performance.

4.2 Blueprints and Models for Strategy Formulation

Blueprints and models provide valuable input to the EIT strategic plan. Typically, few artifacts exist when initiating a strategic planning effort, which means that they must be developed together with business input. The EIT strategy document becomes an extrapolation from the enterprise strategy with an EIT lens.

Enterprise architecture (EA) includes business architecture, which supplies "a blueprint of the enterprise that provides a common understanding of the organization and is used to align strategic objectives and tactical demands." [5] The blueprint includes such artifacts as capability maps, information maps, value maps, and organization maps.

Some other artifacts include operating models, product maps, stakeholder maps, process models, dynamic rules-based routing maps, data models, network models, systems models, vitality and renewal plans, and a wide range of hybrid blueprints and models that have specialty uses based on the challenge at hand.

Blueprints and models require consistent, standardized components. These components draw from the abstract representations of the business shown in Figure 2. In the figure, the center circle represents concepts and includes capability, value, organization, and information. These concepts are considered core, because they are very stable business and EIT perspectives that remain relatively constant. Changes occur as required to accommodate business and EIT as they evolve. EIT inherits some of these blueprints from the business and transforms them into aligned, EIT-focused forms.

The yellow circle in the figure shows influencing perspectives. For example, strategies continue to evolve in real time while new business and EIT products and services are introduced routinely. These examples show how the outer circle of business abstractions are more dynamic than the stable core. Collectively, when mapped and presented appropriately, the core and extended views provide a complete and holistic planning view.

Figure2.2 BusinessArchitectureEcosystem.JPG

Figure 2. Business Architecture Ecosystem [8]

Sophisticated blueprint mappings can emerge from the collection of components shown in Figure 2, which represents the business ecosystem. Even simple concepts, like value stream or capability cross-mapping, serve as a basis for business-driven roadmaps and investment planning. Collectively, all of these perspectives answer important questions such as why take action, what is impacted, or how to accomplish a particular task.

4.3 EIT Strategy Formulation

When management has the ability to view the impact of change using these abstractions, everyone from the executives and planning teams to the deployment teams can have a shared perspective of the context and scope of these changes.

For example, consider the goal to provide more customer and transactional transparency throughout the product sales cycle; where "transparency" across the sales cycle means visibility into transaction history and sales potential. Business architects would determine that this strategy targets the acquire product value stream and account file management, customer management, and account routing capabilities. Other enterprise and solution architects would then look at the goal from their delivery perspectives. These perspectives are likely implemented today using a cross-section of technologies and processes, some of which are well understood and adaptive, while others are not. The EIT strategy provides a framework for assessing current state implementations, defining the desired target state, and outlining a series of change initiatives for moving from current to target state.

Drafting an EIT strategy requires alignment with enterprise and business strategies, a good fit with the existing enterprise and EIT culture, a good understanding of EIT capability (including standard practices), and steady governance. While enterprise and business strategies come from business, adherence to agreed upon practices falls within the EIT domain.

The use of standard practices can be difficult when EIT owns numerous systems that were designed and developed in a prior era. These legacy or heritage systems often have associated challenges or issues. These systems are typically developed using older technologies and their architectures often do not conform to modern design principles (e.g., SOA) or to current business needs. Adherence to recommended EIT architecture practices is difficult when architecturally inelegant legacy systems must be updated to accommodate the current business strategy, or when time-to-implement constraints override quality or feature requirements. When such a conflict occurs, the organization begins to build technical debt. (Technical debt is defined as "the negative effects of applying ill-advised or problematic changes or additions to software systems and their data, negatively impacting the delivery of future business value." [6]) In addition, changing business architecture and rules can, over time, lead to data- and information-quality issues. Lack of business alignment and data-quality issues are some of the more difficult and time-consuming issues to address.

EIT proposals for legacy modernization (upgrade or replacement) often neglect to tie these projects to strategic business objectives. Since their costs are often high, these projects can be a hard sell to the business. Any attempt to sell such projects must include the business benefits for continuing to deliver the same functionality as before upon completion of the project. Benefits can include increased speed of transactions, increased reliability, increased interoperability and integration, among others.

The following six-stage framework for EIT strategic planning ensures that the business strategy is integrated into the planning process and that EIT strategy is not driven solely by technological upgrades:

  1. Craft the EIT strategy and plan to support well-articulated enterprise and business objectives.
  2. Leverage EA to feed the strategy. Vet various perspectives.
  3. Highlight EIT focal points for each objective.
  4. Establish key performance indicators (KPIs) for each strategic enterprise objective and related action item.
  5. Establish a plan timeline roadmap including a review plan.
  6. Establish or leverage EIT governance to ensure that business strategy is realized.

The steps in the planning process outlined above should work for most organizations as they embark upon their business and EIT strategy planning efforts. Most of what is needed in strategic planning within EIT is a reflection of the broader context of business planning. Thus, planning for EIT and business scenarios that are essentially the same scenario, such as outsourcing a capability or managing suppliers, should take an integrated, holistic, and enterprise viewpoint.

4.4 Strategic Focus for Change Initiatives

A well-defined EIT strategy provides the roadmap needed for getting from where the enterprise is at present to where it needs to be. The strategy identifies how and where the enterprise needs to change. Strategic planning must determine effective ways to take the enterprise strategy and transform it into EIT strategic change initiatives.

Strategic change employs a wide array of disciplines and techniques to enable change on a large scale as well as on an incremental basis. Change initiatives are frequently defined in the context of types of focuses, such as: [7]

  • Governance
  • Information/data
  • Solution
  • Technology
  • Security

Each focus has constraints that must be understood and reflected explicitly in the strategy. Constraints almost always include time, quality, and cost. Each focus may also be bounded by organizational scope (such as Western Hemisphere operations only), or by a timeframe (such as a 2-year horizon).The environmental scan may also have recognized other constraints, such as regulatory requirements for the industry. An EIT strategy also acknowledges existing EIT constraints imposed by enterprise architecture (EA), human resources, legacy systems, staff capability, and capacity to deliver.

The organization's appetite for risk may also introduce constraints. The strategic planning effort must take risk into account within the plan. Therefore, the strategic planning effort must also suggest risk responses so as to minimize risk-based constraints. The suggested responses require vetting and approval as part of overall strategy adoption.

Figure2.4 BusinessArch ContinuousITAlignment.JPG

Figure 3. Business Architecture and Continuous Business/EIT Alignment

In defining change initiatives, it is crucial to recognize that there is a two-way relationship between business architecture and solution, information, and technology architecture, as depicted in Figure 3. A change in either of these aligned layers should be transparent, duly assessed to determine reciprocal impacts, clearly linked to a specific business objective, and addressed through a funded change initiative. Change Initiatives explains how change initiatives are carried out.

When business needs are mapped appropriately to current and future EIT plans, it ensures that business objectives are known, quantified, clearly articulated, and linked to business value. Thus, any EIT investment must show a demonstrable link back to business value. For example, an application change may require significant funding. Architects should be able to trace the planned application changes back to the business capabilities, value streams, and information that the change addresses, and thus back to the business objectives for the proposed change, thus linking the change to business value. In this way, all EIT activities can be tied back to measurable business impacts and business strategy.

The change approval process  [9] exercises the authority to introduce change into the EIT environment. It is the responsibility of both the business and EIT. The governance of change management occurs at varying levels of authority depending on the nature of the change. Any proposed change, whether a commissioning of a new system, an application enhancement, a sustainment activity, or corrective action to repair a defect, moves through governance processes.

  • Changes may be at the strategic re-alignment level as plans and architecture responses move to adjust projects and programs that are prioritized or in flight, including the possibility of activity shutdown.
  • Changes may be at the operational level where a change control board or change advisory board approves code or systems, or data changes into the production environments and can include planned and unplanned (emergency) changes, projects, and releases. Still, such changes should be evaluated in terms of the organization's strategic priorities. Otherwise, there is a risk of wasting resources on asked for, but non-strategic enhancements to less important systems.
  • Incidents occurring from change handling activities are reported to EIT governance for possible response particularly if additional funding is required for corrective action. Other incident handling occurs at a more local response level.
  • Change patterns are monitored and advice on adjustments to programs and procedures are generated for EIT governance consideration.

5 EIT Strategy Execution

Poor strategy execution is the most significant management challenge facing public and private organizations in the 21st century according to Gartner. [12]

As described in the previous section, any EIT investment must show a demonstrable link back to business value. The link should be tied to a metric that shows the business impact of changes to EIT systems. By establishing a set of essential metrics for assessing the impact of each change initiative, EIT and the business are setting up a valuable mechanism for monitoring the execution of the change initiative, and, thereby, for monitoring strategy execution.

What you measure is what you get. When navigating to a destination, you use a variety of measurements to make sure you're on track to your destination. These include things like estimated time to arrival, distance covered, and signposts encountered along the way. The same holds true when executing EIT performance to achieve strategic goals.

5.1 Effective Governance of Strategy Execution

EIT governance of strategy execution is effective only if cultural and management buy-in are deeply established and consistently demonstrated and communicated. However, that is not enough to ensure success. Reasons for ineffective execution include:

  • Performing compliance activities and reporting them without any follow-up review, action, or consequences
  • Poorly designed engagement model
  • Uneven authority in governance oversight
  • Ineffective delegation of authority
  • Untimely actioning of governance issues
  • Poorly thought out governance metrics (measuring the wrong thing, or encouraging the wrong activities)
  • Inaccurate data collection and spotty reporting
  • Drifting from the enterprise and business strategies over time so that governance is poorly focused

On the other hand, there are known precepts for successful execution. No matter what EIT strategy an organization decides to adopt, the organization should:

1. Outline the means for achieving desired outcomes, such as:

  • Link all EIT strategies to business goals and objectives.
  • Specify realistic timeframes and targets that reflect the organizations needs and priorities.
  • Create and support a means to generate, capture, evaluate, and implement ideas for improving execution in progress.
  • Acknowledge and propose change within known constraints and risks including budgets, staffing capability, and EA plans.
  • Implement the strategy into portfolios and projects via change initiatives.
  • Create or refer to control processes in organizations that can give oversight to strategy execution. (Are we doing the right things and are things being done right?)
  • Create and live a culture of collaboration between the core business and EIT through shared metrics, communications, training plans, and change management support.
  • Ensure that the EIT strategy is captured in a living document as a game plan that states measures and targets for strategy achievement and specifies accountabilities.
  • Actively monitor and adjust the EIT strategic plan to meet changing business priorities.

2. Ensure full engagement across the business/EIT boundary, by using an enterprise and local interaction model for monitoring, guiding, and reporting. The interaction model seeks to:

  • Understand and work through the people side and the organizational side of proposed change and existing culture impacts. This is critical to the long-term success of strategy implementation and oversight (governance) efforts.
  • Establish business/EIT collaboration and a communication governance model to ensure open communication and collaboration for business-to-business, business-to-EIT, and cross-EIT perspectives.
  • Establish collaborative principles, measurements, and escalation procedures as required.
  • Ensure that external regulations and laws, market perspectives, and external perspectives are included.

5.2 Measurement: The Key to Strategy Execution

EIT managers and staff should jointly participate in selecting meaningful metrics to monitor and thus direct internal effort to those activities that provide the "most bang for the buck" in reaching their strategic objectives. The measures and metrics should extend from the lowest hands-on level to the level reported to the board of directors. All of these controls should fit within a hierarchy of goals and their measures.

What this means in simple terms is that you must define discrete goals that can be measured in order to know whether or not an enterprise strategy is being achieved. The measures used to determine if the goals are being met are high-level metrics that are built from lower-level, more detailed metrics. The result is a cross-functional hierarchy of measures. For example, "increase customer satisfaction" is a common goal. How do you know if it is happening? First, determine the components (the attributes) of customer satisfaction. They may range from sales order accuracy to length of time to reach customer support to billing accuracy. All of these can have a technology component as well as a business component. The hierarchy of goals and measures will thus need to include both business unit goals as well as EIT goals, with corresponding metrics.

COBIT 5 describes this hierarchy as a cascade of goals and provides examples of 17 generic enterprise goals related to corresponding EIT goals. The 17 goals are grouped in the Balanced Scorecard categories of Financial, Customer, Internal and Learning, and Growth dimensions Each of these 17 requires further breakdown into attributes of each goal and how to measure the presence of those attributes. For example, one goal is service continuity and availability. Often, these goals have finer goals like allowable mean time before failure (MTBF) and required up-time, and these goals are documented in service level agreements (SLAs) or operations level agreements (OLAs) that specify corresponding metrics, like a 100 hours MTBF or 99% up-time.

6 EIT Operational Governance

EIT governance extends beyond strategy formulation and execution. It must of necessity guide and monitor all the day-to-day activities that serve the enterprise. EIT organizations that are constantly fighting fires, giving them no time to carry out change initiatives, are poorly governed. Governance of day-to-day operations must be well-governed and run smoothly to provide time and expertise to carry out new work.

Businesses with superior EIT governance record 25 percent higher profits than those with poor governance. [10] This type of positive value assessment for EIT governance is well established and clearly maps to EIT governance objectives of a reliable, trusted, responsive, and evolving EIT synced to business plans and needs.

Superior governance leads to superior performance. Superior performance is about doing the right things; it's not about putting in more hours, it's about prioritizing, planning, and executing the most impactful work. Good leadership provides clear direction on where the business is going and how to overcome the challenges that arise. Setting a clear direction not only gets people on board but also builds confidence in the organization's abilities to get results.

EIT governance includes the processes through which the organization's objectives are set and pursued in the context of the enterprise's social, regulatory, and market environment. Governance mechanisms include monitoring the actions, policies, practices, and decisions of EIT personnel, and affected stakeholders. EIT management must make sure that EIT processes, mechanisms, and accountabilities provide the organization with the capability to carry out all its areas of responsibility, such as reporting against budgets, project performance, service management, and risk assessment and management.

Good leadership makes sure that the processes used to get things done are effective in facilitating work, not impeding it. Such processes are transparent and well-understood, so they help people get their jobs done. They are the foundation of EIT governance.

Good leadership and good governance also depend on well-communicated policies whose values and purposes are understood. Policies often reflect an organization's culture. A policy can let people know it's OK to bring their dogs to work, or that people are entitled to a day off with pay for their birthdays. They let people know what sorts of behavior are expected and what the organization values.

6.1 Operational Assessment

Good governance depends on a thorough understanding of the organization's operational status. There are two basic ways to accomplish this. A well-run organization will have a good metrics definition and collection process in place so that managers can monitor their functions' performance in real-time. Less mature organizations often have to depend on point-in-time assessments to know the true state of affairs.

EIT assessments are a point-in-time type of monitoring that supplement the regular monitoring and reporting process. Maturing organizations often do self-assessments. When done by people outside the organization, they are often seen as audits. Some topics that an audit may cover include:

  • Return on investment (ROI)
  • Data quality
  • Inventory accuracy (licenses, software, hardware in use/owned)
  • Process performance, rationalization, adherence to policies
  • Security effectiveness
  • Maturity assessment and reassessment
  • Regulatory requirements adherence

The resulting reports include gaps found and remediation recommendations.

The effort and cost to establish and operate EIT governance can be scaled to meet the strategically sensitive areas for the overall organization. Business and EIT share the EIT governance responsibility, because the business must communicate its needs to EIT and its satisfaction with EIT services. Good governance requires exceptional leaders who can communicate across business and EIT subject domains.

6.2 Financial Management

EIT management must plan for all needed EIT resources in its budgeting, including on-going operations, change initiatives, and growth plans. These resources to be budgeted for include salaries and overhead for personnel, training and professional development, licenses and leases, as well as new acquisition of outside services and material assets, contract management with vendors including outsourcing, licensing, SLA, OLA, and cloud computing. Project resourcing also need to be taken into account. (See the Acquisition chapter).

Assets represent value, not just cost, to the organization. That value should be tracked and reported for tax purposes, such as depreciation reporting. While assets are not always included on balance sheets, they must be considered at the time of an acquisition, merger, or liquidation.

Sometimes cost control can be an important, overriding priority that limits EA visions and plans for the overall EIT system evolution. However, such short-term thinking can be at the risk of mounting technical debt or even stand in the way of strategic projects. A better approach is cost management.

Cost management includes careful application of strategies, such as:

  • Infrastructure allocation/management
  • Application rationalization
  • Device and data access policies
  • Process assessment (identification of wasted effort)
  • Application lessons learned
  • Feedback loops
  • Process improvement/re-engineering
  • Licensing re-negotiation
  • Various outsourcing initiatives

6.3 Quality Management

Quality management [12] is a key control in EIT governance. The importance of high levels of quality throughout the EIT organization's actions, services, and products is manifested across all policies, processes, and procedures. There are two basic ways of approaching quality. The first is to take a passive approach; in effect, to adhere to the idea that quality is "baked in" to the organization through the policies, processes, and procedures, and where quality controls are established as an output measurement, much like in manufacturing environments. The second approach is more active, setting out a separate responsibility for quality that establishes responsibility and accountability, checks adherence, and advises and reports on quality risks and failures at many points along work streams.

The adoption of accepted practices given in standards and frameworks is an indication of a more mature organization requiring active quality management as part of overall EIT governance. For example, ISO Standard 9001 applies to any organization that:

  • Needs to demonstrate its ability to consistently provide product that meets customer and applicable statutory and regulatory requirements.
  • Aims to enhance customer satisfaction through the effective application of the system, including processes for continual improvement of the system and the assurance of conformity to customer and applicable statutory and regulatory requirements.

Several other ISO and IEEE standards provide guidelines for quality management within an EIT organization. See the Quality chapter for information on these.

Monitoring and performing impact analysis of regulatory and changes in industry standards is also a quality management activity shared with legal departments and enterprise architecture.

An organization can address the risk of damage to its reputation and potential fines due to information leakage and misinterpretation by adopting strong data quality-assurance practices within a data-governance program. [15]

6.4 EIT Risk Management

EIT policies, standards, and processes should include explicit sections on risk tolerance and EIT's approaches to risk management including EIT security policy, EIT governance policy, EIT financial management policy, data privacy and classification policy, disaster preparedness policy, supply chain management, vendor management, employee ethics, and regulation adherence policy.

Risk management [16] in EIT involves the following activities:

  • Risk identification—Relevant EIT risk profiles on systems are specified. Types of risks are financial, reputational, regulatory (projected and current), security, EIT disaster, market innovation speed, and supplier performance.
  • Risk evaluation—All identified risks are evaluated for their severity and likelihood.
  • Risk response—Response plans are generated for the most severe and likely risks. Generally, the response is either to accept the risk and do nothing because likelihood or organization concern is low, to accept the risk and plan contingencies for the occurrence, or to transfer the risk to a third party via insurance.

6.5 EIT Maturity Management

The maturity of EIT functions [17] directly relates to the ability to provide a consistent level of business support as well as to execute the EIT strategy. Therefore, there is a need to assess maturity as an input to a realistic plan and as a guide to maturing EIT to desired levels. In other words, unless the EIT organization understands its own capabilities and its own shortcomings, it can't make effective plans to take on more work or to otherwise improve.

Some principles in mounting and actioning maturity assessments are:

  • Business and EIT culture and interaction are key elements to capability and performance and cannot be ignored in an evaluation.
  • Outputs of the maturity analysis are direct inputs to planning and the strategy plan execution roadmap.
  • The adoption of lessons learned is a key improvement strategy.

Improvements will necessarily require changes, so change initiatives should be defined for these activities and executed and monitored as projects. Projectizing such efforts also enables reality checks on the goals and timing to the desired objectives as materialized through EIT change initiatives. (See also Change Initiatives).

6.6 Service Management

Service management [19] in EIT encompasses the full system lifecycle support from concept to deployment and retirement. The most widely known "recommended practices" for service management are described in the ITIL framework and reflected in ISO/IEC/IEEE standard 20000. These references provide guidance for designing and implementing control structures within the EIT governance framework including:

6.7 Project Management

Project management [20] is required for all change initiatives in EIT including new services or equipment deployment, enhancements/upgrades to existing services, and significant operations changes. These include traditional EIT activities as well as supporting activities such as communications and human resources.

The PMI/IEEE Software Extension to the Project Management Body of Knowledge (PMBOK) is an extensive reference that addresses both agile and plan-driven projects. It describes project-level controls that can be adjusted to the level appropriate for the scale of the work. Required project-level controls include defining quality, cost, deliverables, risk, and schedule expectations, as well as process to be used, and authorities for decision-making.

  • Good EIT governance ensures that the adequate resources (including staff, training, equipment, and funding) are available when needed. EIT governance works closely with vendors, project managers, financial management staff, and suppliers to achieve these aims.
  • Medium-sized and large EIT organizations typically establish a project management office (PMO) to support projects, provide management guidance, and assist in reporting status. This formal oversight body is set up to instantiate common project management practices and reporting consistency across projects. In some organizations, PMO scope is limited to "large projects" (those projects holding significant risk to the organization, and significant cost). This approach usually ends up with the same pitfall: more and more projects are defined as "small" and more and more of them fail to meet cost or feature or schedule expectations.

6.8 Portfolio and Program Management

EIT portfolio management is the application of systematic management to the investments, projects, and activities of Enterprise information technology (EIT) departments.

Portfolio management enables high-level views of all capabilities provided by EIT so that new work proposals can be evaluated against the portfolio as a whole. EIT portfolios may have defined aggregate subsets. An aggregate subset is a set of scoped applications and systems that are closely interrelated; for example, the accounts payable, accounts receivable, and ledger production in an organization. In some instances, the organization creates the role of portfolio manager. Portfolio managers work closely with project managers, architects, operations managers, and business users to make sure that the relationships and the understanding between the business and EIT are strong and transparent.

Programs can span portfolios as multi-phase, multi-year initiatives. Project and portfolio grouping allows for more holistic views on change, impact analysis and synergies, business case development, upgrading, operations problem identification, communication and recovery, vendor and business relationship management, and multi-project oversight. Programs can span multiple systems and often have their own multi-year separate organization structure and board-level oversight.

In budgeting for all EIT activities, their value to the enterprise must be evaluated. So called "support activities" are no exception. All proposed efforts should be evaluated through a common lens and should use a standard funding process, as shown in Figure 4. This approach enables the EIT organization to escape the problem of 80% of its resources being allocated to "maintenance," because it forces business and EIT management to examine the cost-effectiveness of sustaining all old systems—regardless of value to the business strategy—rather than adding new services.

Two types of discipline are required: (1) using business cases to evaluate proposed new work, and (2) ceasing to treat enhancement requests on a piecemeal basis, because they are "too small" to worry about. (For details see the section about managing change requests in the Operations chapter).

Figure2.5.JPG

Figure 4. Steps in Business Case Development

Work is prioritized and moved forward into the realization phase based on the business and EIT strategic plans. The Change Initiatives chapter describes how new projects are treated as change initiatives in order to be successful. The process is monitored for continuing business alignment and need, and considers feasibility factors, stakeholder interest, resourcing opportunities, competitor activity, new EIT tools and approaches, and government requirements in the industry in evaluating proposals for both enhancements and new services.

7 EIT Governance Reporting

Governance reporting is meant to help managers keep an eye on strategic themes, identify potential areas for improving processes, and recognize early on when projects are at risk. It can help managers determine when to offer opportunities for supported learning and improvement in underperforming areas.

However, governance reporting is only useful when it is reporting progress against goals and milestones, and when the consumers of the reports have the necessary authority to take appropriate action and are accountable to do so. Appropriate accountability can ensure that active oversight is in place to handle possible performance issues, including penalties to third parties. (With regard to third parties, also see the Acquisition chapter.)

Effective reporting has the following characteristics:

  • A hierarchy of goals (including SLAs and OLAs) and measures is defined for monitoring achievement of strategic goals at all levels of management, including team leaders.
  • Weekly reports provide current results for goal measurement. Weekly reports do NOT consist of "this is what we did this week," without reference to what goals are supposed to be tracked.
  • Weekly reports include issues (actual and potential) that have arisen. Leaders use a feedback or action model to ensure that issues are addressed quickly. Review and remediation actions are authorized at the appropriate level.
  • Typical EIT governance reporting consists of reports up the chain to C-level officers or to the top-level leaders of the accountable steering committee, oversight committee, or operations committee.

Metrics and measures standardize the reports to allow the tracking of progress over time. (A measure quantifies something, such as miles. A metric is a derivative of measures, such as miles per hour.) Some metrics can be characterized as key performance indicators (KPIs), which are of special significance to EIT and business as they are considered to best support the highest priorities. KPIs are financial and nonfinancial measures of the results of a business' strategic plans. A KPI is a reflection of the degree to which an outcome is achieved. A KPI may be directly measured/assessed, or it may be derived from a metric, other KPIs, or combination of metrics and KPIs. For example:

  • Error rate is a quantitative KPI composed of two metrics, an error count and a time interval.
  • Customer satisfaction is a qualitative KPI that may be composed of a number of metrics and KPIs, such as return purchases and the results of surveys.

Generally, effective reporting includes:

  • Progress reporting:
    • Adherence to action plan (activities) and funding (budget versus actuals)
    • Goal achievement measures (for example, to show progress against the balanced scorecard)
    • Execution plan achievement
  • Organization changes and their effect
  • Financial position trending and forecast
  • Problem tracking, such as outstanding trouble tickets
  • Emergency preparedness/disaster drills results
  • Quality scorecard for SLAs and OLAs, and for development projects
  • Metrics that are well-defined and used consistently so that trends can be detected over time
  • A clearly defined purpose of each metric, defined in terms of what insights it reports; that is, what is being measured and why

8 Summary

According to Michael Porter[11], more than 80% of organizations do not successfully execute their business strategies. He estimates that in over 70% of these cases, the reason was not the strategy itself, but ineffective execution. Poor strategy execution is the most significant management challenge facing public and private organizations in the 21st century according to Gartner[12]. What good does it do for an organization to have a well-considered strategy that it cannot execute? Such a scenario, which is all too common according to Porter, has a dual downside. The organization will fall further behind the competition and sub-optimize resources and revenue opportunities. But that same organization will spend significant capital on failed projects that can undermine confidence with customers and investors in the management team and the organization as a whole. This is not a good position to be in and, therefore, organizations must determine effective ways to take business strategy and make it actionable.

Important idea to take away from this chapter are:

  • Recognize that enterprise strategy drives EIT strategy.
  • Understand your purpose for creating an EIT strategy.
  • Understand current EIT operations.
  • Plan for working on the things that matter to enterprise.
  • Take a multi-year perspective, and revisit the plan on a periodic basis for confirmation or changes.
  • Enable reliable, nimble, and efficient response to changes in strategic objectives.
  • Plan for flexibility and change in governance structure, accountability, and priorities.
  • Measure progress and performance against the strategic roadmap as well as on a project and operations basis.
  • Enable change, even to the plan itself, as required.
  • Advise and align subordinate EIT strategic plans into an overall framework for delivery.
  • Continually foster communications and understanding between EIT and enterprise.
  • Set expectations within a code of ethics framework.
  • Foster a continuous learning organization.
  • Look ahead for continuity planning as part of risk management planning.

Good governance consists of good processes and actions in making and implementing decisions. Strategy and its clear goals provide the yardstick for making decisions. Good governance has several characteristics that underpin all the governance areas described above. These characteristics include well-understood meeting procedures, service quality protocols, management conduct, role clarification, and good working relationships, all of which contribute to the hallmarks of effective EIT governance: accountability, transparency, participation, and ethical behavior.

9 Key Maturity Frameworks

Capability maturity for EIT refers to its ability to reliably perform. Maturity is measured by an organization's readiness and capability expressed through its people, processes, data, and technologies and the consistent measurement practices that are in place. See Appendix F for additional information about maturity frameworks.

Many specialized frameworks have been developed since the original Capability Maturity Model (CMM) that was developed by the Software Engineering Institute in the late 1980s. This section describes how some of those apply to the activities described in this chapter.

9.1 IT-Capability Maturity Framework (IT-CMF)

The IT-CMF was developed by the Innovation Value Institute in Ireland. This framework helps organizations to measure, develop, and monitor their EIT capability maturity progression. It consists of 35 EIT management capabilities that are organized into four macro capabilities:

  • Managing EIT like a business
  • Managing the EIT budget
  • Managing the EIT capability
  • Managing EIT for business value

Each has five different levels of maturity starting from initial to optimizing. The three most relevant critical capabilities are IT leadership and governance (ITG), strategic planning (SP), and benefits assessment and realization (BAR).

9.1.1 Leadership and Governance Maturity

The following statements provide a high-level overview of the IT leadership and governance (ITG) capability at successive levels of maturity.

Level 1 IT leadership and governance are non-existent or are carried out in an ad hoc manner.
Level 2 Leadership with respect to a unifying purpose and direction for EIT is beginning to emerge. Some decision rules and governance bodies are in place, but these are typically not applied or considered in a consistent manner.
Level 3 Leadership instills commitment to a common purpose and direction for EIT across the EIT function and some other business units. EIT decision-making forums collectively oversee key EIT decisions and monitor performance of the EIT function.
Level 4 Leadership instills commitment to a common purpose and direction for EIT across the organization. Both the EIT function and other business units are held accountable for the outcomes from EIT.
Level 5 EIT governance is fully integrated into the corporate governance model, and governance approaches are continually reviewed for improvement, regularly including insights from relevant business ecosystem partners.

9.1.2 Strategic Planning Maturity

The following statements provide a high-level overview of the strategic planning (SP) capability at successive levels of maturity:

Level 1 Any EIT strategic planning that exists or resources allocated to it are informal, and opportunities and challenges are identified only in an ad hoc or informal way.
Level 2 An EIT strategic planning approach is emerging. Limited resources are made available for EIT planning purposes. An EIT strategy is beginning to be formalized, but may not yet be adequately aligned with basic business needs.
Level 3 The EIT strategic planning approach is standardized. Sufficient EIT resources are allocated to EIT strategic planning activities. The EIT strategy is developed increasingly in consultation with planners from other business units to satisfy a wider array of business needs.
Level 4 The EIT strategic planning approach is an integral part of a wider organizational planning processes. Dedicated resources from the EIT function and other business units are allocated to EIT strategic planning, enabling the EIT strategy to comprehensively support and influence the business strategy.
Level 5 The EIT strategic planning approach is reviewed and improved using process improvement methods and tools. A strong symbiotic relationship exists between the EIT and business strategic plans to such an extent that it can be difficult to distinguish between them.

9.1.3 Benefits Assessment and Realization Maturity

The following statements provide a high-level overview of the benefits assessment and realization (BAR) capability at successive levels of maturity.

Level 1 The organization typically focuses on delivering to technical project criteria, such as delivering on time, to budget, and to specification, rather than on realizing business benefits. Post-implementation reviews to evaluate the organizational benefit are rarely conducted.
Level 2 Some larger EIT-enabled change programs are beginning to use limited forms of benefits management methods. Post-implementation reviews are occasionally conducted, mainly to evaluate technology deployment efficiency.
Level 3 Most programs are described in terms of business value and consistently use benefits management methods. Post-implementation reviews are conducted on most programs, including an evaluation of the organizational changes needed to realize the value of technology deployment.
Level 4 The organization has developed deep expertise in applying benefits management methods, and responsibility for realizing value is spread across the organization. Business value reviews are conducted throughout the investment lifecycle, from conceptualizing to deployment to eventual retirement.
Level 5 Management continually monitors, reviews, and improves benefits management methods across the organization, and exchanges insights with relevant business ecosystem partners. Post-implementation reviews of EIT-enabled change consistently contribute to better subsequent use of resources.

10 Key Competence Frameworks

While many large companies have defined their own sets of skills for the purposes of talent management (to recruit, retain, and further develop the highest quality staff members that they can find, afford, and hire), the advancement of EIT professionalism require common definitions of EIT skills that can be used not just across enterprises, but also across countries. We have selected three major sources of skill definitions. While none of them is used universally, they provide a good cross-section of options.

Creating mappings between these frameworks and our chapters is challenging, because they come from different perspectives and have different goals. There is rarely a 100 percent correspondence between the frameworks and this Guide, and despite careful consideration, some subjectivity was used to create the mappings. Please take that in consideration as you review them.

10.1 Skills Framework for the Information Age

The Skills Framework for the Information Age (SFIA) has defined nearly 100 skills. SFIA describes seven levels of competency that can be applied to each skill. Not all skills, however, cover all seven levels. Some reach only partially up the seven step ladder. Others are based on mastering foundational skills, and start at the fourth or fifth level of competency. It is used in nearly 200 countries, from Britain to South Africa, South America, to the Pacific Rim, to the United States. (http://www.sfia-online.org)

Skill Skill Description Competency Levels
EIT governanceThe establishment and oversight of an organization's approach to the use of information, digital services and associated technology. Includes responsibility for provision of digital services; levels of service, and service quality that meet current and future business requirements; policies and practices for conformance with mandatory legislation and regulations; strategic plans for technology to enable the organization's business strategy; transparent decision making, leading to justification for investment, with appropriate balance between stakeholder benefits, opportunities, costs, and risks.5-7
Enterprise and business architectureThe creation, iteration, and maintenance of structures such as enterprise and business architectures embodying the key principles, methods, and models that describe the organization's future state, and that enable its evolution. This typically involves the interpretation of business goals and drivers; the translation of business strategy and objectives into an "operating model"; the strategic assessment of current capabilities; the identification of required changes in capabilities; and the description of inter-relationships between people, organization, service, process, data, information, technology, and the external environment.

The architecture development process supports the formation of the constraints, standards, and guiding principles necessary to define, ensure, and govern the required evolution; this facilitates change in the organization's structure, business processes, systems, and infrastructure in order to achieve predictable transition to the intended state.

6-7
EIT strategy and planningThe creation, iteration, and maintenance of a strategy in order to align EIT plans with business objectives and the development of plans to drive forward and execute that strategy. Working with stakeholders to communicate and embed strategic management via objectives, accountabilities, and monitoring of progress.5-7
Information managementThe overall governance of how all types of information, structured and unstructured, whether produced internally or externally, are used to support decision-making, business processes, and digital services. Encompasses development and promotion of the strategy and policies covering the design of information structures and taxonomies, the setting of policies for the sourcing and maintenance of the data content, and the development of policies, procedures, working practices, and training to promote compliance with legislation regulating all aspects of holding, use, and disclosure of data.6-7
Information systems coordinationTypically within a large organization in which the information strategy function is devolved to autonomous units, or within a collaborative enterprise of otherwise independent organizations, the coordination of information strategy matters where the adoption of a common approach (such as shared services) would benefit the organization.6-7
EIT managementThe management of the EIT infrastructure and resources required to plan for, develop, deliver, and support EIT services and products to meet the needs of a business. The preparation for new or changed services, management of the change process, and the maintenance of regulatory, legal, and professional standards. The management of performance of systems and services in terms of their contribution to business performance and their financial costs and sustainability. The management of bought-in services. The development of continual service improvement plans to ensure the EIT infrastructure adequately supports business needs.7
Financial managementThe overall financial management, control, and stewardship of the EIT assets and resources used in the provision of EIT services, including the identification of materials and energy costs, ensuring compliance with all governance, legal, and regulatory requirements.6
Portfolio managementThe development and application of a systematic management framework to define and deliver a portfolio of programs, projects, and ongoing services, in support of specific business strategies and objectives. Includes the implementation of a strategic investment appraisal and decision-making process based on a clear understanding of cost, risk, inter-dependencies, and impact on existing business activities, enabling measurement and objective evaluation of potential changes and the benefits to be realized. The prioritization of resource utilization and changes to be implemented. The regular review of portfolios. The management of the service pipeline (proposed or in development), service catalog (live or available for deployment), and retired services.7
Program managementThe identification, planning, and coordination of a set of related projects within a program of business change, to manage their interdependencies in support of specific business strategies and objectives. The maintenance of a strategic view over the set of projects, providing the framework for implementing business initiatives, or large-scale change, by conceiving, maintaining, and communicating a vision of the outcome of the program and associated benefits. (The vision, and the means of achieving it, may change as the program progresses). Agreement of business requirements, and translation of requirements into operational plans. Determination, monitoring, and review of program scope, costs, and schedule, program resources, inter-dependencies, and program risk.7
Project managementThe management of projects, typically (but not exclusively) involving the development and implementation of business processes to meet identified business needs, acquiring and utilizing the necessary resources and skills, within agreed parameters of cost, timescales, and quality.7
Systems development managementThe management of resources in order to plan, estimate, and carry out programs of solution development work to time, budget, and quality targets and in accordance with appropriate standards, methods, and procedures (including secure software development). The facilitation of improvements by changing approaches and working practices, typically using recognized models, recommended practices, standards, and methodologies. The provision of advice, assistance, and leadership in improving the quality of software development, by focusing on process definition, management, repeatability, and measurement.7
Relationship managementThe identification, analysis, management, and monitoring of relationships with and between stakeholders. (Stakeholders are individuals, groups, or organizations who may affect, be affected by, or perceive themselves to be affected by decisions, activities, and outcomes related to products, services, or changes to products and services). The clarification of mutual needs and commitments through consultation and consideration of impacts. For example, the coordination of all promotional activities to one or more clients to achieve satisfaction for the client and an acceptable return for the supplier; assistance to the client to ensure that maximum benefit is gained from products and services supplied.7
SourcingThe provision of policy, internal standards, and advice on the procurement or commissioning of externally supplied and internally developed products and services. The provision of commercial governance, conformance to legislation, and assurance of information security. The implementation of compliant procurement processes, taking full account of the issues and imperatives of both the commissioning and supplier sides. The identification and management of suppliers to ensure successful delivery of products and services required by the business.7
Quality managementThe application of techniques for monitoring and improvement of quality to any aspect of a function or process. The achievement of, and maintenance of compliance to, national and international standards, as appropriate, and to internal policies, including those relating to sustainability and security.7
Service level managementThe planning, implementation, control, review, and audit of service provision, to meet customer business requirements. This includes negotiation, implementation, and monitoring of service level agreements, and the ongoing management of operational facilities to provide the agreed levels of service, seeking continually and proactively to improve service delivery and sustainability targets.7
Information assuranceThe protection of integrity, availability, authenticity, non-repudiation, and confidentiality of information and data in storage and in transit. The management of risk in a pragmatic and cost-effective manner to ensure stakeholder confidence.6-7
Information securityThe selection, design, justification, implementation, and operation of controls and management strategies to maintain the security, confidentiality, integrity, availability, accountability, and relevant compliance of information systems with legislation, regulation, and relevant standards.6-7
Business risk managementThe planning and implementation of organization-wide processes and procedures for the management of risk to the success or integrity of the business, especially those arising from the use of information technology, reduction or non-availability of energy supply, or inappropriate disposal of materials, hardware, or data.7

10.2 European Competency Framework

The European Union's European e-Competence Framework (e-CF) has 40 competences and is used by a large number of companies, qualification providers, and others in public and private sectors across the EU. It uses five levels of competence proficiency (e-1 to e-5). No competence is subject to all five levels.

The e-CF is published and legally owned by CEN, the European Committee for Standardization, and its National Member Bodies (www.cen.eu). Its creation and maintenance has been co-financed and politically supported by the European Commission, in particular, DG (Directorate General) Enterprise and Industry, with contributions from the EU ICT multi-stakeholder community, to support competitiveness, innovation, and job creation in European industry. The Commission works on a number of initiatives to boost ICT skills in the workforce. Version 1.0 to 3.0 were published as CEN Workshop Agreements (CWA). The e-CF 3.0 CWA 16234-1 was published as an official European Norm (EN), EN 16234-1. For complete information, see http://www.ecompetences.eu.

e-CF Dimension 2 e-CF Dimension 3
A.1. IS and business Strategy Alignment (PLAN)
Anticipates long-term business requirements, and influences the improvement of organizational process efficiency and effectiveness. Determines the IS model and the enterprise architecture in line with the organization's policy and ensures a secure environment. Makes strategic IS policy decisions for the enterprise, including sourcing strategies.
Level 4-5
A.3. Business Plan Development (PLAN)
Addresses the design and structure of a business or product plan including the identification of alternative approaches as well as return on investment propositions. Considers the possible and applicable sourcing models. Presents cost-benefit analysis and reasoned arguments in support of the selected strategy. Ensures compliance with business and technology strategies. Communicates and sells business plan to relevant stakeholders and addresses political, financial, and organizational interests.
Level 3-5
A.4. Product/Service Planning (PLAN)
Analyzes and defines current and target status. Estimates cost effectiveness, points of risk, opportunities, strengths, and weaknesses, with a critical approach. Creates structured plans; establishes time scales and milestones, ensuring optimization of activities and resources. Manages change requests. Defines delivery quantity and provides an overview of additional documentation requirements. Specifies correct handling of products, including legal issues, in accordance with current regulations.
Level 2-4
D.3. Education and Training Provision (ENABLE)
Defines and implements ICT training policy to address organizational skill needs and gaps. Structures, organizes, and schedules training programs and evaluates training quality through a feedback process and implements continuous improvement. Adapts training plans to address changing demand.
Level 2-3
E.1. Forecast Development (MANAGE)
Interprets market needs and evaluates market acceptance of products or services. Assesses the organization's potential to meet future production and quality requirements. Applies relevant metrics to enable accurate decision making in support of production, marketing, sales, and distribution functions.
Level 3-4
E.2. Project and Portfolio Management (MANAGE)
Implements plans for a program of change. Plans and directs a single or portfolio of ICT projects to ensure coordination and management of interdependencies. Orchestrates projects to develop or implement new, internal or externally defined processes to meet identified business needs. Defines activities, responsibilities, critical milestones, resources, skills needs, interfaces, and budget, optimizes costs and time utilization, minimizes waste, and strives for high quality. Develops contingency plans to address potential implementation issues. Delivers project on time, on budget and in accordance with original requirements. Creates and maintains documents to facilitate monitoring of project progress.
Level 2-5
E.7. Business Change Management (MANAGE)
Assesses the implications of new digital solutions. Defines the requirements and quantifies the business benefits. Manages the deployment of change taking into account structural and cultural issues. Maintains business and process continuity throughout change, monitoring the impact, taking any required remedial action and refining approach.
Level 3-5
E.9. IS Governance (MANAGE)
Defines, deploys, and controls the management of information systems in line with business imperatives. Takes into account all internal and external parameters such as legislation and industry standard compliance to influence risk management and resource deployment to achieve balanced business benefit.
Level 4-5

10.3 i Competency Dictionary

The Information Technology Promotion Agency (IPA) of Japan has developed the i Competency Dictionary (iCD), translated it into English, and describes it at https://www.ipa.go.jp/english/humandev/icd.html. It is an extensive skills and tasks database, used in Japan and southeast Asian countries. It establishes a taxonomy of tasks and the skills required to perform the tasks. The IPA is also responsible for the Information Technology Engineers Examination (ITEE), which has grown into one of the largest scale national examinations in Japan, with approximately 600,000 applicants each year.

The iCD consists of a Task Dictionary and a Skill Dictionary. Skills for a specific task are identified via a "Task x Skill" table. (See Appendix A for the task layer and skill layer structures.) EITBOK activities in each chapter require several tasks in the Task Dictionary.

The table below shows a sample task from iCD Task Dictionary Layer 2 (with Layer 1 in parentheses) that correspond to activities in this chapter. It also shows the Layer 2 (Skill Classification), Layer 3 (Skill Item), and Layer 4 (knowledge item from the IPA Body of Knowledge) prerequisite skills associated with the sample task, as identified by the Task x Skill Table of the iCD Skill Dictionary. The complete iCD Task Dictionary (Layer 1-4) and Skill Dictionary (Layer 1-4) can be obtained by returning the request form provided at http://www.ipa.go.jp/english/humandev/icd.html.

Task DictionarySkill Dictionary
Task Layer 1 (Task Layer 2)Skill ClassificationSkill ItemAssociated Knowledge Items
Formulation of basic policies
(EIT strategy formulation and execution promotion)
System strategy planning methods Computerization strategy methods
  • CRUD analysis
  • Critical success factor (CSF)
  • ER diagram
  • EIT portfolio model
  • Key goal indicator (KGI)
  • Key performance indicator (KPI)
  • Enterprise architecture (EA)
  • System lifecycle
  • Formulation of computerization strategy
  • Data flow diagram (DFD)
  • Balance score card
  • Business process modeling
  • Business process re-engineering (BPR)
  • Business model
  • Program management
  • Modeling
  • Understanding of user vision, goal, and business strategy
  • Risk analysis techniques
  • Computerization strategy formulation using application package
  • Business operations model
  • Business analysis methods
  • Information systems model
  • Total optimization

11 Key Roles

Both SFIA and the e-CF have described profiles (similar to roles) for providing examples of skill sets (skill combinations) for various roles. The iCD has described tasks performed in EIT and associated those with skills in the IPA database.

These roles are common to ITSM:

  • Availability Manager
  • Business Relationship Manager
  • Capacity Manager
  • Enterprise Architect
  • Financial Manager
  • Risk Manager
  • Service Catalog Manager
  • Service Portfolio Manager
  • Service Continuity Manager
  • Supplier Manager

Other roles can include:

  • Architect
  • Board of directors
  • Business management team
  • Business partners
  • C-level officers
  • Governance body
  • Regulatory authority
  • Stockholder
  • Vendor

12 Standards

Commonly used formal risk standards include:

  • ISO 31000 2009—Risk Management Principles and Guidelines
  • ISO/IEC 31010:2009—Risk Management—Risk Assessment Techniques
  • ISO/IEC 16085:2006, System and Software Engineering—Lifecycle Management—Risk Management
  • ISO/IEC 38500:2015, Information technology—Governance of EIT for the organization

13 References

[1] http://searchcio.techtarget.com/definition/IT-strategic-plan-information-technology-strategic-plan, accessed 1/19/2017.

[2] R. S. Kaplan and D. P. Norton, Strategy Maps: Converting Intangible Assets into Tangible Outcomes (Boston: Harvard Business School Press, 2004).

[3] www.hoshinkanripro.com.

[4] Business Motivation Model (BMM), www.omg.org/spec/BMM.

[5] OMG Business Architecture Special Interest Group, http://bawg.omg.org, and Business Architecture Institute, www.businessarchitectureinstitute.org.

[6] A Guide to the Business Architecture Body of Knowledge (BIZBOK® Guide), Release 4.1, Glossary, Business Architecture Guild, www.businessarchitectureguild.org (download at http://www.businessarchitectureguild.org/resource/resmgr/BIZBOK_5_5publicDocs/BIZBOK_v5.5_Glossary_FINAL.pdf.)

[7] A Common Perspective on Enterprise Architecture, The Federation of Enterprise Architecture Professional Organizations (FEAPO), 2013, www.feapo.org.

[8] A Guide to the Business Architecture Body of Knowledge (BIZBOK® Guide), Release 4.1, Section 1, Introduction, Business Architecture Guild, www.businessarchitectureguild.org.

[9] For change management guidance—Project Management Body of Knowledge, Chapter 4 Version 5 December 31, 2012.

[10] IT Governance: How Top Performers Manage IT Decision Rights for Superior Results, Peter Weill and Jeanne Ross, Harvard Business School Press, 2004.

[11] Porter, M.E. (2008). The Five Competitive Forces That Shape Strategy, Harvard Business Review, January 2008, pp. 79–93.

[12] Lapkin, Anne, & Young, Colleen M. (2011). The Management Nexus: Closing the Gap Between Strategy and Execution, Gartner.

14 Additional Useful Sources

  • Enterprise Architecture as Strategy: Creating a Foundation for Business Execution, Peter Weill and Jeanne Ross, Harvard Business School Press, 2006.
  • ITGC—EIT Global Controls—Global Technology Audit Guide (GTAG), Institute of Internal Auditors.
  • IEEE Code of Ethics and ACM Code of Ethics and Professional Conduct as examples.
  • Control Objectives for Information and related Technology (COBIT).
  • DAMA-DMBOK Guide to the Data Management Body of Knowledge (DAMA-DMBOK), Chapter 4 Data Governance.
  • EIT Risk Management guidance—ISACA.
  • The SEI Capability Maturity Model Integration (CMMI) for software development and for EIT services.
  • Project Management Institute, Project Management Body of Knowledge (PMBOK) guide.
  • R. Kaplan and D. Norton, Using the Balanced Scorecard as a Strategic Management System, July 10, 2015, https://hbr.org/2007/07/using-the-balanced-scorecard-as-a-strategic-management-system.
  • COSO2004—Enterprise Risk Management—Integrated Framework
  • OCEG "Red Book" 2.0: 2009—a Governance, Risk, and Compliance Capability Model
  • A Risk Management Standard—IRM/Alarm/AIRMIC 2002—developed in 2002 by the UK's 3 main risk organizations