1 |
1 |
Governance |
Evaluate, Direct and Monitor |
1. Analyze and identify the internal and external environmental factors (legal, regulatory and contractual obligations) and trends in the business environment that may influence governance design. |
Evaluate the governance system |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
2 |
2 |
Governance |
Evaluate, Direct and Monitor |
2. Determine the significance of I&T and its role with respect to the business. |
Evaluate the governance system |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
3 |
3 |
Governance |
Evaluate, Direct and Monitor |
3. Consider external regulations, laws and contractual obligations and determine how they should be applied within the governance of enterprise I&T. |
Evaluate the governance system |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
4 |
4 |
Governance |
Evaluate, Direct and Monitor |
4. Determine the implications of the overall enterprise control environment with regard to I&T. |
Evaluate the governance system |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
5 |
5 |
Governance |
Evaluate, Direct and Monitor |
5. Align the ethical use and processing of information and its impact on society, the natural environment, and internal and external stakeholder interests with the enterprise’s direction, goals and objectives. |
Evaluate the governance system |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
6 |
6 |
Governance |
Evaluate, Direct and Monitor |
6. Articulate principles that will guide the design of governance and decision making of I&T. |
Evaluate the governance system |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
7 |
7 |
Governance |
Evaluate, Direct and Monitor |
7. Determine the optimal decision-making model for I&T. |
Evaluate the governance system |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
8 |
8 |
Governance |
Evaluate, Direct and Monitor |
8. Determine the appropriate levels of authority delegation, including threshold rules, for I&T decisions. |
Evaluate the governance system |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
9 |
9 |
Governance |
Evaluate, Direct and Monitor |
1. Communicate governance of I&T principles and agree with executive management on the way to establish informed and committed leadership. |
Direct the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
10 |
10 |
Governance |
Evaluate, Direct and Monitor |
2. Establish or delegate the establishment of governance structures, processes and practices in line with agreed-on design principles. |
Direct the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
11 |
11 |
Governance |
Evaluate, Direct and Monitor |
3. Establish an I&T governance board (or equivalent) at the board level. This board should ensure that governance of information and technology, as part of enterprise governance, is adequately addressed; advise on strategic direction; and determine prioritization of I&T-enabled investment programs in line with the enterprise’s business strategy and priorities. |
Direct the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
12 |
12 |
Governance |
Evaluate, Direct and Monitor |
4. Allocate responsibility, authority and accountability for I&T decisions in line with agreed-on governance design principles, decision-making models and delegation. |
Direct the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
13 |
13 |
Governance |
Evaluate, Direct and Monitor |
5. Ensure that communication and reporting mechanisms provide those responsible for oversight and decision making with appropriate information. |
Direct the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
14 |
14 |
Governance |
Evaluate, Direct and Monitor |
6. Direct that staff follow relevant guidelines for ethical and professional behavior and ensure that consequences of noncompliance are known and enforced. |
Direct the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
15 |
15 |
Governance |
Evaluate, Direct and Monitor |
7. Direct the establishment of a reward system to promote desirable cultural change. |
Direct the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
16 |
16 |
Governance |
Evaluate, Direct and Monitor |
1. Assess the effectiveness and performance of those stakeholders given delegated responsibility and authority for governance of enterprise I&T. |
Monitor the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
17 |
17 |
Governance |
Evaluate, Direct and Monitor |
2. Periodically assess whether agreed-on governance of I&T mechanisms (structures, principles, processes, etc.) are established and operating effectively. |
Monitor the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
18 |
18 |
Governance |
Evaluate, Direct and Monitor |
3. Assess the effectiveness of the governance design and identify actions to rectify any deviations found. |
Monitor the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
19 |
19 |
Governance |
Evaluate, Direct and Monitor |
4. Maintain oversight of the extent to which I&T satisfies obligations (regulatory, legislation, common law, contractual), internal policies, standards and professional guidelines. |
Monitor the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
20 |
20 |
Governance |
Evaluate, Direct and Monitor |
5. Provide oversight of the effectiveness of, and compliance with, the enterprise’s system of control. |
Monitor the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
21 |
21 |
Governance |
Evaluate, Direct and Monitor |
6. Monitor regular and routine mechanisms for ensuring that the use of I&T complies with relevant obligations (regulatory, legislation, common law, contractual), standards and guidelines. |
Monitor the governance system. |
Ensured Governance Framework Setting and Maintenance |
Analyze and articulate the requirements for the governance of enterprise I&T. Put in place and maintain governance components with clarity of authority and responsibilities to achieve the enterprise's mission, goals and objectives. |
Provide a consistent approach integrated and aligned with the enterprise governance approach. I&T-related decisions are made in line with the enterprise's strategies and objectives and desired value is realized. To that end, ensure that I&T-related processes are overseen effectively and transparently; compliance with legal, contractual and regulatory requirements is confirmed; and the governance requirements for board members are met. |
22 |
22 |
Governance |
Evaluate, Direct and Monitor |
1. Create and maintain portfolios of I&T-enabled investment programs, IT services and IT assets, which form the basis for the current IT budget and support the I&T tactical and strategic plans. |
Establish the target investment mix. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
23 |
23 |
Governance |
Evaluate, Direct and Monitor |
2. Obtain a common understanding between IT and the other business functions on the potential opportunities for IT to enable and contribute to enterprise strategy. |
Establish the target investment mix. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
24 |
24 |
Governance |
Evaluate, Direct and Monitor |
3. Identify the broad categories of information systems, applications, data, IT services, infrastructure, I&T assets, resources, skills, practices, controls and relationships needed to support the enterprise strategy. |
Establish the target investment mix. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
25 |
25 |
Governance |
Evaluate, Direct and Monitor |
4. Agree on I&T goals, taking into account the interrelationships between the enterprise strategy and the I&T services, assets and other resources. Identify and leverage synergies that can be achieved. |
Establish the target investment mix. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
26 |
26 |
Governance |
Evaluate, Direct and Monitor |
5. Define an investment mix that achieves the right balance among a number of dimensions, including an appropriate balance of short- and long-term returns, financial and nonfinancial benefits, and high- and low-risk investments. |
Establish the target investment mix. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
27 |
27 |
Governance |
Evaluate, Direct and Monitor |
1. Understand stakeholder requirements; strategic I&T issues, such as dependence on I&T; and technology insights and capabilities regarding the actual and potential significance of I&T for the enterprise’s strategy. |
Evaluate value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
28 |
28 |
Governance |
Evaluate, Direct and Monitor |
2. Understand the key elements of governance required for the reliable, secure and cost-effective delivery of optimal value from the use of existing and new I&T services, assets and resources. |
Evaluate value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
29 |
29 |
Governance |
Evaluate, Direct and Monitor |
3. Understand and regularly discuss the opportunities that could arise for the enterprise from changes enabled by current, new or emerging technologies, and optimize the value created from those opportunities. |
Evaluate value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
30 |
30 |
Governance |
Evaluate, Direct and Monitor |
4. Understand what constitutes value for the enterprise, and consider how well it is communicated, understood and applied throughout the enterprise’s processes. |
Evaluate value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
31 |
31 |
Governance |
Evaluate, Direct and Monitor |
5. Evaluate how effectively the enterprise and I&T strategies have been integrated and aligned within the enterprise and with enterprise goals for delivering value. |
Evaluate value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
32 |
32 |
Governance |
Evaluate, Direct and Monitor |
6. Understand and consider how effective current roles, responsibilities, accountabilities and decision-making bodies are in ensuring value creation from I&T-enabled investments, services and assets. |
Evaluate value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
33 |
33 |
Governance |
Evaluate, Direct and Monitor |
7. Consider how well the management of I&T-enabled investments, services and assets aligns with enterprise value management and financial management practices. |
Evaluate value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
34 |
34 |
Governance |
Evaluate, Direct and Monitor |
8. Evaluate the portfolio of investments, services and assets for alignment with the enterprise’s strategic objectives; enterprise worth, both financial and nonfinancial; risk, both delivery risk and benefits risk; business process alignment; effectiveness in terms of usability, availability and responsiveness; and efficiency in terms of cost, redundancy and technical health. |
Evaluate value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
35 |
35 |
Governance |
Evaluate, Direct and Monitor |
1. Define and communicate portfolio and investment types, categories, criteria and relative weightings to the criteria to allow for overall relative value scores. |
Direct value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
36 |
36 |
Governance |
Evaluate, Direct and Monitor |
2. Define requirements for stage-gates and other reviews for significance of the investment to the enterprise and associated risk, program schedules, funding plans, and the delivery of key capabilities and benefits and ongoing contribution to value. |
Direct value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
37 |
37 |
Governance |
Evaluate, Direct and Monitor |
3. Direct management to consider potential innovative uses of I&T that enable the enterprise to respond to new opportunities or challenges, undertake new business, increase competitiveness, or improve processes. |
Direct value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
38 |
38 |
Governance |
Evaluate, Direct and Monitor |
4. Direct any required changes in assignment of accountabilities and responsibilities for executing the investment portfolio and delivering value from business processes and services. |
Direct value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
39 |
39 |
Governance |
Evaluate, Direct and Monitor |
5. Direct any required changes to the portfolio of investments and services to realign with current and expected enterprise objectives and/or constraints. |
Direct value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
40 |
40 |
Governance |
Evaluate, Direct and Monitor |
6. Recommend consideration of potential innovations, organizational changes or operational improvements that could drive increased value for the enterprise from I&T-enabled initiatives. |
Direct value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
41 |
41 |
Governance |
Evaluate, Direct and Monitor |
7. Define and communicate enterprise-level value delivery goals and outcome measures to enable effective monitoring. |
Direct value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
42 |
42 |
Governance |
Evaluate, Direct and Monitor |
1. Define a balanced set of performance objectives, metrics, targets and benchmarks. Metrics should cover activity and outcome measures, including lead and lag indicators for outcomes, as well as an appropriate balance of financial and nonfinancial measures. Review and agree on them with IT and other business functions, and other relevant stakeholders. |
Monitor value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
43 |
43 |
Governance |
Evaluate, Direct and Monitor |
2. Collect relevant, timely, complete, credible and accurate data to report on progress in delivering value against targets. Obtain a succinct, high-level, all-around view of portfolio, program and I&T (technical and operational capabilities) performance that supports decision making. Ensure that expected results are being achieved. |
Monitor value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
44 |
44 |
Governance |
Evaluate, Direct and Monitor |
3. Obtain regular and relevant portfolio, program and I&T (technological and functional) performance reports. Review the enterprise’s progress toward identified goals and the extent to which planned objectives have been achieved, deliverables obtained, performance targets met and risk mitigated. |
Monitor value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
45 |
45 |
Governance |
Evaluate, Direct and Monitor |
4. Upon review of reports, ensure that appropriate management corrective action is initiated and controlled. |
Monitor value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
46 |
46 |
Governance |
Evaluate, Direct and Monitor |
5. Upon review of reports, take appropriate management action as required to ensure that value is optimized. |
Monitor value optimization. |
Ensured Benefits Delivery |
Optimize the value to the business from investments in business processes, I&T services and I&T assets. |
Secure optimal value from I&T-enabled initiatives, services and assets; cost-efficient delivery of solutions and services; and a reliable and accurate picture of costs and likely benefits so that business needs are supported effectively and efficiently. |
47 |
47 |
Governance |
Evaluate, Direct and Monitor |
1. Understand the organization and its context related to I&T risk. |
Evaluate risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
48 |
48 |
Governance |
Evaluate, Direct and Monitor |
2. Determine the risk appetite of the organization, i.e., the level of I&T-related risk that the enterprise is willing to take in its pursuit of enterprise objectives. |
Evaluate risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
49 |
49 |
Governance |
Evaluate, Direct and Monitor |
3. Determine risk tolerance levels against the risk appetite, i.e., temporarily acceptable deviations from the risk appetite. |
Evaluate risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
50 |
50 |
Governance |
Evaluate, Direct and Monitor |
4. Determine the extent of alignment of the I&T risk strategy to the enterprise risk strategy and ensure the risk appetite is below the organization's risk capacity. |
Evaluate risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
51 |
51 |
Governance |
Evaluate, Direct and Monitor |
5. Proactively evaluate I&T risk factors in advance of pending strategic enterprise decisions and ensure that risk considerations are part of the strategic enterprise decision process. |
Evaluate risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
52 |
52 |
Governance |
Evaluate, Direct and Monitor |
6. Evaluate risk management activities to ensure alignment with the enterprise’s capacity for I&T-related loss and leadership’s tolerance of it. |
Evaluate risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
53 |
53 |
Governance |
Evaluate, Direct and Monitor |
7. Attract and maintain necessary skills and personnel for I&T Risk Management |
Evaluate risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
54 |
54 |
Governance |
Evaluate, Direct and Monitor |
1. Direct the translation and integration of the I&T risk strategy into risk management practices and operational activities. |
Direct risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
55 |
55 |
Governance |
Evaluate, Direct and Monitor |
2. Direct the development of risk communication plans (covering all levels of the enterprise). |
Direct risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
56 |
56 |
Governance |
Evaluate, Direct and Monitor |
3. Direct implementation of the appropriate mechanisms to respond quickly to changing risk and report immediately to appropriate levels of management, supported by agreed principles of escalation (what to report, when, where and how). |
Direct risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
57 |
57 |
Governance |
Evaluate, Direct and Monitor |
4. Direct that risk, opportunities, issues and concerns may be identified and reported by anyone to the appropriate party at any time. Risk should be managed in accordance with published policies and procedures and escalated to the relevant decision makers. |
Direct risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
58 |
58 |
Governance |
Evaluate, Direct and Monitor |
5. Identify key goals and metrics of the risk governance and management processes to be monitored, and approve the approaches, methods, techniques and processes for capturing and reporting the measurement information. |
Direct risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
59 |
59 |
Governance |
Evaluate, Direct and Monitor |
1. Report any risk management issues to the board or executive committee. |
Monitor risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
60 |
60 |
Governance |
Evaluate, Direct and Monitor |
2. Monitor the extent to which the risk profile is managed within the enterprise's risk appetite and tolerance thresholds. |
Monitor risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
61 |
61 |
Governance |
Evaluate, Direct and Monitor |
3. Monitor key goals and metrics of risk governance and management processes against targets, analyze the cause of any deviations, and initiate remedial actions to address the underlying causes. |
Monitor risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
62 |
62 |
Governance |
Evaluate, Direct and Monitor |
4. Enable key stakeholders’ review of the enterprise’s progress toward identified goals. |
Monitor risk management. |
Ensured Risk Optimization |
Ensure that the enterprise's risk appetite and tolerance are understood, articulated and communicated, and that risk to enterprise value related to the use of I&T is identified and managed. |
Ensure that I&T-related enterprise risk does not exceed the enterprise's risk appetite and risk tolerance, the impact of I&T risk to enterprise value is identified and managed, and the potential for compliance failures is minimized. |
63 |
63 |
Governance |
Evaluate, Direct and Monitor |
1. Starting from the current and future strategies, examine the potential options for providing I&T-related resources (technology, financial and human resources), and develop capabilities to meet current and future needs (including sourcing options). |
Evaluate resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
64 |
64 |
Governance |
Evaluate, Direct and Monitor |
2. Define the key principles for resource allocation and management of resources and capabilities so I&T can meet the needs of the enterprise according to the agreed priorities and budgetary constraints. For example, define preferred sourcing options for certain services and financial boundaries per sourcing option. |
Evaluate resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
65 |
65 |
Governance |
Evaluate, Direct and Monitor |
3. Review and approve the resource plan and enterprise architecture strategies for delivering value and mitigating risk with the allocated resources. |
Evaluate resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
66 |
66 |
Governance |
Evaluate, Direct and Monitor |
4. Understand requirements for aligning I&T resource management with enterprise financial and human resources (HR) planning. |
Evaluate resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
67 |
67 |
Governance |
Evaluate, Direct and Monitor |
5. Define principles for the management and control of the enterprise architecture. |
Evaluate resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
68 |
68 |
Governance |
Evaluate, Direct and Monitor |
1. Assign responsibilities for executing resource management. |
Direct resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
69 |
69 |
Governance |
Evaluate, Direct and Monitor |
2. Establish principles related to safeguarding resources. |
Direct resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
70 |
70 |
Governance |
Evaluate, Direct and Monitor |
3. Communicate and drive the adoption of the resource management strategies, principles, and agreed resource plan and enterprise architecture strategies. |
Direct resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
71 |
71 |
Governance |
Evaluate, Direct and Monitor |
4. Align resource management with enterprise financial and HR planning. |
Direct resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
72 |
72 |
Governance |
Evaluate, Direct and Monitor |
5. Define key goals, measures and metrics for resource management. |
Direct resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
73 |
73 |
Governance |
Evaluate, Direct and Monitor |
1. Monitor the allocation and optimization of resources in accordance with enterprise objectives and priorities using agreed goals and metrics. |
Monitor resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
74 |
74 |
Governance |
Evaluate, Direct and Monitor |
2. Monitor I&T-related sourcing strategies, enterprise architecture strategies, and business- and IT-related capabilities and resources to ensure that current and future needs and objectives of the enterprise can be met. |
Monitor resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
75 |
75 |
Governance |
Evaluate, Direct and Monitor |
3. Monitor resource performance against targets, analyze the cause of deviations, and initiate remedial action to address the underlying causes. |
Monitor resource management. |
Ensured Resource Optimization |
Ensure that adequate and sufficient business and I&T-related resources (people, process and technology) are available to support enterprise objectives effectively and, at optimal cost. |
Ensure that the resource needs of the enterprise are met in the optimal manner, I&T costs are optimized, and there is an increased likelihood of benefit realization and readiness for future change. |
76 |
76 |
Governance |
Evaluate, Direct and Monitor |
1. Identify all relevant I&T stakeholders within and outside the enterprise. Group stakeholders in stakeholder categories with similar requirements. |
Evaluate stakeholder engagement and reporting requirements. |
Ensured Stakeholder Engagement |
Ensure that stakeholders are identified and engaged in the I&T governance system and that enterprise I&T performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and necessary remedial actions. |
Ensure that stakeholders are supportive of the I&T strategy and road map, communication to stakeholders is effective and timely, and the basis for reporting is established to increase performance. Identify areas for improvement, and confirm that I&T-related objectives and strategies are in line with the enterprise’s strategy. |
77 |
77 |
Governance |
Evaluate, Direct and Monitor |
2. Examine and make judgment on the current and future mandatory reporting requirements relating to the use of I&T within the enterprise (regulation, legislation, common law, contractual), including extent and frequency. |
Evaluate stakeholder engagement and reporting requirements. |
Ensured Stakeholder Engagement |
Ensure that stakeholders are identified and engaged in the I&T governance system and that enterprise I&T performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and necessary remedial actions. |
Ensure that stakeholders are supportive of the I&T strategy and road map, communication to stakeholders is effective and timely, and the basis for reporting is established to increase performance. Identify areas for improvement, and confirm that I&T-related objectives and strategies are in line with the enterprise’s strategy. |
78 |
78 |
Governance |
Evaluate, Direct and Monitor |
3. Examine and make judgment on the current and future communication and reporting requirements for other stakeholders relating to the use of I&T within the enterprise, including required level of involvement/consultation and extent of communication/level of detail and conditions. |
Evaluate stakeholder engagement and reporting requirements. |
Ensured Stakeholder Engagement |
Ensure that stakeholders are identified and engaged in the I&T governance system and that enterprise I&T performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and necessary remedial actions. |
Ensure that stakeholders are supportive of the I&T strategy and road map, communication to stakeholders is effective and timely, and the basis for reporting is established to increase performance. Identify areas for improvement, and confirm that I&T-related objectives and strategies are in line with the enterprise’s strategy. |
79 |
79 |
Governance |
Evaluate, Direct and Monitor |
4. Maintain principles for communication with external and internal stakeholders, including communication formats and channels, and for stakeholder acceptance and sign-off of reporting. |
Evaluate stakeholder engagement and reporting requirements. |
Ensured Stakeholder Engagement |
Ensure that stakeholders are identified and engaged in the I&T governance system and that enterprise I&T performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and necessary remedial actions. |
Ensure that stakeholders are supportive of the I&T strategy and road map, communication to stakeholders is effective and timely, and the basis for reporting is established to increase performance. Identify areas for improvement, and confirm that I&T-related objectives and strategies are in line with the enterprise’s strategy. |
80 |
80 |
Governance |
Evaluate, Direct and Monitor |
1. Direct the establishment of the consultation and communication strategy for external and internal stakeholders. |
Direct stakeholder engagement, communication and reporting. |
Ensured Stakeholder Engagement |
Ensure that stakeholders are identified and engaged in the I&T governance system and that enterprise I&T performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and necessary remedial actions. |
Ensure that stakeholders are supportive of the I&T strategy and road map, communication to stakeholders is effective and timely, and the basis for reporting is established to increase performance. Identify areas for improvement, and confirm that I&T-related objectives and strategies are in line with the enterprise’s strategy. |
81 |
81 |
Governance |
Evaluate, Direct and Monitor |
2. Direct the implementation of mechanisms to ensure that information meets all criteria for mandatory I&T reporting requirements for the enterprise. |
Direct stakeholder engagement, communication and reporting. |
Ensured Stakeholder Engagement |
Ensure that stakeholders are identified and engaged in the I&T governance system and that enterprise I&T performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and necessary remedial actions. |
Ensure that stakeholders are supportive of the I&T strategy and road map, communication to stakeholders is effective and timely, and the basis for reporting is established to increase performance. Identify areas for improvement, and confirm that I&T-related objectives and strategies are in line with the enterprise’s strategy. |
82 |
82 |
Governance |
Evaluate, Direct and Monitor |
3. Establish mechanisms for validation and approval of mandatory reporting. |
Direct stakeholder engagement, communication and reporting. |
Ensured Stakeholder Engagement |
Ensure that stakeholders are identified and engaged in the I&T governance system and that enterprise I&T performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and necessary remedial actions. |
Ensure that stakeholders are supportive of the I&T strategy and road map, communication to stakeholders is effective and timely, and the basis for reporting is established to increase performance. Identify areas for improvement, and confirm that I&T-related objectives and strategies are in line with the enterprise’s strategy. |
83 |
83 |
Governance |
Evaluate, Direct and Monitor |
4. Establish reporting escalation mechanisms. |
Direct stakeholder engagement, communication and reporting. |
Ensured Stakeholder Engagement |
Ensure that stakeholders are identified and engaged in the I&T governance system and that enterprise I&T performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and necessary remedial actions. |
Ensure that stakeholders are supportive of the I&T strategy and road map, communication to stakeholders is effective and timely, and the basis for reporting is established to increase performance. Identify areas for improvement, and confirm that I&T-related objectives and strategies are in line with the enterprise’s strategy. |
84 |
84 |
Governance |
Evaluate, Direct and Monitor |
1. Periodically assess the effectiveness of the mechanisms for ensuring the accuracy and reliability of mandatory reporting. |
Monitor stakeholder engagement. |
Ensured Stakeholder Engagement |
Ensure that stakeholders are identified and engaged in the I&T governance system and that enterprise I&T performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and necessary remedial actions. |
Ensure that stakeholders are supportive of the I&T strategy and road map, communication to stakeholders is effective and timely, and the basis for reporting is established to increase performance. Identify areas for improvement, and confirm that I&T-related objectives and strategies are in line with the enterprise’s strategy. |
85 |
85 |
Governance |
Evaluate, Direct and Monitor |
2. Periodically assess the effectiveness of the mechanisms for, and outcomes from, involvement of and communication with external and internal stakeholders. |
Monitor stakeholder engagement. |
Ensured Stakeholder Engagement |
Ensure that stakeholders are identified and engaged in the I&T governance system and that enterprise I&T performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and necessary remedial actions. |
Ensure that stakeholders are supportive of the I&T strategy and road map, communication to stakeholders is effective and timely, and the basis for reporting is established to increase performance. Identify areas for improvement, and confirm that I&T-related objectives and strategies are in line with the enterprise’s strategy. |
86 |
86 |
Governance |
Evaluate, Direct and Monitor |
3. Determine whether the requirements of different stakeholders are met and assess stakeholder engagement levels. |
Monitor stakeholder engagement. |
Ensured Stakeholder Engagement |
Ensure that stakeholders are identified and engaged in the I&T governance system and that enterprise I&T performance and conformance measurement and reporting are transparent, with stakeholders approving the goals and metrics and necessary remedial actions. |
Ensure that stakeholders are supportive of the I&T strategy and road map, communication to stakeholders is effective and timely, and the basis for reporting is established to increase performance. Identify areas for improvement, and confirm that I&T-related objectives and strategies are in line with the enterprise’s strategy. |
87 |
87 |
Management |
Align, Plan and Organize |
1. Obtain an understanding of the enterprise vision, direction and strategy as well as the current enterprise context and challenges. |
Design the management system for enterprise I&T. |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
88 |
88 |
Management |
Align, Plan and Organize |
2. Consider the enterprise’s internal environment, including management culture and philosophy, risk tolerance, security and privacy policy, ethical values, code of conduct, accountability, and requirements for management integrity. |
Design the management system for enterprise I&T. |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
89 |
89 |
Management |
Align, Plan and Organize |
3. Apply the COBIT goals cascade and design factors to the enterprise strategy and context to decide on priorities for the management system and, thus, for implementation of management objective priorities. |
Design the management system for enterprise I&T. |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
90 |
90 |
Management |
Align, Plan and Organize |
4. Validate selected priorities for implementation of management objectives with industry-specific good practices or requirements (e.g., industry-specific regulations) and with appropriate governance structures. |
Design the management system for enterprise I&T. |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
91 |
91 |
Management |
Align, Plan and Organize |
1. Provide sufficient and skilled resources to support the communication process. |
Communicate management objectives, direction and decisions made. |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
92 |
92 |
Management |
Align, Plan and Organize |
2. Define ground rules for communication by identifying communication needs and implementing plans based on those needs, considering top-down, bottom-up and horizontal communication. |
Communicate management objectives, direction and decisions made. |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
93 |
93 |
Management |
Align, Plan and Organize |
3. Continuously communicate I&T objectives and direction. Ensure that communication is supported by executive management in actions and words, using all available channels. |
Communicate management objectives, direction and decisions made. |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
94 |
94 |
Management |
Align, Plan and Organize |
4. Ensure the information communicated encompasses a clearly articulated mission, service objectives, security and privacy policy, internal controls, quality, code of ethics/conduct, policies and procedures, roles and responsibilities, etc. Communicate the information at the appropriate level of detail for respective audiences within the enterprise. |
Communicate management objectives, direction and decisions made. |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
95 |
95 |
Management |
Align, Plan and Organize |
1. Develop the I&T governance target process model specific to the organization, based on the selection of priority management objectives (output of goals cascade and design factors exercise). |
Implement management processes (to support the achievement of governance and management objectives). |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
96 |
96 |
Management |
Align, Plan and Organize |
2. Analyze the gap between the target process model for the organization and current practices and activities. |
Implement management processes (to support the achievement of governance and management objectives). |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
97 |
97 |
Management |
Align, Plan and Organize |
3. Draft a road map for implementation of missing process practices and activities. Use practice metrics to follow up on successful implementation. |
Implement management processes (to support the achievement of governance and management objectives). |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
98 |
98 |
Management |
Align, Plan and Organize |
1. Identify decisions required for the achievement of enterprise outcomes and the I&T strategy and for the management and execution of I&T services. |
Define and implement the organizational structures. |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
99 |
99 |
Management |
Align, Plan and Organize |
2. Involve stakeholders who are critical to decision making (accountable, responsible, consulted or informed). |
Define and implement the organizational structures. |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |
100 |
100 |
Management |
Align, Plan and Organize |
3. Define the scope, focus, mandate and responsibilities of each function within the I&T-related organization, in line with governance direction. |
Define and implement the organizational structures. |
Managed I&T Management Framework |
Design the management system for enterprise I&T based on enterprise goals and other design factors. Based on this design, implement all required components of the management system. |
Implement a consistent management approach for enterprise governance requirements to be met, covering governance components such as management processes; organizational structures; roles and responsibilities; reliable and repeatable activities; information items; policies and procedures; skills and competencies; culture and behavior; and services, infrastructure and applications. |