Professional Documents
Culture Documents
Introduction :
Governance of IT is becoming more and more
necessary
Sarbanes-Oxley Act
Transparency regarding account
Basel II
Management of operational risk and people affectation for that task
ISO/IEC 38500:2008
Provide 6 principles for corporate governance of IT
One principle dedicated to responsibility
Introduction :
Companies are used to work with well-known
management framework like :
ITIL (IT Information Library)
a public library that focuses on IT services management for high-quality
service provision
CIMOSA
an enterprise architecture model to define industrial computer system
architecture
CobiT
Introduction :
Many responsibility models means :
No consensus between frameworks / no unique one
No interoperability
Many interpretations of the concepts
Research methodology :
Analyse of the literature
Elaboration of a responsibility model
Successive refinement by comparing it with
professional framework
Responsibility: Foreword
Responsibility
Responsibility: Foreword
Responsibility
D'Arcy McCallum :
Responsibility is not something that you can actually assign to someone
Responsibility, in fact, has to come from within
A person is responsible: we mean that he holds a personal commitment
to doing something to some standard of quality
And while you cannot assign responsibility, you can and do assign
accountability...with the expectation that a person will execute the
activity assigned to them to a standard of quality
Accountability
Responsibility
1
Compose
1..*
Accountability
1
1
Compose
Compose
0..1
Sanction
Answerability
Accountability :
o
o
o
Obligation or moral duty to report or explain the action or someone elses action to a given
authority [Cholvy et al.]
Obligation(s) to report the achievement, maintenance or avoidance of some given state
[Sommerville et al.]
Accountability is composed of one answerability and zero or one sanction [Fox]
Responsibility
1
Compose
1..*
Accountability
1
1
Compose
Obligation
Type of
Compose
0..1
Sanction
Type of
Answerability
1
Concern
Functional
Obligation
1..*
Concern
Managerial
Obligation
0..*
o
o
functional obligation : what a employee must do with respect to a state of affairs (e.g.
execute an activity)
structural (managerial) obligation : what a employee must do in order to fulfill a
responsibility such as directing, supervising and monitoring
Opaque
Responsibility
Soft Accountability
1
Compose
1..*
Type of
Compose
Sanction
Negative Sanction
Transparency
Compose
0..1
Type of
Type of
Hard Accountability
o
o
o
Generate
Accountability
Type of
Type of
Answerability
Type of
Positive Sanction
Rights
Access Right
Capability
Type of
Require
Responsibility
0..*
1
Compose
1..*
Type of
Authority
Needed
for
Type of
Answerability
1
o
o
Delegation
Possibility
Obligation
Compose
0..1
o
o
Right
Sanction
Type
of
Type
of
Accountability
Compose
Type of
Concern
Functional
Obligation
1..*
Concern
Managerial
Obligation
0..*
Delegation
Commitment
Antecedents
1..*
Type of
Commitment
Activate
Capability
Type of
Pledge
Employee
0..*
1..*
0..*
Is delegated
Delegation
Responsibility
0..*
1
Concernes 1..* Compose
Obligation
1
Compose
Type of
Compose
0..1
Sanction
Right
Delegation
Possibility
1..*
Accountability
Delegate
Require
Require
Type
of
Type of
Answerability
1
Concern
Functional
Obligation
1..*
Concern
Managerial
Obligation
0..*
Employee
Delegation vs. affectation :
o
o
Commitment
Commitment
Antecedents
1..*
Type of
Commitment
Activate
Capability
Type of
Pledge
Employee
0..*
1..*
0..*
Is delegated
Delegation
Responsibility
1..*
Obligation
Type of
Compose
0..1
Sanction
Type of
Answerability
1
Right
Delegation
Possibility
1
Compose
0..*
Accountability
o
o
1
Concernes 1..* Compose
Delegate
Require
Require
Type
of
Concern
Functional
Obligation
1..*
Concern
Managerial
Obligation
0..*
Commitment
Employee
Performance
Type of
1
Activate
Commitment
Type of
0..*
Provide
Continuance
Contribute to
Feeling of Obligation
1..*
Commitment
Outcomes
Side-bets
Commitment
Antecedents
Type of
Type of
Willingness to
Exert Efforts
Affective
Contribute to
Type of
Type of
Type of
Type of
Type of
Normative
Citizen
Behavior
Employee
Retention
Contribute to
Desire Maintain
Membership
Type of
Type of
Contribute to
Belief in Goals
And Values
1..*
Activate
Commitment
Pledge
Employee
0..*
1..*
0..*
Is delegated
Delegation
Require
Responsibility
0..*
1
Concernes 1..* Compose
Accountability
Delegate
Obligation
Compose
Type of
Compose
0..1
Sanction
Right
Type of
Answerability
1
Concern
Functional
Obligation
1..*
Concern
Managerial
Obligation
0..*
Action
Employee
Accountable
0..*
Consulted
Role
0..* Is hold
Informed
o
o
o
o
o
Control
1..*
Affected to
1..*
1..*
Action
Affected to
Affected
1..* to
0..*
0..*
0..*
Analyzed
by
0..*
Viewable by
0..*
Accountable
Consulted
Informed
1..*
0..*
0..*
1..*
0..*
Affected to
0..*
1..*
Employee
Affected to
0..*
Role
0..* Is hold
Affected to
Responsibility and Accountability at the same conceptual level part of the RACI chart
Accountability : the employee who provides direction and authorizes an action
Responsibility : the employee who gets the action done
An individual assumes his/her responsibility and is usually held accountable
o
o
o
o
IT management has the resources and accountability needed to meet service level targets
Accountability is possessed and as consequence, may be seen as rather a capability (or a right) than an
accountability (or an obligation).
Control
0..*
Needs
0..*
1..*
Capability
Affected to
1..*
1..*
Action
Affected to
Affected
1..* to
0..*
0..*
0..*
Analyzed
by
0..*
Viewable by
0..*
Accountable
Consulted
Informed
1..*
0..*
Affected to
0..*
0..*
1..*
0..*
Affected to
0..*
1..*
Employee
0..*
Role
0..* Is hold
Affected to
o
o
A type of right to approved or accept an action. Authority is something provided to the person
responsible. I.e. the action Assigning sufficient authority to the problem manager
Control
0..*
1..*
1..*
0..*
Affected
1..* to
Action
0..*
0..*
0..*
1
0..*
Analyzed
by
0..*
Viewable by
0..*
Accountable
Consulted
Informed
Capability
0..*
1..*
Affected to
Needs
Commitment
Pledge
0..*
Affected to
1..*
0..*
Affected to
0..*
0..*
1..*
0..*
Affected to
0..*
1..*
Employee
0..*
Role
0..* Is hold
Affected to
o
o
Informed
Type of
Commitment
Antecedents
1..*
Activate
Employee
Type of
Commitment
Consulted
Pledge
Type of
0..*
Responsibility
Affectation
/Delegation
Capability
Type of
Require
1
0..*
1
Compose
1..*
Accountability
Type of
Compose
0..1
Sanction
o
o
Type of
Answerability
1
o
o
Obligation
1
Compose
Right
Compose
Managerial
Obligation
1..*
Compose
Functional
Obligation
0..*
CFO
Business
Executive
CIO
Business
Process
Owner
Head
Operation
Chief
Architect
Head
Development
Head IT
Administration
PMO
Compliance,
Audit, Risk
and Security
Identify
System
Owners
Enhancement 1
Activity
Function
CFO
Business
Executive
CIO
Business
Process
Owner
Head
Operation
Chief
Architect
Head
Development
Head IT
Administration
PMO
Compliance,
Audit, Risk
and Security
Identify
System
Owners
Enhancement 2
Activity
Function
CFO
Business
Executive
CIO
Business
Process
Owner
Head
Operation
Chief
Architect
Head
Development
Head IT
Administration
PMO
Compliance,
Audit, Risk
and Security
Identify
System
Owners
CFO, BE and BPO are consulted. Does it imply something for them ?
Consulted is not only a function. It is a responsibility.
This means that responibility components needs to be clarify i.e. :
the obligation, the accountability, or the right.
Enhancement 3
Activity
Function
CFO
Business
Executive
CIO
Business
Process
Owner
Head
Operation
Chief
Architect
Head
Development
Head IT
Administration
PMO
Compliance,
Audit, Risk
and Security
Identify
System
Owners
CA, HD, HITA, PMO, CARS are informed. Is the information for
everyone absolutly necessary ?
Informed is more a right than a function. Consequently, it should
be attached to another task and a link should be created between the
information and its use for another task.
Conclusion
Willingness to improve the governance of IT advocates
for the definition of an innovative responsibility model,
including meaningful responsibility concept.
Afterward, we have compare the responsibility model
with the COBIT RACI chart and we have detected
possible improvements.
Identify system owners action has been depicted to
illustrate the added value of the model.
Thank you !
References
Christophe Feltus, Michal Petit, Building a Responsibility Model using Modal Logic - Towards
Accountability, Capability and Commitment Concepts, The seventh ACS/IEEE International
Conference on Computer Systems and Applications (AICCSA-09) IEEE, May 2009, Rabat,
Morocco.