IT Balanced Scorecard v3 - 31

Developing and
Implementing an IT Strategy.
Based on the Cobit and Balanced
Scorecard Principles
Course Presenter: Johan Botha
E-mail: johan.botha@analytix.co.za
URL: www.analytix.co.za
Tel: (011)215-2480
Course Objectives
The course focuses on the full spectrum of activities you'll need, to:
• Identify the components of an IT strategy

• Develop and effective IT strategy for your organisation
• Effectively deploy the IT Balanced Scorecard
Topics include:
Developing and IT Strategic Plan

• How to develop and IT strategic plan following the best practice guidelines of the
Cobit framework
• The workshop will also enable you to align your IT strategy and objectives with the
overall business strategy, as well as to cascade the IT strategy to the major IT
processes, thereby addressing one of the key IT Governance requirements
Building an IT Balanced Scorecard

• How to enhance the measurement of your organisation’s IT performance, by
implementing an IT Balanced Scorecard
• Background on the concept, the four perspectives, objectives strategy maps, lagging
and leading indicators, cause and effect linkages, and results achieved by those that
have benefited from the Scorecard
• The complete step by step guide that outlines the entire process.
Analytix Intellectual Property 2

Sources
•Robert S Kaplan and David Norton. The Strategy Focused Organisation.
•Robert S Kaplan and David Norton. Strategy Maps
•Robert S Kaplan and David Norton. Alignment. Using the Balanced
Scorecard to Create Corporate Synergies.
•Paul R Niven. Balanced Scorecard. Step-by-Step
•COBIT 4.0 Framework
•TOGAF Framework
COBIT® is a registered trademark of ISACA

COBIT ® which stands for ‘Control Objectives for Information and related
Technology’ has been developed as a generally applicable and
acceptable standard for good information technology (IT) control practices
that provide a reference framework for management, users, IS audit,
control and security practitioners.
Group Introduction
• Please introduce yourselves to the group
– Your Name
– Company or employer
– Your present role
– Any studies you are presently involved with
• State in one sentence –
– Expectations of the course?

About Analytix the company ….
• Established in 2001
• Analytix is a training and consultancy firm that supports
organisations to internalise and operationalise best
practice frameworks and standards
• The Analytix solutions portfolio includes:
– Corporate Governance – using COSO
– IT Governance – using COBIT
– Information Security – using ISO 17799
– Business Continuity Management – BS 25999
– IT Service Management – using ITIL
– Performance Management – using the Balanced Scorecard
Analytix Solutions
Corporate
CorporateGovernance
Governance
Internal
Internalcontrol
controlframework
framework
COSO,
COSO,King
KingII,
II,SOX
SOXcompliance
compliance
Enterprise
EnterpriseRisk
RiskManagement
Managementmethods,
methods,Risk
Riskassessment
assessment
Performance Information
InformationSecurity
Security
PerformanceManagement
Management IT
ITGovernance
Governance Information
PM InformationSecurity
SecurityControls
Controls
PMPolicy
Policyand
andprocedures
procedures IT
ITGovernance
Governanceframework
framework ISMS
Strategy ISMSImplementation
Implementation
Strategyfacilitation
facilitation COBIT
COBITassessment
assessment ISO17799(ISO27001)
Strategy ISO17799(ISO27001)compliance
compliance
Strategytranslation
translation COBIT
COBITimplementation
implementationsupport
support Risk
Balanced RiskAssessment
Assessment
BalancedScorecard
Scorecardconsulting
consulting ITITStrategy
Strategyfacilitation
facilitation Compliance
((Corporate, Compliance
Corporate,team
teamand
andindividual)
individual) IT
ITPerformance
PerformanceManagement
Management Training
Strategic Trainingand
andawareness
awareness
StrategicReward
Reward IT
ITRisk
RiskAssessment
Assessment
IT
ITPortfolio
PortfolioManagement
Management
Competency
CompetencyManagement
Management IT
Competency ITService
ServiceManagement
Management Business
BusinessContinuity
Competencyframeworks
frameworks IT Continuity
SFIA ITService
Serviceand
andSupport
Supportprocesses
processes BCM
SFIA ITIL BCMProgramme
Programme
Competency ITILassessments
assessments&&consulting
consulting
Competencyprofiles
profiles SLA
Business
BusinessImpact
ImpactAnalysis
Analysis
Job SLAdevelopment
development
Jobdescriptions
descriptions ISO
Risk
RiskAssessment
Assessment
Personal ISO20000
20000assessments
assessments
PersonalDevelopment
DevelopmentPlans Plans ISO
Business
BusinessContinuity
ContinuityPlans
Plans
Competency ISO20000
20000certification
certification
Competencyassessments
assessments IT
BS2599
BS2599compliance
compliance
Skills ITService
ServiceImprovement
ImprovementPlans
Plans
Skillsaudits
audits Training
Training&&awareness
awareness
Risk
RiskManagement
Management
Risk
Riskmanagement
managementframeworks
frameworks&&standards
standards
Risk
Riskmanagement
managementmethods,
methods,Risk
Riskassessment,
assessment,Compliance
Compliance(Basel
(BaselII)
II)
Risk
Riskmodelling
modelling

Course format
• Instructional using slides and manuals

• “Interactive format” Please participate at any time
during the proceedings.
• Group exercises & tutorial sections – The hands on
experience coupled to debate created within a Group
will impart far more knowledge than “show and tell”
Case Study and Group Work
Discuss
Discuss the
the case
case studies
studies in
in you
you work
work group
group

Introduction to
IT Governance
The Need for IT Governance
“For many organisations, information and the technology that

supports it represent their most valuable, but often
least understood assets.
Successful organisations recognise the benefits of information
technology and use it to drive their stakeholders’ value.
These organisations also understand and manage the
associated risks such as increasing regulatory compliance and
critical dependence of many business processes on IT”
Source: COBIT 4.0

Why Does IT Need a Control and Governance
Framework?
Do
Do any
any of
of these
these conditions
conditions sound
sound familiar?
familiar?
• Increasing pressure to leverage technology in business strategies

• Growing complexity of IT environments
• Fragmented IT infrastructures
• Demand for technologists outstripping supply
• Communication gap between business and IT managers
• IT service levels that are disappointing
• IT costs perceived to be out of control
• Marginal ROI/productivity gains on technology investments
• Impaired organisational flexibility and nimbleness to change
• User frustration leading to ad hoc solutions
• IT managers operating like fire fighters
Why Does IT Need a Control and Governance

Framework?
The Need Defined
••IT
IT must
must provide
provide value
value
•• Cost,
Cost,time
timeand
andfunctionality
functionalityare
areas
asexpected
expected
••IT
IT must
must not
not provide
provide the
the business
business with
with any
any
surprises
surprises
•• Risks
Risksare
aremitigated
mitigated
••IT
IT must
must support
support the
the business
business to
to leverage
leverage
technology
technology for
for business
business to
to achieve
achieve business
business
outcomes
outcomes
•• New
Newopportunities
opportunitiesand
andinnovations
innovationsfor
forprocess,
process,product
productand
and
services
services
Source: COBIT 4.0
IT Governance Framework
"IT
"IT Governance
Governance requires
requires aa framework
framework for
for control
control
over
over IT..”
IT..”
Provide
Provide
Direction
Direction
Set
SetObjectives
Objectives IT
ITActivities
Activities
IT is aligned with the Increase
IT is aligned with the Increaseautomation
automation
business (make
business (makethe thebusiness
business
IT enables the business Compare effective)
IT enables the business Compare effective)
and maximises benefits Decrease
and maximises benefits Decreasecost cost(make
(make
IT resources are used the
IT resources are used the enterpriseefficient)
enterprise efficient)
responsibly Manage
responsibly Managerisksrisks(security,
(security,
IT related risks are reliability
IT related risks are reliabilityand
and
managed appropriately compliance)
managed appropriately compliance)
Measure
Measure
Performance
Performance
Source: ISACA
IT Governance Definition
‘IT Governance is the responsibility of the Board of Directors
and Executive Management.
It is an integral part of corporate governance and consists of :
the leadership
the organisational structures
the policies/processes
the management of risk and
the compliance enforcement and reporting mechanisms
that ensures that the organisation’s IT sustains and extends

the organisation’s strategies and objectives’ IT Governance Institute

Executive Management's responsibility
The
The accountability
accountability for
for IT
IT Governance
Governance belongs
belongs to
to the
the
board
board ofof directors
directors
Corporate Governance dictates that the organisations executive
management are responsible for:
• Ensuring that IT is aligned with the business

• Ensuring that IT delivers against the organisation’s strategy
through clear expectations and measurement
• Directing IT to balance investments between supporting and
growing business
• Deciding where IT resources should be focussed
The Strategic Alignment Question

“The key question is whether a firm’s investment in IT is in harmony
with its strategic objectives (intent, current strategy and Organisation
goals) and thus building the capabilities necessary to deliver
business value.
This state of harmony is referred to as “alignment.” It is complex,

multifaceted and never completely achieved. It is about continuing to
move in the right direction and being better aligned than
competitors.
This may not be attainable for many Organisations because

organisational goals change too quickly, but is nevertheless a
worthwhile ambition because there is real concern about the value
of IT investment.”
ISACA

Alignment of IT is synonymous with IT strategy
The
The ITIT alignment
alignment initiative
initiative aims
aims to to establish
establish aa strategic
strategic plan
plan
for
for achieving
achieving Company’s
Company’s ITIT objectives,
objectives, andand to
to formalise
formalise the
the ITIT
planning
planning process
process in
in order
order toto increase
increase the
the probability
probability of of
achieving
achieving all
all the
the stated
stated ITIT strategic objectives..
strategic objectives
1.
1. Organisation’s
Organisation’s
Strategy
Strategy
4.Business
4.Business Alignment 2.
2. IT
IT
Operations
Operations Activities Strategy
Strategy
3.
3. IT
IT
Operations
Operations
IT Alignment requires planned and purposeful

management processes
• Creating and sustaining awareness of the strategic role
of IT at the top management level
• Clarifying what role IT should play, utility vs. enabler
• Creating IT guiding principles from business maxims
• Monitoring the business impact of the IT infrastructure
and applications portfolio
• Evaluating, post-implementation, benefits delivered by
IT projects
ISACA
Best Practice suggest the adoption of and IT
Governance Framework
• Clearly identifying IT strategic themes, objectives,
initiatives, ownership, and deadlines
• Articulating and documenting the IT strategy with the
view to cascading this to the IT functions
• Providing a framework for the IT Strategic Planning
process
• Establishing a standard IT Governance framework to
be adopted and implemented
ISACA
5 IT Governance Focus Areas

COBIT
COBITsupports
supportsITITGovernance
Governanceby byproviding
providingaaframework
frameworktotoensure
ensurethat
that
the
thefollowing
followingITITGovernance
Governancefocus
focusareas
areasare
areaddressed
addressed
Focuses on ensuring the linkage of business and IT plans; on defining,

1.
1. Strategic
Strategic maintaining and validating the IT value proposition; and on aligning IT
Alignment
Alignment operations with organisation operations.
Is about executing the value proposition throughout the delivery cycle,
2.
2. Value
Value ensuring that IT delivers the promised benefits against the strategy,
Delivery
Delivery concentrating on optimising costs and proving the intrinsic value of IT.
Is about the optimal investment in, and the proper management of, critical IT
3.
3. Resource
Resource resources: applications, information, infrastructure and people. IT is about the
Management
Management optimisation of knowledge and infrastructure.
Requires risk awareness, a clear understanding of the organisation’s appetite

4.
4. Risk
Risk for risk, compliance requirements, significant risks to the organisation, and
Management
Management embedding of risk management responsibilities
Tracks and monitors strategy implementation, project completion, resource
5.
5. Performance
Performance usage, process performance and service delivery, using, for example,
Measurement
Measurement balanced scorecards to measure IT’s performance

Where Does the IT Value Come From?
Business Eliminate
Strategy waste Reduce
and Goals
and redundancy Costs
Enterprise
Architecture Increase
Capability and Create Revenue
Governance actionable
architecture
Mitigate Financial
Risks Success
Data
Data Customer
Enable
Architecture
Architecture Success
adaptive drive
planning Ensure
Increase
Business
Satisfaction
Define key Value
Application
Application Operational
Criteria
Architecture
Architecture Success
in the PPM
Improve
selection process Workforce
Process
Efficiency Success
Span the
Technology
Technology Create
life cycle of
Architecture
Architecture SOA
Knowledge
What is Strategy?

Strategy
The
The word
word derives
derives from
from the
the Greek
Greek word
word stratēgos
stratēgos
(which
(which derives
derives from
from two
two words:
words: "stratos"
"stratos" -- army
army &&
"ago"
"ago" -- which
which isis ancient
ancient Greek
Greek forfor
leading/guiding/moving
leading/guiding/moving to) to)
• A strategy is typically an idea that distinguishes a

course of action by its hypothesis that a certain future
position offers an advantage for acquiring some
designated gain.
• In other words a strategy is a long term plan of action
designed to achieve a particular goal, most often
"winning". Source: Wikipedia
What is Strategy?
• An organisation’s strategy must be appropriate for its:

– Resources
– Environmental circumstances, and
– Core objectives
• The process involves matching the company's internal
resources, e.g. human capital, IT and process
capabilities, e.g. quality management to the external
business environment the organisation faces

What is Strategy? – Michael Porter
• According to Michael Porter, strategy is defined by:

– Unique competitive position for the company
– Organisation-wide activities tailored to
strategy
– Clear trade-offs and choices e.g. vis-à-vis
competition
Source: Competitive Strategy, by Michael Porter
What is Strategy? – Michael Porter
• The essence of strategy is choosing to perform activities

differently than rivals do to provide a unique
value proposition
• A sustainable strategic position requires tradeoffs,
to purposefully limit what a company offers
• Competitive advantage comes from fit across the
activities
• Sustainability comes from the system of activities
• Strategic fit drives competitive advantage –
alignment of all activities behind the strategy
Source: Competitive Strategy, by Michael Porter

Challenge of Aligning Business Units with
Organisational Strategy
• Large organisation’s strive to achieve competitive
advantage through, for example:
– achievement of economies of scale
– customer satisfaction
– operational excellence
• These “strategic themes” are normally defined as
part of the organisational strategy
• The challenge is to create alignment and integration
among diverse and dispersed business units in support
of these “centralised” strategies
The IT Strategy Challenge
“Strategy is among the most abused and misunderstood

terms. The value of a clear strategy is that middle and
first-line management, as well as employees, can see
where they are expected to go, focus on options that are
available and know when they have arrived at the
destination.” The Gartner Group
1.
1. Organisation’s
Organisation’s
Strategy
Strategy
4.Business
4.Business Alignment 2.
2. IT
IT
Operations
Operations Activities Strategy
Strategy
3.
3. IT
IT
Operations
Operations

What is IT Strategy?
• IT strategic planning is required to manage and direct all IT
resources in line with the business strategy and
priorities.
• The IT function and business stakeholders are responsible for
ensuring that optimal value is realised from project
and service portfolios.
• The strategic plan should:
– improve key stakeholders’ understanding of IT
opportunities & limitations
– assess current performance and
– clarify the level of investment required
• The business strategy and priorities are to be reflected
in portfolios and executed by the IT tactical plan(s), which
establishes concise objectives, plans and tasks understood and
accepted by both business and IT.”
Source:The COBIT Framework - PO1 Define a strategic plan
The COBIT Framework

Control Objectives for Information and related
Technology (COBIT)
Cobit’s
Cobit’s
To be the model for IT governance
Vision
Vision
To research, develop, publicise and promote an
Cobit’s
Cobit’s authoritative, up-to-date, international set of
Mission
Mission generally accepted IT control objectives for day-to-
day use by business managers and auditors
• COBIT provides good practices across a domain and process
framework and presents activities in a manageable on logical
structure
• COBIT’s good practices represent the consensus of experts
• They are strongly focused on control, less on execution
• These practices will help optimise IT-enabled investments, ensure
service delivery and provide a measure against which to judge
when things go wrong
What is Good Practice?

One simple definition of "best practice" is:
“An industry accepted way of doing
something, that works.”
Aidan Lawes, CEO itSMF
"Best practice" is the best identified approach to a situation based

upon observation from effective organisations in similar business
circumstances.
A "best practice" approach means seeking out ideas and

experiences from those who have undertaken similar activities in the
past, determining which of these practices are relevant to your
situation, testing them out to see if they work, before incorporating
the proven practices in your own documented processes.
"Best practice" is all about not "re-inventing the wheel", but learning
from others and implementing what has been shown to work.

COBIT’s Contribution
For
For ITIT to
to be
be successful
successful in
in delivering
delivering against
against business
business
requirements,
requirements, management
management shouldshould put
put an
an internal
internal control
control
system
system or
or framework
framework in in place
place
The COBIT control framework contributes to the need for

IT Governance by:
• Making a link to the business requirements
• Organising IT activities into a generally accepted
process model
• Identifying the major IT resources to be leveraged
• Defining the management control objectives to be
considered
COBIT: What Does It Consist Of?
COBIT
COBIT starts
starts from
from the
the principle
principle that
that ITIT needs
needs to
to deliver
deliver the
the
information
information that
that the
the organisation
organisation needs
needs toto achieve
achieve its
its
objectives
objectives
• COBIT promotes process focus and process ownership

• Divides IT into 34 processes belonging to four domains and
provides a high-level control objective for each
• Looks at fiduciary (legal), quality and security needs of
organisations, providing seven information criteria that can
be used to generically define what the business requires
from IT
• Is supported by a set of more than 200 detailed control
objectives
COBIT’s Process Orientation
COBIT
COBIT defines
defines ITIT activities
activities in
in aa generic
generic process
process model
model within
within
four
four domains.
domains.
• The domains map to IT’s traditional responsibility areas
of plan, build, run and monitor.
Plan
Plan and
and Organise
Organise
Acquire
Acquire Deliver
Deliver
and
and and
and
Implement
Implement Support
Support
Monitor
Monitor and
and Evaluate
Evaluate
COBIT’s Process Orientation

The
TheCOBIT
COBITframework
frameworkprovides
providesaareference
referenceprocess
processmodel
modelandandcommon
common
language
languageto
toview
viewand
andmanage
manageITITactivities.
activities.
Plan and Organise Acquire & Implement
Define IT Acquire and Acquire and

Define Define Determine Identify Enable
Organisation Manage IT Maintain Maintain
Strategic Information Technological Automated Operation
and Investment Application Technology
IT Plan Architecture Direction Solutions And Use
Relationships Software Infrastructure
Install
Procure
Communicate Manage Assess & Manage Accredit
Manage Manage IT
Aims and IT Human Manage Changes Solutions
Quality Projects Resources
Direction Resource Risks & Changes
Monitor & Evaluate Deliver and Support

Monitor Monitor
Define and
and And Manage Manage Ensure Ensure Identify Educate
Manage
evaluate Evaluate Third-party Performance Continuous Systems and Allocate And Train
Service
IT Internal Services and Capacity Service Security Costs Users
Levels
performance Control
Manage Manage
Ensure Provide Manage
Service Manage Manage The Manage
Regulatory IT the
Desk & Problems Data Physical Operations
Compliance Governance Configuration
Incidents Environment

PO – COBIT’s Planning & Organisation
Domain
This
This domain
domain covers
covers strategy
strategy and
and tactics,
tactics, and
and concerns
concerns thethe
identification
identification of
of the
the way
way ITIT can
can best
best contribute
contribute to
to the
the
achievement
achievement of of the
the business
business objectives.
objectives.
• The realisation of the strategic vision needs to be planned,
communicated and managed for different perspectives.
• A proper organisation as well as technological infrastructure
should be put in place.
• This domain typically addresses the following management
questions:
– Are IT and the business strategy aligned?
– Is the organisation achieving optimum use of its resources?
– Does everyone in the organisation understand the IT objectives?
– Are IT risks understood and being managed?
– Is the quality of IT systems appropriate for business needs?
PO – COBIT’s Planning & Organisation

Domain
Provides
Provides direction
direction to
to solution
solution delivery
delivery (AI)
(AI) and
and service
service delivery
delivery
(DS)
(DS)
IT
ITDOMAINS
DOMAINS IT PROCESSES
1.
1.Planning
Planningand
and
Organisation
Organisation
2.
2.Acquisition
Acquisitionand
and
Implementation
Implementation
3.
3.Delivery
Deliveryand
and
Support
Support
4.
4.Monitoring
Monitoring

COBIT: What Does it Consist Of?
Business
Business
requirements information
IT
IT
Processes
Processes
COBIT® 4.0
Control
Control Management
Management Maturity
Maturity
Framework
Framework Objectives
Objectives Guidelines
Guidelines Model
Model
•Process Name •Input / Output
•NB Business Goals •Key activities
•NB IT Goals •RACI
•Key Controls •Goals (Objectives)
•Key Metrics •Metrics (Measures)
ITITAssurance
Assurance Control
Control
Guide
Guide Practices
Practices
COBIT: Interrelationship of Components

Business
Business
requirements information
IT
IT
Processes
Processes measured by
described controlled
in by
Control
Control Management
Management Maturity
Maturity
Framework
Framework Objectives
Objectives Guidelines
Guidelines Model
Model
for maturity
implemented
with Key
Key Key
Key Key
KeyGoal
Goal
RACI
RACI Activity
Activity Performance
Performance Indicators
Goals Indicators Indicators
Goals Indicators
Control
Control for for for for
Practices
Practices
translated accountability & efficiency & performance outcomes
into responsibility effectiveness
ITITAssurance
Assurance
Guide
Guide audited by
Adopted from COBIT 4.0
COBIT – Three Levels of Documents
The
The COBIT
COBIT products
products have
have been
been organised
organised into
into three
three levels
levels
Documentatio Purpose Document Example
n Level
Executive Help executives to understand IT Board Briefing on IT Governance
Management & Governance and how to exercise
Boards its responsibilities
Business and Help to measure performance, COBIT 4.0 Management Guidelines
Technology assign responsibility, benchmark and Maturity Models
Management and address gaps in capability
Governance, What is the Governance COBIT 4.1 and Val IT frameworks
Assurance, framework? COBIT 4.1 Control objectives
Control and
Security Key Management Practices
Professionals How do implement it in the IT Governance implementation guide
organisation? 2nd edition
COBIT Control Practices 2nd edition
How de we assess the IT IT Assurance guide

governance framework?
Overview of the COBIT Components?

The
TheCOBIT
COBITframework
frameworkisispopulated
populatedwith
withthe
thefollowing
followingcore
corecomponents
componentsfor
for
each
eachof
ofthe
the34
34ITITprocesses,
processes,giving
givingaapicture
pictureofofhow
howto
tocontrol,
control,manage
manage
and measure each of the processes
and measure each of the processes
• Section 1 - contains a process description summarising the

process objectives, with the high-level control objective
represented in a waterfall. This page also shows the mapping of this process to the
information criteria, IT resources and IT governance focus areas by way of P to indicate primary
relationship and S to indicate secondary
• Section 2 - contains the detailed control objectives for this
process
• Section 3 - contains the process inputs and outputs, RACI chart,
goals and metrics.
• Section 4 - contains the maturity model for the process.

Another
Anotherway
wayof
ofviewing
viewingthe
theprocess
processperformance
performancecontent
contentis:
is:
Process
Process Inputs
Inputs What the process owners needs from others
Control objectives describe what the process owners needs

Process
Process Description
Description to do
Process
Process Outputs
Outputs Are what the process owner has to deliver
Goals
Goals and
and Metrics
Metrics Show how the process should be measured
RACI
RACI chart
chart Defines what has to be delegated and to whom
Maturity
Maturity Model
Model Shows what has to be done to improve

The
Theroles
rolesininthe
theRACI
RACIchart
chartare
arecategorised
categorisedfor
forall
allprocesses
processesas:
as:
• Chief Executive Officer (CEO)

• Chief Financial Officer (CFO)
• Business Executives
• Chief Information Officer (CIO)
• Business Process Owner
• Head operations
• Chief Architect
• Head of Development
• Head IT administration
• Project Management Office (PMO)
• Compliance, audit, risk and security

COBIT Navigation – Section 1
The control over the IT Process of

Processes Name
That satisfies the business requirements for IT
Most Important
Business Goals By focussing on
Most important
IT Goals Is achieved by
Key Controls
Is measured by
Key Metrics
Source: COBIT 4.0


COBIT PO1 Define a Strategic IT Plan
Detailed Control Objectives
PO1.1 IT Value Management

PO1.2 Business-IT Alignment
PO1.3 Assessment of Current Performance
PO1.4 IT Strategic Plan
PO1.5 IT Tactical plan
PO1.6 IT Portfolio Management


COBIT’s Inputs/Outputs, Activities, Key
Activity Goals and Metrics
INPUT PROCESS OUTPUT
• Strategic
direction
• Resources
• Capabilities Activity Activity Output OUTCOME
• Awareness
• Support
• Policies
• Etc.
Key Players Attributes
0
Major Activities
1
2
3
4
5
RACI Chart Maturity Model References
To establish and monitor roles and responsibilities Pragmatic description to establish, plan
(R=responsible, A=accountable, C=consulted, I=informed) and track present and future maturity
COBIT Navigation – Section 3 (Part 1)

Management Guidelines

COBIT Navigation – Section 3 (Part 2)
Goals and Metrics

Maturity Model

The TOGAF Framework
Introduction
According to COBIT, developing an IT strategy requires an

understanding and development of the following:
• Business Strategy (Business Architecture)
• Information Systems Architecture
– Data Architecture
– Applications Architecture
• Technology Architecture
The COBIT framework provides only information on what

components are that are needed to develop an IT strategy, it
does not provide details on how to. There is a need for
complimentary guidance, e.g. form framework such as TOGAF
on how to develop these architectures.

TOGAF
The Open Group Architecture

Framework (TOGAF) is a
framework - a detailed method
and a set of supporting tools -
for developing an enterprise
architecture, developed by
members of The Open Group
Architecture Forum
It may be used freely by any
organisation wishing to develop
an enterprise architecture for use
within that organisation (subject
to conditions of use)
Source: Togaf 8.1
The Open Group Architecture Forum
• TOGAF was developed by members of The Open Group,

working within the Architecture Forum
(www.opengroup.org/architecture).
• The original development of TOGAF Version 1 in 1995 was
based on the Technical Architecture Framework for Information
Management (TAFIM), developed by the US Department of
Defense (DoD).
• The DoD gave The Open Group explicit permission and
encouragement to create TOGAF by building on the TAFIM,
which itself was the result of many years of development effort
and many millions of dollars of US Government investment.
Source: Togaf 8.1

What is an Architecture Framework
• An architecture framework is a tool which can be used

for developing a broad range of different architectures;
• It should describe a method for designing an
information system in terms of a set of building blocks,
and for showing how the building blocks fit together;
• It should contain a set of tools and provide a common
vocabulary;
• And it should also include a list of recommended
standards and compliant products that can be used to
implement the building blocks.
What is an Enterprise?
• A good definition of "enterprise" in this context is any collection

of organisations that has a common set of goals and/or a single
bottom line. In that sense, an enterprise can be a government
agency, a whole corporation, a division of a corporation, a
single department, or a chain of geographically distant
organisations linked together by common ownership.
• The term "enterprise" in the context of "enterprise architecture"

can be used to denote both an entire enterprise, encompassing
all of its information systems, and a specific domain within the
enterprise. In both cases, the architecture crosses multiple
systems, and multiple functional groups within the enterprise.
Source: Togaf 8.1

What is an architecture?
• The definition of an architecture used in ANSI/IEEE Std 1471-
2000 is:
"The fundamental organization of a system,
embodied in its components, their relationships to
each other and the environment, and the principles
governing its design and evolution."
• In TOGAF, "architecture" has two meanings depending upon its

contextual usage:
– A formal description of a system, or a detailed plan of the system at
component level to guide its implementation
– The structure of components, their inter-relationships, and the
principles and guidelines governing their design and evolution over
time.
Source: Togaf 8.1
What is an architecture?
• An architecture description is a formal description of

an information system, organized in a way that
supports reasoning about the structural properties of
the system.
• It defines the components or building blocks that make
up the overall information system, and provides a plan
from which products can be procured, and systems
developed, that will work together to implement the
overall system.
• It thus enables you to manage your overall IT
investment in a way that meets the needs of your
business. Source: Togaf 8.1

Why does one need an enterprise
architecture?
• The primary reason for developing an enterprise
architecture is to support the business by providing the
fundamental technology and process structure for an IT
strategy.
• This in turn makes IT a responsive asset for a successful
modern business strategy.
Source: Togaf 8.1
Enterprise Architecture - Advantages

The
Thetechnical
technicaladvantages
advantagesthat
thatresult
resultfrom
fromaagood
goodenterprise
enterprisearchitecture
architecture
bring
bringimportant
importantbusiness
businessbenefits,
benefits,which
whichare
areclearly
clearlyvisible
visibleininthe
thebottom
bottom
line:
line:
A more efficient IT operation:
• Lower software development, support, and maintenance costs
• Increased portability of applications
• Improved interoperability and easier system and network management
• Improved ability to address critical enterprise-wide issues like security
• Easier upgrade and exchange of system components
Better return on existing investment, reduced risk for future investment:
• Reduced complexity in IT infrastructure
• Maximum return on investment in existing IT infrastructure
• The flexibility to make, buy, or out-source IT solutions
• Reduced risk overall in new investment, and the costs of IT ownership
Faster, simpler, and cheaper procurement:
• Buying decisions are simpler, because the information governing procurement is readily
available in a coherent plan.
• The procurement process is faster - maximizing procurement speed and flexibility without
sacrificing architectural coherence.
Source: Togaf 8.1

Enterprise Architecture
• Think of EA as a bridge over troubled water, such as:
• Silos of applications
• Post-merger islands of automation
• Service reps opening eight windows to answer a
customer’s question
• Managers scrounging for information they need to
make decisions
• The loudest voice winning IT project funding decisions
Source: Togaf 8.1
TOGAF’s Architecture Development Cycle
Phase A – Architecture Vision

Phase B – Business Architecture
Phase C – Information Systems Architecture
Phase D – Technology Architecture
Phase E – Opportunities and Solutions
Phase F – Migration planning
Phase G – Implementation
Phase H – Architecture and Change
Management
Source: Togaf 8.1

TOGAF’s Architecture Development Cycle
Preliminary phase: Framework and principles. Get everyone on board with the
plan.
Phase A: Architecture vision. Define your scope and vision and map your overall
strategy.
Phase B: Business architecture. Describe your current and target business architectures
and determine the gap between them.
Phase C: Information system architectures. Develop target architectures for your data
and applications.
Phase D: Technology architecture. Create the overall target architecture that you will
implement in future phases.
Phase E: Opportunities and solutions. Develop the overall strategy, determining what
you will buy, build or reuse, and how you will implement the architecture described in
phase D.
Phase F: Migration planning. Prioritize projects and develop the migration plan.
Phase G: Implementation governance. Determine how you will provide oversight to the
implementation.
Phase H: Architecture change management. Monitor the running system for necessary
changes and determine whether to start a new cycle, looping back to the preliminary
phase.
Phase A: Architecture Vision

The objectives of Phase A are:
• To ensure that this evolution of the architecture development cycle has

proper recognition and endorsement from the corporate management of
the enterprise, and the support and commitment of the necessary line
management
• To validate the business principles, business goals, and strategic
business drivers of the organisation
• To define the scope of, and to identify and prioritize the components of,
the Baseline Architecture effort
• To define the relevant stakeholders, and their concerns and objectives
• To define the key business requirements to be addressed in this
architecture effort, and the constraints that must be dealt with
• To articulate an Architecture Vision that demonstrates a response to
those requirements and constraints
• To secure formal approval to proceed
• To understand the impact on, and of, other enterprise architecture
development cycles ongoing in parallel
Source: Togaf 8.1
Phase B: Business Architecture
• Organisation structure - identifying business locations and
relating them to organizational units
• Business goals and objectives - for the enterprise and each
organizational unit
• Business functions - a detailed, recursive step involving
successive decomposition of major functional areas into sub-
functions
• Business services - the services that the enterprise and each
enterprise unit provides to its customers, both internally and
externally
• Business processes - including measures and deliverables
• Business roles - including development and modification of
skills requirements
• Business data model
• Correlation of organization and functions - relate
business functions to organizational units in the form of a matrix
Source: Togaf 8.1
report
Phase C: Information Systems Architectures

Phase C involves some combination of Data and Applications Architecture,
in either order.
Objective:
The objective here is to define the major types and sources of data
necessary to support the business, in a way that is:
• Understandable by stakeholders
• Complete and consistent
• Stable
It is important to note that this effort is not concerned with database

design. The goal is to define the data entities relevant to the enterprise,
not to design logical or physical storage systems. (However, linkages to
existing files and databases may be developed, and may demonstrate
significant areas for improvement.)
Source: Togaf 8.1

Technical Reference Model
The application software tier consists
of the following:
1. Business applications (which handle enterprise specific

functions, such as inventory management)
2. Infrastructure applications (which provide more general
functionality, such as payment processing)
The application platform can be conceptualized as the space in

which all applications and all services are available. It is, in a
way, the aggregation of all services in the application software
tier.
Source: Togaf 8.1
The III-Reference Model

The
TheIII-RM
III-RMisisaamodel
modelof ofthe
themajor
majorcomponent
componentcategories
categoriesfor fordeveloping,
developing,
managing,
managing,and andoperating
operatingananintegrated
integratedinformation
informationinfrastructure.
infrastructure.ItItisisaa
model
modelof ofaaset
setof
ofapplications
applicationsthat
thatsits
sitson
ontop
topof
ofananApplication
ApplicationPlatform.
Platform.
This
Thismodel
modelisisaasubset
subsetof
ofthe
theTOGAF
TOGAFTRM, TRM,and
anditituses
usesaaslightly
slightlydifferent
different
orientation.
orientation.
Source: Togaf 8.1
Figure: Detailed Technical Reference Model (Showing Service Categories)

Phase D: Technology Architecture
The objective of Phase D is to develop a Technology

Architecture that will form the basis of the
implementation work.
• An organisation creating or adapting a Technology

Architecture may already have access to a list of
approved suppliers/products for that organization.
• The list will be an input to the definition of the
organisation-specific architecture framework.
• The architectures can then be used as procurement
tools to govern the future growth and development of
the organisation's IT infrastructure.
Source: Togaf 8.1
Example Figure: Existing Hardware Topology
Source: Togaf 8.1

Phase F: Migration Planning
The objective of Phase F is to sort the various implementation
projects into priority order.
• Activities include assessing the dependencies, costs, and benefits

of the various migration projects.
• The prioritised list of projects will go on to form the basis of the
detailed Implementation Plan and Migration Plan.
• Migration Plan steps involve:
– Prioritise projects
– Estimate resource requirements and availability
– Perform cost/benefit assessment of the various migration projects
– Perform risk assessment
– Generate implementation roadmap (timelined)
– Document the Migration Plan
Source: Togaf 8.1
Phase G – Implementation Governance
Implementation
Implementation governance
governance determines
determines how
how you
you will
will provide
provide
oversight
oversight to
to the
the implementation
implementation
Source: Togaf 8.1

Figure: Architecture Governance Framework - Organizational Structure, TOGAF 8.1
Phase H – Architecture and Change
Management
• Involves monitoring the running system for necessary
changes and determine whether to start a new cycle,
looping back to the preliminary phase
Source: Togaf 8.1
The IT Strategy Components

(Based on the COBIT framework)

COBIT PO1.4 IT Strategic Plan
The
The following
following section
section aims
aims toto provide
provide aa “framework”
“framework” for
for
developing
developing an an ITIT Strategic
Strategic Plan,
Plan, in
in compliance
compliance with
with COBIT
COBIT
PO1.4
PO1.4
COBIT PO1.4 requires organisations to:

“Create a strategic IT plan that defines, in co-operation with
relevant stakeholders, how IT will contribute to the enterprise’s
strategic objectives (goals) and related costs and risks. IT includes
how the objectives will be met and measured and will receive
formal sign-off from the stakeholders. The IT strategic plan should
cover investment / operational budget, funding sources, sourcing
strategy, acquisition strategy, and legal and regulatory
requirements. The strategic plan should be sufficiently detailed to
allow the definition of tactical IT plans.
IT Strategy Steps
Step 1 –Understand the business strategy

Step 2– Establish the IT governance structure, decision-making
and financial management processes
Step 3 - Define the Information Architecture
–Data Architecture
–Applications Architecture
Step 4 - Define the Technology Architecture and technological
direction
Step 5 - Define the IT organisation and process structures
Step 6 - Establish the IT budget and investment schedule
Step 7 - Document the strategy
Step 8 - Manage the strategy’s implementation and execution
Source: Gartner Group’s “Strategic Analysis Report,17 December 2003

Step 1:
Understand the Business
Strategy
The IT Strategy Planning Process
Define
Define aa strategic
strategic ITIT plan
plan that
that satisfies
satisfies the
the business
business
strategy
strategy and
and governance
governance requirements
requirements while while being
being
transparent
transparent about
about benefits
benefits and
and costs.
costs. COBITs
COBITsPO1
PO1
1.
1.Business
Businessplanning
planning 2.
2.ITITStrategy
Strategy 3.
3.Short-term
Short-termITITplans
plans
and
andstrategy
strategy
No
5.
5.Monitor
Monitorand
and 4.
4.Communicate
CommunicateITIT
Yes Correct? strategy
evaluate
evaluate strategyand
andITITplans
plans
Stop

IT Strategy Focus
• Involve IT and business management

• Translate business requirements into IT service
offerings
• Deliver services in a transparent & effective way
How is IT strategy planning achieved ?
• Engage with business and senior management in

aligning IT strategic planning with current and future
business goals
• Understand current IT capabilities
• Provide a prioritisation scheme
1 Year
Business Applications Technology
Time
IT’s Contribution to the Business
Educate
Educateexecutives
executiveson oncurrent
currenttechnology
technologycapabilities
capabilitiesandandfuture
future
directions,
directions, the opportunities that IT provides, and what the businesshas
the opportunities that IT provides, and what the business hasto
to
do to capitalise on those opportunities. Make sure the business direction
do to capitalise on those opportunities. Make sure the business direction
to
towhich
whichITITisisaligned
alignedisisunderstood.
understood. COBIT
COBITPO1 PO1
technology impact
Monitor Investigate Introduce

value and high
High business
Content / record
mgmt
Portals / RFID
dashboard BI / perf.mgmgt
Data mining
Workflow
technology impact
Collaboration
High business
value or high
PKI Mobile Connectivity

transacting
Web services
Linux
technology impact
Video conference
value and low
Low business
Server
Consolidation?
VOIP
Biometrics
Technology Trigger Peak of inflated Trough of Slope of Plateau of

expectations disillusionment enlightenment productivity
Maturity
Business Strategy vs. IT Strategy

The
Thebusiness
businessand
andITITstrategies
strategiesshould
shouldbe
beintegrated
integratedclearly
clearlylinking
linkingbusiness
business
goals
goalsand
andITITgoals
goals…… COBIT
COBITPO1.2
PO1.2
The
TheCompany
CompanyStrategy
Strategy The
TheITITStrategy
Strategy
•Grow profitability without compromising our values •Assist the business to increase performance
•Grow profitability without compromising our values •Assist the business to increase performance
•Become better at marketing and sales than our •Enable the business to maximise all advantages
•Become better at marketing and sales than our •Enable the business to maximise all advantages
competitors against competition
competitors against competition
•Identify & invest in new business opportunities •Enable to the organisation to achieve its objectives
•Identify & invest in new business opportunities •Enable to the organisation to achieve its objectives
•Continue to deliver benefit to communities •Provide information to all sections in the company in
•Continue to deliver benefit to communities •Provide information to all sections in the company in
•Pool technical expertise and deliver innovation a consistent, accurate and trusted way
•Pool technical expertise and deliver innovation a consistent, accurate and trusted way

Analyse & Communicate IT Risks
Example of IT risks
Analyse & Communicate IT Risks
Analyse
Analyse and
and communicate
communicate ITIT risks
risks and
and their
their potential
potential
impact
impact on
on the
the business
business processes
processes and
and goals
goals
Corporate Risk description and Result of Risk Risk responses

objective affected its consequences likelihood rating
and impact
assessment
L I
Ensure availability Hard disk crash 2 4 8 Hard disk mirrored in same serve
of information and Back-up tapes (every day)
IS systems Back-up server
Faulty network (leased 3 2 6
lines)
Server malfunction 3 1 3 Support contract with suppliers
Back-up server
Preventive maintenance

Identify the Business Initiatives that requires IT
Support
Identify
Identify Business
Business Initiatives
Initiatives
Oct ’06 March ’07 March ’08 March ’09 March ‘010
Dispute Res.
Single Registration
Extension of electronic-Filing Capability
Infrastructure
InfrastructureUpgrade
Upgrade
Identity Management
Customer Master Database
Data Warehouse
Imaging
Business Process Management
Administrator System
Legacy Replacement
Define How IT will be Measured

“Assess
“Assessthe
theperformance
performanceof ofthe
theexisting
existingplans
plansand
andinformation
informationsystems
systemsinin
terms
termsof
ofcontribution
contributionto
tothe
thebusiness
businessobjectives,
objectives,functionality,
functionality,stability,
stability,
complexity, costs and weaknesses”. COBIT
complexity, costs and weaknesses”. COBIT PO1.3 PO1.3
Organisation IT
Financial
Financial •Financial
•Financial
•Grow Profitability •Manage the Cost of IT
•Constantly increase performance •Enable BU’s to increase in revenue and market share
Customer
Customer •Customer
•Customer
•Anticipate and respond to needs of customers •Ensure satisfied end-users
•Demonstrate Value add of IS
Business
BusinessProcess
Process •IT
•ITProcess
Process
•Increase productivity and innovation •Optimise IT processes and standardise IT Platforms
•Outsource non-core activities •Implement on time/budget
•Adapt cost structures and business process flexibility •Support end-users
•Pool technical expertise and deliver innovation •Improve business processes
•Invest wisely and stay alert to new business opportunities •R&D emerging technologies & provide solutions
•Reduce risk, improve safety & contribute to community •IT Governance
Learning
Learning&&Growth
Growth •Learning
•Learning&&Growth
Growth
•Focus on competencies driving productivity & innovation •Attract, Develop, Retain & Motivate IT team
•Provide information in the company in a consistent, •Enhance Information Delivery and Knowledge Management
accurate and trusted way

Legal & Regulatory Requirements
Identify
Identify all
all applicable
applicable lawslaws and
and regulations
regulations and
and the
the
corresponding
corresponding levellevel ofof ITIT compliance
compliance andand optimising
optimising
ITIT processes
processes toto reduce
reduce riskrisk of
of non-compliance
non-compliance
Step 2:
Establish the IT governance
structure, decision-making
and financial management
processes

IT Governance Processes & Organisation
AAstrategy
strategycommittee
committeeshould
shouldensure
ensureboard
boardoversight
oversightof
ofITITand
andone
oneor
ormore
more
steering
steeringcommittees
committeesininwhich
whichbusiness
businessand
andITITparticipate
participateshould
shoulddetermine
determine
prioritisation of IT resources in line with business needs.
COBIT
COBITPO4PO4
Board of Directors Internal Audit

IT Strategy
Department
Committee
IT Assurance (IT Audit Reports)
Provides insight and advice to CEO
the board on IT
IT Steering
Committee
Decides the overall level of IT Support
spending and how costs will BU’s HR, Information
BU 1 BU 2 BU 3 ……
be allocated Finance Systems
etc
Key IT Governance Decisions

AAstrategy
strategycommittee
committeeshould
shouldensure
ensureboard
boardoversight
oversightof
ofITITand
andone
oneor
ormore
more
steering
steeringcommittees
committeesininwhich
whichbusiness
businessand
andITITparticipate
participateshould
shoulddetermine
determine
COBIT
COBITPO4PO4
IT Infrastructure
IT Architecture IT Investment
Decisions
Decisions Centrally coordinated, shared IT Decision
services that provide the
Organising logic for data foundation Decisions about how
applications, and for the organisations IT capability much and where to invest in IT,
infrastructure Including project approvals
captured in a set of policies, and justification techniques
relationships and technical Business Applications
choices to achieve desirable
business and technical
Needs
Specifying the business need
standardisation
For purchased or internally
and integration
Developed IT applications
Source: 2003 MIT Sloan School Center for Information Systems Research (CSIR)

Key IT Governance Decisions
IT Decision Key Questions
Category
IT Principles •What is the organisation’s operating model?

•What is the role of IT in the business?
•What are the IT-desirable behaviours?
•How will IT be funded?
IT Architecture •What are the core business processes of the organisation? How are they related?
•What information drives these core processes? How must the data be integrated?
•What technical capabilities should be standardised to support IT efficiencies and facilitate process standardisation
and integration?
•What activities must be standardised organisation-wide to support data integration?
•What technology choices will guide the organisation’s approach to IT initiatives?
IT Infrastructure •What IT infrastructure services are most critical to achieving the organisation’s strategic objectives?
•For each capability cluster, what infrastructure services should be implemented organisation-wide and what are the
service-level requirements of those services?
•How should infrastructure services be priced?
•What infrastructure services should be outsourced?
Business •What are the market and business process opportunities for new business applications?
Application •How are R&D conducted and proof of concepts designed to assess whether they are successful ?
Needs •How can business requirements be addressed within current IT architectural standards?
•Who will own the outcomes of each project and institute organisational changes to ensure value?
IT Investment •What process changes or enhancements are strategically most important to the organisation?
Prioritisation (IT •What are the distributions in the current and proposed IT portfolios? Are these portfolios consistent with the
Portfolio organisation’s strategic objectives?
Management) •What is the relative importance of organisation-wide versus Business Unit investments?
IT Governance Responsibilities
Establish
Establishaastrategy
strategycommittee
committeeatatboard
boardlevel.
level.This
Thiscommittee
committeeensures
ensuresthat
thatITIT
governance
governance as part of corporate governance, is adequately addressed,advise
as part of corporate governance, is adequately addressed, advise
on strategic direction and reviews major investments on behalf of the board.
on strategic direction and reviews major investments on behalf of the board.
COBIT
COBITPO4.2
PO4.2
IT STRATEGY COMMITTEE - BOARD LEVEL

LEVEL RESPONSIBILITY Provides insight and advice to the board on topics such as:
• The relevance of development in IT from a business perspective
• The alignment of IT with the business direction
• The achievement of strategic IT objectives
• The availability of suitable IT resources, skills and infrastructure to meet the strategic objectives
• Optimisation of IT costs, including the role and value delivery of external IT sourcing
• Risk, return & competitive aspects of IT investments
• Progress on major IT projects
• The contribution of IT to the business (i.e., delivering the promised business value)
• Exposure to IT risks, including compliance risks
• Containment of IT risks
• Provides direction to management relative to IT strategy
• Is driver and catalyst for the board’s IT governance practices
AUTHORITY •Advises the board and management on IT strategy

•Is delegated by the board to provide input to the strategy and prepare its approval
•Focuses on current and future strategic IT issues
MEMBERSHIP •Board members and (specialist) non-board members

IT Governance Responsibilities
Establish
Establishan
anITITsteering
steeringcommittee
committeecomposed
composedof ofexecutive,
executive,business
businessand
andITIT
management
managementto: to:determine
determineprioritisation,
prioritisation,track
trackstatus
statusof
ofITITprojects,
projects,and
and
monitor service levels. COBIT PO4.3
monitor service levels. COBIT PO4.3
IT STEERING COMMITTEE - EXECUTIVE LEVEL
LEVEL Decides the overall level of IT spending and how costs will be allocated:
RESPONSIBILITY • Aligns and approves the enterprise IT architecture
• Approves project plans and budgets, setting priorities and milestones
• Acquires and assigns appropriate resources
• Ensures projects continuously meet business requirements, including re-evaluation of the business case
• Monitors project plans for delivery of expected value and desired outcome, on time and within budget
• Monitors resource and priority conflict between enterprise divisions and the IT function, and between projects
• Makes recommendations and requests for changes to strategic plans (priorities, funding, technology
approaches, resources, etc.)
• Communicates strategic goals to project teams
• Is a major contributor to management’s IT governance responsibilities
AUTHORITY •Assists the executive in the delivery of the IT strategy

•Oversees day-to-day management of IT service delivery and IT projects
•Focuses on implementation
MEMBERSHIP •Sponsoring executive
•Business executive (key users)
•CIO
•Key advisors as required (IT, audit, legal, finance)
Step 3:
Define the Information
Architecture
•Data Architecture
•Applications Architecture

COBIT PO2 Define the Information Architecture
COBIT PO2 Define the Information Architecture
INPUT OUTPUT
PROCESS

TOGAF Data Architecture Development Steps
1. Data Baseline Description.

2. Review and validate (or generate, if necessary) the set
of data principles.
3. Architecture Model's.
4. For each viewpoint, create the model for the specific
view required,
5. Select Data architecture building blocks (e.g.,
metamodels)
6. Review the qualitative criteria
7. Complete the Data architecture
8. Gap analysis
TOGAF Applications Architecture Development Steps
1. Applications Baseline Description. Develop a baseline description

of the existing Applications architecture, to the extent necessary
to support the target Applications Architecture.
2. Review and validate (or generate, if necessary) the set of
Applications principles.
3. Develop Architecture Model(s).
4. Develop a user location / applications matrix
5. Brainstorm other potential application systems based on
innovative use of new developments in technology.
6. Merge all lists into a single, deduplicated list of candidate
application systems
6. Review the qualitative criteria (e.g., security, availability,
performance, costs),
7. Complete the Applications architecture.
8. Undertake Gap analysis and report

Information Architecture
Establish
Establishand
andmaintain
maintainananenterprise
enterpriseinformation
informationmodel
modelto toenable
enable
applications
applicationsdevelopment
developmentandanddecision-supporting
decision-supportingactivities,
activities,consistent
consistent
with IT plans as described in PO1
with IT plans as described in PO1
Step 4:
Define the Technology
Architecture and Technological
Direction

PO3 Determine Technological Direction
PO3 Determine Technological Direction

INPUT OUTPUT
PROCESS

IT Technological Infrastructure Plan
Analyse
Analyse existing
existing and
and emerging
emerging technologies
technologies and and
plan
plan which
which technological
technological direction
direction isis most
most
appropriate
appropriate to
to realise
realise the
the ITIT strategy
strategy and
and thethe business
business
systems
systems architecture.
architecture. COBITCOBITPO3.2
PO3.2
IT Technological Infrastructure Plan considerations:
• Based - on technological direction
• Includes - contingency arrangements
• Direction - for acquisition of IT technology and resources
• Considers –
– Changes in competitive environment
– Economies of scale for IT systems and staffing
– Improved interoperability of platforms and application
TOGAF Technology Architecture Development Steps
1. Technology Baseline Description.

i. Review Business Baseline, Data Baseline and Application Systems
Baseline, to the degree necessary to inform decisions and
subsequent work.
ii. Develop a baseline description of the existing Technology
Architecture, to the extent necessary to support the target
Technology Architecture.
iii. To the extent possible, identify and document candidate technology
architecture building blocks (potential reusable assets).
iv. Draft the Technology Baseline Report: summarize key findings and
conclusions, developing suitable graphics and schematics to
illustrate baseline configuration(s).
v. Route the Technology Baseline Report for review by relevant
stakeholders, and incorporate feedback.
2. Develop Target Technology Architecture.

IT Technological Infrastructure Plan
Create
Create and
and maintain
maintain aa technological
technological infrastructure
infrastructure
plan
plan that
that isis in
in accordance
accordance with
with the
the ITIT strategic
strategic and
and
tactical
tactical plans
plans COBIT
COBITPO3.2
PO3.2
Portal – SAP Portal
Financial Consolidation –
E-business - SAP
Hyperion Enterprise
Data Warehousing SAP BW /
Desktop – Windows 2000/XP MS

Knowledge Management –
Middleware – MQ Series HR – SAP PA

Domino.doc
Cognos
and Planning -
Scheduling
Office
ERP – SAP 4.6c
APO
AIX/Oracle 9
Data Archiving - IXOS
MES - MICS
SCADA / DCS / PLC
Technology Standards
“To
“Toprovide
provideconsistent,
consistent,effective
effectiveand
andsecure
securetechnological
technologicalsolution
solution
organisation-wide,
organisation-wide,establish
establishaatechnology
technologyforum
forumto
toprovide
providetechnology
technology
standards”
standards” COBIT PO3.4
COBIT PO3.4
Category Description Standard
DESKTOP SOFTWARE Operating System MS Windows 2000 / XP
Integrated Client MS Office XP
Messaging Client MS Outlook 2000
Word Processing MS Word XP
Spreadsheet MS Excel XP
Presentation Software MS PowerPoint XP
Schedule / Time Mngmnt MS Outlook XP
Desk Top Publishing Adobe Acrobat
Project Management MS Project 2000
Internet Browser MS Internet Explorer 6
HTML Editor
Virus Checking NAI (McAfee) ???
Symantec Anti-virus software
Network Associates products
Systems Management Alteris

Compression software MAX C2C
WinZip
THIN CLIENT SOFTWARE Software Citrix Metaframe

IT Sourcing Strategy
Identify
Identify strategic
strategic ITIT partners
partners
Step 5:
Define the IT organisation and
process structures

IT Processes & Organisation
Define
Define an
an ITIT process
process framework
framework to
to execute
execute the
the ITIT
strategic
strategic plan.
plan. COBIT
COBITPO4.1
PO4.1
Business IS
Planning to Implement
Business
The Business Business
Business Perspective
Continuity
Continuity Continuity Culture,
Business Business ICT Business IS Vision & Plans
Plans Business Plans People, &
Continuity Continuity Plans & IS Strategy
Requirements Training plans
Plans Plans Communication Business
Business Business
Security
Security Security Objectives, Programme &
Business Business Supplier & Policy
Policy Procurement Policy KPI’s & Project
Security Security Contract
Policies targets Management
Policy Policy Policies
Information &
Knowledge Management
Information Data
Requirements Architecture
Service Delivery Service Support Infrastructure Management Applications Management
SLA’s, Service Service Desk, ICT Design&

ICT Strategies Applications Applications
Improvement Incident-, Problem- Architecture
& Plans Strategy Architecture
Plan, Service
Business Change-,Configuration,
Continuity Plan, Release and other
Security
Capacity Plan, Service R&D, Business
Policy Implementation Applications
Availability Plan Support plans Evaluations Cases
Programme Polices
POC’s Feasibility
IT Business Relationship Model

The service provider fills a role within a supply chain, where each step in the
chain should be adding benefit, with the service provider receiving services or
goods from the supplier and delivering an enhanced service to the customer.
ISO 20000
Supplier (Vendor) Business Relationship

Management Management
Supplier IT Service Provider IT Customer

Project Management
Applications Support
UC SLA
OLA
Infrastructure Support
Service Support
Service Delivery
Knowledge Management

IT Processes & Organisation
Adopt
Adopt && Implement
Implement COBIT,
COBIT, ITIL,
ITIL, && ISO
ISO 20000
20000
Frameworks Description Compliance/ Conformance Activity
/ Standard
COBIT COBIT is an IT Governance Framework, IT Process “As-is” Maturity Assessment

addressing the IT control objectives for 34 IT Planning “To-be” Maturity
processes, including the 13 Deliver Service Identify Activities and
processes. I.e. the “What” (Policies, Practices, Responsibilities/Accountabilities
Procedures, Accountability) Identify and recommend IT Process Performance
Measures
ITIL The ITIL framework concerns itself with the Use ITIL best practice to guide design of the IT
provision of IT Service Management disciplines Service Management processes
(11 Service & Support processes). I.e. the Use ITIL to self assess against the ITIL best practice
“How” of IT Service Management
ISO 20000 ISO 20000 Part 1 is the formal specification Self assessment of ITIL service management
and defines the requirements for an processes against the ISO20000 standard
organisation to deliver managed services of an Determine gap for improvement
acceptable quality for its customers Audit to assess organisational readiness for
ISO 20000 Part 2 is the Code of Practice and certification against the ISO20000 standard
describes the best practices for Service
Management processes
COBIT IT Governance Framework
ITIT Governance
Governance Framework
Framework
Planand
Plan andOrganise
Organise Acquire&&Implement
Acquire Implement
Define IT Acquire and Acquire and
Define Define Determine Define IT Identify Acquire and Acquire and Enable
Define Determine Organisation Manage IT Identify Maintain Maintain Enable
Strategic Define Technological Organisation Manage IT Automated Maintain Maintain Operation
Information and Investment Application Technology
Strategic Information Technological and Investment Automated Operation
IT Plan Architecture Direction Relationships Solutions Application Technology And Use
IT Plan Architecture Direction Relationships Solutions Software Infrastructure And Use
Software Infrastructure
Install
Communicate Manage Assess & Procure Install
Communicate Manage Manage Assess & Manage Procure Manage Accredit
Aims and IT Human Manage Manage Manage IT Manage Accredit
Aims and IT Human Quality Manage Projects IT Changes Solutions
Direction Resource Quality Risks Projects Resources Changes Solutions
Direction Resource Risks Resources & Changes
& Changes
Monitorand
Monitor andEvaluate
Evaluate Deliverand
andSupport
Support
Monitor
Monitor
Monitor
Monitor
Deliver
and And
and And Define and
evaluate Evaluate Define and Manage Manage Ensure Ensure Identify Educate
evaluate Evaluate Manage Manage Manage Ensure Ensure Identify Educate
IT Internal Manage Third-party Performance Continuous Systems and Allocate And Train
IT Internal Service Third-party Performance Continuous Systems and Allocate And Train
performance Control Service Services and Capacity Service Security Costs Users
performance Control Levels Services and Capacity Service Security Costs Users
Levels
Ensure Provide Manage Manage

Ensure Provide Manage Manage Manage
Regulatory IT Service Manage Manage Manage The Manage
Regulatory IT Service the Manage Manage The Manage
Compliance Governance Desk & the Problems Data Physical Operations
Compliance Governance Desk & Configuration Problems Data Physical Operations
Incidents Configuration Environment
Incidents Environment

ITIL Service Management Framework
ITIT Service
Service Management
Management Framework
Framework
Financial Management IT Service
for IT services Continuity Management
Availability
Management
Capacity Release
Management
Management
IT
IT Configuration
Management
Service Level Infrastructure
Infrastructure
Management
Change
Management
Service Desk Problem

Incident Management
Analytix Intellectual Property Management
115
Quality Management Cycle PO6

The
TheITITprocess
processframework
frameworkshould
shouldbebeintegrated
integratedininaaquality
qualitymanagement
management
system
systemand
andthe
theinternal
internalcontrol
controlframework.
framework.
The
The PDCA model assumes that to provideappropriate
PDCA model assumes that to provide appropriatequality,
quality,
the
thefollowing
followingsteps
stepsmust
mustbe beundertaken
undertakenrepeatedly:
repeatedly:
• Plan - what should be done, when

should it be done, who should be
doing it, how should it be done, and
by using what?
• Do - the planned activities are
implemented.
• Check - determine if the activities
provided the expected result.
• Act - adjust the plans based on
information gathered while checking.

Organisation Chart
An
AnITITorganisation
organisationmust
mustbebedefined
definedconsidering
consideringrequirements
requirementsforforstaff,
staff,skills,
skills,
functions, accountability, authority, roles and responsibilities and supervision.
functions, accountability, authority, roles and responsibilities and supervision.
IT
Manager IT
Service Managers
Programme & Application Infrastructure Service Service Data &

Project Support Support Support Delivery Knowledge
Management Management
Programme & Project Business / Functional Network Service Desk Service Level Data storage,
Planning Analysis Management Management retention & disposal
Management
Project Budget Software Hardware Support Incident Management Capacity Media Library
Management Specifications Management Management
Business Analysis Application Design Desktop Support Problem Availability Backup & Restoration
Management Management Management
Programme Application SW Telecommunications Change Management Cost Management Data Security
Management Implementation Support Requirements
Project Management Application Support Database Configuration Network Security Business Intelligence
Administration Management
Quality Management Application Security IT & Network Release IT Continuity Knowledge
Security Management Management Management
IT / Project Risk Application SW Disaster Recovery Vendor Management

Management Maintenance (Procurement)
Step 6:
Establish budget and investment
schedule

IT Investment Programme
“Maintain
“Maintainthe
theportfolios
portfoliosof
ofIT-enabled
IT-enabledinvestment
investmentprogrammes,
programmes,ITITservices
servicesand
and
ITITassets,
assets,which
whichform
formthethebasis
basisfor
forthe
theITITbudget.”
budget.” COBIT
COBITPO5
PO5
Budget
Prepare
Prepare and
and manage
manage aa budget
budget reflecting
reflecting the
the
priorities
priorities of
of IT-enabled
IT-enabled investments
investments programmes,
programmes,
including
including ongoing
ongoing costs
costs of
of operating
operating andand
maintaining
maintaining the
the current
current infrastructure
infrastructure

Step 7:
Document the strategy
IT Strategy Contents
Create
Createaastrategic
strategicplan,
plan,inincooperation
cooperationwith
withrelevant
relevantstakeholders,
stakeholders,how
how
ITITwill
willcontribute
contributetotothe
theorganisation’s
organisation’sStrategic
Strategicobjectives,
objectives,related
relatedcosts,
costs,
and risks.
and risks. COBIT PO 1.4
COBIT PO 1.4
• Introduction
• Include:
will support IT-enabled investment programmes
– How IT
– How IT will support operational service delivery
• Define:
– How the objectives will be met and measured and receive formal sign-off
• Cover:
– IT investment plan and IT operational budget
– IT funding sources
– IT sourcing strategy
– IT acquisition strategy
– Legal & regulatory requirements
– Tactical IT plans

IT Strategic Plan Contents
Preliminary Details
– Contact information
– Definitions
– Document control
Executive Summary
– Vision, Mission, Values
– Current situation
– Organisation and management
IT governance structure and decision processes
Business strategy
IT governance structure, decision-making and financial management processes
Information Architecture
– Data Architecture
– Applications Architecture
Technology Architecture and technological direction
IT organisation and process structures
IT Strategy
– Vision, Mission, Values
– Strategic Themes
– Objectives, measures, and targets
– Strategic Initiatives
IT budget and investment schedule
Risk analysis
– SWOT analysis, Specific IT risk and solutions
Conclusion
Annexures
IT Strategic Plan Annexures
• Short term tactical plans

• IT strategic planning process
• IT Governance Framework
• Definition of IT standards and architectures

Step 8:
Manage the strategy’s
implementation and execution
Norton & Kaplan - 5 Principles of Strategy-

Focused Organistion
#1 #2 #3 #4 #5
Mobilise Translate Align Motivate Govern
• Burning Platform (Executive Team created sense of urgency)

• Executive Team has taken ownership of value management
process
• Executive Team aligned around articulated vision, and strategy
• Each Executive member individually accountable for some
component of the strategy

Norton & Kaplan - 5 Principles of Strategy -
Focused Organistions
#1 #2 #3 #4 #5
• Strategy refreshed annually through strategic plan

• Strategy translated to strategy map / balanced scorecard
• Measures / targets balanced across
• Financial perspectives
• Non-financial perspectives (Strategy Map and Balanced
Scorecard)

#1 #2 #3 #4 #5
• Cascade scorecard to create linkage

• Business Unit / Departmental Scorecards
• Business Unit / Departmental ownership and support

#3 #4 #5
#1 #2
Align Motivate Govern
Mobilise Translate
• Strategy Everyone’s Job

• Strategic Awareness
• Goal Alignment and Performance Agreements
• Job descriptions
• Individual Balanced Scorecards
• Personal Development Plans
• Linked Incentives

#1 #2 #3 #4 #5
• Strategy Linked to Budgeting

• Strategy Linked to Operations Management
• Scorecard agenda for Strategic Planning and Management Meetings
• Feedback System
• Strategic Learning Process
• Understand how and where Value is added and Measure
• Cause and Effect (Strategy Maps & Balanced Scorecard)

Introduction
to the
Balanced Scorecard
The “Balanced Scorecard” Approach….

It’s
It’snot
notrocket
rocketscience…
science…ItItisiscommon
commonsense...
sense...Nor
Norisisititnew….
new….
Successful
Successfulorganisations
organisationsall
allaround
aroundthe theworld
worldhave
havebeen
beenfollowing
followingthe
the
principles for years.
principles for years.
The
Theterm
term‘scorecard’
‘scorecard’was
wascoined
coinedby byKaplan
Kaplan&&Norton
NortonininaaHarvard
Harvard
Business Review article in 1991
Business Review article in 1991
They had been researching organisations around the world and

found that although many organisations were doing lots of strategic
planning they were still unable to effectively align what was
happening in the organisation with that overall strategy.

The Balanced Scorecard Solves Two
Fundamental Business Issues
“We
“We can
can describe
describe the
the Balanced
Balanced Scorecard
Scorecard as as aa
carefully
carefully selected
selected set
set of
of measures
measures derived
derived fromfrom an
an
organisation’s
organisation’s strategy.”
strategy.” Paul
PaulR.
R.Niven
Niven
Balanced
Scorecard
Financial Measurement
Strategy
Implementation
What is the Balanced Scorecard?
“The
“The measures
measures selected
selected for
for the
the Scorecard
Scorecard represent
represent aa tool
tool for
for
management
management to to use
use in
in communicating
communicating to to employees
employees andand
external
external stakeholders
stakeholders the
the outcomes
outcomes of of the
the performance
performance
drivers.”
drivers.” Paul
PaulR.
R.Niven
Niven
Measurement
MeasurementSystem?
System?
Strategic
StrategicManagement
ManagementSystem?
System?
Communication
CommunicationTool?
Tool?

The Balanced Scorecard as a Measurement
System
The
TheBalanced
BalancedScorecard
Scorecardcompliments
complimentsthe
thefinancial
financialmeasures
measureswith
with
customer,
customer,process
processand
andpeople
peoplerelated
relatedmeasures
measures
Operational Financial Revenue STAKEHOLDER
Drivers Drivers Profitability VALUE
Effectiveness
Operational Financial
Model Model
Cash Flow
Non Financial Customer Value

Drivers
Process Value
Strategic
Community
Objectives Value
Employee Information
Value Value
The Balanced Scorecard – More than a

Measurement System
• The balanced scorecard is a management system (not
only a measurement system) that enables organisations
to clarify their vision and strategy and translate them
into action
• It provides feedback around both the internal business
processes and external outcomes in order to
continuously improve strategic performance and results
• When fully deployed, the balanced scorecard
transforms strategic planning from an academic
exercise into the nerve center of an organisation

Provide focus on the most important measures
that really matter
• The Balanced Scorecard is more than a collection of
measures used to identify problems
• It is a system that integrates an organisation’s strategy
with a purposely limited number of key metrics
• Simply adding new metrics to financial ones could
result in information overload
• To avoid this problem, the Balanced Scorecard focuses
on four major areas of performance and a limited
number of metrics within those areas
The Balanced Scorecard Perspectives
AA perspective
perspective isis aa view
view of
of an
an organisation
organisation from
from aa specific
specific
vantage
vantage point
point
Customers
Customers Financial
Financial
Strategy
Internal
InternalBusiness
Business Learning
Learning&&Growth
Growth
Processes
Processes
Source:BSCOL, Norton & Kaplan

• In the traditional Balanced Scorecard implementation,

four basic perspectives are used to encompass an
organisation’s activities:
Financial,
Customer
Internal, processes,
Learning and growth
• The organisation’s business model, which

encompasses mission, vision, and strategy, determines
the appropriate perspectives

• Some companies use
traditional perspectives Financial
Financial Perspective
Perspective
others use additional ones ““IfIfwe
wesucceed,
succeed,how
howwill
will
• The choice of perspectives we
welook
lookto
toour
ourshareholders
shareholders
should be governed purely
by business logic Customer
Customer Perspective
Perspective
“To
“Toachieve
achievethe
thevision,
vision, how
how
• Clear inter-relationships
must we look to our customers?
must we look to our customers?
between the perspectives
Internal
Internal Perspective
Perspective
“To
“Tosatisfy
satisfyour
ourcustomers,
customers,at
at
which
whichprocesses
processesmust
mustwe
weexcel?
excel?
Learning
Learning &
& Growth
Growth
“To
“Toachieve
achieveour
ourvision,
vision,how
howmust
must
my organisation learn and improve
• The financial perspective addresses the question of

how shareholders view the organisation and which
financial goals are desired
Objective Measures
Increase Shareholder Value Return on Capital
Growth % Revenue growth
Profitability % Profit Before Tax
Cost effectiveness Cost per employee
• Results of the strategic choices made in the other perspectives

• Represent the long term goals of the organisation
• Set general ground rules and premises for the other perspectives
• Establish expectations in terms of growth and profitability
• Financial risks that are acceptable
• Cost and investment strategies
• Every other measure selected should be part of a cause and
effect relationship ending in the financial objectives
• Used in this way the scorecard is not a group of isolated,
unconnected or conflicting objectives

• The customer perspective addresses the question of

how the organisation is viewed by it’s customers and
how well the firm is serving it’s targeted customers in
order to meet the financial objectives
Objective Measures
Increase Customer satisfaction Customer satisfaction index
Number of Complaints
To be preferred supplier Share of key accounts
To build the Brand Brand awareness index
• How is value is created for customers?
• How customer demand for this value is to be satisfied
• Why will the customer be willing to pay for it? (Internal

Process & Learning and Growth objectives are guided
by this perspective)
The Heart of the scorecard!

Measuring the Customer Perspective
• The different value propositions as perceived by the

customers are at the heart of the strategy
• Use your value proposition to determine leading
indicators
• Consider what the customer expectations are, based
on the your strategy, e.g. operational excellence,
product leadership, customer intimacy
Customer Value Proposition

• Price • Timeliness • Service • Brand
• Quality • Features • Relationships
Internal Process Perspective
• Internal business process objectives address the

question of which processes are most critical for
satisfying customers and shareholders
• These are processes in which the firm must concentrate
it’s effort to perform well
Objective Measures
Manufacturing excellence Manufacturing cycle times
Yield
Increase design productivity Time taken to design and
launch product / service
Improve delivery efficiency Reduce delivery times

Internal Process Perspective
• What processes generate right forms of value for customers and

would lead to the fulfilment of shareholders expectations as well?
• How important is price vs. quality vs. delivery time etc
• The answers will emerge from this perspective
• We should identify the company’s processes on a overall level
• Porter’s “value-chain” model is useful for this purpose
• We need to weed out processes that do not directly or indirectly
create value for the customer
Learning & Growth Perspective
• Learning and Growth metric address the question of

how the organisation must learn, improve, and
innovate in order to meet it’s objectives
Objective Measures
Satisfied employees Employee satisfaction index
Enhance employees competence Competency index

Learning & Growth What do we consider?
• Does the organisation have the ability to Attract, Retain, Develop,

and Motivate employees
• Which core competencies should be cultivated?
• How will you obtain this strategic know how and intelligence
about competitors, customers, processes?
• We need to describe the internal infrastructure for the
transmission of information and for the process of decision
making
• The structure and conditions, i.e. culture, leadership, teamwork
that exist for developing a learning organisation for the
unrelenting defence of the market position
Learning and Growth Perspective
Much
Much of of this
this perspective
perspective isis employee-centered.
employee-centered.
Also
Also include
include information
information and
and organisational
organisational culture
culture aspects
aspects
Core Measures Results

Results
Output
Output&&Outcome
Outcome
Employee
EmployeeRetention
Retention Employee
EmployeeProductivity
Productivity
Enablers
Staff
Staff Technology
Technology Climate
Climatefor
for
Competencies
Competencies&& Infrastructure
Infrastructure Action
Action
Employee
Employee &&Information
Information (Culture)
(Culture)
Satisfaction
Satisfaction
Strategy and the Balanced Scorecards
Norton
Norton and
and Kaplan
Kaplan base
base their
their approach
approach to
to strategy
strategy on
on the
the
general
general strategy
strategy framework
framework articulated
articulated by
by Michael
Michael Porter
Porter
• According to Michael Porter
“Strategy is about selecting the set of
activities in which the organisation will excel
to create a sustainable difference in the
marketplace”
• The strategy map is an effective tool to graphically
depict the strategy and to tell a story of your strategy
The Importance of Cause-and-Effect
“Strategy implies the movement of an organisation from

its present position to a desirable but uncertain future
position. Because the organisation has never been to this
future place, the pathway to it consists of a series of
linked hypotheses. A strategy map specifies the cause
and effect relationships, which makes them explicit and
testable.”
Source:Norton and Kaplan
The
The next
next few
few slides
slides aims
aims to
to illustrate
illustrate how
how strategy
strategy maps
maps are
are
used
used to
to describe
describe and
and depict
depict aa strategy,
strategy, complete
complete with
with cause
cause
and
and effect
effect linkages.
linkages.
Source:Adapted from BSCOL
Strategy Maps & the Balanced Scorecard
IfIf Developed
Developed Properly,
Properly, These
These Strategy
Strategy Maps
Maps Can
Can Provide
Provide the
the
“Alignment
“Alignment of
of Activities”
Activities” that
that Porter’s
Porter’s Definition
Definition Calls
Calls for
for
• Balanced Scorecard “Describes” Financial

Financial
Strategy (outcome
Customer (outcome))
Customer
(outcome
(outcome))
• Strategy Is a Hypothesis
Internal
Internal
Processes
Processes
(drivers)
(drivers)
• Strategy Can Be Described As a
Series of Cause and Effect Learning
Learning&&Growth
Growth
Relationships (A “Strategy Map”) (drivers)
(drivers)
Using the Balanced Scorecard to Measure

value of Intangible Assets
• Intangible assets may not have a direct impact on

financial results
• The value of intangible assets is largely potential – it

must be transformed
• Intangible assets require interdependence for success

Creating Value from Intangible Assets
According
According to to Norton
Norton and
and Kaplan,
Kaplan, strategy
strategy describes
describes howhow an
an
organisation
organisation intends
intends to
to create
create value
value for
for it’s
it’s shareholders.
shareholders. InIn
order
order to
to do
do this,
this, organisations
organisations must
must leverage
leverage theirtheir intangible
intangible
assets.
assets.
Creating value from intangible assets differ from creating
value from tangible assets in the following ways:
1. Value creation is indirect
2. Value is contextual
3. Value is potential
4. Assets are bundled
Value Creation is Indirect
Intangible
Intangible Assets
Assets such
such as
as Information
Information Technology
Technology seldom
seldom have
have
aa direct
direct impact
impact on
on financial
financial outcomes
outcomes such
such as
as increased
increased
revenues,
revenues, lowered
lowered costs
costs etc.
etc.
Financial Revenue
Revenue
Customer
Customer Customer
Customer
Customer Retention
Confidence
Confidence Retention
Service
Service
Internal Process Quality
Quality
Learning & Information

Growth Information
Technology
Technology
Value is Contextual
The
The value
value of
of an
an intangible
intangible assets
assets such
such as
as Information
Information
Technology
Technology depends
depends onon its
its alignment
alignment with
with the
the strategy.
strategy.
Value is Potential
The
The cost
cost of
of investing
investing in in an
an intangible
intangible asset
asset represents
represents aa poor
poor
estimate
estimate ofof its
its value
value to
to the
the organisation.
organisation. Intangible
Intangible assets
assets such
such
as
as ITIT have
have potential
potential value
value but
but not
not market
market value.
value.
• Internal processes such as design, production, delivery,

and customer service are required to transform the
potential value of intangible assets.
• If the internal processes are not directed at the
customer value proposition or financial improvements,
the potential value will not be realised

Assets are Bundled
Intangible
Intangible assets
assets seldom
seldom create
create value
value by
by themselves.
themselves. TheyThey do
do
not
not have
have aa value
value that
that can
can bebe isolated
isolated from
from organisational
organisational
context.
context. Maximum
Maximum valuevalue isis created
created when
when allall the
the intangible
intangible
assets
assets are
are aligned
aligned with
with each
each other,
other, and
and with
with the
the strategy.
strategy.
IT +
+ ITLeadership
Leadership
IT
IT
IT
ITOrganisation
Organisation Processes
Processes
(RACI)
(RACI)
+
IT Investments
+ I/T
Climate I/TInfra-
Infra-
Climate structure
structure
(Culture)
(Culture)
Strategic
Investments IT
IT
Must be Bundled + Competency
Competency
+
Source:BSCOL, Norton & Kaplan
Step-by-Step
Developing the
IT Balanced Scorecard

Implementing the Balanced Scorecard
The
The components
components of
of an
an effective
effective Balanced
Balanced Scorecard
Scorecard are
are your
your
organisation’s
organisation’s Mission,
Mission, Core
Core Values,
Values, Vision
Vision and
and Strategy
Strategy
• This section will examine each of the building blocks of

the Balanced Scorecard and consider what they are,
how to develop them, and their important role in the
development of the IT Balanced Scorecard
The Balanced Scorecard Building Blocks

MISSION
MISSION
Why
Whywe
weExist
Exist
VALUES
VALUES
What
What isImportant
is ImportanttotoUs
Us
VISION
VISION
What
What wewant
we wantto
toBe
Be
STRATEGY
STRATEGY
Game
Game Planfor
Plan forSuccess
Success
STRATEGY
STRATEGYMAPMAP
Visual
Visual Representationof
Representation ofKey
KeyObjectives
Objectives
BALANCED
BALANCEDSCORECARD
SCORECARD
Perspectives,
Perspectives, Objectives, PerformanceMeasures,
Objectives, Performance Measures,Targets,
Targets,Initiatives
Initiatives
TARGETS
TARGETSAND
ANDINITIATIVES
INITIATIVES
What
What we Needto
we Need toDo
Do
CASCADING
CASCADINGOBJECTIVES
OBJECTIVES
Performance
PerformanceMeasures
Measuresfor
forAll
AllDepartments
Departments&&Individuals
Individualsbased
basedon
onoverall
overallGoals
Goals
STRATEGIC
STRATEGICOUTCOMES
OUTCOMES
The
The Impact of What we Needto
Impact of What we Need toDo
Doon
onthe
theOrganisation
Organisation
Source:Norton & Kaplan, Strategy Maps
Steps Involved in Building the IT Balanced
Scorecard
1. Understand the Business Strategy
2. Develop and align the IT strategy
• IT’s mission, values, vision
• Undertake environmental scan and SWOT analysis
• Undertake strategic planning, develop strategies and choose
strategic themes
3. Build the IT Balance Scorecard:
• IT Perspectives (KRAs)
• IT Objectives (KPOs)
• IT Strategy Map
• IT Measures (KPIs)
• IT Targets
4. Develop IT initiatives
5. Cascade Balanced Scorecard down the IT Organisation
6. Cascade Balanced Scorecard to individual employees
Understanding the Business Strategy
According
According to
to Cobit,
Cobit, the
the organisation
organisation strategy
strategy should
should be
be
translated
translated by
by the
the business
business into
into objectives
objectives for
for its
its use
use of
of IT-
IT-
enabled
enabled initiatives
initiatives
Business
Business
Business Strategy Objectives
Objectives for
for IT
IT
• These organisation’s objectives IT

IT
in turn, should lead to a clear Objectives
Objectives
definition of IT’s own objectives
• And then these in turn define the IT resources Enterprise

Enterprise
and capabilities (the organisation architecture Architecture
Architecture for
for IT
IT
for IT) required to successfully required to (IT
(IT resources
resources
execute IT’s part of the organisation’s strategy
& capabilities)
& capabilities)

Understand the Alignment Requirements
Alignment
Alignment means
means getting
getting all
all the
the resource
resource deployment,
deployment,
decision
decision making
making and
and team
team and
and individual
individual effort
effort throughout
throughout the
the
organisation
organisation aligned
aligned with
with achieving
achieving thethe organisation’s
organisation’s goals
goals
Corporate
Corporate Scorecard Line Business Support Units

(Shared Strategic Agenda)
Themes Measures SBU SBU SBU SBU IT HR Finance
A B C D
1. Financial Growth Xxx
2. Delight the Consumer Xxx
3.Win-Win Relationship Xxx
4. Safe and Reliable Xxx Xx Xx Xx Xx
5. Competitive Supplier Xxx xx xx xx xx
6. Good Neighbor Xxx
7. Quality Xxx
8. Motivated and Prepared Xxx
Xx Xx Xx Xx Xx Xx Xx
xx xx xx xx xx xx xx
Understand the Business Goals

Perspective Objective
Financial Expand market share.
Increase revenue
Return on investment
Optimise asset utilisation
Manage business risks
Customer Improve customer orientation and service
Offer competitive products and services
Ensure service availability
Agility in responding to changing business requirements (time to market)
Optimise cost of service delivery
Process Automate and integrate the organisation value chain
Improve and maintain business process functionality
Lower process costs
Comply with external laws and regulations
Improve and maintain operational and staff productivity
Learning & Acquire and maintain skilled and motivated personnel
growth
Obtain reliable and useful information for strategic decision making
Develop culture of product / business innovation
Mission and Vision
Mission
Mission and
and vision
vision statements
statements set
set the
the general
general goals
goals and and
direction
direction for
for the
the organisation.
organisation.
They
They help
help shareholders,
shareholders, customers,
customers, andand employees
employees
understand
understand what
what the
the company
company isis about
about and
and what
what itit intends
intends to
to
achieve.
achieve.
• Companies make their mission and vision statements

operational when they define a strategy for how the
mission and vision will be achieved.
What is a Mission Statement?

“A group of people get together and exist as an institution that we
call a company so the are able to accomplish something collectively
that they could not accomplish separately-they make a contribution
to society,….do something which is of value.”
David Packard
“The Mission Statement is a crucial element in the strategic planning

of a business organisation. Creating a mission is one of the first
actions an organisation should take. This can be a building block
for an overall strategy and development of more specific functional
strategies. By defining a mission an organisation is making a
statement of organisational purpose.”
Leann Cardani

Why a Mission Is “Mission-Critical” to the
Balanced Scorecard
“The
“TheBalanced
BalancedScorecard
Scorecardisisnot notdesigned
designedto toact
actas
asan
anisolated
isolated
management tool, instead, it is part of an integrated approach
management tool, instead, it is part of an integrated approach to to
examining
examiningour ourbusiness
businessand
andproviding
providingus uswith
withaameans
meanstotoevaluate
evaluateour
our
overall
What
overall success.
does
success. Above
Above all
it all the Scorecard
translate? is a tool designed to offer faithful
the Scorecard is a tool designed to offer faithful
translation”
translation”
The Scorecard decodes our Mission, values, vision,

and strategy into performance objectives and measures
in each of the four Scorecard perspectives.
Paul R Niven. The Balanced Scorecard Step by Step.
How to Write a Mission Statement
• A mission statement should say who your company is, what you
do, what you stand for and why you do it.
• An effective mission statement is best developed with input by all
the members of an organisation.
• The best mission statements tend to be 3-4 sentences long.
• Avoid saying how great you are, what great quality and what
great service you provide.
• Examine other company's mission statements, but make certain
your statement is you and not some other company. That is why
you should not copy a statement.

Defining the Mission
• Mission is a concise, inspirational statement of

purpose, values, and beliefs that reflect the unique
nature of an organisation
• A mission statement reflects the organisation’s purpose
and values in terms of its products and services,
customers, employees, and markets
Example:
Mission: ABSA - To be partners in growing South Africa's prosperity....

by being the leading financial services group serving all our
stakeholders
How does IT Support the Mission?
• IT supports the Organisation’s Mission through

alignment with the Strategy and by acting as an
enabler
• IT therefore needs to support the business in the
achievement of the strategic objectives, and in so
doing to fulfil its mandate
• However, IT has its own mission

What is IT’s Mission?
COBIT
COBIT provides
provides the the following
following definition
definition of
of IT’s
IT’s purpose
purpose
“To
“To provide
provide the
the information
information thethe organisation
organisation needs
needs toto achieve
achieve
its
its objectives,
objectives, ITIT resources
resources need
need to
to be
be managed
managed by by aa set
set of
of
naturally
naturally grouped
grouped processes.”
processes.”
What
What information
information
does
does the
the business
business need?
need?
Business
Business Governance
Governance
Requirements
Requirements Requirements
Requirements
Information
Information
Services
Services
Information
Information
Criteria
Criteria
What is IT’s Mission?

COBIT
COBITfurther
furtherdescribes
describes“The
“TheITITorganisation
organisationdelivers
deliversagainst
againstthe
the
business objectives by a clearly defined set of processes that’s uses
business objectives by a clearly defined set of processes that’s uses
people
peopleskills
skillsand
andtechnology
technologyinfrastructure
infrastructureto
torun
runautomated
automatedbusiness
business
applications, leveraging business information.”
applications, leveraging business information.”
deliver
Information
Information
Enterprise Architecture
for IT running
Applications
Applications
IT
IT
Processes
Processes
Infrastructure
Infrastructure
needing
People
People
managed
Analytix Intellectual Property
by 174
Defining the Organisation’s Vision
The
The Vision
Vision isis aa statement
statement that
that defines
defines where
where we
we want
want to
to go
go
in
in the
the future
future
• A vision statement provides a word picture of what the

organisation intends ultimately to become – which may
years into the future for example, within 3 to 5 years
Example:
Vision: ABSA - To be a customer-focused financial services group in

targeted market segments.
What is IT’s Role in Realising the Vision?
ITIT needs
needs to
to develop
develop aa vision
vision of
of how
how itit will
will support
support the
the
organisation
organisation toto realise
realise the
the organisational
organisational vision
vision
The
TheCompany
CompanyVision
Vision The
TheIT
ITVision
Vision
“We st
“Wewill
willbe
bethe
the11stchoice
choicefor
forcustomers
customersand
and To
Tobe
beaavalue-adding
value-addingprovider
providerofofappropriate
appropriate
remain the industry leader”
remain the industry leader” technology
technology solutionstotothe
solutions theBusiness
Business
• IT plays a role in assisting the business to realise the

organisation’s vision
• In turn, IT needs to define its own Vision that defines
where it wants to go in the future

SWOT Analysis Framework
Undertaking
Undertaking aa SWOT
SWOT analysis
analysis provides
provides aa information
information that
that
will
will be
be used
used when
when deciding
deciding on
on improvements
improvements
Environmental
Environmental
Scan
Scan
Internal External
Internal External
Analysis Analysis
Analysis Analysis
Strengths
Strengths Weaknesses Opportunities Threats
Weaknesses Opportunities Threats
SWOT
SWOT
Matrix
Matrix
Strengths and Weaknesses
Strengths
Strengths and
and weaknesses
weaknesses include
include those
those aspects
aspects which
which
management
management have
have control
control over
over
• Strengths – are the organisations resources and capabilities that can
be used as basis for developing a competitive advantage. Examples
include:
– Good reputation among customers
– Cost advantages from know-how
– Good human resources and management
• Weaknesses – the absence of certain strengths may be viewed as

weaknesses. Examples include:
– A weak brand name
– Poor reputation among customers
– High cost structure
– Lack of access to resources

Opportunities and Threats
Opportunities
Opportunities and
and threats
threats cannot
cannot be
be controlled
controlled
• Opportunities – The external environmental analysis may reveal

certain new opportunities. Examples include:
– An unfulfilled customer needs
– Arrival of new technologies
– Loosening of regulations
– Removal of international trade barriers
• Threats - the external environmental analysis also may reveal

present threats to the organisation
– Shifts in consumer tastes away from organisations products
– Emergence of substitute products
– New regulations
– Increased trade barriers
Defining Strategic Themes
• Strategic themes broadly define the business and allow

the organisation’s vision to be decomposed into
operational effort.
• Strategic themes make it possible to turn a vision into
specific strategies that business and support units can
work on
• Strategic Objectives make up strategic themes and are
the detailed game plans that describe what is to be
done and how it is to be accomplished

Why are Strategic Themes Important?
• Reinforce the notion that the balanced scorecard is a

tool for formulating, implementing, and communicating
organisational strategy
• Allow the organisation’s vision to be decomposed into

specific operational events and decisions that people
can understand and support
• Provide focal points for organising the remaining steps

in building the scorecard
IT Business Contribution lies at Two Levels

“Success
“Success in
in delivering
delivering the
the portfolio
portfolio of
of infrastructure
infrastructure and
and
applications
applications is measured, in the customer perspective at
is measured, in the customer perspective at two
two
levels”, according to Norton and Kaplan
levels”, according to Norton and Kaplan
Basic Competency Value Adding
Level Contribution Level
• The supply of reliable , high • IT helps business units to

quality IT services at become more productive and
competitive costs profitable
• IT ultimately, becomes a vital

component in the success of
the business unit’s
differentiation strategies

IT Strategic Themes - Aligning IT with Business
The
TheITITorganisation
organisationmust
mustmaintain
maintainbalance,
balance,through
throughbeing
beingcompetent
competentatatbasic
basic
necessary services while developing capabilities to cooperate with the business
necessary services while developing capabilities to cooperate with the business
units,
units,offering
offeringthem
themcustomised
customisedservices,
services,solutions,
solutions,and
andtechnologies
technologiesthat
thathelp
helpthem
them
advance their strategies
advance their strategies
Achieve
Achieve Business
Business
Support
Support
Operational
Operational Growth
Growth
the
the
Excellence
Excellence Orientation
Orientation
IF
Business
Business
IFIT
ITprocesses
processes And
AndTHEN
THENthis
this
are THEN
THENthis
thismay
may
are optimisedand
optimised and may support
may support
Platforms
Platforms
enhance the
enhance the business
business
and
andarchitectures
architectures support
supportofof
standardised
to
to developnew
develop new
standardised business
business
this products and
products and
thismay
mayresult
result processes
processes
in better markets
marketsand
and
in better
quality
qualityofofsystems
systems grow
grow
Analytix Intellectual Property

Time183
Theme 1 : Achieve Operational Excellence
• Access to timely and accurate information and

computing resources reliably at reasonable cost
• “IT provides a cost-effective portfolio of core technology
infrastructure – the shared technology and managerial
expertise required to deliver computing services to
employees – and basic technology applications,
including ERP and other transaction-processing systems
that automate the basic repetitive transactions of the
enterprise”

Theme 2: Create and Support Business Unit
Partnerships
“The IT unit becomes the trusted adviser to operating
managers on how to deploy information technology to
improve business unit profitability and external
customer satisfaction. The technology includes
analytical applications, the systems and networks –
such as CRM that promotes analysis, interpretation,
and sharing of information and knowledge.”
Theme 3: Provide Strategic Support to Business
“IT supplies innovative and emerging technology-based

solutions that help business units position themselves for
competitive advantage. IT introduces transformational
applications, the systems and networks that change the
prevailing business model of the organisation.”

Connecting Goals, Strategies and Objectives
Strategies Expected Outcomes
•Retirement of old infrastructure

Reduce
Reducespending
spending •Increase investment of new applications
•Smaller staff focused on High value IT Projects
•Savings from reduction in IT acquisition costs

Infrastructure
InfrastructureManagement
Management •Improved workstations & productivity
•Increased interoperability
•Better alignment of IT Spending

Leverage
LeverageIT
ITResources
Resources •Increase productivity
•Improved IT resource allocation
Business •IT Resource focused business

BusinessProcess
Process
Driven Solutions •Increased speed in delivering new solutions
Driven Solutions •Tighter IT Spending focus
Best Practice
• A typical organisation could have +-5 strategic themes,

and business and support units would develop
strategies that support the strategic themes.

BALANCED SCORECARD
Perspectives and Objectives
Develop strategic objectives (KPAs)

The
The organisation’s
organisation’s strategy
strategy determines
determines the
the key
key objectives
objectives and
and
serves as the foundation for organisational and performance
serves as the foundation for organisational and performance
measures
measures at
at Corporate,
Corporate, Business
Business Unit,
Unit, and
and Individual
Individual
Employee
Employee level.
level.
The process involves:

1. Choosing the perspectives
2. Defining the Objectives
3. Categorising objectives by strategic theme and
perspective

IT Balanced Scorecard Perspectives
Changes to IT
IT Value
Value Perspective
Perspective
perspectives should “If
“Ifwe
wesucceed,
succeed,how
howwill
willwe
wecreate
create
be governed by business value from IT investments?
business value from IT investments?
strategic reasons Customer
Perspective
and not on some “To
“Toachieve
achievethe
thevision,
vision, how
how must
mustwe
we
sort of stakeholder look to our end-users & management?
look to our end-users & management?
model
IT
IT Process
Process Perspective
Perspective
“To
“Tosatisfy
satisfyour
ourcustomers,
customers,at
at
which processes must we excel?
which processes must we excel?
Learning
Learning &
& Growth
Growth
“To
“Toachieve
achieveour
ourvision,
vision,how
howmust
must
Why are objectives important?
• Objectives are the basic building blocks of the

balanced scorecard
• Define the organisation’s strategic intent
• Form a path of cause-effect linkages that describe

strategy (strategic map)
• Link performance measures to strategy

Definition of an Objective
Objective
Objective - - AA concise
concise statement
statement describing
describing the
the specific
specific things
things
an organisation, business unit / department,
an organisation, business unit / department, team andteam and
employees
employees must must do
do well
well in
in order
order to
to execute
execute the
the organisation’s
organisation’s
strategy
strategy
• Objectives often begin with an action verbs such as
increase, reduce, improve achieve, etc.
• Objectives can be defined at many levels:

– High level, strategic objectives (Become market leader)
– Lower level, more specific objectives (Improve customer delivery
times)
– Extremely specific (Increase personal language skills)
How Many Objectives
• It is better to have a small number of relevant objectives

to describe and articulate the organisation’s strategy
• Ten to twelve objectives may be enough

What is required to achieve IT Alignment?
• Ascertaining that IT strategy is aligned with business strategy

• Ascertaining that IT delivers against the strategy (delivering on
time and within budget, with appropriate functionality and the
intended benefits, is a fundamental building block of alignment and
value delivery) through clear expectations and measurement (e.g.,
balanced business scorecard)
• Directing IT strategy to balance investments between systems that
support the Organisation as is, transform the Organisation or create
an infrastructure that enables the business to grow and compete in
new arenas
• Making considered decisions about focus of IT resources: i.e. how
IT assist the business to break into new markets, drive competitive
strategies, increase overall revenue generation, improve customer
satisfaction, assure customer retention
ISACA
Business Goals
Perspective Objective
Financial Expand market share.
Increase revenue
Return on investment
Optimise asset utilisation
Manage business risks
Customer Improve customer orientation and service
Offer competitive products and services
Ensure service availability
Agility in responding to changing business requirements (time to market)
Optimise cost of service delivery
Process Automate and integrate the organisation value chain
Improve and maintain business process functionality
Lower process costs
Comply with external laws and regulations
Transparency
Comply with internal policies
Improve and maintain operational and staff productivity
Learning & growth Acquire and maintain skilled and motivated personnel
Obtain reliable and useful information for strategic decision making
Develop culture of product / business innovation
IT Objectives
P ersp ectiv e S trateg ic T h em e O b jectiv e
F in an cial B usiness Im prove IT ’s cost-efficiency and its contribution to business profitability
C u sto m er C ustom er E nsure the satisfaction of end users w ith service offerings and service levels
S atisfaction E nsure that IT dem onstrates cost-efficient service quality, continuous im provem ent and
IT P ro cess O perational A cquire and m aintain an integrated and standardised IT infrastructure
E xcellence A cquire and m aintain integrated and standardised application system s
D eliver projects on tim e and on budget m eeting quality standards
M ak e sure that IT services are available as required
O ptim ise the IT infrastructure, resources and capabilities
R educe solution and service delivery defects and rew ork
M aintain the integrity of inform ation and processing infrastructure
A ccount for and protect all IT assets
E nsure IT services and infrastructure can properly resist and recover from failures due to
E nsure m utual satisfaction of third-party relationships
P rotect the achievem ent of IT objectives
C reate IT agility
S upport the D efine how business functional and control requirem ents are translated in effective and
B usiness efficient autom ated solutions
E nsure critical and confidential inform ation is protected
E nsure m inim um business im pact in the event of an IT service disruption or change
E nsure autom ated business transactions and inform ation exchanges can be trusted
E nsure proper use and perform ance of the applications and technology solutions
E stablish clarity of business im pact of risk s to IT objectives and resources
O ptim ise the use of inform ation
S eam lessly integrate applications and technology solutions into business processes.
B usiness G row th R espond to business requirem ents in alignm ent w ith the business strategy
O rientation E nsure transparency and understanding of IT cost, benefits, strategy, policies and service
G overnance and E nsure IT com pliance w ith law s and regulations
C om pliance R espond to governance requirem ents in line w ith board direction
L earn in g & IT C om petence A cquire and m aintain IT sk ills that respond to the IT strategy
Aligning the IT Objectives
Organisation IT
Financial
Financial Financial
Financial
Customer
Customer Customer
Customer
Business
BusinessProcess
Process ITITProcess
•Increase productivity and innovation Process
•Outsource non-core activities •Optimise IT processes and standardise IT Platforms
•Adapt cost structures and business process flexibility •Implement on time/budget
•Pool technical expertise and deliver innovation •Support end-users
•Invest wisely and stay alert to new business opportunities •Improve business processes
•Reduce risk, improve safety & contribute to community •R&D emerging technologies & provide solutions
•IT Governance
Learning
Learning&&Growth Learning
Growth
•Focus on competencies driving productivity & innovation Learning&&Growth
Growth
•Provide information in the company in a consistent, •Attract, Develop, Retain & Motivate IT team
accurate and trusted way •Enhance Information Delivery and Knowledge Management

Example IT Balanced Scorecard
Perspective Strategic Theme IT Strategic Objective

Financial Cost Efficiency Managing Cost of IT
Revenue Generation Enable increase in revenue and market share
Customer Customer Satisfaction Ensure satisfied end-users and external customers
Business Alignment Demonstrate Value add and alignment of IS
Internal IT Keep the Engine Running Optimise IT internal process
Processes
Standardisation Standardise IT architectures, platforms and processes
Realise economies of scale through “global” sourcing and collaboration
Business Alliance Acquire and Implement solutions according to plan and budget
Effectively support end-users
Leverage IT to improve business processes and effectiveness
Understand business unit strategies and operations
Innovation Understand emerging technology and application thereof
Identify and motivate global IS solutions
Compliance IT Governance & Legal Compliance
Learning and IT Competence Attract, Develop and Retain Motivate IT team
Growth
Information Leadership Enhance IS, and Knowledge Management
More Examples of IT Objectives and Measures

• Monthly Budget Spend • Actual spend for month against budgeted spend reflecting financial planning and
control
• Cost recovery vs.. Budgeted Recovery• Effective recovery of costs against services used and budgeted for
• Actual Cost recovery vs.. Spend
• Ability to manage financial resources within prudent boundaries
• Forecast Spend
• Estimated final spend for the financial year
• Business Confidence Indicator
• Extent of trust the BU’s have in IT and IT’s abilities
• BU’s aligned
• BU’s aligned with the ETS in terms of their technology strategies
• Projects with agreed dates
• Commitment and management of projects
• Projects with slippage

• Projects past agreed dates, also affects the customer perception
• Manpower slippage
• Extent of budgeting to actual spend deficit indicating scoping and costing accuracy
• Consistency of achievement of target availability parameters
• Key IT Systems availability
• Indicative of responsiveness to critical situations
• Average age of S1 problems in hours
• # of S1 problems opened • Indicative of stability and monitoring of system
• Overall SLA rating • Extent of satisfaction with service delivery (operational)
• Good ratings % • Extent of satisfaction with service delivery (operational)
• Staff turnover • Indication of staff satisfaction
• % it budget allocated to training • Indication of investment in staff
• vs.. actual
• Staff satisfaction • Indication of satisfaction of staff with management conditions
• % IT budget spent with BEE vendors • Commitment to BEE initiative
• EE turnover
• EE drive • Ability to retain employees from previously disadvantaged population groups
• Extent to which the employment target for EE ratios are being met

Increase
Productivity Strategy Shareholder Growth Strategy
Value
Financial
Perspec- Improve cost Improve asset Expand revenue
Enhance
customer
tive structure utilisation opportunities
value

Customer Perception of Price, Quality,
Customer Image & Brand
Perspec- Satisfaction Availability, Selection, Perception
tive Functionality, Relationship
Operations & Management Customer Management Innovation & Design Regulatory& Social
Processes Processes Processes Processes
Internal
-Supply -Regulatory
(Process) -Selection -Opportunity ID
-Employment
-Production
Perspec- -Distribution
-Acquisition -R&D Portfolio
-Safety, Health,
-Retention -Design / Develop
tive -Risk
-Growth -Launch
Environment
Management -Community
Human Capital Information Capital Organisational Capital

Learning -Attract -Culture
--Knowledge Management
& Growth -Retain
Product, Market, Customer,
-Alignmnet
-Develop -Leadership
Perspec- -Motivate
Business Intelligence
-Teamwork
tive
The STRATEGY MAP

Visual Representation of Key
Objectives
The Strategy Map
The
The cause-and-effect
cause-and-effect relationships
relationships illustrate
illustrate the
the hypothesis
hypothesis
behind
behind the
the organisation’s
organisation’s strategy
strategy

The Strategy Map
Strategy
Strategy map
map development
development steps
steps include:
include:
• Identifies all of the objectives
• Links the cause-effect relationships among objectives
• Shows both the objectives and the cause-effect

relationships among them by the selected perspectives
Why is Strategy Mapping Important ?

Strategy mapping Strategy
Strategy maps
maps assist
assist to:
to:
• Defines the relationships among objectives that are

causes (performance drivers) and objectives that are
effects
• Helps create a balance among objectives, performance

measures, and initiatives
• Helps define the logical consistency of the scorecard

Develop Strategy Map
• Explain strategic links and the process of constructing

them
• List the steps for determining cause-effect relationships
• Link objectives in cause-effect relationships for your
organisation
• Prepare to create a strategic map for your IT
organisation
Cause and Effect of IT Investments
To
To respond
respond to to the
the business
business requirements
requirements for
for IT,
IT, the
the
organisation
organisation needs
needs to
to invest
invest inin the
the resources
resources required
required to
to create
create an
an
adequate
adequate technical
technical capability
capability
Resulting in the desired business outcomes
Increased
Increased
Increased
Increased Profits
Profits
Sales
Sales
ERP SupplyChain
Supply Chain
ERP
System
System AA
Implementation of
Investment in a supply chain
technical capability
The Strategic Role of Information Capital
Productivity Strategy Growth Strategy
Financial
Perspec- Improve cost Improve asset Expand revenue
Enhance
customer
tive structure utilisation opportunities
value

Customer Perception of Price, Quality,
Customer Image & Brand
Perspec- Satisfaction Availability, Selection, Perception
tive Functionality, Relationship
Operations & Management Customer Management Innovation & Design Regulatory& Social
Processes Processes Processes Processes
Internal
-Supply -Regulatory
(Process) -Production
-Selection -Opportunity ID
-Employment
Perspec- -Distribution
-Acquisition -R&D Portfolio
-Safety, Health,
-Retention -Design / Develop
tive -Risk
-Growth -Launch
Environment
Management -Community
Customer Management Processes

Internal Customer Selection Customer Acquisition Customer Retention Customer Growth
•Understand customer segment •Communicate value proposition •Provide premium customer •Cross-selling
Process •Screen unprofitable customers •Customise mass marketing service •Solution selling
Perspec- •Target high-value customers •Acquire new customers •Provide service excellence •Partnering/integrate selling
•Manage the brand •Develop distribution outlets •Create lifetime customers •Customer education
tive
Information Capital Information Capital Information Capital Information Capital

Learning •Customer Database •Database Marketing •Customer Interaction •Customer Info
•Customer Analytics •Lead Management Centre Feedback
& Growth •Profitability Analysis •Sales Force Automation •Problem Tracking •Portfolio Planning
Perspec- System Models
tive •Order Management •Integrated Order
System Mngmnt
Developing Causal Relationships
1. Start with an objective that is the effect to be understood
2. Identify the causes of the effect (another objective)
3. The identified causes that drive performance (i.e. performance

drivers) and form the basis for measuring performance
Note: Measures are then developed to predict future performance

and track current performance

Example: Constructing Strategic Links
• An increase in corporate revenue & profits (1st

objective)
• Requires retention of customers (2nd objective)
• Which requires an increase in the customer satisfaction
(3rd objective)
• Which requires Service Quality to be improved (4th
objective),
• Which requires the interaction with customers to be
enhanced through:
– The implementation of a Customer Relationship software
system (IT) (5th objective) and
– Customer Service training (6th objective)
Constructing a Strategic Link

A strategic link: is a cause-effect relationship among several objectives
It is constructed by if-then logic
Increase
Increase
Financial Revenue&&
Revenue
Profits
Profits
Improve
Improve
Customer Retain
Customer
Customer Retain
Satisfaction Customers
Customers
Satisfaction
ImproveService
Improve Service
Internal Process Quality
Quality
Enhance
Enhance
Learning & Enhance
Enhance Information
Service Skills Information
Growth Service Skills Technology
Technology

Develop an IT Strategy Map
Enable Revenue Generation
Cost Efficiency To be a value-adding
provider of appropriate
technology solution F2. Maximise the IS
Financial
F1. Manage Total Perspective
business value and
Cost of Ownership of
ROI
IT
Customer Satisfaction IT Value Add

Customer
C1. Ensure Satisfied C2. Demonstrate Perspective
IT Customers Value Add of IS
Operational Excellence Support the Business Business Alignment
P8. Understand P5. Effectively

support end-users, IT Process
emerging
technologies acquire and Perspective
through central P3. Achieve IT implement
R&D and synergies (sourcing & according to plan
motivate collaboration)
P7. Closely align

with Business by
P2. Standardise IT business
P1. Optimise IT
architectures, strategies &
Processes
platforms operations
Information Leadership
Competent IT Team L1. Attract, Develop
Learning
L2. Information and Growth
& Retain Global IT
delivery to manage
team Perspective
effectively
BALANCED SCORECARD
Performance Measures

What is Performance Management?
A systematic approach to performance improvement

through:
– An ongoing process of establishing strategic
performance objectives
– Measuring performance
– Collecting, analysing, reviewing and reporting
performance data, and
– Using that data to improve performance and achieve
objectives
What is Performance Measurement
• Performance Measurement can be best understood through

considering the definitions of the words 'performance' and
'measurement' according to the Baldrige Criteria:
– Performance refers to output results and their outcomes obtained
from processes, products, and services that permit evaluation and
comparison relative to goals, standards, past results, and other
organisations. Performance can be expressed in non-financial and
financial terms.
– Measurement refers to numerical information that quantifies input,
output, and performance dimensions of processes, products,
services, and the overall organisation (outcomes). Performance
measures might be simple (derived from one measurement) or
composite.

The Performance Management Challenge
• The challenge for organisations today is how to match and

align performance measures with business strategy,
structures and corporate culture, the type and number
of measures to use, the balance between the merits
and costs of introducing these measures, and how to
deploy the measures so that the results are used and acted
upon.
• To address this challenge organisations are advised to devise a
performance measurement system that provides a set of rules or
guidelines for selecting and deploying performance measures.
Why are Measures Important?

What
Whatgets getsmeasured
measuredgets getsdone
done
IfIfyou
you don’t measure results, you can’t tell success fromfailure,
don’t measure results, you can’t tell success from failure,youyoucan’t
can’tclaim
claim
success or reward it, and you may be rewarding
success or reward it, and you may be rewarding failure failure
IfIfyou
you can’trecognise
can’t recognisesuccess,
success,you youcan’t
can’tlearn
learnfrom
fromit;it;ififyou
youcan’t
can’trecognise
recognise
failure, you can’t correct
failure, you can’t correct it it
IfIfyou
you can’t measureit,it,you
can’t measure youcan’t
can’tmanage
manageititandandimprove
improveit!it!
Measuring performance is important to keep track of:
• What was achieved?
• How efficiently was the work done?
• Was it done in time?
• How were the clients expectations met by the effort?
Other benefits include
• Provide an analytical basis for decision making and allow corrections to be made in business
strategy
• Focus organisation attention on what matters most to success
• Allow measurement of accomplishments, not just of the work that is performed
• Provide a common language for communication

Organisation Performance Measurement
Organisation
Organisation Structure
Structure Dictates
Dictates Measurement
Measurement at
at Different
Different
Levels
Levels
Corporate
Business
Unit
Teams
Employees
Measurement at Different Levels
Output
Output vs.
vs. Outcome
Outcome Measures
Measures
Balanced measures
For the organisation
and executive
Strategic
Outcome Corporate / Executives And Performance management
Plan Goals
Balanced measures
Cu ss For teams and
Sat stome ine
Business Units / isfa r Bus sults
Output ctio Employee Re individuals
Managers n Involvement
And Innovation
Teams / t-
Output Cos eness
(Accomplishment) Individuals Qu a
lity cti v
e ss Ef f e
Qu a
ntity elin
Tim
Exter cy
nal E
Activity f f ec t icien
ivene l E ff
ss Int er n a

Definitions
Output
Output vs.
vs. Outcome
Outcome Measures
Measures
• Outcome - something that follows as a result or

consequence”
• Output - something produced e.g. mineral, agricultural, or
industrial production steel output or mental or
artistic production literary output, or the amount
produced in a given time”
• Accomplishment - “something that has been accomplished i.e.
achievement”
• Input - What was used or done to achieve a particular
end”
• Activityan organisational unit for performing a specific function”
Family of Measures
Terminolog Definition Examples
y Input Value of resources to Rand budgeted/spent
Measure produce an output Staff hours used
Output Quantity or number of units No. of applications processed
Measure produced No. of clients serviced
Efficiency Inputs used per unit of Loans processed per consultant
Measure output Cost per employee
Service Degree to which customers % respondents satisfied with service
Quality are satisfied, or how Error rate per teller
Measure accurately or timely a Average days to process a loan
service is provided
Outcome Qualitative consequences Increase in revenue

Measure associated with a Value of Mortgage Book
programme / services Increase on customer satisfaction
% Market Share
The Measure Family Dimension
• Profitability: Measures the overall effectiveness of the management
organisation in generating profits (profit contribution by
segment/customer, margin spreads).
• Productivity: Measures employee output (units/ transactions/Rand),
the uptime levels and how employees use their time (sales-to-assets ratio,
dollar revenue from new customers, sales pipeline).
• Quality: Measures the ability to meet and/or exceed the requirements
and expectations of the customer (customer complaints, percent returns).
• Timeliness: Measures the point in time (day/week/ month) when
management and employee tasks are completed (on-time delivery,
percent of late orders).
• Process Efficiency: Measures how effectively the management
organisation incorporates quality control, Six Sigma and best practices
to streamline operational processes (yield percentage, process uptime,
capacity utilisation).
• Cycle Time: Measures the duration of time (hours/days/months)
required by employees to complete tasks (processing time, time to
service customer).
Quadrant Approach
Using
Using the
the measurement
measurement quadrant
quadrant to
to decide
decide on
on applicable
applicable
measures
measures
Quantity Quality Timeliness Cost Effectiveness
How
How How Was it
Eco-
Much ? Well ? On time?
nomical?
Outcome or
Effect = What was produced or achieved? Output
Effort = What was used or done

to achieve a particular end ?
Input

Developing Measures
For
For each
each objective,
objective, decide
decide which
which general
general measures
measures apply:
apply:
– Is quality important? Does the stakeholder or

customer care how well the work is done?
– Is quantity important? Does the stakeholder or
customer care how many are produced?
– Is it important to accomplish the element by a
certain time or date?
– Is it important to accomplish the objective within
certain cost limits?
– What measures are already available?
Need to Measure IT’s Ability to Meet

Expectations of Business
ITIT measurement
measurement considerations
considerations
• Fit for purpose, meeting business requirements

• Flexibility to adopt future requirements
• Throughput and response times
• Ease of use, resiliency and security
• Integrity, accuracy, and currency of information
• Compliance
• Time to market
• Cost and time management
• Partnering success
• Skills set of IT

IT Measurement – Uncover IT Issues
ITIT measurement
measurement considerations
considerations
• How often do IT projects fail to deliver what they promised?

• Are end users satisfied with the quality of the IT service?
• Are sufficient IT resources, infrastructure and
competencies available to meet strategic objectives?
• What has been the average overrun of IT operational
budgets? How often and how much do IT projects go over
budget?
• How much of the IT effort goes to fire fighting rather than
enabling business improvements?
Measuring IT’s value add
ITIT Value
Value add
add considerations
considerations
• Delivering on time and on budget

• Delivering benefits that were promised
• Enhancing reputation, product leadership and cost
efficiency
• Providing customer trust and competitive time-to-market

IT Measurements Four Perspectives
Example
Example of
of measurements,
measurements, grouped
grouped by
by perspective
perspective
Cascading Team Goals – IT
Perspective Strategic Objectives (KPA's) Measures (KPI's)

Financial Manage the Cost of ICT % Achievement of budget
Customer Ensure internal customers are satisfied with ICT % customers satisfied with service. Customer
services Satisfaction Survey.
Internal Provide ICT Support the Business in alignment
Leverage Strategic Alliance %
processes with strategy
% projects within agreed dates
Deliver IT Projects according to plan and budget % with time slippage
Manpower overrun %
Key IT systems availability
Average age of priority problems in hours
Provide effective and efficient ICT Service
Delivery & Support Number of priority problem reports opened pm
Overall SLA rating
Poor ratings %
% Managers satisfied that information (reporting)
Provide the required information to the business
satisfy requirements
Ensure ELIDZ,s achievement of strategic % of procurement from BBBEE
empowerment procurement targets % of procurement from SMME
Learning and % Reduction in competency gap (corporate
Develop & Maintain organisational capability
inovation services staff)

Example Scorecard Helpdesk Manager –
Developed based on COBIT’s DS8
Financial Manage the Cost of the help desk % Achievement of budget
Customer Ensure satisfaction of end users with service User satisfaction with first-line support (service
offerings and service levels. desk or knowledge base)
Call abandonment rate
Internal Ensure proper support to end-users of the % of incidents resolved within agreed/acceptable
processes applications and technology solutions. period of time
Backlog of unresolved queries
Analyse, document and escalate incidents in a Average duration of incidents by severity
timely fashion.
Respond to queries accurately and on a timely Average speed to respond to telephone and e-
basis. mail/web requests
% of incidents reopened
Installing and operating an effective efficient % of incidents and service requests reported and
service desk logged using automated tools
# of calls handled per service desk staff per hour
% of first-line resolution based on total number of

requests
% of incidents that require local support (field
support, personal visit
Monitoring and reporting trends Trend reports
Aligning incident resolution priorities with business % systems with formal agreed SLA’s
imperatives
Defining clear escalation criteria and procedures Call types escalation procedures
Develop skills of help desk staff and undertake # of days of training per service desk staff per
career path planning year as per PDP’s
Improve communication and productivirty of help Monthly meetings?
Learning and
Develop own competencies according to PDP
inovation Successfully address own personal competency
gap as per bi-annual assessment and personal
development plan
Example Scorecard – Helpdesk Support based

on COBIT’s DS8
Financial % Achievement of budget
Customer Ensure satisfaction of end users with service User satisfaction with first-line support
offerings and service levels. (service desk or knowledge base)
Call abandonment rate

Internal Ensure proper support to end-users of the % of incidents and service requests
processes applications and technology solutions. reported and logged using automated
help desk tools
Ensure that IT services are available as required. % of incidents resolved within
agreed/acceptable period of time
Analyse, document and escalate incidents in a Average duration of incidents by
timely fashion. severity
Respond to queries accurately and on a timely Average speed to respond to
basis. telephone and e-mail/web requests
% of incidents reopened
Perform regular trend analysis of incidents and % of first-line resolution based on total
queries number of requests
Installing and operating a service desk % of incidents and service requests
reported and logged using automated
tools
Monitoring and reporting trends Backlog of unresolved queries
Learning and Personal Development Successfully address own personal
inovation competency gap as per bi-annual
assessment and personal
development plan

Performance Measurement
The
The Big
Big picture
picture
• Measures will not be ‘perfect’. By the time you have the ‘perfect’
measures, the world will have changed, and they will be
imperfect again
• Aim to be using something more useful than you have used
before, and improve the usefulness on an on-going iterative basis
• It is better to have a small number of useful measures to provide
information that can be considered simultaneously on any
particular subject, than a large number that are less critical. One
measure per objective may be enough
• More than three measures per objectives are probably too many:
after-all, few people can keep more than a handful things in
short-term memory at once
COBIT
and
IT Performance Measurement

COBIT Defines Goals and Metrics at Three
Levels
Goals and metrics are defined in COBIT at three levels:
IT goals and metrics that define
1 What the business expects from
what the business expects from
IT and how to measure it
IT
Process goals and metrics that Measure what the process must
2 define what the IT process must deliver to support IT’s objectives
deliver to support IT’s objectives
Activity goals and metrics that Measures what needs to happen

3 establish what needs to happen inside the process to achieve the
inside the process required performance
IT Goals Process Goals Activity Goals

• Respond to business requirements in Define how business requirements are Engaging with business and senior
alignment with the business strategy translated in service offerings management in aligning IT strategic
• Respond to governance Define the strategy to deliver service planning with current and future
requirements in line with board offerings business needs
direction Contribute to the management of the Understanding current IT
portfolio of IT-enabled business investments capabilities
Establish clarity of business impact of risks Translating IT strategic planning
to IT objectives and resources into tactical plans
Provide transparency and understanding of Providing for a prioritisation
IT costs, benefits, strategy, policies and scheme for the business objectives
service levels that quantifies the business
Analytix Intellectual Property 233 requirements
COBIT Uses Two Types of Metrics

COBIT also uses two types of metrics:
1. Outcome Measure or Key Goal Indicators (KGIs) and
2. Performance Drivers or Key Performance Indicators (KPIs)
The goal indicators of the lower level become performance indicators for the higher
level
IT Key Goal Indicators Process Key Goal Key Performance
Indicators Indicators
Degree of approval of % of IT objectives in the IT Delay between updates of
business owners of the IT strategic plan that support business strategic/tactical plan
strategic/tactical plans the strategic business plan and updates of IT
Degree of compliance with % of IT initiatives in the IT strategic/tactical plan
business and governance tactical plan that support % of strategic/tactical IT plan
requirements meetings where business
the tactical business plan
Level of satisfaction of the representatives have actively
% of IT projects in the IT
business with the current participated
project portfolio that can be Delay between updates of IT
state (number, scope, etc.) directly traced back to the strategic plan and updates of IT
of the project and IT tactical plan tactical plans
applications portfolio
% of tactical IT plans complying
with the predefined
structure/contents of those plans
% of IT initiatives/projects
Analytix Intellectual Property 234 championed by business
owners
KGIs and KPIs
• Key goal indicators (KGI) • Key performance
define measures that tell indicators (KPI) define
management—after the fact— measures that determine how
whether an IT process has well the IT process is performing
achieved its business in enabling the goal to be
requirements, usually expressed reached.
in terms of information criteria: • They are lead indicators of
• Availability of information whether a goal will likely be
needed to support the business reached or not, and are good
needs indicators of capabilities,
• Absence of integrity and practices and skills.
confidentiality risks • They measure the activity goals,
• Cost-efficiency of processes and which are the actions the
operations process owner must take to
• Confirmation of reliability, achieve effective process
effectiveness and compliance performance.
COBIT’s Goals and Measures

• The Figure illustrates the relationship among process, IT and business
goals and among the different metrics with examples from DS5
Define
DefineGoals
Goals
Business Goal IT Goal Process Goal Activity Goal
Detect and
Ensure IT resolve Understand
Maintain
services can unauthorised security
enterprise
resist and access to requirements,
reputation and
recover from vulnerabilities
Measure achievement
leadership information,
Improve and realign
attacks applications and and threats

infrastructure
Is measured by
Is measured by Is measured by Is measured by
Number of Frequency of
Number of
incidents review of the
actual IT Number of
causing public type of security
incidents with access violations
embarrassment events to be
business impact
monitored
Drive
DrivePerformance
Performance

BALANCED SCORECARD
Setting targets
and Identifying Initiatives
Guidelines for Setting Targets
• Measures should have stretch targets that test the

organisation
• Set upper and lower estimates (thresholds) around the
targets to represent better-than expected performance
and lower than expected performance

Weightings and scoring performance
• Weightings show the relative importance of one input or output

against another input or output.
• Every measure in the performance agreement must be assigned a
weighting. The total of the weightings on the performance
agreement must add up to 100 points.
• An important objective may, for example, be assigned a
weighting of 30 out of 100 whereas a less important objective
may be assigned a weighting of 15 out of 100.
• The purpose of the weightings is to show employees what the key
focus areas are in their work. If an objective has a higher
weighting than any of the other objectives, then the employee will
know that this is a key objective in his/her work.
Weighting Objectives
The
The achievement
achievement of
of certain
certain objectives
objectives affects
affects the
the company
company
more
more than
than others
others
• Weighting reflects the relative importance of the
various objectives
Objectives Weight Score Weighted

Objective 1 40% 3 1.2Average
Objective 2 10% 2 0.2
Total 100% 3.1

Setting Targets
Perspective Objectives Measure Target
Financial Manage the cost of IT. % of achievement of IT operational budget 100%
Customer Improve internal customer Internal customer satisfaction survey index (IT) 7
Satisfaction satisfaction
Internal Leverage IT to automate Number of new process automated through IT 5
Process business processes to
improve effectiveness
Understand user % of respondents satisfied with functionality IT 75%

requirements projects delivered
Implementation of new % of new solutions implemented on agreed dates 95%
technologies and and within projects estimate budgets
solutions
Effective support of % uptime of Key IT systems (SLAs with) 98%

technology
Average time taken to resolve high level IT problems 7hrs
(in hrs) (excluding those escalated to other service
providers)
% of help desk calls resolved within 24hrs 85%

Learning and Enhance staff IT Employee satisfaction index 6.8
growth competencies &
% of department employees with completed 100%
satisfaction
Analytix Intellectual Property Performance Agreements
241
What Are Initiatives?
Initiatives – Action-oriented projects that are used to

evaluate strategic direction and test strategic hypotheses.
Initiatives require time and resource commitments to complete
• Are projects that are used to support the execution of

the strategy
• Produce time-sensitive results (i.e. by certain date) that
drive decisions concerning future strategic direction

Why are Initiatives Important?
• Turn strategy into operational terms and actionable

items
• Yield prioritised projects that close the gaps among
current levels of performance and target levels of
performance
• Provide a structured way to eliminate or de-emphasise
projects that will not have major impact on objectives
• Link spending and budgets to results
Steps involved in Developing Initiatives
1. Define initiatives
2. List the information that needs to be included in an
initiative
3. Describe the criteria for selecting a final set of
initiatives
4. Identify key questions for evaluating the impact of
initiatives
5. Discuss case-study and class exercise
6. Identify some initiatives that your organisation could
undertake to support its performance effort

Example Tying Initiatives to Objectives
Perspective Objectives Initiative Owners
Financial Increase shareholder value Implement EVA by March 2005 FD

Grow the mortgage book Mortgage marketing campaign and Operations Director
incentives
Grow revenue Mortgage and Banking Managers Mortgage and Banking

Services GM’s
Improve efficiency Budget and control initiative FD
Client Increase customer satisfaction Customer satisfaction index Customer Satisfaction

Survey
Process Improve customer service processes Mortgage loans applications turnaround Mortgage Manager
Average Banking hall waiting time Branches
Develop new products/services Develop and launch new Banking services by Operations Director
December 2004
Cross sell products/services Design and implement cross-selling initiative CEO and HR
by January 2005
Move clients to electronic channels Implement and market new ATM solutions Operations Director
Learning Enhance staff competency, leadership and Employee satisfaction survey HR Director
and employee satisfaction
% of staff with completed Performance All line managers
growth Agreements
Thank You !

IT Balanced Scorecard v3 - 31

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

IT Balanced Scorecard v3 - 31

Uploaded by

Copyright:

Available Formats

Developing and

Course Presenter: Johan Botha

• Identify the components of an IT strategy

Developing and IT Strategic Plan

Building an IT Balanced Scorecard

Analytix Intellectual Property 2

COBIT® is a registered trademark of ISACA

Analytix Intellectual Property 3

Analytix Intellectual Property 4

Analytix Intellectual Property 5

Analytix Intellectual Property 6

• Instructional using slides and manuals

Analytix Intellectual Property 7

Case Study and Group Work

Analytix Intellectual Property 8

Analytix Intellectual Property 9

The Need for IT Governance

“For many organisations, information and the technology that

Analytix Intellectual Property 10

• Increasing pressure to leverage technology in business strategies

Analytix Intellectual Property 11

Why Does IT Need a Control and Governance

It is an integral part of corporate governance and consists of :

that ensures that the organisation’s IT sustains and extends

Analytix Intellectual Property 14

• Ensuring that IT is aligned with the business

Analytix Intellectual Property 15

The Strategic Alignment Question

This state of harmony is referred to as “alignment.” It is complex,

This may not be attainable for many Organisations because

Analytix Intellectual Property 16

Analytix Intellectual Property 17

IT Alignment requires planned and purposeful

Analytix Intellectual Property 19

5 IT Governance Focus Areas

Focuses on ensuring the linkage of business and IT plans; on defining,

Requires risk awareness, a clear understanding of the organisation’s appetite

Analytix Intellectual Property 20

Analytix Intellectual Property 21

Analytix Intellectual Property 22

• A strategy is typically an idea that distinguishes a

Analytix Intellectual Property 23

• An organisation’s strategy must be appropriate for its:

Analytix Intellectual Property 24

• According to Michael Porter, strategy is defined by:

Source: Competitive Strategy, by Michael Porter

Analytix Intellectual Property 25

What is Strategy? – Michael Porter

• The essence of strategy is choosing to perform activities

Analytix Intellectual Property 26

Analytix Intellectual Property 27

The IT Strategy Challenge

“Strategy is among the most abused and misunderstood

Analytix Intellectual Property 28

Analytix Intellectual Property 29

The COBIT Framework

Analytix Intellectual Property 30

Analytix Intellectual Property 31

What is Good Practice?

"Best practice" is the best identified approach to a situation based

A "best practice" approach means seeking out ideas and

Analytix Intellectual Property 32

The COBIT control framework contributes to the need for