Capability Maturity Framework for e-government: A Multi-dimensional Model and Assessing Tool *

Transcription

1 Capability Maturity Framework for e-government: A Multi-dimensional Model and Assessing Tool * Marcelo Iribarren 1, Gastón Concha 1, Gonzalo Valdes 1, Mauricio Solar 1, María T. Villarroel 2, Patricio Gutiérrez 2, Álvaro Vásquez 2 1 Universidad Técnica Federico Santa María (UTFSM), Santiago de Chile, 2 Ministerio de Economía, Secretaría Ejecutiva de Estrategia Digital, Gobierno de Chile {miribarren, gconcha, gvaldes, msolar}@inf.utfsm.cl, {mtvillarroel, pgutierrez, avasquez}@economia.cl Abstract. This article describes an IT-based, egov-centered and capabilitydriven model for assessing e-government capabilities and maturity of public agencies. It is the result of an initiative of the Chilean government to reinforce its e-government strategy. The proposed model, called egov-mm (e- Government Maturity Model), has three dimensions (a cube) supporting business processes: information criteria, IT resources, and leverage domains. Changing the traditional and exclusive focus on IT, four Leverage Domains are defined: e-strategy, IT Governance, Process Management, and People and Organization Capabilities. The Leverage Domains generate a hierarchical structure with a second level named Key Domain Areas. These areas should be measurable and controllable, so they are related to a third hierarchical level, called Critical Variables, allowing the model s elements to be assessed qualitatively and quantitatively. The capability and maturity of these variables associated with the intersection with the other two axes of the cube establish five levels of capability. The proposed model is strongly supported by the international experience and best practices for IT management and has already been field tested. Key words: e-government, capability, maturity model. 1 Introduction The initial stages of e-government have usually been focused on the introduction of IT to improve the quality of data and to foster horizontal and vertical integration of back-office and front-office systems, generally following the stages of growth model for e-government of Layne and Lee [1]. Through this approach, governments are seeking efficiency, effectiveness, and data quality improvement gains, all of them representing a complex pool of organizational and technological challenges [2]. This * This work was supported by the Government of Chile and the Inter-American Development Bank under the Multiphase Program to Strengthen the Digital Strategy project (code CH- L1001). Document available from

2 stage of e-government development characterizes most of the current strategies in the developing countries of Latin-America, and Chile is no exception. However, we uphold, like other authors [3, 4] that a digital front end by itself is not a necessary and sufficient mechanism of change. In fact, a more reflective and critical use of IT is required, meaning that the organizational core processes and their supporting activities should also be considered when developing the digital front end. Thus, to foster an integrated approach of the problem s various edges, a multidimensional model would be a more useful approach. A well known model also supporting this integrated view is Wimmer s holistic reference framework for e-government [5]. Wimmer s model supports integrated modeling of e-government initiatives, synchronization with technology development, and integration of several stakeholders views in order to develop successful e- government initiatives. The Wimmer model is a good and useful basis for developing successful e-government applications. Although we share this holistic approach, our model is mainly focused on providing strategic reference for public organizations to establish e-government capability evolution roadmaps instead of being a framework for developing e-government projects. This article presents a multidimensional capabilities maturity model, developed by the Chilean government with the support of the Universidad Técnica Federico Santa María (UTFSM), which addresses the above considerations by combining four domains of action of any large organization: organizationl-wide strategic direction, IT governance, process management, and human resources. The rationale under the model design, the model structure, and a methodology for the capability and maturity determination are described in what follows. As inputs for designing the proposed model, called egov-mm (e-government Maturity Model), the following sources of information have been considered: Best practices about e-government, identified through a national and international state-of-the-art survey [6]. Models that provide the standard structure of a CMM (Capability Maturity Model). CMMs for e-government supporting the digital strategies of other governments worldwide. Other specific-purpose models which support the development of large organizations such as those based on IT Governance or Enterprise Architecture approaches. The best practices included in the model s design are related to implementation, measurement and assessment of e-government strategies applied by the countries included in the state-of-the-art survey part of the current project. This survey s sample includes the United Kingdom [7, 8], the USA [9, 10, 11], Australia [12, 13, 14], Canada [15], Sweden [16], South Korea [17], and others. The basic structure of the model was obtained through a comparative analysis of the two main international trends in maturity models applied to the software engineering area: CMMI [18] of the USA, and ISO/IEC [19] of Europe. The specific content of our model arises from the above mentioned international best practices combined with relevant aspects of models specifically developed for e- government [12, 13, 14, 15, 16, 17], and from the authors experience.

3 The approach of the main source for IT Governance was also analyzed: Control Objectives for IT, COBIT [20]. Section 2 presents the general structure of the model. Section 3 presents the details of its components: Leverage Domains and Key Domains Areas. In Section 4 the capability and maturity rationale of the model is described, including an example. We conclude the article in Section 5 by discussing the main advantages of the model and proposing the next steps for further evolution of the model. 2 e-government Capability Maturity Model The focus of the proposed model is driven by two concepts defined in the following paragraph: e-government and IT Governance. Under the model rationale, e-government is the coupling of a government s need to improve quality and efficiency of government information and services delivered to citizens and business by public agencies, and the acknowledgment that ITs have a relevant role to reach such an objective. Therefore, e-government is based on the introduction of a new generation of transactional and distributed information systems whose main aim is the improvement of the core business and supporting processes. This coupling between business needs and IT shifts the classical e-government challenge to a requirement for IT Governance, which is an area of activity where four factors are linked in a continuous improvement cycle: IT is supporting business processes which are executed by people that develop their activities in an organizational context. It should be stated that the proposed model is intended to become a supporting tool for deploying nationwide e-government strategies, that is, it must be translated into an assessment tool which allows diagnosing the capability and maturity level of public agencies that are facing modernization challenges. It does not intend to be a processbased model, neither a tool to manage, monitor or control processes performance. One dimension of the model is based on the definition of Leverage Domains and Key Domain Areas (KDAs). The leverage domains are a logical grouping of KDAs, which are the objects that really can be measured through what we call Critical Variables. Additionally, the model includes a clear distinction between capability and maturity. In fact: Capability level: Is a property of each critical variable and KDA, the capability of the later determined by the capability of its constituent Critical Variables. The weighting of each constituent variable is a parameter which depends on the business domain in which the model is applied or the country s e-government reality. Maturity level: This is a property associated with the whole organization, each level corresponding to a set of KDAs in a given capability level. The organization s maturity level determines a roadmap for e-government development and for its service quality improvement strategy.

4 2.1 General Structure The interaction of the three elements of the model is shown in Fig. 1. The business requirements over the information generated by the organization define Information Criteria that each KDA should satisfy by using IT resources. Each KDA (belonging to a given Leverage Domain) can be assessed by measuring the satisfaction of its objectives through its Critical Variables, which in turn determine the KDA s capability level. Information Criteria IT Resources Leverage Domains Leverage Domains MANAGEABILITY COMPLIANCE AVAILABILITY INTEGRITY CONFIDENTIALITY EFFICIENCY EFFECTIVENESS Key Critical Domain Variables Areas APPLICATIONS DATA INFRASTRUCTURE FACILITIES Fig. 1. Structure of the model showing the three dimensions of interrelated elements. 2.2 Model Elements The model elements are the Information Criteria, the IT Resources, and a hierarchy of Leverage Domains, KDAs and Critical Variables. The three dimensions of the proposed model plus the business requirements interact with each other, generating a dynamic cycle of continuous improvement as shown in Fig. 2. The Information Criteria. To satisfy the business requirements, the information must satisfy certain criteria which constitute the business requirements for this information. These criteria for the information provided by a given KDA are: Effectiveness: the information must be relevant and pertinent as well as being delivered timely, correctly, and consistently. Efficiency: the information must be generated by the most productive and economical use of resources. Confidentiality: the information must be protected from unauthorized disclosure. Integrity: the information must be accurate and complete.

5 Availability: the information must be available when required by the business process, and its associated resources and capabilities must be safeguarded. Compliance: the information must comply with those laws, regulations and contractual arrangements to which the business process is subjected, i.e., externally imposed business criteria as well as internal policies. Manageability: information must be easy to deal with and usable by management to operate the organization and exercise its fiduciary and governance responsibilities. What do Business Stakeholders expect from IT? Which satisfy satisfies Information Business Requirements e - Gov MM Drive the investments in IT Resources What kind of IT resources do we need to operate? To provide Leverage Domains Which are used by How do we organize the IT resources to satisfy the requirements? Fig. 2. Continuous improvement cycle provided by the egov-mm. The IT Resources. The Leverage Domains require IT Resources to generate, store and deliver the information required to reach the business objectives. IT resources are: Applications: information systems and manual procedures used to process data and generate information. Data: on every format required by the business and processed by the information systems. Infrastructure: technology (e.g., hardware, operating systems, database management systems, networking, multimedia, etc.) that enables the processing of the applications. Facilities: the environment that houses and supports the IT infrastructure. The Leverage Domains. They are the model s core elements, over which the different capability levels used to determine the current status of a given organization are established. Four Leverage Domains, 17 Key Domain Areas (KDA), and 54 Critical Variables have been defined. Fig. 3 shows the hierarchical structure of the four domains and their corresponding KDAs (the Critical Variables are not shown). Domains and KDAs are described in the next section.

6 Fig. 3. Leverage domains and key domain areas. 3 Leverage Domains and Key Domain Areas 3.1 E-Government Strategy This domain represents the organization s capability to articulate a consistent e- government vision. In other words, the organization should have an IT strategy aligned with the business strategy, which should consider explicitly a direction in order to get involved in the electronic government. Its KDAs are: (EGS-1) Vision, Strategies and Policies. It allows managing all IT resources according to the organization s vision, business strategy, and priorities. At the same time it allows alignment with national e-government policies.

7 Its objectives are measured or verified by: (1) Extent to which the stakeholders have collaborated to develop the organization s vision, strategy, and egov and IT policies. (2) Degree of alignment between egov vision and the business strategy. (3) Degree of alignment between egov vision and the national egov policies. (4) Degree of alignment of the IT, human capital, and economic resources strategies with the national egov policies. (EGS-2) Enterprise Architecture Strategy. It allows defining the strategy of Enterprise Architecture implementation, aligning it with national/industry reference models and considering a strategy of component reuse in order to build it. Its objectives are measured or verified by (1) existence of an enterprise architecture; (2) existence of a consistent implementation strategy; (3) alignment with reference models; (4) level of reuse of service components; and (5) definition of a business architecture. (EGS-3) IT Management and Organization. It allows defining the organizational structure to implement the IT strategy, to support new business opportunities, to follow industry technology trends, and to support the egov and business visions. Its objectives are measured or verified by (1) the existence of an instance to monitor the technology trends in order to plan and build an adequate IT strategy and enable the creation of new business opportunities; (2) the existence of a plan to create and support IT infrastructure to develop the egov; (3) the existence of an organizational structure with clear positions and responsibilities; and (4) the existence of an IT process map including its interactions. 3.2 IT Governance According to Weill and Ross [21] IT governance is the process by which firms align IT actions with their performance goal and assign accountability for those actions and their outcome. It is therefore necessary to establish a framework which includes the definition of structure, processes, responsibilities, and goals in order to ensure that IT generates the desired outcomes and allows assessing how well the organization achieves its goals (i.e., ensure that IT investments facilitate a reasonable business return). Having this definition in mind, the main aspects to be measured or verified to fulfill each KDA are defined. For this and the following Leverage Domains the KDA s objectives are not included simply due to space limitations. (ITG-1) IT Architecture. (1) Development level of technical architectures that support egov, including applications, technology, network, and security. (2) How well defined are service delivery methods and the required data entities. (ITG-2) Portfolio and Risk Management. (1) How the organization manages new projects and programs. (2) The organization s skills and knowledge to manage project risks to make a smooth transition to egov. (3) Existence of plans and actions to reduce or mitigate risks. (ITG-3) IT Services Delivery. (1) Existence of standards which assure a homogenous quality in services and IT support either to the citizen or to internal users. (2) Management and compliance with the accepted Service Level Agreements.

8 (3) Existence of a formal procedure to manage changes to the infrastructure configuration supporting the critical processes of service delivery. (ITG-4) Asset Utilization. (1) How the organization makes decisions to acquire new IT resources and their priorities. (2) The organization s practices to outsource or insource software development and hardware implantation. (3) Conformance level to the defined acquisition procedures. (4) Usage level of electronic procurement. (5) The level of effective and efficient use of IT assets. 3.3 Process Management This domain represents the organization s capability to articulate a process-based structure with well documented, standardized, and regulation-compliant processes. A process-based organization should allow an online service delivery to citizens with guaranteed quality and facilitate a continuous improvement process. (PRM-1) Business Process Management. (1) Existence of a mechanism to transform the service delivery process into an egov business model characterized by a continuous improvement cycle. (PRM-2) Performance Management. (1) Existence of a mechanism to measure, assess, and learn from the feedback provided by customers about service effectiveness. (2) Existence of a set of balanced goals and measurements in order to control the cost and benefits of the egov initiatives. (PRM-3) Service to Citizens and Business. (1) Documentation and modeling of business processes supporting delivery of the service to citizens and enterprises. (2) Deployment of a quality measurement system of the services delivered to citizen and enterprises. (3) Availability of high-usability electronic channels and support resources backing the spreading of services between citizen and enterprises. (PRM-4) Interoperability. (1) Integration level of business strategy and inter-agency processes achieved with other agencies. (2) Development level of semantic interoperability enabling systems to combine external information in order to process it in a meaningful manner. (3) Existence of technical interoperability that includes key aspects such as open interfaces, interconnection services, data integration and middleware, data presentation and exchange, accessibility, and security services. (PRM-5) Compliance. (1) Compliance level with internal and external norms, policies, and procedures related to egov. (2) Existence, if required, of enough resources to facilitate compliance with internal and external regulations. (3) Existence of appropriate incentives to promote compliance with internal and external norms. (PRM-6) Security and Quality Assurance. (1) Existence of a formal quality assurance system based on recognized standards aligned with the business objectives and promoting a continuous improvement service. (2) Existence of a formal information security management system based on recognized standards. (3) Implementation level of a structured program to measure the quality of service and supporting tools.

9 3.4 People and Organization Capabilities This domain determines the level of organizational and people competences required for an effective and efficient egov implementation. (POC-1) Infrastructure and egov Tools. (1) Availability of fundamental egov tools and technologies (like workflows, electronic documents, electronic signature, intranet, etc.) supporting the organization in the design, implantation, and operation of egov directives. (2) Existence and usage level of value-added tools like Business Intelligence, ERP, SCM, and others. (3) Existence and usage of relevant hardware infrastructure for online services like datacenters, networks, servers, etc. (POC-2) Knowledge Management. (1) Existence of procedures to access, store, share, use, and update the knowledge related to IT and egov. (2) Existence of adequate IT infrastructure to manage knowledge. (POC-3) Human Capital. (1) Existence of mechanisms to ensure the availability of people competences required to support the egov initiatives. (2) Consistency between the previously defined competences and the selection and hiring process of IT people required in the organization. (3) Existence and suitability of a scheduled program and procedures to train and educate IT and non-it people in the organization to assure a professional development. (POC-4) Change Management. (1) How the organization is arranged to manage the change and its cultural impact. (2) Plans to reduce the natural opposition to change and facilitate the use and incorporation of new technologies and systems. 4 Staged Capability and Maturity Model 4.1 Capability and Maturity Determination The model considers a five-level staged development of the KDAs capability. Each KDA includes variables which have capability levels of their own; a weighted average of the resulting variables capability levels determines the KDA s capability level. To determine the variables capability levels, a set of common patterns was defined: in level 1 the capability does not exist, although the organization may have recognized its importance; in level 2 the capability exists but it is neither structured nor formalized; in level 3 the capability exists and is well documented and structured; in level 4 the capability is structured, and metrics and automatic tools have been defined and standardized in order to improve its effectiveness and efficiency; and finally, level 5 implies all the above plus the use of best practices and international standards in the achievement of the capability. To measure the capacity level of each variable a web-based assessment tool was built which has a set of questions for each variable at each level. The questions are directly related to the roadmap that allows the variable s capacity evolution. The organizational maturity level corresponds to a combination of KDAs which are in a given capability level. Following a structure similar to that of CMMI, for each of the five maturity levels a KDA combination has been defined. For example,

10 maturity level 2 includes only 8 of the 17 KDAs, all of them at capability level 2. Maturity level 3 includes 14 of the 17 KDAs, with 9 at capability level 3 and 5 at capacity level Using the KDA Capability Levels This subsection presents an example of how the KDA s capability levels are defined. The selected KDA is Vision, Strategies, and Policies from the e-government Strategy leverage domain. Three capability levels are described. Vision, Strategies and Policies. This KDA must satisfy the business objective of managing and conducting all IT resources according to the business strategy and its priorities. Its relevant Information Criteria are Effectiveness and Availability, and the main IT resources required are Applications and Data. Its level of capability is determined by the following variables: (1) Strategy alignment with the national egov directions. (2) CEO and upper management commitment with the implementation of egov initiatives. (3) Periodic communication to all involved people within the organization. (4) Resource assignment commitment with the implementation of the organizational egov strategy. The capability levels are defined below. Within each level four assertions are presented, one for each variable related to the KDA. Level 1 Initial : (1) There is evidence that the enterprise has recognized that the strategy alignment is important and needs to be addressed; however, there are no actions nor approaches that tend to be applied. (2) There is no awareness and need for the top manager to get involved early with the egov initiatives. (3) There are no formal actions to communicate the egov initiatives to the people in the organization. (4) There is no evidence of resources specifically allocated for the egov implementation. Level 3 Defined : (1) The egov Vision is well defined and it is integrated to the business strategy. There is a policy about IT and egov strategy planning and it is well documented. (2) Top manager and directors are committed to and get involved early in the egov initiatives. (3) The egov vision, policies and strategy have been communicated to and are well understood by all personnel in the organization. (4) Enough monetary resources to support egov initiatives have been assigned. Their allocation is included in the organization s annual budget. Level 5 Optimized and Integrated : (1) The vision is periodically reviewed according to stakeholders needs and new technologies. The strategy and policies are periodically updated according to feedback from clients, suppliers, and government policies. The strategy planning process is continuously compared with the industry standards. (2) Manager and directors have an explicit role assigned in the IT strategy planning process. (3) Personnel, clients, and partners are considered when the egov vision is developed. (4) Resources assigned to the egov initiatives are periodically adjusted according to a cost/benefit analysis and to client satisfaction.

11 5 Conclusions and Future Work Based on the international experience on maturity models and e-government specific models intended to measure the capability of public agencies in developed countries, a model was built and tuned to the characteristics of the public sector of an emerging country. However, two features of the model allow it to be easily adapted to other realities: first, the weighted relationship between critical variables and key domain areas; and second the CMMI compatible structure to calculate organization maturity. During the model s development phase, internationally accepted best practices for IT Governance, like COBIT, were analyzed. Thus, two of the three egov-mm dimensions are already internationally agreed on, namely information criteria and IT resources. The third dimension (i.e., the Leverage Domains) intercepts with the others according to their relevance to a given Key Domain Area. thus facilitating a better adjustment of the model to the diversity of public agencies realities. This dimension is also strongly based on internationally accepted practices. The hierarchy of Leverage Domains, its KDAs, and Critical Variables determine the organization s maturity, and they are involved in a dynamic cycle with business requirements as the main triggering input. This virtuous cycle allows a continuous improvement of service delivery by public agencies, making it easier for them to transit towards higher maturity levels through planned roadmaps. Given the model s attributes, capturing the field experience obtained through its application in the public sector in Chile is being optimized. It had a first adjustment cycle, mostly derived from the results of a pilot test held in April 2008 with the participation of eight public agencies. Massive testing is under way, starting in June 2008, including thirty public agencies. This massive testing is supported by a webbased assessment tool, call center support and a strong preassessment training and awareness program. The model s structure may be seen as rather complex, making its full application difficult. However, a flexible web-based tool developed to support the assessment counteracts this potential disadvantage. It also goes together with the definition of specific profiles that should provide information for KDA subsets, reducing the information collection workload and ensuring the quality of the collected data. We expect that this model will become a useful tool to assess public agencies in the Chilean government and to support e-government strategic programs in other countries. It is also expected to become a tool for supporting the IT investment strategies, e-government roadmaps, and interoperability strategies of the public sector. References 1. Layne, K., Lee J.: Developing Fully Functional e-government: A Four Stage Model. Government Information Quarterly 18, , (2001). 2. Esteves, J., Joseph, R.: A Comprehensive Framework for the Assessment of e-government Projects. Government Information Quarterly 25, , (2008). 3. Cresswell, A., Pardo, T., Canestraro, D.: Digital Capability Assessment for e-government: A Multidimensional Approach. In: Wimmer, M.A., Scholl, H.J., Grönlund, Å., Andersen

12 K.V. (eds.), Proceedings of the 5th Int. Conf. on Electronic Government, EGOV 2006, LNCS vol. 4084, pp , (2006). 4. Andersen, K.V., Henriksen, Z.H.: E-government Maturity Models: Extension of the Layne and Lee Model. Government Information Quarterly 23, , (2006). 5. Wimmer, M.A., Tambouris, E.: Online One-Stop Government: A Working Framework and Requirements. Proceedings of the 17 th IFIP World Computer Congress, Kluwer Academic Publishers, Boston (2002). 6. Valdes, G. et al: Identifying Relevant National e-government Implementations for an Emergent Country: A Selective Survey. Proceedings of the 7 th Int. Conf. on Electronic Government, EGOV 2008, Torino Italy, Trauner Druck (2008). 7. e-government Unit: e-government Interoperability Framework v6.1. Cabinet Office, United Kingdom (2005). 8. e-government Unit: Technical Standards Catalogue v6.2, e-government Unit. Cabinet Office, United Kingdom (2005). 9. C4ISR Interoperability Working Group: Levels of Information Systems Interoperability (LISI). Department of Defense, USA (1998). 10. National Association of State Chief Information Officers: Enterprise Architecture Maturity Model (EAMM) v3.1. USA (2003). 11. Office of Management and Budget: FEA Consolidated Reference Model v2.2. USA (2007) 12. Australian Government Information Management Office: Delivering Australian Government Services, Access and Distribution Strategy. Australia (2006). 13. Australian Government Information Management Office: Australian Government Business Process Interoperability Framework. Australia (2007). 14. Australian Government Information Management Office: Service Delivery Capability Model. Australia (2006). 15. Government of Canada (Developed by KPMG): e-government Capacity Check - Criteria. Canada (2000). 16. Statskontoret: Framework for Assessing the Performance of e-government in Sweden. Sweden (2006). 17. Lee, S.: Korea e-government and Interoperability Efforts. Presentation at the OASIS e- Gov TC Meeting 27 July Washington D.C., USA (2004). 18. Software Engineering Institute: CMMI for Development v1.2., USA (2006). 19. ISO/IEC: ISO/IEC TR 15504: Information Technology - Software Process Assessment. (1998). 20. IT Governance Institute: COBIT 4.1, Framework, Control Objectives, Management Guidelines, Maturity Models (2007). 21. Weill, P., Ross, J.: IT Governance in One Page. CISR Working Paper num. 349 (2004).