IT Management & Governance Diagnostic Program

Transcription

1 IT & Governance Diagnostic Program Prepared for Sample IT Company This report was prepared by Info-Tech Research Group for Sample IT Company on Data is comprised of 6 responses.

2 IT & Governance Diagnostic Program 1. Survey IT leaders to assess IT department strengths and weaknesses Your IT leadership team will complete a short survey which will identify current state of IT & Governance processes focusing on: Ownership 2. Review report and establish clear ownership for critical IT functions With Info-Tech, review your results report to understand your team s perception of each process importance and effectiveness Identify where the gaps exist between your team's process to see where there is a difference in opinion Discuss which processes, if improved, would have the greatest impact on your department and organization Build a plan to ensure clear accountability and to engage a broader team with process accountability Ensure key IT Leaders are not overwhelmed with accountability 3. Book & Conduct A Team Alignment Exercise Gather your team and discuss the discrepancies for the processes with the greatest gaps in. Bring the entire team onto the same page re: which processes are most important and least effective. Establish process owners for the IT processes. Each relevant process must have at least one person accountable for monitoring and improvement initiatives. Info-Tech offers a workshop to help you to complete step 3 & 4 in 5-days at your site. 4. Create A Roadmap Of Key Processes To Improve Once your team has reached a consensus on which processes to focus on, create a process improvement roadmap outlining which processes your team will focus on over the next 12 months. Determine responsibilities and timelines, as well as regular checkpoints with your team to monitor progress. 2

3 High Level Process Landscape (: ) STRATEGY & GOVERNANCE IT & Governance Framework APPLICATIONS DATA & BI EDM01 IT Governance A comprehensive and connected set of research to help you optimize and improve your core IT processes ITRG04 Portfolio ITRG06 Business Intelligence & Reporting IT Strategy APO02 APO01 IT & Policies PEOPLE & RESOURCES SECURITY & RISK APO13 Security Strategy BAI03 Enterprise Selection & Implementation ITRG07 Data Architecture MEA01 Performance Measurement Innovation APO04 APO07 Human Resources INFRASTRUCTURE & OPERATIONS DSS05 Security DSS06 MEA02 Business Process Controls & Internal Audit Development Throughput BAI03 ITRG08 Data Quality EDM02 Business Value Stakeholder Relations APO08 EDM05 ITRG01 IT Organizational Design APO03 Enterprise Architecture Availability & Capacity BAI04 BAI06 Change APO12 EDM03 Risk MEA03 External Compliance BAI07 Development Quality APO05 Portfolio APO06 BAI08 ITRG02 APO09 BAI09 BAI10 BAI07 DSS04 ITRG05 BAI01 Cost & Budget Knowledge Leadership, Culture & Values Service Asset Configuration Release Business Continuity Maintenance Project APO10 EDM04 ITRG03 APO11 DSS01 DSS02 DSS03 DSS04 BAI05 BAI02 Vendor Cost Optimization Manage Service Catalog Quality Operations Service Desk Incident & Problem Disaster Recovery Planning Organizational Change Requirements Gathering FINANCIAL MANAGEMENT SERVICE PLANNING & ARCHITECTURE PPM & PROJECTS This diagnostic program was developed using the Info-Tech World Class Operations framework which is made up of IT processes that map to the COBIT standard based on the numbers in the top right corner. This page is a snapshot of the IT process landscape within your IT department. The processes have been colour coded based on your team s importance and effectiveness for each IT process. Use this page to help you prioritize your IT process improvement initiatives. Improve Process Immediately High and Low Evaluate Process Low and Low Maintain Process Low and High Leverage Process High and High 3

4 Process No Limited Significant Critical These are all of your IT processes ranked based on their perceived importance, from the most important to the least important. Use this data to understand which processes your team believes are crucial to them and to the organization. Top 10 Areas of Disagreement Critical IT Strategy 9.8 Service Desk 9.3 Security Significant Data IT Innovation 9.3 Incident Problem & Quality 9.2 Project 9.2 Cost Optimization 9.2 Knowledge Governance Cost & Budget 9 9 IT Organizational Design Service 8.8 Architecture Data 8.8 Risk 9.3 Business Continuity Recovery Disaster Planning 9 Quality 9 Business 8.8 Availability Capacity & 8.7 Portfolio 8.7 External Compliance 8.5 Security Stakeholder Relations 8.5 Change Enterprise Selection & Implementation Business Portfolio Limited Manage Service Catalog No Development Quality 8.3 Organizational Change Value 8 Human 8.5 Leadership, Culture & Resources Values 8.3 Release Requirements Gathering Vendor Asset 8 Configuration Intelligence & Reporting Performance Measurement 8.7 & Policies Strategy 8.5 IT Enterprise Architecture 8.3 Operations 8.3 Maintenance Business Process Development Throughput 7.7 Controls & Internal Audit 7.8 Red Significant in Alignment 2.7 Development Quality Yellow in Alignment 2.3 Portfolio 2.1 External Compliance 2.1 Enterprise Architecture 2.0 Business Process Controls & Internal Audit 1.6 Business Value 1.6 Development Throughput 1.6 Vendor 1.5 Enterprise Selection & Implementation 1.5 Release Green 0-1 Minimal in Alignment 4

5 Process Not in Place N/A Not Effective Somewhat Ineffective Somewhat Effective Very Effective This page shows all your IT processes in order of their perceived effectiveness, from least effective to most effective. Use this data to understand which processes your team believes are currently performing well and which processes are currently struggling or broken. Top 10 Areas of Disagreement Not In Place Not Effective Development Quality 4.3 Red Significant in Alignment 2.9 Data Quality 2.6 Portfolio Somewhat Ineffective Portfolio Organizational Change 5 Manage Service Catalog 5.8 Development Throughput 5.2 Release 5.3 Change 6 Human Resources Compliance External 6.2 Business Value 6.2 Vendor 6.3 Requirements 5.7 Business Process Controls & Internal Audit Service Desk 6.2 Asset 6.2 Intelligence & Reporting Gathering 6.3 Business Maintenance 6.3 Operations 6.5 Cost Optimization 6.5 Configuration 6.7 Security Strategy 6.7 Enterprise Selection & Implementation Availability & Capacity 6.7 IT Organizational Design 6.8 Disaster Recovery Planning Somewhat Effective IT Governance 7 Service 7 Stakeholder IT Relations 7 Leadership, Culture & Values 6.8 Quality 6.8 Risk Data Quality 6.8 IT & Policies 7 Enterprise Architecture 7 Security 7 7 Business Continuity 7 Cost & Budget 7.2 Data Architecture 7.2 Portfolio 7.2 Innovation 7.3 Project 7.3 Knowledge 7.5 Measurement Performance 7.7 Incident & Strategy 7.7 Problem Service Desk Yellow in Alignment 2.5 Development Quality 2.3 Manage Service Catalog 2.3 IT Organizational Design 2.2 Operations 2.1 Cost Optimization 2.1 Change 2.1 External Compliance Green 0-1 Minimal in Alignment Very Effective 5

6 Process Prioritization Use this grid to prioritize your team s process improvement initiatives. The top processes in each quadrant have been listed in this grid. Please use the following page as reference for any quadrants with additional processes. Focus your time and energy on the processes in the top left quadrant first, which received high importance but low effectiveness. Improve Process Immediately Leverage Process Portfolio Service Disaster Data Cost Configuration Human Asset Manage Vendor Desk Recovery Planning Quality Optimization Business Value Resources Service Catalog IT Incident Security Knowledge Strategy & Problem Strategy & Governance Financial People & Resources Service Planning & Architecture Infrastructure & Operations Security & Risk s Data & BI Development Quality PPM & Projects Additional processes reported in this quadrant Evaluate Process Maintain Process 6

7 Process Prioritization : Additional Results This page outlines additional IT processes that were not displayed in the previous prioritization grid. While it s important to prioritize the processes from the grid first, it is also worth noting in which grid each of these processes were reported. IT Organizational Design Quality Risk Compliance External Security Strategy Operations Maintenance Project Requirements Gathering Business Continuity Business Process Controls & Internal Audit Performance Measurement Innovation Portfolio Enterprise Architecture Intelligence Business & Reporting Enterprise Selection & Implementation Development Throughput Cost & Budget IT Governance Service IT & Policies Availability Capacity & Change Organizational Change Release Stakeholder Relations Data Architecture Leadership, Culture & Values Strategy & Governance Financial People & Resources Service Planning & Architecture Infrastructure & Operations Security & Risk s Data & BI PPM & Projects Grid Placement 7

8 Process Accountability This page outlines the current process accountabilities for each IT process. These individuals have indicated that they are accountable for all of the processes that sit next to their names. Pay particular attention to processes who have more than one individual accountable, as well as processes that have nobody held accountable for them. Determine whether the current accountability distribution makes sense, and which processes need more or less attention. Missing Accountability Hank Moore David Martin If a person has been identified as accountable for three processes or more, a warning sign will show up. Being accountable for too many processes can result in insufficient attention being paid to each individual process. Innovation IT Governance Data Architecture Data Quality Enterprise IT & Policies IT Strategy Performance Measurement Stakeholder Relations Intelligence Business & Reporting Architecture Enterprise Selection & Organizational Change Implementation Project Requirements Gathering Maintenance Availability Capacity & Change Configuration Operations Release Service Business Continuity Recovery Disaster Planning Compliance External Risk Asset Vendor Resources Human Leadership, Culture & Organizational Values IT Quality Manage Service Catalog Service Desk Incident Problem & Portfolio Development Development Throughput Quality Performance Measurement Stakeholder Relations Intelligence Business & Reporting Data Design Business Value Cost Cost & Budget Portfolio Optimization Knowledge Strategy Security Security Architecture Data Quality Business Process Controls & Internal Audit Maintenance Change Operations Release Service Business Continuity External Compliance Risk Asset Leadership, Culture & Organizational Values IT Design Quality Security Business Process Controls & Internal Audit Manage Service Catalog Service Desk Incident Problem & Security Strategy 8

9 Process Accountability Kimberly Wilson Peter Green Karen McCoy Tracy Hall Innovation IT Governance IT & Policies IT Strategy Performance Measurement Stakeholder Relations Enterprise Selection & Implementation Project Requirements Gathering Operations Release Service Compliance External Leadership, Culture & Values IT Organizational Design Business Value Knowledge Quality Innovation IT Governance IT Strategy Enterprise Release Service Business Quality Manage Service Catalog Service Desk Incident Problem & Architecture Availability Capacity & Change Configuration Continuity Recovery Disaster Planning Risk Vendor Organizational IT Design Manage Service Catalog Incident Problem & Security Strategy Security Business Process Controls & Internal Audit IT Strategy Stakeholder Relations Enterprise Selection & Project Maintenance Configuration Release Implementation Asset Knowledge Manage Service Catalog Service Desk Incident Problem & 9

10 Team Process Involvement Accountable Only : I am the owner of this process and I am accountable for the results & outcomes. I have assigned someone else primary responsibility for execution and day to day activities. Accountable & Responsible : I am the owner of this process and I am accountable for the results & outcomes. I am primarily responsibility for execution and day to day activities of this process. Responsible : I am responsible for the execution and oversight of the activities involved with this process. I manage the process maturity and I m responsible to report on results from this process. Consulted & Involved : I am actively involved with this process and consulted on decisions. Involved & Informed : I am actively involved with this process and told about decisions surrounding this process. Not involved : I am not actively involved in this process or the decisions surrounding this process. Accountable Only Accountable & Responsible Responsible Only Involved: Consulted Involved: Informed Not Involved Accountability Conflict Accountability Conflict & Responsibility Conflict Responsibility Conflict Peter Green Availability & Capacity Business Continuity IT Governance IT Organizational Business Process Controls & Internal Audit Change Configuration Design IT Strategy Incident & Problem Innovation Disaster Recovery Planning Architecture Enterprise Release Risk Security Strategy Security Service Vendor Maintenance Asset Compliance External Requirements Gathering Stakeholder Relations Portfolio Business Value Manage Service Catalog Quality Development Throughput IT & Policies Knowledge Leadership, Culture & Values Organizational Change Cost & Budget Optimization Cost Enterprise Selection & Human Resources Operations Portfolio Project Service Desk Performance Business Intelligence & Reporting Data Architecture Data Quality Implementation Measurement Development Quality 10

11 Team Process Involvement Accountable Only : I am the owner of this process and I am accountable for the results & outcomes. I have assigned someone else primary responsibility for execution and day to day activities. Accountable & Responsible : I am the owner of this process and I am accountable for the results & outcomes. I am primarily responsibility for execution and day to day activities of this process. Responsible : I am responsible for the execution and oversight of the activities involved with this process. I manage the process maturity and I m responsible to report on results from this process. Consulted & Involved : I am actively involved with this process and consulted on decisions. Involved & Informed : I am actively involved with this process and told about decisions surrounding this process. Not involved : I am not actively involved in this process or the decisions surrounding this process. Accountable Only Accountable & Responsible Responsible Only Involved: Consulted Involved: Informed Not Involved Accountability Conflict Accountability Conflict & Responsibility Conflict Responsibility Conflict Karen McCoy Maintenance Project Release Asset Configuration Incident & Problem Knowledge Manage Service Catalog Service Desk Stakeholder Enterprise Architecture Innovation Availability Capacity & Business IT Governance Enterprise Selection & Implementation IT Strategy Relations Portfolio Change Continuity Business Value Cost Optimization Recovery Disaster Planning IT & Policies Leadership, Culture & Values Operations Portfolio Quality Risk Security Strategy Service Development Development Quality Intelligence Throughput Business & Reporting Business Process Controls & Internal Data Architecture Data Quality External Requirements Gathering Security Vendor Audit Cost & Budget Compliance Resources Human Organizational IT Design Organizational Change Measurement Performance 11

12 Team Process Involvement Accountable Only : I am the owner of this process and I am accountable for the results & outcomes. I have assigned someone else primary responsibility for execution and day to day activities. Accountable & Responsible : I am the owner of this process and I am accountable for the results & outcomes. I am primarily responsibility for execution and day to day activities of this process. Responsible : I am responsible for the execution and oversight of the activities involved with this process. I manage the process maturity and I m responsible to report on results from this process. Consulted & Involved : I am actively involved with this process and consulted on decisions. Involved & Informed : I am actively involved with this process and told about decisions surrounding this process. Not involved : I am not actively involved in this process or the decisions surrounding this process. Accountable Only Accountable & Responsible Responsible Only Involved: Consulted Involved: Informed Not Involved Accountability Conflict Accountability Conflict & Responsibility Conflict Responsibility Conflict David Martin Maintenance Asset Business Continuity Business Intelligence & Reporting Business Process Controls & Internal Audit Change Architecture Data Data Quality Compliance External IT Organizational Design Incident & Problem Leadership, Culture & Values Manage Service Catalog Operations Performance Measurement Quality Release Risk Security Strategy Security Service Desk Service Stakeholder Relations Development Development Quality Throughput Portfolio Availability Capacity & Configuration Optimization Cost Recovery Disaster Planning Enterprise Selection & Implementation Enterprise IT Strategy Innovation Knowledge Cost & Budget Resources Human Vendor Architecture IT Governance Business Value IT & Policies Organizational Change Portfolio Project Requirements Gathering 12

13 Team Process Involvement Accountable Only : I am the owner of this process and I am accountable for the results & outcomes. I have assigned someone else primary responsibility for execution and day to day activities. Accountable & Responsible : I am the owner of this process and I am accountable for the results & outcomes. I am primarily responsibility for execution and day to day activities of this process. Responsible : I am responsible for the execution and oversight of the activities involved with this process. I manage the process maturity and I m responsible to report on results from this process. Consulted & Involved : I am actively involved with this process and consulted on decisions. Involved & Informed : I am actively involved with this process and told about decisions surrounding this process. Not involved : I am not actively involved in this process or the decisions surrounding this process. Accountable Only Accountable & Responsible Responsible Only Involved: Consulted Involved: Informed Not Involved Accountability Conflict Accountability Conflict & Responsibility Conflict Responsibility Conflict Hank Moore Development Quality Development Throughput Maintenance Portfolio Asset Configuration Architecture Data Data Quality Disaster Recovery Planning Enterprise Selection & Implementation Architecture Enterprise Incident & Problem Operations Release Security Security Business Value Change IT & Policies Organizational IT Strategy Service Desk Availability Capacity & Continuity Business Intelligence Business & Reporting Business Process Controls & Internal Audit Cost & Budget Cost Optimization External Design IT Strategy Innovation Knowledge Compliance Resources Human Leadership, Culture & Values IT Governance Manage Service Catalog Organizational Change Performance Measurement Portfolio Project Quality Requirements Gathering Risk Service Stakeholder Relations Vendor 13

14 Team Process Involvement Accountable Only : I am the owner of this process and I am accountable for the results & outcomes. I have assigned someone else primary responsibility for execution and day to day activities. Accountable & Responsible : I am the owner of this process and I am accountable for the results & outcomes. I am primarily responsibility for execution and day to day activities of this process. Responsible : I am responsible for the execution and oversight of the activities involved with this process. I manage the process maturity and I m responsible to report on results from this process. Consulted & Involved : I am actively involved with this process and consulted on decisions. Involved & Informed : I am actively involved with this process and told about decisions surrounding this process. Not involved : I am not actively involved in this process or the decisions surrounding this process. Accountable Only Accountable & Responsible Responsible Only Involved: Consulted Involved: Informed Not Involved Accountability Conflict Accountability Conflict & Responsibility Conflict Responsibility Conflict Kimberly Wilson Business Value Measurement Performance Enterprise Selection & Implementation External IT Strategy Incident & Problem Innovation Knowledge Compliance IT Governance Leadership, Culture & Values IT & Policies IT Organizational Design Manage Service Catalog Operations Project Quality Release Requirements Gathering Service Desk Service Stakeholder Relations Development Development Quality Throughput Maintenance Portfolio Asset Continuity Business Intelligence Business & Reporting Change Optimization Cost Architecture Data Data Quality Organizational Change Availability & Capacity Configuration Vendor Business Process Controls & Internal Resources Audit Human Risk Security Cost & Budget Recovery Disaster Planning Architecture Enterprise Portfolio Strategy Security 14

15 Team Process Involvement Accountable Only : I am the owner of this process and I am accountable for the results & outcomes. I have assigned someone else primary responsibility for execution and day to day activities. Accountable & Responsible : I am the owner of this process and I am accountable for the results & outcomes. I am primarily responsibility for execution and day to day activities of this process. Responsible : I am responsible for the execution and oversight of the activities involved with this process. I manage the process maturity and I m responsible to report on results from this process. Consulted & Involved : I am actively involved with this process and consulted on decisions. Involved & Informed : I am actively involved with this process and told about decisions surrounding this process. Not involved : I am not actively involved in this process or the decisions surrounding this process. Accountable Only Accountable & Responsible Responsible Only Involved: Consulted Involved: Informed Not Involved Accountability Conflict Accountability Conflict & Responsibility Conflict Responsibility Conflict Tracy Hall Incident & Problem Asset Availability & Capacity Business Value Change Configuration Innovation Project Enterprise Selection & Implementation IT Governance Stakeholder Relations Portfolio Knowledge Leadership, Culture & Values Operations Measurement Performance Portfolio Release Development Development Quality Throughput Maintenance Continuity Business Intelligence Business & Reporting Business Process Controls & Internal Cost Optimization Data IT Organizational Design Architecture Data Quality Disaster IT & Policies IT Strategy Service Desk Audit Cost & Budget Recovery Planning Architecture Enterprise Compliance External Resources Human Manage Service Catalog Organizational Change Quality Requirements Gathering Risk Security Security Strategy Service Vendor 15

16 TEAM ALIGNMENT EXERCISE Use the data from this report to get your team to commit to IT process improvement. The following pages will provide you with a deeper insight into what the program participants believe should be your top IT process priorities. Use the data from this section of the report to conduct an alignment exercise to reach a consensus around 3-5 processes that your team should focus on improving over the next 12 months. Pay particular attention to the areas of disagreement, and bridge the gap between yourself as an IT leader, and your team. As a part of this exercise, take the time to review process accountabilities and delegate or distribute the accountabilities to other team members in order to maximize the likelihood of success and to improve transparency and clarity. IT and Governance Diagnostic Program This report was prepared by Info-Tech Research Group for Sample IT Company on Data is comprised of 6 responses.

17 STRATEGY & GOVERNANCE EDM01 IT Governance IT Process Accountability Sample IT Company IT & Governance Framework A comprehensive and connected set of research to help you optimize and improve your core IT processes APPLICATIONS ITRG04 Portfolio DATA & BI ITRG06 Business Intelligence & Reporting Peter Green Hank Moore David Martin IT Strategy Peter Green APO02 APO01 IT & Policies Hank Moore PEOPLE & RESOURCES SECURITY & RISK APO13 Security Strategy Peter Green BAI03 Enterprise Selection & Implementation Karen McCoy ITRG07 Data Architecture David Martin MEA01 Performance Measurement David Martin Innovation Peter Green APO04 APO07 Human Resources Hank Moore INFRASTRUCTURE & OPERATIONS DSS05 Security Peter Green MEA02 DSS06 Business Process Controls & Internal Audit Peter Green BAI03 Development Throughput Hank Moore ITRG08 Data Quality David Martin EDM02 Business Value EDM05 APO08 Stakeholder Relations ITRG01 IT Organizational Design Enterprise Architecture APO03 BAI04 Availability & Capacity BAI06 Change EDM03 APO12 Risk MEA03 External Compliance BAI07 Development Quality Portfolio APO05 Hank Moore Karen McCoy Peter Green Peter Green Peter Green Peter Green Peter Green David Martin Hank Moore Hank Moore APO06 Cost & Budget BAI08 Knowledge ITRG02 Leadership, Culture & Values APO09 Service BAI09 Asset BAI10 Configuration BAI07 Release DSS04 Business Continuity Maintenance ITRG05 BAI01 Project Hank Moore Karen McCoy David Martin Peter Green Karen McCoy Peter Green Peter Green Peter Green Karen McCoy Karen McCoy APO10 Vendor EDM04 Cost Optimization ITRG03 Manage Service Catalog APO11 Quality Operations DSS01 DSS02 Service Desk DSS03 Incident & Problem DSS04 Disaster Recovery Planning BAI05 Organizational Change BAI02 Requirements Gathering Peter Green Hank Moore Peter Green Peter Green David Martin Karen McCoy Peter Green Peter Green Hank Moore Hank Moore FINANCIAL MANAGEMENT SERVICE PLANNING & ARCHITECTURE PPM & PROJECTS Who is accountable? Have questions or need expert insight into a specific IT process? Below each process in the above framework you can contact the name of the individual who is accountable for the process within your organization. 17

18 Strategy & Governance: Process Prioritization The IT leader must focus on improving the processes in the top left quadrant first in order to see the biggest impact. Improve Process Immediately IT Strategy IT Governance Innovation Performance Measurement Leverage Process Strategy & Governance Financial People & Resources Service Planning & Architecture Infrastructure & Operations Security & Risk s Data & BI PPM & Projects Additional processes reported in this quadrant Evaluate Process Maintain Process 18

19 Strategy & Governance: Process Prioritization Additional Results This page outlines additional IT processes that were not displayed in the previous prioritization grid. While it s important to prioritize the processes from the grid first, it is also worth noting in which grid each of these processes were reported. IT & Policies Stakeholder Relations Strategy & Governance Financial People & Resources Service Planning & Architecture Infrastructure & Operations Security & Risk s Data & BI PPM & Projects Additional processes reported in this quadrant 19

20 Strategy & Governance: Detailed Responses IT Strategy APO02 Align strategic IT plans with business objectives. Clearly communicate the objectives and associated accountabilities so they are understood by all, with the IT strategic options identified, structured and integrated with the business plans. EDM01 IT Governance Provide a consistent approach so that IT-related decisions are made in line with the business strategies and objectives. Ensure that IT-related processes are overseen effectively and transparently, and that legal and regulatory compliance requirements are met. MEA01 Performance Measurement Manage IT and process goals and metrics. Monitor and communicate that processes are performing against expectations, and provide transparency of performance and conformance. 1st Most Important Process (out of 45) 2nd Most Effective Process (out of 45) Average score 9.8 Average score th Most Important Process (out of 45) 10th Most Effective Process (out of 45) Average score 9.0 Average score th Most Important Process (out of 45) 3rd Most Effective Process (out of 45) Average score 8.7 Average score 7.7 Hank Moore Karen McCoy David Martin Tracy Hall Kimberly Wilson Peter Green Hank Moore David Martin Karen McCoy Kimberly Wilson Tracy Hall Peter Green Hank Moore David Martin Karen McCoy Kimberly Wilson Tracy Hall Peter Green * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 20

21 Strategy & Governance: Detailed Responses Innovation APO04 Stay up to date with IT trends, identify innovation opportunities, and plan how to use technology innovation to create a competitive advantage, enable business innovation, or achieve improved operational effectiveness and efficiency. APO01 IT & Policies Provide a consistent approach to enable IT to meet the business governance requirements, covering management processes, organisational structures, roles and responsibilities, reliable and repeatable activities, and skills and competencies. Stakeholder Relations APO08 EDM05 Manage the relationship between the business and IT to ensure that the stakeholders are satisfied with the services they need from IT and have visibility into IT processes. 21st Most Important Process (out of 45) 5th Most Effective Process (out of 45) Average score 8.7 Average score rd Most Important Process (out of 45) 17th Most Effective Process (out of 45) Average score 8.5 Average score th Most Important Process (out of 45) 14th Most Effective Process (out of 45) Average score 8.5 Average score 7.0 David Martin Tracy Hall Hank Moore Karen McCoy Kimberly Wilson Peter Green David Martin Tracy Hall Karen McCoy Kimberly Wilson Hank Moore Peter Green Hank Moore David Martin Kimberly Wilson Tracy Hall Karen McCoy Peter Green * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 21

22 Financial : Process Prioritization The IT leader must focus on improving the processes in the top left quadrant first in order to see the biggest impact. Improve Process Immediately Leverage Process Cost Optimization Cost & Budget Strategy & Governance Financial Business Value People & Resources Service Planning & Architecture Infrastructure & Operations Vendor Security & Risk s Data & BI PPM & Projects Additional processes reported in this quadrant Evaluate Process Maintain Process 22

23 Financial : Detailed Responses EDM04 Cost Optimization Ensure that adequate and sufficient IT-related capabilities e.g., people, process and technology, are available to support business objectives effectively at optimal cost. APO06 Cost & Budget Manage the IT-related financial activities and prioritize spending through the use of formal budgeting practices. Provide transparency and accountability of the cost and business value of IT solutions and services. EDM02 Business Value Secure optimal value from IT-enabled initiatives, services and assets by delivering cost-efficient solutions and services and by providing a reliable and accurate picture of costs and benefits. 9th Most Important Process (out of 45) 27th Most Effective Process (out of 45) Average score 9.2 Average score th Most Important Process (out of 45) 7th Most Effective Process (out of 45) Average score 9.0 Average score th Most Important Process (out of 45) 34th Most Effective Process (out of 45) Average score 8.0 Average score 6.2 Hank Moore David Martin Kimberly Wilson Karen McCoy Peter Green Tracy Hall Tracy Hall David Martin Hank Moore Karen McCoy Kimberly Wilson Peter Green David Martin Karen McCoy Hank Moore Peter Green Kimberly Wilson Tracy Hall * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 23

24 Financial : Detailed Responses Vendor APO10 Manage IT-related services provided by all suppliers, including the selection of suppliers, management of relationships, management of contracts, and reviewing and monitoring of supplier performance. 44th Most Important Process (out of 45) 32nd Most Effective Process (out of 45) Average score 7.2 Average score 6.3 David Martin Karen McCoy Tracy Hall Peter Green Kimberly Wilson Hank Moore * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 24

25 People & Resources: Process Prioritization The IT leader must focus on improving the processes in the top left quadrant first in order to see the biggest impact. Improve Process Immediately Leverage Process IT Organizational Design Knowledge Leadership, Culture & Values Strategy & Governance Financial Human Resources People & Resources Service Planning & Architecture Infrastructure & Operations Security & Risk s Data & BI PPM & Projects Additional processes reported in this quadrant Evaluate Process Maintain Process 25

26 People & Resources: Detailed Responses Knowledge BAI08 Maintain the availability of knowledge to support all process activities and to facilitate decision making. Provide the knowledge required to support all IT staff in their work activities. ITRG01 IT Organizational Design Set up the structure of IT s people, processes, and technology as well as roles and responsibilities to ensure that they re best meeting the needs of the business. ITRG02 Leadership, Culture & Values Ensure that the IT department reflects the values of your organization. Improve the leadership skills of your team to generate top performance. 5th Most Important Process (out of 45) 4th Most Effective Process (out of 45) Average score 9.2 Average score th Most Important Process (out of 45) 21st Most Effective Process (out of 45) Average score 9.0 Average score th Most Important Process (out of 45) 13th Most Effective Process (out of 45) Average score 8.3 Average score 7.0 Hank Moore David Martin Karen McCoy Kimberly Wilson Tracy Hall Peter Green Hank Moore David Martin Karen McCoy Peter Green Kimberly Wilson Tracy Hall Hank Moore David Martin Karen McCoy Peter Green Kimberly Wilson Tracy Hall * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 26

27 People & Resources: Detailed Responses APO07 Human Resources Manage structuring, placement, decision rights and skills of human resources. This includes communicating the defined roles and responsibilities, learning and growth plans, and performance expectations. 36th Most Important Process (out of 45) 38th Most Effective Process (out of 45) Average score 8.0 Average score 6.0 David Martin Karen McCoy Hank Moore Peter Green Kimberly Wilson Tracy Hall * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 27

28 Service Planning & Architecture: Process Prioritization The IT leader must focus on improving the processes in the top left quadrant first in order to see the biggest impact. Improve Process Immediately Leverage Process Quality Service Enterprise Architecture Strategy & Governance Financial People & Resources Service Planning & Architecture Infrastructure & Operations Manage Service Catalog Security & Risk s Data & BI PPM & Projects Additional processes reported in this quadrant Evaluate Process Maintain Process 28

29 Service Planning & Architecture: Detailed Responses Quality APO11 Define and communicate quality requirements in all processes, procedures and business outcomes. Ensure the consistent delivery of IT solutions and services to meet the quality requirements of the business and satisfy stakeholder needs. Service APO09 Align IT-enabled services and service levels with business needs and expectations, including identification, specification, design, publishing, agreement, and monitoring of IT services, service levels and performance indicators. Enterprise Architecture APO03 Establish a management practice to create and maintain a coherent set of principles, methods, and models that are used in the design and implementation of the enterprise s business processes, information systems, and infrastructure. 13th Most Important Process (out of 45) 22nd Most Effective Process (out of 45) Average score 9.0 Average score th Most Important Process (out of 45) 16th Most Effective Process (out of 45) Average score 8.8 Average score st Most Important Process (out of 45) 15th Most Effective Process (out of 45) Average score 8.3 Average score 7.0 Hank Moore David Martin Karen McCoy Kimberly Wilson Peter Green Tracy Hall Hank Moore David Martin Peter Green Tracy Hall Kimberly Wilson Karen McCoy David Martin Karen McCoy Hank Moore Peter Green Tracy Hall Kimberly Wilson * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 29

30 Service Planning & Architecture: Detailed Responses ITRG03 Manage Service Catalog Produce, maintain, and promote a service catalog containing accurate information on all operational IT services, as well as those being prepared to be run operationally. 43rd Most Important Process (out of 45) 43rd Most Effective Process (out of 45) Average score 7.3 Average score 5.2 David Martin Hank Moore Karen McCoy Kimberly Wilson Tracy Hall Peter Green * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 30

31 Infrastructure & Operations: Process Prioritization The IT leader must focus on improving the processes in the top left quadrant first in order to see the biggest impact. Improve Process Immediately Leverage Process Service Availability Change Operations Asset Configuration Desk & Capacity Incident & Problem Strategy & Governance Financial People & Resources Service Planning & Architecture Infrastructure & Operations Security & Risk s Data & BI PPM & Projects Additional processes reported in this quadrant Evaluate Process Maintain Process 31

32 Infrastructure & Operations: Process Prioritization Additional Results This page outlines additional IT processes that were not displayed in the previous prioritization grid. While it s important to prioritize the processes from the grid first, it is also worth noting in which grid each of these processes were reported. Release Strategy & Governance Financial People & Resources Service Planning & Architecture Infrastructure & Operations Security & Risk s Data & BI PPM & Projects Additional processes reported in this quadrant 32

33 Infrastructure & Operations: Detailed Responses DSS03 Incident & Problem Identify and classify problems and their root causes and provide timely resolution to prevent recurring incidents. Reduce the number of operational problems. Service Desk DSS02 Provide timely and effective response to user requests and resolution of all types of incidents. Restore normal service; record and fulfil user requests; and record, investigate, diagnose, escalate and resolve incidents. BAI04 Availability & Capacity Balance current and future needs for availability, performance and capacity of IT systems and infrastructure through the forecast of future performance and capacity requirements. 2nd Most Important Process (out of 45) 1st Most Effective Process (out of 45) Average score 9.3 Average score 7.8 3rd Most Important Process (out of 45) 36th Most Effective Process (out of 45) Average score 9.3 Average score th Most Important Process (out of 45) 19th Most Effective Process (out of 45) Average score 8.7 Average score 6.8 Hank Moore David Martin Tracy Hall Kimberly Wilson Karen McCoy Peter Green Hank Moore David Martin Kimberly Wilson Karen McCoy Tracy Hall Peter Green David Martin Hank Moore Tracy Hall Karen McCoy Peter Green Kimberly Wilson * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 33

34 Infrastructure & Operations: Detailed Responses Change BAI06 Manage all IT system changes in a controlled manner, including standard changes and emergency maintenance relating to business processes, applications and infrastructure. Enable fast and reliable delivery of change to the business and mitigate the risk of negatively impacting the stability of the changed environment. Operations DSS01 Manage the activities and operational procedures required to deliver IT services, including standard operating procedures and monitoring activities. Release BAI07 Successfully implement new IT solutions and services in line with the agreed-on expectations and outcomes. Ensure that the implementation of new solutions and services has the necessary support, from planning to execution to post-implementation support and staff training. 24th Most Important Process (out of 45) 40th Most Effective Process (out of 45) Average score 8.5 Average score th Most Important Process (out of 45) 28th Most Effective Process (out of 45) Average score 8.3 Average score rd Most Important Process (out of 45) 42nd Most Effective Process (out of 45) Average score 8.2 Average score 5.3 Hank Moore David Martin Karen McCoy Kimberly Wilson Peter Green Tracy Hall David Martin Tracy Hall Kimberly Wilson Hank Moore Karen McCoy Peter Green David Martin Kimberly Wilson Karen McCoy Hank Moore Tracy Hall Peter Green * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 34

35 Infrastructure & Operations: Detailed Responses Configuration BAI10 Provide sufficient information about IT service assets to enable the service to be effectively managed. Define and maintain descriptions and relationships between key resources and capabilities required to deliver IT-enabled services. Asset BAI09 IT assets through their life cycle to make sure that they deliver value at optimal cost, remain operational, are accounted for and physically protected. Ensure that the assets are reliable and available as needed. 35th Most Important Process (out of 45) 25th Most Effective Process (out of 45) Average score 8.0 Average score th Most Important Process (out of 45) 33rd Most Effective Process (out of 45) Average score 8.0 Average score 6.2 Hank Moore Karen McCoy David Martin Tracy Hall Kimberly Wilson Peter Green David Martin Hank Moore Karen McCoy Peter Green Kimberly Wilson Tracy Hall * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 35

36 Security & Risk: Process Prioritization The IT leader must focus on improving the processes in the top left quadrant first in order to see the biggest impact. Improve Process Immediately Leverage Process Disaster Risk External Security Business Recovery Planning Compliance Strategy Process Controls & Internal Audit Security Business Continuity Strategy & Governance Financial People & Resources Service Planning & Architecture Infrastructure & Operations Security & Risk s Data & BI PPM & Projects Additional processes reported in this quadrant Evaluate Process Maintain Process 36

37 Security & Risk: Detailed Responses Security DSS05 Protect enterprise information as required by the business. Establish and maintain information security roles and access privileges, and perform security monitoring to minimize the business impact of operational information security vulnerabilities and incidents. DSS04 Disaster Recovery Planning Establish and maintain a plan to enable IT to respond to incidents and disruptions in order to continue operation of required IT services and assets. Business Continuity DSS04 Establish and maintain a plan to enable the business to respond to incidents and disruptions in order to continue operation of business and IT processes. 4th Most Important Process (out of 45) 11th Most Effective Process (out of 45) Average score 9.3 Average score 7.0 6th Most Important Process (out of 45) 23rd Most Effective Process (out of 45) Average score 9.2 Average score th Most Important Process (out of 45) 12th Most Effective Process (out of 45) Average score 9.2 Average score 7.0 Hank Moore David Martin Kimberly Wilson Tracy Hall Karen McCoy Peter Green Hank Moore Kimberly Wilson David Martin Tracy Hall Karen McCoy Peter Green Hank Moore Kimberly Wilson David Martin Tracy Hall Karen McCoy Peter Green * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 37

38 Security & Risk: Detailed Responses APO12 EDM03 Risk Continually identify, assess and reduce IT-related risk within levels of tolerance set by the business. External Compliance MEA03 Ensure that IT processes and IT-supported business processes are compliant with laws, regulations and contractual requirements. APO13 Security Strategy Define, operate and monitor a system for information security management. Keep the impact and occurrence of information security incidents within the business risk appetite levels. 16th Most Important Process (out of 45) 20th Most Effective Process (out of 45) Average score 8.8 Average score th Most Important Process (out of 45) 35th Most Effective Process (out of 45) Average score 8.5 Average score th Most Important Process (out of 45) 26th Most Effective Process (out of 45) Average score 8.5 Average score 6.7 Hank Moore David Martin Tracy Hall Kimberly Wilson Karen McCoy Peter Green Kimberly Wilson David Martin Tracy Hall Karen McCoy Hank Moore Peter Green Hank Moore David Martin Karen McCoy Kimberly Wilson Tracy Hall Peter Green * GAP = ( score - score), indicates the degree to which effectiveness is sufficient given the importance of each process. Negative indicate processes that aren't as effective as they are important. ** Respondents are highlighted if they are CIO, or Accountable or Responsible for the process. 38